From 79761583660fa40ae87861e92443f3bc03d2465d Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Tue, 9 Jul 2024 10:36:11 -0700
Subject: [PATCH 001/381] 400 when to param is an array (#4870)

Fixes https://app.honeybadger.io/projects/40972/faults/109225185
---
 .../api/v1/timeframe_versions_controller.rb            |  2 +-
 .../api/v1/timeframe_versions_controller_test.rb       | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/v1/timeframe_versions_controller.rb b/app/controllers/api/v1/timeframe_versions_controller.rb
index 0259eb85712..31007ea9a31 100644
--- a/app/controllers/api/v1/timeframe_versions_controller.rb
+++ b/app/controllers/api/v1/timeframe_versions_controller.rb
@@ -31,7 +31,7 @@ def from_time
 
   def to_time
     @to_time ||= params[:to].blank? ? Time.zone.now : Time.iso8601(params[:to])
-  rescue ArgumentError
+  rescue ArgumentError, TypeError
     raise InvalidTimeframeParameterError, 'the "to" parameter must be iso8601 formatted'
   end
 
diff --git a/test/functional/api/v1/timeframe_versions_controller_test.rb b/test/functional/api/v1/timeframe_versions_controller_test.rb
index b5953d74fdd..44f1d968546 100644
--- a/test/functional/api/v1/timeframe_versions_controller_test.rb
+++ b/test/functional/api/v1/timeframe_versions_controller_test.rb
@@ -52,6 +52,16 @@ class Api::V1::TimeframeVersionsControllerTest < ActionController::TestCase
         assert_includes response.body, "iso8601"
       end
 
+      should 'return a bad request with message when "to" is not primitive' do
+        get :index, format: :json, params: {
+          from: Time.zone.parse("2017-11-09").iso8601,
+          to: ["2017-11-12"]
+        }
+
+        assert_equal 400, response.status
+        assert_includes response.body, "iso8601"
+      end
+
       should 'return a bad request with message when "from" is invalid' do
         get :index, format: :json, params: {
           from: "2017-11-09",

From fe420fee405a58a024e60ab7d488a2dea2a7f942 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 9 Jul 2024 20:24:12 -0700
Subject: [PATCH 002/381] Make it possible to run migrations again

Funny story, strong_migrations was [upgraded to 2.0.0 last week](https://github.com/rubygems/rubygems.org/commit/7505e0507496c60b2b1d22ee8a6d57422b58b069). It turns out that version 2.0.0 dropped support for Postgres 11, and requires a minimum of Postgres 12. Funnier story, we have hardcoded the strong_migrations initializer to always act as if we are running on Postgres 11.3, which means that all migrations error out:

```
bin/rails aborted!
   (1.7ms)  SELECT pg_advisory_unlock(4040961485751852690)
StandardError: An error has occurred, this and all later migrations canceled: (StandardError)

PostgreSQL version (11.3) not supported in this version of Strong Migrations (2.0.0)
```

That error shows up regardless of the version of postgres you are actually using, and made me tear my hair out for about half an hour trying to figure out how Rails was talking to postgres 11 when I didn't even have it installed on my computer anymore.

Anyway, I have verified that production postgres has been upgraded to 13, and that is why I have changed the strong_migrations initializer to reflect that we want to check migrations as if we are using postgres 13, even if local development is happening against a different version.

In the future, we may want to add updating this file to our database upgrade runbook!
---
 config/initializers/strong_migrations.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/initializers/strong_migrations.rb b/config/initializers/strong_migrations.rb
index 17f3f042095..1d977dad858 100644
--- a/config/initializers/strong_migrations.rb
+++ b/config/initializers/strong_migrations.rb
@@ -12,7 +12,7 @@
 
 # Set the version of the production database
 # so the right checks are run in development
-StrongMigrations.target_version = "11.3"
+StrongMigrations.target_version = "13"
 
 # Add custom checks
 # StrongMigrations.add_check do |method, args|

From 13dc50c27f18fb4bd5c0ff8021f2157beb3b9552 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Jul 2024 04:34:06 +0000
Subject: [PATCH 003/381] Bump actions/upload-artifact from 4.3.3 to 4.3.4
 (#4865)

---
 .github/workflows/lint.yml | 2 +-
 .github/workflows/test.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index e27fe434e21..ff0a4db2628 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -60,7 +60,7 @@ jobs:
         env:
           ENVIRONMENT: "${{ matrix.environment }}"
           REVISION: "${{ github.sha }}"
-      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+      - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
         with:
           name: "${{ matrix.environment }}.rendered.yaml"
           path: "config/deploy/${{ matrix.environment }}.rendered.yaml"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index bcdfd2a0249..b07f90d106b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -56,7 +56,7 @@ jobs:
 
       - name: Save capybara screenshots
         if: ${{ failure() && steps.test-all.outcome == 'failure' }}
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
         with:
           name: capybara-screenshots-${{ matrix.tests.name }}-${{ matrix.rubygems.name }}
           path: tmp/capybara

From 890a43b80bc38faff00b8e4e61f1134f9b190f50 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Jul 2024 04:34:39 +0000
Subject: [PATCH 004/381] Bump ruby/setup-ruby from 1.184.0 to 1.185.0 (#4866)

---
 .github/workflows/lint.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index ff0a4db2628..a4f172a69ef 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@97e35c5302afcf3f5ac1df3fca9343d32536b286 # v1.184.0
+      - uses: ruby/setup-ruby@3a77c29278ae80936b4cb030fefc7d21c96c786f # v1.185.0
         with:
           bundler-cache: true
       - name: Rubocop
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@97e35c5302afcf3f5ac1df3fca9343d32536b286 # v1.184.0
+      - uses: ruby/setup-ruby@3a77c29278ae80936b4cb030fefc7d21c96c786f # v1.185.0
         with:
           bundler-cache: true
       - name: Brakeman
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@97e35c5302afcf3f5ac1df3fca9343d32536b286 # v1.184.0
+      - uses: ruby/setup-ruby@3a77c29278ae80936b4cb030fefc7d21c96c786f # v1.185.0
         with:
           bundler-cache: true
       - name: Importmap Verify
@@ -51,7 +51,7 @@ jobs:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@97e35c5302afcf3f5ac1df3fca9343d32536b286 # v1.184.0
+      - uses: ruby/setup-ruby@3a77c29278ae80936b4cb030fefc7d21c96c786f # v1.185.0
         with:
           bundler-cache: true
       - name: krane render

From 3a4b7a7907ce6a4f93c5485ffe2dac81dbbe340a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Jul 2024 04:34:51 +0000
Subject: [PATCH 005/381] Bump rails_semantic_logger from 4.16.0 to 4.17.0
 (#4868)

---
 Gemfile      |  2 +-
 Gemfile.lock | 16 ++++++++--------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/Gemfile b/Gemfile
index 5cc75dda44b..40f71813659 100644
--- a/Gemfile
+++ b/Gemfile
@@ -68,7 +68,7 @@ gem "groupdate", "~> 6.2"
 
 # Logging
 gem "amazing_print", "~> 1.6"
-gem "rails_semantic_logger", "~> 4.16"
+gem "rails_semantic_logger", "~> 4.17"
 gem "pp", "0.5.0"
 
 # Former default gems
diff --git a/Gemfile.lock b/Gemfile.lock
index 18526310b42..355fb00f4cb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -305,7 +305,7 @@ GEM
       activesupport (>= 3.0)
       nokogiri (>= 1.6)
     io-console (0.7.2)
-    irb (1.13.2)
+    irb (1.14.0)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
     jmespath (1.6.2)
@@ -565,10 +565,10 @@ GEM
     rails-i18n (7.0.9)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 8)
-    rails_semantic_logger (4.16.0)
+    rails_semantic_logger (4.17.0)
       rack
       railties (>= 5.1)
-      semantic_logger (~> 4.13)
+      semantic_logger (~> 4.16)
     railties (7.1.3.4)
       actionpack (= 7.1.3.4)
       activesupport (= 7.1.3.4)
@@ -662,7 +662,7 @@ GEM
       rubyzip (>= 1.2.2, < 3.0)
       websocket (~> 1.0)
     semantic (1.6.1)
-    semantic_logger (4.15.0)
+    semantic_logger (4.16.0)
       concurrent-ruby (~> 1.0)
     shoryuken (6.2.1)
       aws-sdk-core (>= 2)
@@ -851,7 +851,7 @@ DEPENDENCIES
   rails-controller-testing (~> 1.0)
   rails-erd (~> 1.7)
   rails-i18n (~> 7.0)
-  rails_semantic_logger (~> 4.16)
+  rails_semantic_logger (~> 4.17)
   rbtrace (~> 0.5.1)
   rdoc (~> 6.7)
   roadie-rails (~> 3.2)
@@ -999,7 +999,7 @@ CHECKSUMS
   importmap-rails (2.0.1) sha256=e739a6e70c09f797688c6983fa79567ec1edc9becc30d55b3f7cc897b1825586
   inline_svg (1.9.0) sha256=f44c5e3d2e401fd619ad3047b7c8cee384517d855edb1d1fb1a248d3cae535d6
   io-console (0.7.2) sha256=f0dccff252f877a4f60d04a4dc6b442b185ebffb4b320ab69212a92b48a7a221
-  irb (1.13.2) sha256=e72928d8047a515cd868967ecafbe5388097402449fb8ef658c33db6ccde8117
+  irb (1.14.0) sha256=53d805013bbd194874b8c13a56aca6aebcd11dd79166d88724f8a434fedde615
   jmespath (1.6.2) sha256=238d774a58723d6c090494c8879b5e9918c19485f7e840f2c1c7532cf84ebcb1
   job-iteration (1.5.1) sha256=1428ad5b308adbaae8776c16b7792a846eb1ad7f4ab3c6e0f9668dd2ab1179e5
   json (2.7.2) sha256=1898b5cbc81cd36c0fd4d0b7ad2682c39fb07c5ff682fc6265f678f550d4982c
@@ -1094,7 +1094,7 @@ CHECKSUMS
   rails-erd (1.7.2) sha256=0b17d0fba25d319d8da8af7a3e5e2149d02d6187cc7351e8be43423f07c48bcd
   rails-html-sanitizer (1.6.0) sha256=86e9f19d2e6748890dcc2633c8945ca45baa08a1df9d8c215ce17b3b0afaa4de
   rails-i18n (7.0.9) sha256=c184db80a7c7bf21c14e0e400fe9e27c4c20312f019aaff5b364a82858dc1369
-  rails_semantic_logger (4.16.0) sha256=766f6cd482f3c811083b24777ea8ac04bb7f44c4fdb189cf1af3ae2b9b844cf6
+  rails_semantic_logger (4.17.0) sha256=cc10cca01491736596cd5ab40b52b3bbf98338d9d1f5a7916b2be10231615047
   railties (7.1.3.4) sha256=6c6049f3a788669d94f95c7bf6378204ae94098567cc25237e3c73dac4a21afc
   rainbow (3.1.1) sha256=039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a
   rake (13.2.1) sha256=46cb38dae65d7d74b6020a4ac9d48afed8eb8149c040eccf0523bec91907059d
@@ -1132,7 +1132,7 @@ CHECKSUMS
   searchkick (5.3.1) sha256=dc1181543f6a68354e380651f235fa7f3df6a09e4cd67fc284dc293fa9860f57
   selenium-webdriver (4.22.0) sha256=644370abcdcf1f14b2581c125d39014a1933b20e355c74b0dc5d0ca877a45d66
   semantic (1.6.1) sha256=3cdbb48f59198ebb782a3fdfb87b559e0822a311610db153bae22777a7d0c163
-  semantic_logger (4.15.0) sha256=ec4f56122b5d2e2117d148b86c69fb62c1194a2b01a271be04ba8678a85f81ff
+  semantic_logger (4.16.0) sha256=ffba0bd0e008ceaf6be26da588f610a61208b9a9f55676b32729e962904023d9
   shoryuken (6.2.1) sha256=95ddc0a717624a54e799d25a0a05100cb5a0c3728a96211935c214faaf16b3b6
   shoulda-context (3.0.0.rc1) sha256=6e0d9d52ab798c13bc2b490c8537d4bf30cfd318a1ea839c39a66d1d293c6a1a
   shoulda-matchers (6.2.0) sha256=a702c059c5f3bbda2295827231a28654e33063d7c4d409662980ec630207d8dd

From c00b5657a871d0dffff65efba54286690d2510b9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Jul 2024 04:35:08 +0000
Subject: [PATCH 006/381] Bump faraday from 2.9.2 to 2.10.0 (#4869)

---
 Gemfile      | 2 +-
 Gemfile.lock | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 40f71813659..fda750a185f 100644
--- a/Gemfile
+++ b/Gemfile
@@ -13,7 +13,7 @@ gem "dalli", "~> 3.2"
 gem "datadog", "~> 2.1", require: "datadog/auto_instrument"
 gem "dogstatsd-ruby", "~> 5.5"
 gem "google-protobuf", "~> 4.27"
-gem "faraday", "~> 2.9"
+gem "faraday", "~> 2.10"
 gem "faraday-retry", "~> 2.2"
 gem "good_job", "~> 3.29"
 gem "gravtastic", "~> 3.2"
diff --git a/Gemfile.lock b/Gemfile.lock
index 355fb00f4cb..817922894bb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -239,8 +239,9 @@ GEM
     factory_bot_rails (6.4.3)
       factory_bot (~> 6.4)
       railties (>= 5.0.0)
-    faraday (2.9.2)
+    faraday (2.10.0)
       faraday-net_http (>= 2.0, < 3.2)
+      logger
     faraday-follow_redirects (0.3.0)
       faraday (>= 1, < 3)
     faraday-net_http (3.1.0)
@@ -801,7 +802,7 @@ DEPENDENCIES
   dogstatsd-ruby (~> 5.5)
   dotenv-rails (~> 3.1)
   factory_bot_rails (~> 6.4)
-  faraday (~> 2.9)
+  faraday (~> 2.10)
   faraday-retry (~> 2.2)
   faraday_middleware-aws-sigv4 (~> 1.0)
   good_job (~> 3.29)
@@ -970,7 +971,7 @@ CHECKSUMS
   execjs (2.9.1) sha256=e8fd066f6df60c8e8fbebc32c6fb356b5212c77374e8416a9019ca4bb154dcfb
   factory_bot (6.4.5) sha256=d71dd29bc95f0ec2bf27e3dd9b1b4d557bd534caca744663cb7db4bacf3198be
   factory_bot_rails (6.4.3) sha256=ea73ceac1c0ff3dc11fff390bf2ea8a2604066525ed8ecd3b3bc2c267226dcc8
-  faraday (2.9.2) sha256=6595edbe3b4663223e52a315f6bf2bca97ea1527bab7e02a926bf8afcf7423a4
+  faraday (2.10.0) sha256=1a3e6c02acc511fc334d799521f1013e449bde38aa2dceb3af71e8030519bda9
   faraday-follow_redirects (0.3.0) sha256=d92d975635e2c7fe525dd494fcd4b9bb7f0a4a0ec0d5f4c15c729530fdb807f9
   faraday-net_http (3.1.0) sha256=1627be414960d0131691190ff524506ba6607402a50fb6eccda9e64ca60f859f
   faraday-retry (2.2.1) sha256=4146fed14549c0580bf14591fca419a40717de0dd24f267a8ec2d9a728677608

From 1c799b214a0c493624066eb50dc1b6f342b22f4c Mon Sep 17 00:00:00 2001
From: Colby Swandale <996377+colby-swandale@users.noreply.github.com>
Date: Wed, 10 Jul 2024 16:10:52 +1000
Subject: [PATCH 007/381] Update all Github Actions workflows to `ubuntu-24.04`
 (#4873)

* Update all Github Actions to 'ubuntu-24.04'

* docker-copose -> docker compose
---
 .github/workflows/codeql.yml     | 2 +-
 .github/workflows/docker.yml     | 4 ++--
 .github/workflows/lint.yml       | 8 ++++----
 .github/workflows/scorecards.yml | 2 +-
 .github/workflows/test.yml       | 2 +-
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 361185db215..49a79c89f3e 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -26,7 +26,7 @@ permissions: # added using https://github.com/step-security/secure-workflows
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     permissions:
       actions: read
       contents: read
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 7ddff773819..9ecd1b5dd62 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -12,7 +12,7 @@ permissions:
 jobs:
   build:
     name: Docker build (and optional push)
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     env:
       RUBYGEMS_VERSION: 3.5.14
       RUBY_VERSION: 3.3.3
@@ -29,7 +29,7 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-rubygems-org
       - name: Install and start services (needed for image test)
-        run: docker-compose up -d
+        run: docker compose up -d
       - name: Configure AWS credentials from Production account
         uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
         if: github.secret_source != 'None'
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index a4f172a69ef..09cb893e20e 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -10,7 +10,7 @@ permissions:
 jobs:
   rubocop:
     name: Rubocop
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - uses: ruby/setup-ruby@3a77c29278ae80936b4cb030fefc7d21c96c786f # v1.185.0
@@ -20,7 +20,7 @@ jobs:
         run: bundle exec rubocop
   brakeman:
     name: Brakeman
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - uses: ruby/setup-ruby@3a77c29278ae80936b4cb030fefc7d21c96c786f # v1.185.0
@@ -30,7 +30,7 @@ jobs:
         run: bundle exec brakeman
   importmap:
     name: Importmap Verify
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - uses: ruby/setup-ruby@3a77c29278ae80936b4cb030fefc7d21c96c786f # v1.185.0
@@ -40,7 +40,7 @@ jobs:
         run: bundle exec rake importmap:verify
   kubeconform:
     name: Kubeconform
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     strategy:
       matrix:
         kubernetes_version: ["1.29.1"]
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 6c7bd34107c..10dd6c427b4 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -20,7 +20,7 @@ permissions: read-all
 jobs:
   analysis:
     name: Scorecards analysis
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     permissions:
       # Needed to upload the results to code-scanning dashboard.
       security-events: write
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b07f90d106b..e132e78f586 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -15,7 +15,7 @@ jobs:
   status_check:
     name: All required tests passing check
     needs: [rails]
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     if: always()
     steps:
       - run: /bin/${{ (needs.rails.result == 'success' || needs.rails.result == 'skipped') }}

From 5f7cf6195d2f41416e913a8dca64e02a2c460653 Mon Sep 17 00:00:00 2001
From: Colby Swandale <996377+colby-swandale@users.noreply.github.com>
Date: Wed, 10 Jul 2024 20:32:25 +1000
Subject: [PATCH 008/381] Set OpenSearch docker image java options (#4874)

---
 docker-compose.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 3bcc4b47463..db1c99600d7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -20,6 +20,7 @@ services:
     environment:
       - discovery.type=single-node
       - DISABLE_SECURITY_PLUGIN=true
+      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
     ports:
       - "9200:9200"
     healthcheck:
@@ -41,6 +42,7 @@ services:
     environment:
       - 'OPENSEARCH_HOSTS=["http://search:9200"]'
       - "DISABLE_SECURITY_DASHBOARDS_PLUGIN=true"
+      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
     healthcheck:
       test:
         [

From 62b2cbbb35161d9cdf7fa376c0eb154f0ab5d5fe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 10 Jul 2024 23:18:07 -0700
Subject: [PATCH 009/381] Bump ruby/setup-ruby from 1.185.0 to 1.186.0 (#4875)

---
 .github/workflows/lint.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 09cb893e20e..f76a4ab64c6 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@3a77c29278ae80936b4cb030fefc7d21c96c786f # v1.185.0
+      - uses: ruby/setup-ruby@2a9a743e19810b9f3c38060637daf594dbd7b37f # v1.186.0
         with:
           bundler-cache: true
       - name: Rubocop
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@3a77c29278ae80936b4cb030fefc7d21c96c786f # v1.185.0
+      - uses: ruby/setup-ruby@2a9a743e19810b9f3c38060637daf594dbd7b37f # v1.186.0
         with:
           bundler-cache: true
       - name: Brakeman
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@3a77c29278ae80936b4cb030fefc7d21c96c786f # v1.185.0
+      - uses: ruby/setup-ruby@2a9a743e19810b9f3c38060637daf594dbd7b37f # v1.186.0
         with:
           bundler-cache: true
       - name: Importmap Verify
@@ -51,7 +51,7 @@ jobs:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@3a77c29278ae80936b4cb030fefc7d21c96c786f # v1.185.0
+      - uses: ruby/setup-ruby@2a9a743e19810b9f3c38060637daf594dbd7b37f # v1.186.0
         with:
           bundler-cache: true
       - name: krane render

From 9309f276ee02e0a242422ddeca887d2916bfc2c9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 11 Jul 2024 16:08:49 +0000
Subject: [PATCH 010/381] Bump ruby/setup-ruby from 1.186.0 to 1.187.0 (#4882)

---
 .github/workflows/lint.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index f76a4ab64c6..0f8daf2864a 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@2a9a743e19810b9f3c38060637daf594dbd7b37f # v1.186.0
+      - uses: ruby/setup-ruby@161cd54b698f1fb3ea539faab2e036d409550e3c # v1.187.0
         with:
           bundler-cache: true
       - name: Rubocop
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@2a9a743e19810b9f3c38060637daf594dbd7b37f # v1.186.0
+      - uses: ruby/setup-ruby@161cd54b698f1fb3ea539faab2e036d409550e3c # v1.187.0
         with:
           bundler-cache: true
       - name: Brakeman
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@2a9a743e19810b9f3c38060637daf594dbd7b37f # v1.186.0
+      - uses: ruby/setup-ruby@161cd54b698f1fb3ea539faab2e036d409550e3c # v1.187.0
         with:
           bundler-cache: true
       - name: Importmap Verify
@@ -51,7 +51,7 @@ jobs:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@2a9a743e19810b9f3c38060637daf594dbd7b37f # v1.186.0
+      - uses: ruby/setup-ruby@161cd54b698f1fb3ea539faab2e036d409550e3c # v1.187.0
         with:
           bundler-cache: true
       - name: krane render

From 328c3c30ee679a9fe650c2ce65647ab57572c2c0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 11 Jul 2024 16:09:06 +0000
Subject: [PATCH 011/381] Bump datadog from 2.1.0 to 2.2.0 (#4879)

---
 Gemfile      |  2 +-
 Gemfile.lock | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Gemfile b/Gemfile
index fda750a185f..0efe13d71b8 100644
--- a/Gemfile
+++ b/Gemfile
@@ -10,7 +10,7 @@ gem "aws-sdk-sqs", "~> 1.80"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.7"
 gem "dalli", "~> 3.2"
-gem "datadog", "~> 2.1", require: "datadog/auto_instrument"
+gem "datadog", "~> 2.2", require: "datadog/auto_instrument"
 gem "dogstatsd-ruby", "~> 5.5"
 gem "google-protobuf", "~> 4.27"
 gem "faraday", "~> 2.10"
diff --git a/Gemfile.lock b/Gemfile.lock
index 817922894bb..9e4ebc9974f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -194,9 +194,9 @@ GEM
       sprockets (> 3.0)
       sprockets-rails
       tilt
-    datadog (2.1.0)
+    datadog (2.2.0)
       debase-ruby_core_source (= 3.3.1)
-      libdatadog (~> 9.0.0.1.0)
+      libdatadog (~> 10.0.0.1.0)
       libddwaf (~> 1.14.0.0.0)
       msgpack
     datadog-ci (1.1.0)
@@ -354,7 +354,7 @@ GEM
       letter_opener (~> 1.9)
       railties (>= 6.1)
       rexml
-    libdatadog (9.0.0.1.0)
+    libdatadog (10.0.0.1.0)
     libddwaf (1.14.0.0.0)
       ffi (~> 1.0)
     listen (3.9.0)
@@ -795,7 +795,7 @@ DEPENDENCIES
   csv (~> 3.3)
   dalli (~> 3.2)
   dartsass-sprockets (~> 3.1)
-  datadog (~> 2.1)
+  datadog (~> 2.2)
   datadog-ci (~> 1.1)
   derailed_benchmarks (~> 2.1)
   discard (~> 1.3)
@@ -951,7 +951,7 @@ CHECKSUMS
   csv (3.3.0) sha256=0bbd1defdc31134abefed027a639b3723c2753862150f4c3ee61cab71b20d67d
   dalli (3.2.8) sha256=2e63595084d91fae2655514a02c5d4fc0f16c0799893794abe23bf628bebaaa5
   dartsass-sprockets (3.1.0) sha256=c238ec9f7f496489ac5a7813cd1f83d1e077a1826921acefc7e290a521b7a20a
-  datadog (2.1.0) sha256=6a9be58bb3dc01e1890d1b3452cef262de925bda9ad0bfdb8bb854f5f9384e0b
+  datadog (2.2.0) sha256=fa96d565e055593294706d7767c4d3213b5250f0ddd2b8697b868ae60dbdda4a
   datadog-ci (1.1.0) sha256=15153b9f15deb5e55e81c91aaff6911c8dc7f4e2f139f80e803d079890739fbd
   date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
   dead_end (4.0.0) sha256=695c8438993bb4c5415b1618a1b6e0afcae849ef2812fb8cb3846723904307eb
@@ -1016,7 +1016,7 @@ CHECKSUMS
   ld-eventsource (2.2.2) sha256=5ea087a6f06bbd8e325d2c1aaead50f37f13d025b952985739e9380a78a96beb
   letter_opener (1.10.0) sha256=2ff33f2e3b5c3c26d1959be54b395c086ca6d44826e8bf41a14ff96fdf1bdbb2
   letter_opener_web (3.0.0) sha256=3f391efe0e8b9b24becfab5537dfb17a5cf5eb532038f947daab58cb4b749860
-  libdatadog (9.0.0.1.0) sha256=2a24dd3ee462e59de04f098687ed3d98823042aebfdd3f1b75fd92374b926f07
+  libdatadog (10.0.0.1.0) sha256=2e2c2000f1250cd3bb3721bdd0672dcdb584e60eee13d4a4089fbce1cf40dafc
   libddwaf (1.14.0.0.0) sha256=b91ea9675f7d79d1cd10dd6513e3706760ac442cb8902164fbcef79b7082a8fd
   listen (3.9.0) sha256=db9e4424e0e5834480385197c139cb6b0ae0ef28cc13310cfd1ca78377d59c67
   llhttp-ffi (0.5.0) sha256=496f40ad44bcbf99de02da1f26b1ad64e6593cd487b931508a86228e2a3af0fa

From 51a79ceba9c67c2df3a21a1d0ff1618fa510a26f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 11 Jul 2024 16:09:25 +0000
Subject: [PATCH 012/381] Bump pghero from 3.5.0 to 3.6.0 (#4878)

---
 Gemfile      | 2 +-
 Gemfile.lock | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Gemfile b/Gemfile
index 0efe13d71b8..1d1c2d0beaa 100644
--- a/Gemfile
+++ b/Gemfile
@@ -56,7 +56,7 @@ gem "strong_migrations", "~> 2.0"
 gem "phlex-rails", "~> 1.2"
 gem "discard", "~> 1.3"
 gem "user_agent_parser", "~> 2.18"
-gem "pghero", "~> 3.5"
+gem "pghero", "~> 3.6"
 gem "timescaledb", "~> 0.2"
 
 # Admin dashboard
diff --git a/Gemfile.lock b/Gemfile.lock
index 9e4ebc9974f..87bb84d09bc 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -485,8 +485,8 @@ GEM
     pg (1.5.6)
     pg_query (5.1.0)
       google-protobuf (>= 3.22.3)
-    pghero (3.5.0)
-      activerecord (>= 6)
+    pghero (3.6.0)
+      activerecord (>= 6.1)
     phlex (1.10.2)
     phlex-rails (1.2.1)
       phlex (~> 1.10.0)
@@ -836,7 +836,7 @@ DEPENDENCIES
   opensearch-ruby (~> 3.3)
   pg (~> 1.5)
   pg_query (~> 5.1)
-  pghero (~> 3.5)
+  pghero (~> 3.6)
   phlex-rails (~> 1.2)
   pp (= 0.5.0)
   prosopite (~> 1.4)
@@ -1066,7 +1066,7 @@ CHECKSUMS
   parser (3.3.3.0) sha256=a2e23c90918d9b7e866b18dca2b6835f227769dd2fa8e59c5841f3389cf53eeb
   pg (1.5.6) sha256=4bc3ad2438825eea68457373555e3fd4ea1a82027b8a6be98ef57c0d57292b1c
   pg_query (5.1.0) sha256=b7f7f47c864f08ccbed46a8244906fb6ee77ee344fd27250717963928c93145d
-  pghero (3.5.0) sha256=7b459d383673e358017d0dd210c11b6a82bbfb340c73236ba0e50bb6c0351e6a
+  pghero (3.6.0) sha256=cad9cb865f99ff40bb5ba47d3dae20d06be06ac8ea6b01172f6a8ccc85671109
   phlex (1.10.2) sha256=49dca7df081258f937be5e4ee0a81b11743f2b4fea25ac7537912b9c9344b1e6
   phlex-rails (1.2.1) sha256=1d80709c02114cda869951d22bfca189b5f208d1eb89f2e6fafbe3c0240a822f
   pp (0.5.0) sha256=f8f40bc2ba9e1ab351b9458151da3a89f46034f7f599a8e0a06abb9b9f4411dd

From e311c7e163fbf6021bd1bf9bdb2bb4af88e54a25 Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Thu, 11 Jul 2024 15:55:53 -0700
Subject: [PATCH 013/381] I18n localize mfa error strings in API (#4876)

---
 app/controllers/api/base_controller.rb        | 65 ++++-------------
 app/controllers/api/v1/api_keys_controller.rb | 11 +--
 .../api/v1/deletions_controller.rb            |  5 +-
 app/controllers/api/v1/owners_controller.rb   |  6 +-
 app/controllers/api/v1/rubygems_controller.rb |  4 +-
 .../api/v1/web_hooks_controller.rb            |  2 +-
 app/models/user/with_private_fields.rb        |  7 +-
 config/locales/de.yml                         |  9 +++
 config/locales/en.yml                         | 19 +++++
 config/locales/es.yml                         | 12 +++-
 config/locales/fr.yml                         |  9 +++
 config/locales/ja.yml                         |  9 +++
 config/locales/nl.yml                         |  9 +++
 config/locales/pt-BR.yml                      |  9 +++
 config/locales/zh-CN.yml                      |  9 +++
 config/locales/zh-TW.yml                      |  9 +++
 .../api/v1/api_keys_controller_test.rb        | 14 +---
 .../api/v1/deletions_controller_test.rb       | 39 +++--------
 .../api/v1/owners_controller_test.rb          | 70 +++++--------------
 .../api/v1/profiles_controller_test.rb        | 32 +++------
 .../api/v1/rubygems_controller_test.rb        | 53 ++++----------
 test/models/user/with_private_fields_test.rb  | 23 +++---
 22 files changed, 180 insertions(+), 245 deletions(-)

diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
index 46b886f3ae9..5650be62848 100644
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -2,7 +2,7 @@ class Api::BaseController < ApplicationController
   skip_before_action :verify_authenticity_token
   after_action :skip_session
 
-  rescue_from(Pundit::NotAuthorizedError) { |_| render_api_key_forbidden }
+  rescue_from(Pundit::NotAuthorizedError) { |_| render_forbidden(t(:api_key_forbidden)) }
 
   private
 
@@ -17,13 +17,13 @@ def gem_name
   def find_rubygem_by_name
     @rubygem = Rubygem.find_by name: gem_name
     return if @rubygem
-    render plain: "This gem could not be found", status: :not_found
+    render plain: t(:api_gem_not_found), status: :not_found
   end
 
   def verify_api_key_gem_scope
     return unless @api_key.rubygem && @api_key.rubygem != @rubygem
 
-    render plain: "This API key cannot perform the specified action on this gem.", status: :forbidden
+    render_forbidden t(:api_key_insufficient_scope)
   end
 
   def verify_with_otp
@@ -35,54 +35,22 @@ def verify_with_otp
 
   def verify_mfa_requirement
     if @rubygem && !@rubygem.mfa_requirement_satisfied_for?(@api_key.user)
-      render plain: "Gem requires MFA enabled; You do not have MFA enabled yet.", status: :forbidden
+      render_forbidden t("multifactor_auths.api.mfa_required")
     elsif @api_key.mfa_required_not_yet_enabled?
-      render_mfa_setup_required_error
+      render_forbidden t("multifactor_auths.api.mfa_required_not_yet_enabled").chomp
     elsif @api_key.mfa_required_weak_level_enabled?
-      render_mfa_strong_level_required_error
+      render_forbidden t("multifactor_auths.api.mfa_required_weak_level_enabled").chomp
     end
   end
 
-  def response_with_mfa_warning(response)
-    message = response
+  def response_with_mfa_warning(message)
     if @api_key.mfa_recommended_not_yet_enabled?
-      message += <<~WARN.chomp
-
-
-        [WARNING] For protection of your account and gems, we encourage you to set up multi-factor authentication \
-        at https://rubygems.org/totp/new. Your account will be required to have MFA enabled in the future.
-      WARN
+      +message << "\n\n" << t("multifactor_auths.api.mfa_recommended_not_yet_enabled").chomp
     elsif @api_key.mfa_recommended_weak_level_enabled?
-      message += <<~WARN.chomp
-
-
-        [WARNING] For protection of your account and gems, we encourage you to change your multi-factor authentication \
-        level to 'UI and gem signin' or 'UI and API' at https://rubygems.org/settings/edit. \
-        Your account will be required to have MFA enabled on one of these levels in the future.
-      WARN
+      +message << "\n\n" << t("multifactor_auths.api.mfa_recommended_weak_level_enabled").chomp
+    else
+      message
     end
-
-    message
-  end
-
-  def render_mfa_setup_required_error
-    error = <<~ERROR.chomp
-      [ERROR] For protection of your account and your gems, you are required to set up multi-factor authentication \
-      at https://rubygems.org/totp/new.
-
-      Please read our blog post for more details (https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html).
-    ERROR
-    render_forbidden(error)
-  end
-
-  def render_mfa_strong_level_required_error
-    error = <<~ERROR.chomp
-      [ERROR] For protection of your account and your gems, you are required to change your MFA level to 'UI and gem signin' or 'UI and API' \
-      at https://rubygems.org/settings/edit.
-
-      Please read our blog post for more details (https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html).
-    ERROR
-    render_forbidden(error)
   end
 
   def authenticate_with_api_key
@@ -92,7 +60,7 @@ def authenticate_with_api_key
     return render_unauthorized unless @api_key
     set_tags "gemcutter.api_key.owner" => @api_key.owner.to_gid, "gemcutter.user.api_key_id" => @api_key.id
     Current.user = @api_key.user
-    render_soft_deleted_api_key if @api_key.soft_deleted?
+    render_forbidden(t(:api_key_soft_deleted)) if @api_key.soft_deleted?
   end
 
   def pundit_user
@@ -108,15 +76,14 @@ def authorize(record, query = nil)
   end
 
   def verify_user_api_key
-    render_api_key_forbidden if @api_key.user.blank?
+    render_forbidden(t(:api_key_forbidden)) if @api_key.user.blank?
   end
 
   def render_unauthorized
     render plain: t(:please_sign_up), status: :unauthorized
   end
 
-  def render_api_key_forbidden(error = nil)
-    error = error&.message || t(:api_key_forbidden)
+  def render_forbidden(error = t(:api_key_forbidden))
     respond_to do |format|
       format.any(:all) { render plain: error, status: :forbidden }
       format.json { render json: { error: }, status: :forbidden }
@@ -124,10 +91,6 @@ def render_api_key_forbidden(error = nil)
     end
   end
 
-  def render_soft_deleted_api_key
-    render plain: "An invalid API key cannot be used. Please delete it and create a new one.", status: :forbidden
-  end
-
   def skip_session
     request.session_options[:skip] = true
   end
diff --git a/app/controllers/api/v1/api_keys_controller.rb b/app/controllers/api/v1/api_keys_controller.rb
index a4c7d53b30d..a89511f998f 100644
--- a/app/controllers/api/v1/api_keys_controller.rb
+++ b/app/controllers/api/v1/api_keys_controller.rb
@@ -49,10 +49,13 @@ def update
 
   def check_mfa(user)
     if user&.mfa_gem_signin_authorized?(otp)
-      return render_mfa_setup_required_error if user.mfa_required_not_yet_enabled?
-      return render_mfa_strong_level_required_error if user.mfa_required_weak_level_enabled?
-
-      yield
+      if user.mfa_required_not_yet_enabled?
+        render_forbidden t("multifactor_auths.api.mfa_required_not_yet_enabled").chomp
+      elsif user.mfa_required_weak_level_enabled?
+        render_forbidden t("multifactor_auths.api.mfa_required_weak_level_enabled").chomp
+      else
+        yield
+      end
     elsif user&.mfa_enabled?
       prompt_text = otp.present? ? t(:otp_incorrect) : t(:otp_missing)
       render plain: prompt_text, status: :unauthorized
diff --git a/app/controllers/api/v1/deletions_controller.rb b/app/controllers/api/v1/deletions_controller.rb
index 3dea90ad1ed..4ead8e71c2e 100644
--- a/app/controllers/api/v1/deletions_controller.rb
+++ b/app/controllers/api/v1/deletions_controller.rb
@@ -5,7 +5,7 @@ class Api::V1::DeletionsController < Api::BaseController
   before_action :verify_api_key_gem_scope
   before_action :validate_gem_and_version
   before_action :verify_with_otp
-  before_action :render_api_key_forbidden, if: :api_key_unauthorized?
+  before_action :render_forbidden, if: :api_key_unauthorized?
   before_action :verify_mfa_requirement
 
   def create
@@ -34,8 +34,7 @@ def validate_gem_and_version
       render plain: response_with_mfa_warning(t(:this_rubygem_could_not_be_found)),
              status: :not_found
     elsif !@rubygem.owned_by?(@api_key.user)
-      render plain: response_with_mfa_warning("You do not have permission to delete this gem."),
-             status: :forbidden
+      render_forbidden response_with_mfa_warning("You do not have permission to delete this gem.")
     else
       begin
         version = params.permit(:version).require(:version)
diff --git a/app/controllers/api/v1/owners_controller.rb b/app/controllers/api/v1/owners_controller.rb
index d9f00ea7a64..b6203b73be0 100644
--- a/app/controllers/api/v1/owners_controller.rb
+++ b/app/controllers/api/v1/owners_controller.rb
@@ -15,7 +15,7 @@ def show
   end
 
   def create
-    return render_api_key_forbidden unless @api_key.can_add_owner?
+    return render_forbidden(t(:api_key_forbidden)) unless @api_key.can_add_owner?
 
     owner = User.find_by_name(email_param)
     if owner
@@ -34,7 +34,7 @@ def create
   end
 
   def destroy
-    return render_api_key_forbidden unless @api_key.can_remove_owner?
+    return render_forbidden(t(:api_key_forbidden)) unless @api_key.can_remove_owner?
 
     owner = @rubygem.owners_including_unconfirmed.find_by_name(email_param)
     if owner
@@ -43,7 +43,7 @@ def destroy
         OwnersMailer.owner_removed(ownership.user_id, @api_key.user.id, ownership.rubygem_id).deliver_later
         render plain: response_with_mfa_warning("Owner removed successfully.")
       else
-        render plain: response_with_mfa_warning("Unable to remove owner."), status: :forbidden
+        render_forbidden response_with_mfa_warning("Unable to remove owner.")
       end
     else
       render plain: response_with_mfa_warning("Owner could not be found."), status: :not_found
diff --git a/app/controllers/api/v1/rubygems_controller.rb b/app/controllers/api/v1/rubygems_controller.rb
index 4d6793e1922..54a27a71402 100644
--- a/app/controllers/api/v1/rubygems_controller.rb
+++ b/app/controllers/api/v1/rubygems_controller.rb
@@ -8,7 +8,7 @@ class Api::V1::RubygemsController < Api::BaseController
   after_action  :cors_set_access_control_headers, only: :show
 
   def index
-    return render_forbidden unless @api_key.can_index_rubygems?
+    return render_forbidden(t(:api_key_insufficient_scope)) unless @api_key.can_index_rubygems?
 
     @rubygems = @api_key.user.rubygems.with_versions
       .preload(:linkset, :gem_download, most_recent_version: { dependencies: :rubygem, gem_download: nil })
@@ -33,7 +33,7 @@ def show
   end
 
   def create
-    return render_api_key_forbidden unless @api_key.can_push_rubygem?
+    return render_forbidden(t(:api_key_insufficient_scope)) unless @api_key.can_push_rubygem?
 
     gemcutter = Pusher.new(@api_key, request.body, request:)
     gemcutter.process
diff --git a/app/controllers/api/v1/web_hooks_controller.rb b/app/controllers/api/v1/web_hooks_controller.rb
index 301d73a20b5..ac5a63726c2 100644
--- a/app/controllers/api/v1/web_hooks_controller.rb
+++ b/app/controllers/api/v1/web_hooks_controller.rb
@@ -1,7 +1,7 @@
 class Api::V1::WebHooksController < Api::BaseController
   before_action :authenticate_with_api_key
   before_action :verify_user_api_key
-  before_action :render_api_key_forbidden, if: :api_key_unauthorized?
+  before_action :render_forbidden, if: :api_key_unauthorized?
   before_action :find_rubygem_by_name, :set_url, except: :index
 
   def index
diff --git a/app/models/user/with_private_fields.rb b/app/models/user/with_private_fields.rb
index 23a9a3a6952..164836e3dd9 100644
--- a/app/models/user/with_private_fields.rb
+++ b/app/models/user/with_private_fields.rb
@@ -10,12 +10,9 @@ def payload
 
   def mfa_warning
     if mfa_recommended_not_yet_enabled?
-      "[WARNING] For protection of your account and gems, we encourage you to set up multi-factor authentication " \
-        "at https://rubygems.org/totp/new. Your account will be required to have MFA enabled in the future."
+      I18n.t("multifactor_auths.api.mfa_recommended_not_yet_enabled").chomp
     elsif mfa_recommended_weak_level_enabled?
-      "[WARNING] For protection of your account and gems, we encourage you to change your multi-factor authentication " \
-        "level to 'UI and gem signin' or 'UI and API' at https://rubygems.org/settings/edit. " \
-        "Your account will be required to have MFA enabled on one of these levels in the future."
+      I18n.t("multifactor_auths.api.mfa_recommended_weak_level_enabled").chomp
     end
   end
 end
diff --git a/config/locales/de.yml b/config/locales/de.yml
index d490bee4403..5d8b96c1658 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -26,7 +26,10 @@ de:
   locale_name: Deutsch
   none: None
   not_found: Nicht gefunden
+  api_gem_not_found:
   api_key_forbidden:
+  api_key_soft_deleted:
+  api_key_insufficient_scope:
   please_sign_up: Zugriff verweigert. Bitte melden Sie sich unter https://rubygems.org
     mit einem Konto an
   please_sign_in: Bitte melden Sie sich an, um fortzufahren.
@@ -511,6 +514,12 @@ de:
       die Sicherheit deines Kontos, indem du <a href=\"/settings/edit#security-device\">ein
       neues Gerät einrichtest</a>. <a href=\"https://blog.rubygems.org/2023/08/03/level-up-using-security-devices.html\">Erfahre
       mehr</a>!"
+    api:
+      mfa_required:
+      mfa_required_not_yet_enabled:
+      mfa_required_weak_level_enabled:
+      mfa_recommended_not_yet_enabled:
+      mfa_recommended_weak_level_enabled:
     recovery:
       copied: "[ kopiert ]"
       continue: Weiter
diff --git a/config/locales/en.yml b/config/locales/en.yml
index f78235ae00f..ecc5ab1974d 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -26,7 +26,10 @@ en:
   locale_name: English
   none: None
   not_found: Not Found
+  api_gem_not_found: This gem could not be found
   api_key_forbidden: The API key doesn't have access
+  api_key_soft_deleted: An invalid API key cannot be used. Please delete it and create a new one.
+  api_key_insufficient_scope: This API key cannot perform the specified action on this gem.
   please_sign_up: Access Denied. Please sign up for an account at https://rubygems.org
   please_sign_in: Please sign in to continue.
   otp_incorrect: Your OTP code is incorrect. Please check it and retry.
@@ -427,6 +430,22 @@ en:
     strong_mfa_level_required_html: For protection of your account and your gems, you are required to change your MFA level to "UI and gem signin" or "UI and API". Please read our <a href="https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html">blog post</a> for more details.
     strong_mfa_level_recommended: For protection of your account and your gems, we encourage you to change your MFA level to "UI and gem signin" or "UI and API". Your account will be required to have MFA enabled on one of these levels in the future.
     setup_webauthn_html: 🎉 We now support security devices! Improve your account security by <a href="/settings/edit#security-device">setting up</a> a new device. <a href="https://blog.rubygems.org/2023/08/03/level-up-using-security-devices.html">Learn more</a>!
+    api:
+      mfa_required: Gem requires MFA enabled; You do not have MFA enabled yet.
+      mfa_required_not_yet_enabled: |
+        [ERROR] For protection of your account and your gems, you are required to set up multi-factor authentication at https://rubygems.org/totp/new.
+
+        Please read our blog post for more details (https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html).
+      mfa_required_weak_level_enabled: |
+        [ERROR] For protection of your account and your gems, you are required to change your MFA level to 'UI and gem signin' or 'UI and API' at https://rubygems.org/settings/edit.
+
+        Please read our blog post for more details (https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html).
+      mfa_recommended_not_yet_enabled: |
+        [WARNING] For protection of your account and gems, we encourage you to set up multi-factor authentication at https://rubygems.org/totp/new.
+        Your account will be required to have MFA enabled in the future.
+      mfa_recommended_weak_level_enabled: |
+        [WARNING] For protection of your account and gems, we encourage you to change your multi-factor authentication level to 'UI and gem signin' or 'UI and API' at https://rubygems.org/settings/edit.
+        Your account will be required to have MFA enabled on one of these levels in the future.
     recovery:
       copied: "[ copied ]"
       continue: Continue
diff --git a/config/locales/es.yml b/config/locales/es.yml
index 17af540ada5..6b8649a9742 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -26,7 +26,10 @@ es:
   locale_name: Español
   none: Ninguno
   not_found: No encontrado
+  api_gem_not_found:
   api_key_forbidden: La clave API no tiene acceso
+  api_key_soft_deleted:
+  api_key_insufficient_scope:
   please_sign_up: Acceso denegado. Por favor regístrate en https://rubygems.org
   please_sign_in: Por favor, ingresa en tu cuenta para continuar.
   otp_incorrect: Tu código OTP es incorrecto. Por favor verifícalo y prueba nuevamente.
@@ -496,6 +499,12 @@ es:
     setup_webauthn_html: "\U0001F389 ¡Ahora soportamos dispositivos de seguridad!
       Aumenta la seguridad de tu cuenta <a href=\"/settings/edit#security-device\">configurando</a>
       un nuevo dispositivo."
+    api:
+      mfa_required:
+      mfa_required_not_yet_enabled:
+      mfa_required_weak_level_enabled:
+      mfa_recommended_not_yet_enabled:
+      mfa_recommended_weak_level_enabled:
     recovery:
       copied: "[ copiado ]"
       continue: Continuar
@@ -670,7 +679,8 @@ es:
         %{unconfirmed_email}
       enter_password: Por favor introduce tu contraseña
       optional_full_name: Opcional. Será mostrado en tu perfil público
-      optional_twitter_username: Usuario de X opcional. Será mostrado en tu perfil público
+      optional_twitter_username: Usuario de X opcional. Será mostrado en tu perfil
+        público
       twitter_username: Usuario
       title: Editar perfil
       delete:
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index a309c89e946..5e9e9fa2be8 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -27,7 +27,10 @@ fr:
   locale_name: Français
   none:
   not_found: Introuvable
+  api_gem_not_found:
   api_key_forbidden:
+  api_key_soft_deleted:
+  api_key_insufficient_scope:
   please_sign_up: Accès refusé. Inscrivez-vous sur https://rubygems.org
   please_sign_in:
   otp_incorrect:
@@ -447,6 +450,12 @@ fr:
     strong_mfa_level_required_html:
     strong_mfa_level_recommended:
     setup_webauthn_html:
+    api:
+      mfa_required:
+      mfa_required_not_yet_enabled:
+      mfa_required_weak_level_enabled:
+      mfa_recommended_not_yet_enabled:
+      mfa_recommended_weak_level_enabled:
     recovery:
       copied:
       continue: Continuer
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index 63d23c96f36..ea622b776d7 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -20,7 +20,10 @@ ja:
   locale_name: 日本語
   none: なし
   not_found: 見つかりませんでした
+  api_gem_not_found:
   api_key_forbidden: APIキーにアクセス権がありません
+  api_key_soft_deleted:
+  api_key_insufficient_scope:
   please_sign_up: アクセスが拒否されました。https://rubygems.org でアカウント登録を行ってください。
   please_sign_in: サインインしてお進みください。
   otp_incorrect: OTPのコードが正しくありません。ご確認の上再試行してください。
@@ -428,6 +431,12 @@ ja:
     strong_mfa_level_recommended: アカウントとgemの保護のため、MFAの水準を「UIとgemのサインイン」または「UIとAPI」に変更することをお勧めします。将来のアカウントはこれらの水準のどちらか1つにMFAが有効になっていることが必須になります。
     setup_webauthn_html: "\U0001F389 セキュリティ機器に対応しました！新しい機器を<a href=\"/settings/edit#security-device\">設定</a>してアカウントのセキュリティを向上しましょう。<a
       href=\"https://blog.rubygems.org/2023/08/03/level-up-using-security-devices.html\">詳細はこちら</a>！"
+    api:
+      mfa_required:
+      mfa_required_not_yet_enabled:
+      mfa_required_weak_level_enabled:
+      mfa_recommended_not_yet_enabled:
+      mfa_recommended_weak_level_enabled:
     recovery:
       copied: "[ コピーしました ]"
       continue: 続ける
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index 269bb17ba8a..9bae60eafd8 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -19,7 +19,10 @@ nl:
   locale_name: Nederlands
   none: Geen
   not_found: Niet gevonden
+  api_gem_not_found:
   api_key_forbidden:
+  api_key_soft_deleted:
+  api_key_insufficient_scope:
   please_sign_up: Toegang geweigerd. Schrijf je in voor een account op https://rubygems.org
   please_sign_in:
   otp_incorrect:
@@ -432,6 +435,12 @@ nl:
     strong_mfa_level_required_html:
     strong_mfa_level_recommended:
     setup_webauthn_html:
+    api:
+      mfa_required:
+      mfa_required_not_yet_enabled:
+      mfa_required_weak_level_enabled:
+      mfa_recommended_not_yet_enabled:
+      mfa_recommended_weak_level_enabled:
     recovery:
       copied:
       continue:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index 57d2269b7f7..73cc4a7eef1 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -25,7 +25,10 @@ pt-BR:
   locale_name: Português do Brasil
   none: Nenhum
   not_found: Não encontrado
+  api_gem_not_found:
   api_key_forbidden:
+  api_key_soft_deleted:
+  api_key_insufficient_scope:
   please_sign_up: Acesso Negado. Por favor se registre em https://rubygems.org
   please_sign_in: Por favor, faça login em sua conta para continuar.
   otp_incorrect: Seu código OTP está incorreto. Por favor, verifique-o e tente novamente.
@@ -443,6 +446,12 @@ pt-BR:
     strong_mfa_level_required_html:
     strong_mfa_level_recommended:
     setup_webauthn_html:
+    api:
+      mfa_required:
+      mfa_required_not_yet_enabled:
+      mfa_required_weak_level_enabled:
+      mfa_recommended_not_yet_enabled:
+      mfa_recommended_weak_level_enabled:
     recovery:
       copied:
       continue:
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index e52330c68de..9ad807e5c76 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -21,7 +21,10 @@ zh-CN:
   locale_name: 简体中文
   none: 无
   not_found: 未找到
+  api_gem_not_found:
   api_key_forbidden: API 密钥没有访问权限
+  api_key_soft_deleted:
+  api_key_insufficient_scope:
   please_sign_up: 拒绝访问。请在 https://rubygems.org 上注册一个账号。
   please_sign_in: 请先登录以继续
   otp_incorrect: 您的 OTP 码不正确。请检查后重试。
@@ -436,6 +439,12 @@ zh-CN:
     strong_mfa_level_recommended: 为了保护您的帐户和您的 Gem，我们建议您将您的多因素验证级别更改为 "UI and gem signin"
       或 "UI and API"。在将来，您的帐户将被要求在其中某一个级别上启用多因素验证。
     setup_webauthn_html:
+    api:
+      mfa_required:
+      mfa_required_not_yet_enabled:
+      mfa_required_weak_level_enabled:
+      mfa_recommended_not_yet_enabled:
+      mfa_recommended_weak_level_enabled:
     recovery:
       copied: "[ 已复制 ]"
       continue: 继续
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index 0ce6860de28..a459d5180a8 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -20,7 +20,10 @@ zh-TW:
   locale_name: 正體中文
   none: 無
   not_found: 沒有找到
+  api_gem_not_found:
   api_key_forbidden: API 金鑰沒有存取權限
+  api_key_soft_deleted:
+  api_key_insufficient_scope:
   please_sign_up: 存取遭拒。請先在 https://rubygems.org 上註冊帳號
   please_sign_in: 請登入以繼續。
   otp_incorrect: 您的 OTP 碼不正確。請檢查後再試一次。
@@ -431,6 +434,12 @@ zh-TW:
       或 "使用者介面和 API"。未來我們將強制要求所有帳號將設為上述 MFA 等級。
     setup_webauthn_html: "\U0001F389 我們現在支援安全裝置了！<a href=\"/settings/edit#security-device\">設定</a>新的裝置來提升您的帳號安全。<a
       href=\"https://blog.rubygems.org/2023/08/03/level-up-using-security-devices.html\">了解詳情</a>！"
+    api:
+      mfa_required:
+      mfa_required_not_yet_enabled:
+      mfa_required_weak_level_enabled:
+      mfa_recommended_not_yet_enabled:
+      mfa_recommended_weak_level_enabled:
     recovery:
       copied: "[ 已複製 ]"
       continue: 繼續
diff --git a/test/functional/api/v1/api_keys_controller_test.rb b/test/functional/api/v1/api_keys_controller_test.rb
index 62066783a9b..b0ba00d58e5 100644
--- a/test/functional/api/v1/api_keys_controller_test.rb
+++ b/test/functional/api/v1/api_keys_controller_test.rb
@@ -469,12 +469,7 @@ def self.should_expect_otp_for_update
 
         should "deny access" do
           assert_response :forbidden
-          mfa_error = <<~ERROR.chomp
-            [ERROR] For protection of your account and your gems, you are required to set up multi-factor authentication \
-            at https://rubygems.org/totp/new.
-
-            Please read our blog post for more details (https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html).
-          ERROR
+          mfa_error = I18n.t("multifactor_auths.api.mfa_required_not_yet_enabled").chomp
 
           assert_match mfa_error, @response.body
         end
@@ -488,12 +483,7 @@ def self.should_expect_otp_for_update
 
         should "deny access" do
           assert_response :forbidden
-          mfa_error = <<~ERROR.chomp
-            [ERROR] For protection of your account and your gems, you are required to change your MFA level to 'UI and gem signin' or 'UI and API' \
-            at https://rubygems.org/settings/edit.
-
-            Please read our blog post for more details (https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html).
-          ERROR
+          mfa_error = I18n.t("multifactor_auths.api.mfa_required_weak_level_enabled").chomp
 
           assert_match mfa_error, @response.body
         end
diff --git a/test/functional/api/v1/deletions_controller_test.rb b/test/functional/api/v1/deletions_controller_test.rb
index 2bd2d47a6e0..d10cbef1274 100644
--- a/test/functional/api/v1/deletions_controller_test.rb
+++ b/test/functional/api/v1/deletions_controller_test.rb
@@ -189,12 +189,7 @@ class Api::V1::DeletionsControllerTest < ActionController::TestCase
           should respond_with :forbidden
 
           should "show error message" do
-            mfa_error = <<~ERROR.chomp
-              [ERROR] For protection of your account and your gems, you are required to set up multi-factor authentication \
-              at https://rubygems.org/totp/new.
-
-              Please read our blog post for more details (https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html).
-            ERROR
+            mfa_error = I18n.t("multifactor_auths.api.mfa_required_not_yet_enabled").chomp
 
             assert_includes @response.body, mfa_error
           end
@@ -209,12 +204,7 @@ class Api::V1::DeletionsControllerTest < ActionController::TestCase
           should respond_with :forbidden
 
           should "show error message" do
-            mfa_error = <<~ERROR.chomp
-              [ERROR] For protection of your account and your gems, you are required to change your MFA level to 'UI and gem signin' or 'UI and API' \
-              at https://rubygems.org/settings/edit.
-
-              Please read our blog post for more details (https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html).
-            ERROR
+            mfa_error = I18n.t("multifactor_auths.api.mfa_required_weak_level_enabled").chomp
 
             assert_includes @response.body, mfa_error
           end
@@ -290,12 +280,7 @@ class Api::V1::DeletionsControllerTest < ActionController::TestCase
               delete :create, params: { gem_name: gem[:name], version: gem[:version] }
 
               assert_response gem[:deletion_status]
-              mfa_warning = <<~WARN.chomp
-
-
-                [WARNING] For protection of your account and gems, we encourage you to set up multi-factor authentication \
-                at https://rubygems.org/totp/new. Your account will be required to have MFA enabled in the future.
-              WARN
+              mfa_warning = "\n\n#{I18n.t('multifactor_auths.api.mfa_recommended_not_yet_enabled')}".chomp
 
               assert_includes @response.body, mfa_warning
             end
@@ -312,13 +297,7 @@ class Api::V1::DeletionsControllerTest < ActionController::TestCase
               delete :create, params: { gem_name: gem[:name], version: gem[:version] }
 
               assert_response gem[:deletion_status]
-              mfa_warning = <<~WARN.chomp
-
-
-                [WARNING] For protection of your account and gems, we encourage you to change your multi-factor authentication \
-                level to 'UI and gem signin' or 'UI and API' at https://rubygems.org/settings/edit. \
-                Your account will be required to have MFA enabled on one of these levels in the future.
-              WARN
+              mfa_warning = "\n\n#{I18n.t('multifactor_auths.api.mfa_recommended_weak_level_enabled')}".chomp
 
               assert_includes @response.body, mfa_warning
             end
@@ -336,9 +315,8 @@ class Api::V1::DeletionsControllerTest < ActionController::TestCase
               delete :create, params: { gem_name: gem[:name], version: gem[:version] }
 
               assert_response gem[:deletion_status]
-              mfa_warning = "[WARNING] For protection of your account and gems"
-
-              refute_includes @response.body, mfa_warning
+              refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_not_yet_enabled").chomp
+              refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_weak_level_enabled").chomp
             end
           end
         end
@@ -354,9 +332,8 @@ class Api::V1::DeletionsControllerTest < ActionController::TestCase
               delete :create, params: { gem_name: gem[:name], version: gem[:version] }
 
               assert_response gem[:deletion_status]
-              mfa_warning = "[WARNING] For protection of your account and gems"
-
-              refute_includes @response.body, mfa_warning
+              refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_not_yet_enabled").chomp
+              refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_weak_level_enabled").chomp
             end
           end
         end
diff --git a/test/functional/api/v1/owners_controller_test.rb b/test/functional/api/v1/owners_controller_test.rb
index 6a2369bc2ca..7f5e8df6e40 100644
--- a/test/functional/api/v1/owners_controller_test.rb
+++ b/test/functional/api/v1/owners_controller_test.rb
@@ -401,12 +401,8 @@ def self.should_respond_to(format)
               post :create, params: { rubygem_id: @rubygem.slug, email: email }
 
               assert_equal 403, @response.status
-              mfa_error = <<~ERROR.chomp
-                [ERROR] For protection of your account and your gems, you are required to set up multi-factor authentication \
-                at https://rubygems.org/totp/new.
+              mfa_error = I18n.t("multifactor_auths.api.mfa_required_not_yet_enabled").chomp
 
-                Please read our blog post for more details (https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html).
-              ERROR
               assert_includes @response.body, mfa_error
             end
           end
@@ -422,12 +418,8 @@ def self.should_respond_to(format)
               post :create, params: { rubygem_id: @rubygem.slug, email: email }
 
               assert_equal 403, @response.status
-              mfa_error = <<~ERROR.chomp
-                [ERROR] For protection of your account and your gems, you are required to change your MFA level to 'UI and gem signin' or 'UI and API' \
-                at https://rubygems.org/settings/edit.
+              mfa_error = I18n.t("multifactor_auths.api.mfa_required_weak_level_enabled").chomp
 
-                Please read our blog post for more details (https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html).
-              ERROR
               assert_includes @response.body, mfa_error
             end
           end
@@ -473,12 +465,7 @@ def self.should_respond_to(format)
           should "include mfa setup warning" do
             @emails.each do |email|
               post :create, params: { rubygem_id: @rubygem.slug, email: email }
-              mfa_warning = <<~WARN.chomp
-
-
-                [WARNING] For protection of your account and gems, we encourage you to set up multi-factor authentication \
-                at https://rubygems.org/totp/new. Your account will be required to have MFA enabled in the future.
-              WARN
+              mfa_warning = "\n\n#{I18n.t('multifactor_auths.api.mfa_recommended_not_yet_enabled')}".chomp
 
               assert_includes @response.body, mfa_warning
             end
@@ -493,13 +480,7 @@ def self.should_respond_to(format)
           should "include change mfa level warning" do
             @emails.each do |email|
               post :create, params: { rubygem_id: @rubygem.slug, email: email }
-              mfa_warning = <<~WARN.chomp
-
-
-                [WARNING] For protection of your account and gems, we encourage you to change your multi-factor authentication \
-                level to 'UI and gem signin' or 'UI and API' at https://rubygems.org/settings/edit. \
-                Your account will be required to have MFA enabled on one of these levels in the future.
-              WARN
+              mfa_warning = "\n\n#{I18n.t('multifactor_auths.api.mfa_recommended_weak_level_enabled')}".chomp
 
               assert_includes @response.body, mfa_warning
             end
@@ -514,9 +495,9 @@ def self.should_respond_to(format)
           should "not include MFA warnings" do
             @emails.each do |email|
               post :create, params: { rubygem_id: @rubygem.slug, email: email }
-              mfa_warning = "[WARNING] For protection of your account and gems"
 
-              refute_includes @response.body, mfa_warning
+              refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_not_yet_enabled").chomp
+              refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_weak_level_enabled").chomp
             end
           end
         end
@@ -530,9 +511,9 @@ def self.should_respond_to(format)
           should "not include mfa warnings" do
             @emails.each do |email|
               post :create, params: { rubygem_id: @rubygem.slug, email: email }
-              mfa_warning = "[WARNING] For protection of your account and gems"
 
-              refute_includes @response.body, mfa_warning
+              refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_not_yet_enabled").chomp
+              refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_weak_level_enabled").chomp
             end
           end
         end
@@ -784,12 +765,8 @@ def self.should_respond_to(format)
               delete :destroy, params: { rubygem_id: @rubygem.slug, email: email }
 
               assert_equal 403, response.status
-              mfa_error = <<~ERROR.chomp
-                [ERROR] For protection of your account and your gems, you are required to set up multi-factor authentication \
-                at https://rubygems.org/totp/new.
+              mfa_error = I18n.t("multifactor_auths.api.mfa_required_not_yet_enabled").chomp
 
-                Please read our blog post for more details (https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html).
-              ERROR
               assert_includes @response.body, mfa_error
             end
           end
@@ -805,12 +782,8 @@ def self.should_respond_to(format)
               delete :destroy, params: { rubygem_id: @rubygem.slug, email: email }
 
               assert_equal 403, @response.status
-              mfa_error = <<~ERROR.chomp
-                [ERROR] For protection of your account and your gems, you are required to change your MFA level to 'UI and gem signin' or 'UI and API' \
-                at https://rubygems.org/settings/edit.
+              mfa_error = I18n.t("multifactor_auths.api.mfa_required_weak_level_enabled").chomp
 
-                Please read our blog post for more details (https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html).
-              ERROR
               assert_includes @response.body, mfa_error
             end
           end
@@ -856,12 +829,7 @@ def self.should_respond_to(format)
           should "include mfa setup warning" do
             @emails.each do |email|
               delete :destroy, params: { rubygem_id: @rubygem.slug, email: email }
-              mfa_warning = <<~WARN.chomp
-
-
-                [WARNING] For protection of your account and gems, we encourage you to set up multi-factor authentication \
-                at https://rubygems.org/totp/new. Your account will be required to have MFA enabled in the future.
-              WARN
+              mfa_warning = "\n\n#{I18n.t('multifactor_auths.api.mfa_recommended_not_yet_enabled')}".chomp
 
               assert_includes @response.body, mfa_warning
             end
@@ -876,13 +844,7 @@ def self.should_respond_to(format)
           should "include change mfa level warning" do
             @emails.each do |email|
               delete :destroy, params: { rubygem_id: @rubygem.slug, email: email }
-              mfa_warning = <<~WARN.chomp
-
-
-                [WARNING] For protection of your account and gems, we encourage you to change your multi-factor authentication \
-                level to 'UI and gem signin' or 'UI and API' at https://rubygems.org/settings/edit. \
-                Your account will be required to have MFA enabled on one of these levels in the future.
-              WARN
+              mfa_warning = "\n\n#{I18n.t('multifactor_auths.api.mfa_recommended_weak_level_enabled')}".chomp
 
               assert_includes @response.body, mfa_warning
             end
@@ -897,9 +859,9 @@ def self.should_respond_to(format)
           should "not include mfa warnings" do
             @emails.each do |email|
               delete :destroy, params: { rubygem_id: @rubygem.slug, email: email }
-              mfa_warning = "[WARNING] For protection of your account and gems"
 
-              refute_includes @response.body, mfa_warning
+              refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_not_yet_enabled").chomp
+              refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_weak_level_enabled").chomp
             end
           end
         end
@@ -913,9 +875,9 @@ def self.should_respond_to(format)
           should "not include mfa warnings" do
             @emails.each do |email|
               delete :destroy, params: { rubygem_id: @rubygem.slug, email: email }
-              mfa_warning = "[WARNING] For protection of your account and gems"
 
-              refute_includes @response.body, mfa_warning
+              refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_not_yet_enabled").chomp
+              refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_weak_level_enabled").chomp
             end
           end
         end
diff --git a/test/functional/api/v1/profiles_controller_test.rb b/test/functional/api/v1/profiles_controller_test.rb
index 401046e4113..b39f0d32969 100644
--- a/test/functional/api/v1/profiles_controller_test.rb
+++ b/test/functional/api/v1/profiles_controller_test.rb
@@ -27,15 +27,6 @@ def assert_mfa_info_included(mfa_level)
     assert_match mfa_level, @response.body
   end
 
-  def assert_warning_included(expected_warning)
-    assert response_body.key?("warning")
-    assert_match expected_warning, response_body["warning"].to_s
-  end
-
-  def refute_warning_included(expected_warning)
-    refute_match expected_warning, response_body["warning"].to_s
-  end
-
   def refute_mfa_info_included(mfa_level)
     refute response_body.key?("mfa")
     refute_match mfa_level, @response.body
@@ -101,11 +92,9 @@ def refute_mfa_info_included(mfa_level)
 
           context "when mfa is disabled" do
             should "include warning" do
-              expected_warning =
-                "For protection of your account and gems, we encourage you to set up multi-factor authentication " \
-                "at https://rubygems.org/totp/new. Your account will be required to have MFA enabled in the future."
+              expected_warning = I18n.t("multifactor_auths.api.mfa_recommended_not_yet_enabled").chomp
 
-              assert_warning_included(expected_warning)
+              assert_includes response_body["warning"].to_s, expected_warning
             end
           end
 
@@ -117,12 +106,9 @@ def refute_mfa_info_included(mfa_level)
               end
 
               should "include warning" do
-                expected_warning =
-                  "For protection of your account and gems, we encourage you to change your multi-factor authentication " \
-                  "level to 'UI and gem signin' or 'UI and API' at https://rubygems.org/settings/edit. " \
-                  "Your account will be required to have MFA enabled on one of these levels in the future."
+                expected_warning = I18n.t("multifactor_auths.api.mfa_recommended_weak_level_enabled").chomp
 
-                assert_warning_included(expected_warning)
+                assert_includes response_body["warning"].to_s, expected_warning
               end
             end
 
@@ -133,10 +119,9 @@ def refute_mfa_info_included(mfa_level)
               end
 
               should "not include warning in user json" do
-                unexpected_warning =
-                  "For protection of your account and gems"
+                unexpected_warning = "For protection of your account and gems"
 
-                refute_warning_included(unexpected_warning)
+                refute_includes response_body["warning"].to_s, unexpected_warning
               end
             end
 
@@ -147,10 +132,9 @@ def refute_mfa_info_included(mfa_level)
               end
 
               should "not include warning" do
-                unexpected_warning =
-                  "For protection of your account and gems"
+                unexpected_warning = "For protection of your account and gems"
 
-                refute_warning_included(unexpected_warning)
+                refute_includes response_body["warning"].to_s, unexpected_warning
               end
             end
           end
diff --git a/test/functional/api/v1/rubygems_controller_test.rb b/test/functional/api/v1/rubygems_controller_test.rb
index 8c644632e2e..cf60b05c4c4 100644
--- a/test/functional/api/v1/rubygems_controller_test.rb
+++ b/test/functional/api/v1/rubygems_controller_test.rb
@@ -560,12 +560,7 @@ def self.should_respond_to(format)
         should respond_with :forbidden
 
         should "show error message" do
-          mfa_error = <<~ERROR.chomp
-            [ERROR] For protection of your account and your gems, you are required to set up multi-factor authentication \
-            at https://rubygems.org/totp/new.
-
-            Please read our blog post for more details (https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html).
-          ERROR
+          mfa_error = I18n.t("multifactor_auths.api.mfa_required_not_yet_enabled").chomp
 
           assert_includes @response.body, mfa_error
         end
@@ -580,12 +575,7 @@ def self.should_respond_to(format)
         should respond_with :forbidden
 
         should "show error message" do
-          mfa_error = <<~ERROR.chomp
-            [ERROR] For protection of your account and your gems, you are required to change your MFA level to 'UI and gem signin' or 'UI and API' \
-            at https://rubygems.org/settings/edit.
-
-            Please read our blog post for more details (https://blog.rubygems.org/2022/08/15/requiring-mfa-on-popular-gems.html).
-          ERROR
+          mfa_error = I18n.t("multifactor_auths.api.mfa_required_weak_level_enabled").chomp
 
           assert_includes @response.body, mfa_error
         end
@@ -600,7 +590,8 @@ def self.should_respond_to(format)
         should respond_with :success
 
         should "not show error message" do
-          refute_includes @response.body, "For protection of your account and your gems"
+          refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_required_not_yet_enabled").chomp
+          refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_required_weak_level_enabled").chomp
         end
       end
 
@@ -614,7 +605,8 @@ def self.should_respond_to(format)
         should respond_with :success
 
         should "not show error message" do
-          refute_includes @response.body, "For protection of your account and your gems"
+          refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_required_not_yet_enabled").chomp
+          refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_required_weak_level_enabled").chomp
         end
       end
     end
@@ -630,14 +622,7 @@ def self.should_respond_to(format)
         end
 
         should "include mfa setup warning" do
-          mfa_warning = <<~WARN.chomp
-
-
-            [WARNING] For protection of your account and gems, we encourage you to set up multi-factor authentication \
-            at https://rubygems.org/totp/new. Your account will be required to have MFA enabled in the future.
-          WARN
-
-          assert_includes @response.body, mfa_warning
+          assert_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_not_yet_enabled").chomp
         end
       end
 
@@ -648,15 +633,7 @@ def self.should_respond_to(format)
         end
 
         should "include change mfa level warning" do
-          mfa_warning = <<~WARN.chomp
-
-
-            [WARNING] For protection of your account and gems, we encourage you to change your multi-factor authentication \
-            level to 'UI and gem signin' or 'UI and API' at https://rubygems.org/settings/edit. \
-            Your account will be required to have MFA enabled on one of these levels in the future.
-          WARN
-
-          assert_includes @response.body, mfa_warning
+          assert_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_weak_level_enabled").chomp
         end
       end
 
@@ -669,9 +646,8 @@ def self.should_respond_to(format)
 
         should respond_with :success
         should "not include mfa warning" do
-          mfa_warning = "[WARNING] For protection of your account and gems"
-
-          refute_includes @response.body, mfa_warning
+          refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_not_yet_enabled").chomp
+          refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_weak_level_enabled").chomp
         end
       end
 
@@ -684,9 +660,8 @@ def self.should_respond_to(format)
 
         should respond_with :success
         should "not include mfa warning" do
-          mfa_warning = "[WARNING] For protection of your account and gems"
-
-          refute_includes @response.body, mfa_warning
+          refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_not_yet_enabled").chomp
+          refute_includes @response.body, I18n.t("multifactor_auths.api.mfa_recommended_weak_level_enabled").chomp
         end
       end
     end
@@ -786,8 +761,8 @@ def self.should_respond_to(format)
       end
       should respond_with :forbidden
 
-      should "return body that starts with denied access message" do
-        assert @response.body.start_with?("The API key doesn't have access")
+      should "return body that includes the denied access message" do
+        assert_includes @response.body, "This API key cannot perform the specified action on this gem."
       end
     end
   end
diff --git a/test/models/user/with_private_fields_test.rb b/test/models/user/with_private_fields_test.rb
index 2c6b15b19ce..2741aef1382 100644
--- a/test/models/user/with_private_fields_test.rb
+++ b/test/models/user/with_private_fields_test.rb
@@ -14,11 +14,9 @@ class User::WithPrivateFieldsTest < ActiveSupport::TestCase
 
       context "when mfa is disabled" do
         should "include warning in user json" do
-          expected_notice =
-            "[WARNING] For protection of your account and gems, we encourage you to set up multi-factor authentication " \
-            "at https://rubygems.org/totp/new. Your account will be required to have MFA enabled in the future."
+          expected_notice = I18n.t("multifactor_auths.api.mfa_recommended_not_yet_enabled").chomp
 
-          assert_match expected_notice, @user.to_json
+          assert_includes JSON.parse(@user.to_json)["warning"], expected_notice
         end
       end
 
@@ -29,12 +27,9 @@ class User::WithPrivateFieldsTest < ActiveSupport::TestCase
           end
 
           should "include warning in user json" do
-            expected_notice =
-              "[WARNING] For protection of your account and gems, we encourage you to change your multi-factor authentication " \
-              "level to 'UI and gem signin' or 'UI and API' at https://rubygems.org/settings/edit. " \
-              "Your account will be required to have MFA enabled on one of these levels in the future."
+            expected_notice = I18n.t("multifactor_auths.api.mfa_recommended_weak_level_enabled").chomp
 
-            assert_match expected_notice, @user.to_json
+            assert_includes JSON.parse(@user.to_json)["warning"], expected_notice
           end
         end
 
@@ -44,10 +39,9 @@ class User::WithPrivateFieldsTest < ActiveSupport::TestCase
           end
 
           should "not include warning in user json" do
-            unexpected_notice =
-              "[WARNING] For protection of your account and gems"
+            unexpected_notice = I18n.t("multifactor_auths.api.mfa_recommended_not_yet_enabled").chomp
 
-            refute_match unexpected_notice, @user.to_json
+            refute_includes JSON.parse(@user.to_json)["warning"].to_s, unexpected_notice
           end
         end
 
@@ -57,10 +51,9 @@ class User::WithPrivateFieldsTest < ActiveSupport::TestCase
           end
 
           should "not include warning in user json" do
-            unexpected_notice =
-              "[WARNING] For protection of your account and gems"
+            unexpected_notice = I18n.t("multifactor_auths.api.mfa_recommended_weak_level_enabled").chomp
 
-            refute_match unexpected_notice, @user.to_json
+            refute_includes JSON.parse(@user.to_json)["warning"].to_s, unexpected_notice
           end
         end
       end

From faeab4ee53a0faf1fe32292d49c24efeae056fdd Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Thu, 11 Jul 2024 17:38:29 -0700
Subject: [PATCH 014/381] Add no-op policies to api actions (#4884)

---
 app/controllers/api/base_controller.rb        |  1 +
 .../api/v1/deletions_controller.rb            |  1 +
 app/controllers/api/v1/owners_controller.rb   |  2 ++
 app/controllers/api/v1/rubygems_controller.rb |  2 ++
 .../api/v1/web_hooks_controller.rb            |  7 +++++--
 app/policies/api/rubygem_policy.rb            | 20 +++++++++++++++++++
 app/policies/api/web_hook_policy.rb           | 20 +++++++++++++++++++
 7 files changed, 51 insertions(+), 2 deletions(-)
 create mode 100644 app/policies/api/web_hook_policy.rb

diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
index 5650be62848..5ae17b2a49d 100644
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -72,6 +72,7 @@ def policy_scope(scope)
   end
 
   def authorize(record, query = nil)
+    return if record.nil? # not found is handled by the action
     super(Array.wrap(record).prepend(:api), query)
   end
 
diff --git a/app/controllers/api/v1/deletions_controller.rb b/app/controllers/api/v1/deletions_controller.rb
index 4ead8e71c2e..5f5590fa4e1 100644
--- a/app/controllers/api/v1/deletions_controller.rb
+++ b/app/controllers/api/v1/deletions_controller.rb
@@ -9,6 +9,7 @@ class Api::V1::DeletionsController < Api::BaseController
   before_action :verify_mfa_requirement
 
   def create
+    authorize @rubygem, :yank?
     @deletion = @api_key.user.deletions.build(version: @version)
     if @deletion.save
       StatsD.increment "yank.success"
diff --git a/app/controllers/api/v1/owners_controller.rb b/app/controllers/api/v1/owners_controller.rb
index b6203b73be0..2ee1b5fc215 100644
--- a/app/controllers/api/v1/owners_controller.rb
+++ b/app/controllers/api/v1/owners_controller.rb
@@ -15,6 +15,7 @@ def show
   end
 
   def create
+    authorize @rubygem, :add_owner?
     return render_forbidden(t(:api_key_forbidden)) unless @api_key.can_add_owner?
 
     owner = User.find_by_name(email_param)
@@ -34,6 +35,7 @@ def create
   end
 
   def destroy
+    authorize @rubygem, :remove_owner?
     return render_forbidden(t(:api_key_forbidden)) unless @api_key.can_remove_owner?
 
     owner = @rubygem.owners_including_unconfirmed.find_by_name(email_param)
diff --git a/app/controllers/api/v1/rubygems_controller.rb b/app/controllers/api/v1/rubygems_controller.rb
index 54a27a71402..c7c29cf8529 100644
--- a/app/controllers/api/v1/rubygems_controller.rb
+++ b/app/controllers/api/v1/rubygems_controller.rb
@@ -8,6 +8,7 @@ class Api::V1::RubygemsController < Api::BaseController
   after_action  :cors_set_access_control_headers, only: :show
 
   def index
+    authorize Rubygem, :index?
     return render_forbidden(t(:api_key_insufficient_scope)) unless @api_key.can_index_rubygems?
 
     @rubygems = @api_key.user.rubygems.with_versions
@@ -33,6 +34,7 @@ def show
   end
 
   def create
+    authorize Rubygem, :create?
     return render_forbidden(t(:api_key_insufficient_scope)) unless @api_key.can_push_rubygem?
 
     gemcutter = Pusher.new(@api_key, request.body, request:)
diff --git a/app/controllers/api/v1/web_hooks_controller.rb b/app/controllers/api/v1/web_hooks_controller.rb
index ac5a63726c2..20ebff61aef 100644
--- a/app/controllers/api/v1/web_hooks_controller.rb
+++ b/app/controllers/api/v1/web_hooks_controller.rb
@@ -5,6 +5,7 @@ class Api::V1::WebHooksController < Api::BaseController
   before_action :find_rubygem_by_name, :set_url, except: :index
 
   def index
+    authorize WebHook
     respond_to do |format|
       format.json { render json: @api_key.user.all_hooks }
       format.yaml { render yaml: @api_key.user.all_hooks }
@@ -12,7 +13,7 @@ def index
   end
 
   def create
-    webhook = @api_key.user.web_hooks.build(url: @url, rubygem: @rubygem)
+    webhook = authorize @api_key.user.web_hooks.build(url: @url, rubygem: @rubygem)
     if webhook.save
       render(plain: webhook.success_message, status: :created)
     else
@@ -21,7 +22,7 @@ def create
   end
 
   def remove
-    webhook = @api_key.user.web_hooks.find_by_rubygem_id_and_url(@rubygem&.id, @url)
+    webhook = authorize @api_key.user.web_hooks.find_by_rubygem_id_and_url(@rubygem&.id, @url)
     if webhook&.destroy
       render(plain: webhook.removed_message)
     else
@@ -33,6 +34,8 @@ def fire
     webhook = @api_key.user.web_hooks.new(url: @url)
     @rubygem ||= Rubygem.find_by_name("gemcutter")
 
+    authorize webhook
+
     if webhook.fire(request.protocol.delete("://"), request.host_with_port,
                     @rubygem.most_recent_version, delayed: false)
       render plain: webhook.deployed_message(@rubygem)
diff --git a/app/policies/api/rubygem_policy.rb b/app/policies/api/rubygem_policy.rb
index 9c52e5273b6..f198211f833 100644
--- a/app/policies/api/rubygem_policy.rb
+++ b/app/policies/api/rubygem_policy.rb
@@ -4,6 +4,26 @@ class Scope < Api::ApplicationPolicy::Scope
 
   alias rubygem record
 
+  def index?
+    true
+  end
+
+  def create?
+    true
+  end
+
+  def yank?
+    true
+  end
+
+  def add_owner?
+    true
+  end
+
+  def remove_owner?
+    true
+  end
+
   def show_trusted_publishers?
     api_key_scope?(:configure_trusted_publishers, rubygem) && user_policy!.show_trusted_publishers?
   end
diff --git a/app/policies/api/web_hook_policy.rb b/app/policies/api/web_hook_policy.rb
new file mode 100644
index 00000000000..ab90e3dc3b5
--- /dev/null
+++ b/app/policies/api/web_hook_policy.rb
@@ -0,0 +1,20 @@
+class Api::WebHookPolicy < Api::ApplicationPolicy
+  class Scope < Api::ApplicationPolicy::Scope
+  end
+
+  def index?
+    true
+  end
+
+  def create?
+    true
+  end
+
+  def fire?
+    true
+  end
+
+  def remove?
+    true
+  end
+end

From 8df57dfa141a2eb1b358b14896058164c957242b Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sat, 29 Jun 2024 20:02:36 -0700
Subject: [PATCH 015/381] support puma-dev and .pumaenv.local

---
 .gitignore                         | 1 +
 .pumaenv                           | 1 +
 config/environments/development.rb | 2 ++
 3 files changed, 4 insertions(+)
 create mode 100644 .pumaenv

diff --git a/.gitignore b/.gitignore
index 1f91c4ccd45..fcfb8481101 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,6 +24,7 @@ latest_dump
 coverage
 REVISION
 /.env*
+/.pumaenv.local
 /doc/erd.*
 
 /app/assets/builds/*
diff --git a/.pumaenv b/.pumaenv
new file mode 100644
index 00000000000..57afa2d530a
--- /dev/null
+++ b/.pumaenv
@@ -0,0 +1 @@
+[[ -e ".pumaenv.local" ]] && source .pumaenv.local
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 63cbd9de3ce..42bbef4f7de 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -129,4 +129,6 @@
     config.active_record.verbose_query_logs = false
     config.action_view.cache_template_loading = true
   end
+
+  config.hosts << "rubygems.test"
 end

From 7ec974b5ed0d38b66ae52c532aa213ccd493094c Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sat, 29 Jun 2024 20:03:05 -0700
Subject: [PATCH 016/381] generate some orgs

---
 app/avo/resources/org_resource.rb        | 14 ++++++++++++++
 app/controllers/avo/orgs_controller.rb   |  4 ++++
 app/models/org.rb                        |  2 ++
 db/migrate/20240630025625_create_orgs.rb | 11 +++++++++++
 db/schema.rb                             |  8 ++++++++
 test/factories/orgs.rb                   |  7 +++++++
 test/models/org_test.rb                  |  7 +++++++
 7 files changed, 53 insertions(+)
 create mode 100644 app/avo/resources/org_resource.rb
 create mode 100644 app/controllers/avo/orgs_controller.rb
 create mode 100644 app/models/org.rb
 create mode 100644 db/migrate/20240630025625_create_orgs.rb
 create mode 100644 test/factories/orgs.rb
 create mode 100644 test/models/org_test.rb

diff --git a/app/avo/resources/org_resource.rb b/app/avo/resources/org_resource.rb
new file mode 100644
index 00000000000..7f6d95a8e69
--- /dev/null
+++ b/app/avo/resources/org_resource.rb
@@ -0,0 +1,14 @@
+class OrgResource < Avo::BaseResource
+  self.title = :id
+  self.includes = []
+  # self.search_query = -> do
+  #   scope.ransack(id_eq: params[:q], m: "or").result(distinct: false)
+  # end
+
+  field :id, as: :id
+  # Fields generated from the model
+  field :handle, as: :text
+  field :full_name, as: :text
+  field :deleted_at, as: :date_time
+  # add fields here
+end
diff --git a/app/controllers/avo/orgs_controller.rb b/app/controllers/avo/orgs_controller.rb
new file mode 100644
index 00000000000..a609597f52a
--- /dev/null
+++ b/app/controllers/avo/orgs_controller.rb
@@ -0,0 +1,4 @@
+# This controller has been generated to enable Rails' resource routes.
+# More information on https://docs.avohq.io/2.0/controllers.html
+class Avo::OrgsController < Avo::ResourcesController
+end
diff --git a/app/models/org.rb b/app/models/org.rb
new file mode 100644
index 00000000000..92f75444aa6
--- /dev/null
+++ b/app/models/org.rb
@@ -0,0 +1,2 @@
+class Org < ApplicationRecord
+end
diff --git a/db/migrate/20240630025625_create_orgs.rb b/db/migrate/20240630025625_create_orgs.rb
new file mode 100644
index 00000000000..3f5b93135bd
--- /dev/null
+++ b/db/migrate/20240630025625_create_orgs.rb
@@ -0,0 +1,11 @@
+class CreateOrgs < ActiveRecord::Migration[7.1]
+  def change
+    create_table :orgs do |t|
+      t.string :handle
+      t.string :full_name
+      t.timestamp :deleted_at
+
+      t.timestamps
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index e1bf4f13690..be83009c562 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -382,6 +382,14 @@
     t.index ["repository_owner", "repository_name", "repository_owner_id", "workflow_filename", "environment"], name: "index_oidc_trusted_publisher_github_actions_claims", unique: true
   end
 
+  create_table "orgs", force: :cascade do |t|
+    t.string "handle"
+    t.string "full_name"
+    t.datetime "deleted_at", precision: nil
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+  end
+
   create_table "ownership_calls", force: :cascade do |t|
     t.bigint "rubygem_id"
     t.bigint "user_id"
diff --git a/test/factories/orgs.rb b/test/factories/orgs.rb
new file mode 100644
index 00000000000..abb7aedde62
--- /dev/null
+++ b/test/factories/orgs.rb
@@ -0,0 +1,7 @@
+FactoryBot.define do
+  factory :org do
+    handle { "MyString" }
+    full_name { "MyString" }
+    deleted_at { "2024-06-29 19:56:25" }
+  end
+end
diff --git a/test/models/org_test.rb b/test/models/org_test.rb
new file mode 100644
index 00000000000..54d5346c0bd
--- /dev/null
+++ b/test/models/org_test.rb
@@ -0,0 +1,7 @@
+require "test_helper"
+
+class OrgTest < ActiveSupport::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end

From df107ce9b1a2e7313e14c6ba3dbb8a56700b7b7e Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sat, 29 Jun 2024 20:03:11 -0700
Subject: [PATCH 017/381] generate org memberships

---
 app/avo/resources/membership_resource.rb        | 13 +++++++++++++
 app/controllers/avo/memberships_controller.rb   |  4 ++++
 app/models/membership.rb                        |  4 ++++
 db/migrate/20240630025804_create_memberships.rb | 10 ++++++++++
 db/schema.rb                                    | 13 ++++++++++++-
 test/factories/memberships.rb                   |  6 ++++++
 test/models/membership_test.rb                  |  7 +++++++
 7 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 app/avo/resources/membership_resource.rb
 create mode 100644 app/controllers/avo/memberships_controller.rb
 create mode 100644 app/models/membership.rb
 create mode 100644 db/migrate/20240630025804_create_memberships.rb
 create mode 100644 test/factories/memberships.rb
 create mode 100644 test/models/membership_test.rb

diff --git a/app/avo/resources/membership_resource.rb b/app/avo/resources/membership_resource.rb
new file mode 100644
index 00000000000..f3100530202
--- /dev/null
+++ b/app/avo/resources/membership_resource.rb
@@ -0,0 +1,13 @@
+class MembershipResource < Avo::BaseResource
+  self.title = :id
+  self.includes = []
+  # self.search_query = -> do
+  #   scope.ransack(id_eq: params[:q], m: "or").result(distinct: false)
+  # end
+
+  field :id, as: :id
+  # Fields generated from the model
+  field :user, as: :text
+  field :org, as: :text
+  # add fields here
+end
diff --git a/app/controllers/avo/memberships_controller.rb b/app/controllers/avo/memberships_controller.rb
new file mode 100644
index 00000000000..679726950fa
--- /dev/null
+++ b/app/controllers/avo/memberships_controller.rb
@@ -0,0 +1,4 @@
+# This controller has been generated to enable Rails' resource routes.
+# More information on https://docs.avohq.io/2.0/controllers.html
+class Avo::MembershipsController < Avo::ResourcesController
+end
diff --git a/app/models/membership.rb b/app/models/membership.rb
new file mode 100644
index 00000000000..fda37390c4c
--- /dev/null
+++ b/app/models/membership.rb
@@ -0,0 +1,4 @@
+class Membership < ApplicationRecord
+  belongs_to :user
+  belongs_to :org
+end
diff --git a/db/migrate/20240630025804_create_memberships.rb b/db/migrate/20240630025804_create_memberships.rb
new file mode 100644
index 00000000000..3b6ccbf88c1
--- /dev/null
+++ b/db/migrate/20240630025804_create_memberships.rb
@@ -0,0 +1,10 @@
+class CreateMemberships < ActiveRecord::Migration[7.1]
+  def change
+    create_table :memberships do |t|
+      t.belongs_to :user, null: false, foreign_key: true
+      t.belongs_to :org, null: false, foreign_key: true
+
+      t.timestamps
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index be83009c562..72b77cc2ba6 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_05_22_185717) do
+ActiveRecord::Schema[7.1].define(version: 2024_06_30_025804) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "hstore"
   enable_extension "pgcrypto"
@@ -315,6 +315,15 @@
     t.index ["task_name", "status", "created_at"], name: "index_maintenance_tasks_runs", order: { created_at: :desc }
   end
 
+  create_table "memberships", force: :cascade do |t|
+    t.bigint "user_id", null: false
+    t.bigint "org_id", null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["org_id"], name: "index_memberships_on_org_id"
+    t.index ["user_id"], name: "index_memberships_on_user_id"
+  end
+
   create_table "oidc_api_key_roles", force: :cascade do |t|
     t.bigint "oidc_provider_id", null: false
     t.bigint "user_id", null: false
@@ -597,6 +606,8 @@
   add_foreign_key "events_user_events", "users"
   add_foreign_key "ip_addresses", "geoip_infos"
   add_foreign_key "linksets", "rubygems", name: "linksets_rubygem_id_fk"
+  add_foreign_key "memberships", "orgs"
+  add_foreign_key "memberships", "users"
   add_foreign_key "oidc_api_key_roles", "oidc_providers"
   add_foreign_key "oidc_api_key_roles", "users"
   add_foreign_key "oidc_id_tokens", "api_keys"
diff --git a/test/factories/memberships.rb b/test/factories/memberships.rb
new file mode 100644
index 00000000000..103ea2939d2
--- /dev/null
+++ b/test/factories/memberships.rb
@@ -0,0 +1,6 @@
+FactoryBot.define do
+  factory :membership do
+    user { nil }
+    org { nil }
+  end
+end
diff --git a/test/models/membership_test.rb b/test/models/membership_test.rb
new file mode 100644
index 00000000000..8506331ed1f
--- /dev/null
+++ b/test/models/membership_test.rb
@@ -0,0 +1,7 @@
+require "test_helper"
+
+class MembershipTest < ActiveSupport::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end

From 81ea9ed1e375754dbb994140f8e827904eb27291 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sat, 29 Jun 2024 20:58:55 -0700
Subject: [PATCH 018/381] change org full_name to just name

---
 db/migrate/20240630025625_create_orgs.rb | 2 +-
 db/schema.rb                             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/db/migrate/20240630025625_create_orgs.rb b/db/migrate/20240630025625_create_orgs.rb
index 3f5b93135bd..3df9ac24df0 100644
--- a/db/migrate/20240630025625_create_orgs.rb
+++ b/db/migrate/20240630025625_create_orgs.rb
@@ -2,7 +2,7 @@ class CreateOrgs < ActiveRecord::Migration[7.1]
   def change
     create_table :orgs do |t|
       t.string :handle
-      t.string :full_name
+      t.string :name
       t.timestamp :deleted_at
 
       t.timestamps
diff --git a/db/schema.rb b/db/schema.rb
index 72b77cc2ba6..9c497e7c228 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -393,7 +393,7 @@
 
   create_table "orgs", force: :cascade do |t|
     t.string "handle"
-    t.string "full_name"
+    t.string "name"
     t.datetime "deleted_at", precision: nil
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false

From 9a0eefa44774e1aba1649a2725a5b743b979d072 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sat, 29 Jun 2024 20:59:59 -0700
Subject: [PATCH 019/381] add membership confirmed_at

---
 db/migrate/20240630025804_create_memberships.rb | 1 +
 db/schema.rb                                    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/db/migrate/20240630025804_create_memberships.rb b/db/migrate/20240630025804_create_memberships.rb
index 3b6ccbf88c1..88a844a0f9f 100644
--- a/db/migrate/20240630025804_create_memberships.rb
+++ b/db/migrate/20240630025804_create_memberships.rb
@@ -3,6 +3,7 @@ def change
     create_table :memberships do |t|
       t.belongs_to :user, null: false, foreign_key: true
       t.belongs_to :org, null: false, foreign_key: true
+      t.timestamp :confirmed_at, default: nil
 
       t.timestamps
     end
diff --git a/db/schema.rb b/db/schema.rb
index 9c497e7c228..2564d7773e8 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -318,6 +318,7 @@
   create_table "memberships", force: :cascade do |t|
     t.bigint "user_id", null: false
     t.bigint "org_id", null: false
+    t.datetime "confirmed_at", precision: nil
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
     t.index ["org_id"], name: "index_memberships_on_org_id"

From 51bb0e139cbcc2afb30700900795fda848cb1e56 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sat, 29 Jun 2024 21:22:38 -0700
Subject: [PATCH 020/381] set up org relationships

---
 app/models/org.rb       | 4 ++++
 test/models/org_test.rb | 6 +++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/models/org.rb b/app/models/org.rb
index 92f75444aa6..15e362a4873 100644
--- a/app/models/org.rb
+++ b/app/models/org.rb
@@ -1,2 +1,6 @@
 class Org < ApplicationRecord
+  has_many :rubygems, through: :ownerships
+  has_many :memberships, -> { where.not(confirmed_at: nil) }, dependent: :destroy, inverse_of: :org
+  has_many :unconfirmed_memberships, -> { where(confirmed_at: nil) }, class_name: "Membership", dependent: :destroy, inverse_of: :org
+  has_many :users, through: :memberships
 end
diff --git a/test/models/org_test.rb b/test/models/org_test.rb
index 54d5346c0bd..580fc1478a2 100644
--- a/test/models/org_test.rb
+++ b/test/models/org_test.rb
@@ -1,7 +1,7 @@
 require "test_helper"
 
 class OrgTest < ActiveSupport::TestCase
-  # test "the truth" do
-  #   assert true
-  # end
+  should have_many(:memberships).dependent(:destroy)
+  should have_many(:unconfirmed_memberships).dependent(:destroy)
+  should have_many(:users).through(:memberships)
 end

From 839d53998453fc75a8757f8389404d786bcadb8d Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 2 Jul 2024 16:24:07 -0700
Subject: [PATCH 021/381] create avo policies

---
 app/policies/admin/membership_policy.rb | 11 +++++++++++
 app/policies/admin/org_policy.rb        | 19 +++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 app/policies/admin/membership_policy.rb
 create mode 100644 app/policies/admin/org_policy.rb

diff --git a/app/policies/admin/membership_policy.rb b/app/policies/admin/membership_policy.rb
new file mode 100644
index 00000000000..eb22ee86781
--- /dev/null
+++ b/app/policies/admin/membership_policy.rb
@@ -0,0 +1,11 @@
+class Admin::MembershipPolicy < Admin::ApplicationPolicy
+  class Scope < Admin::ApplicationPolicy::Scope
+    def resolve
+      scope.all
+    end
+  end
+
+  def avo_show?
+    rubygems_org_admin?
+  end
+end
diff --git a/app/policies/admin/org_policy.rb b/app/policies/admin/org_policy.rb
new file mode 100644
index 00000000000..94ef4d56e9d
--- /dev/null
+++ b/app/policies/admin/org_policy.rb
@@ -0,0 +1,19 @@
+class Admin::OrgPolicy < Admin::ApplicationPolicy
+  class Scope < Admin::ApplicationPolicy::Scope
+    def resolve
+      scope.all
+    end
+  end
+
+  def avo_index?
+    rubygems_org_admin?
+  end
+
+  def avo_show?
+    rubygems_org_admin?
+  end
+
+  def act_on?
+    rubygems_org_admin?
+  end
+end

From 2fdc8a071857fb76d3b5f1cebf1e92802c6b18b6 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 2 Jul 2024 16:24:49 -0700
Subject: [PATCH 022/381] membership test

---
 test/models/membership_test.rb | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/test/models/membership_test.rb b/test/models/membership_test.rb
index 8506331ed1f..27f5e5e3339 100644
--- a/test/models/membership_test.rb
+++ b/test/models/membership_test.rb
@@ -1,7 +1,6 @@
 require "test_helper"
 
 class MembershipTest < ActiveSupport::TestCase
-  # test "the truth" do
-  #   assert true
-  # end
+  should belong_to(:org)
+  should belong_to(:user)
 end

From b42fd5bf3fa128c535ba6d1f2acbbbd7ba54353f Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 2 Jul 2024 16:40:58 -0700
Subject: [PATCH 023/381] add and test membership confirmation

---
 app/models/membership.rb       |  6 ++++++
 test/models/membership_test.rb | 19 +++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/app/models/membership.rb b/app/models/membership.rb
index fda37390c4c..14185fd6f87 100644
--- a/app/models/membership.rb
+++ b/app/models/membership.rb
@@ -1,4 +1,10 @@
 class Membership < ApplicationRecord
   belongs_to :user
   belongs_to :org
+
+  scope :confirmed, -> { where.not(confirmed_at: nil) }
+
+  def confirmed?
+    !confirmed_at.nil?
+  end
 end
diff --git a/test/models/membership_test.rb b/test/models/membership_test.rb
index 27f5e5e3339..28578716518 100644
--- a/test/models/membership_test.rb
+++ b/test/models/membership_test.rb
@@ -3,4 +3,23 @@
 class MembershipTest < ActiveSupport::TestCase
   should belong_to(:org)
   should belong_to(:user)
+
+  setup do
+    @org = FactoryBot.create(:org)
+    @user = FactoryBot.create(:user)
+  end
+
+  should "be unconfirmed by default" do
+    membership = Membership.create!(org: @org, user: @user)
+
+    assert_not(membership.confirmed?)
+    assert_empty(Membership.confirmed)
+  end
+
+  should "be confirmed with confirmed_at" do
+    membership = Membership.create!(org: @org, user: @user, confirmed_at: Time.zone.now)
+
+    assert_predicate(membership, :confirmed?)
+    assert_equal(Membership.confirmed, [membership])
+  end
 end

From 9d0e5aeb127de6191ffa442ca983aad52de95289 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 2 Jul 2024 17:12:14 -0700
Subject: [PATCH 024/381] fix membership and org factories

---
 test/factories/memberships.rb | 4 ++--
 test/factories/orgs.rb        | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/test/factories/memberships.rb b/test/factories/memberships.rb
index 103ea2939d2..7b619b4e34b 100644
--- a/test/factories/memberships.rb
+++ b/test/factories/memberships.rb
@@ -1,6 +1,6 @@
 FactoryBot.define do
   factory :membership do
-    user { nil }
-    org { nil }
+    user
+    org
   end
 end
diff --git a/test/factories/orgs.rb b/test/factories/orgs.rb
index abb7aedde62..1b88c7e9b60 100644
--- a/test/factories/orgs.rb
+++ b/test/factories/orgs.rb
@@ -1,7 +1,7 @@
 FactoryBot.define do
   factory :org do
-    handle { "MyString" }
-    full_name { "MyString" }
-    deleted_at { "2024-06-29 19:56:25" }
+    handle { |i| "org_#{i}" }
+    name { |i| "Organization #{i}" }
+    deleted_at { nil }
   end
 end

From 2d56dea13859ffa1123fc1a0c805bc4f433262b1 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 2 Jul 2024 17:13:41 -0700
Subject: [PATCH 025/381] add org validations

---
 app/models/org.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/app/models/org.rb b/app/models/org.rb
index 15e362a4873..594c76ec6d1 100644
--- a/app/models/org.rb
+++ b/app/models/org.rb
@@ -1,4 +1,12 @@
 class Org < ApplicationRecord
+  validates :handle, presence: true, uniqueness: true
+  validates :name, presence: true
+  validate :unique_with_user_handle
+
+  def unique_with_user_handle
+    errors.add(:handle, "is not available") if User.exists?(handle: handle)
+  end
+
   has_many :rubygems, through: :ownerships
   has_many :memberships, -> { where.not(confirmed_at: nil) }, dependent: :destroy, inverse_of: :org
   has_many :unconfirmed_memberships, -> { where(confirmed_at: nil) }, class_name: "Membership", dependent: :destroy, inverse_of: :org

From 0629e55bea9af80a15e28313ef777f62ec8e610c Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 2 Jul 2024 17:27:10 -0700
Subject: [PATCH 026/381] refine and test validations

---
 app/models/org.rb       | 10 ++++--
 test/models/org_test.rb | 67 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 74 insertions(+), 3 deletions(-)

diff --git a/app/models/org.rb b/app/models/org.rb
index 594c76ec6d1..94e0418059c 100644
--- a/app/models/org.rb
+++ b/app/models/org.rb
@@ -1,10 +1,14 @@
 class Org < ApplicationRecord
-  validates :handle, presence: true, uniqueness: true
-  validates :name, presence: true
+  validates :handle, presence: true, uniqueness: { case_sensitive: false }, length: { within: 2..40 }
+  validates :handle, format: {
+    with: /\A[A-Za-z][A-Za-z_\-0-9]*\z/,
+    message: "must start with a letter and can only contain letters, numbers, underscores, and dashes"
+  }, allow_nil: true
+  validates :name, presence: true, length: { within: 2..255 }
   validate :unique_with_user_handle
 
   def unique_with_user_handle
-    errors.add(:handle, "is not available") if User.exists?(handle: handle)
+    errors.add(:handle, "has already been taken") if handle && User.where("handle = lower(?)", handle.downcase).any?
   end
 
   has_many :rubygems, through: :ownerships
diff --git a/test/models/org_test.rb b/test/models/org_test.rb
index 580fc1478a2..5ea3301f364 100644
--- a/test/models/org_test.rb
+++ b/test/models/org_test.rb
@@ -4,4 +4,71 @@ class OrgTest < ActiveSupport::TestCase
   should have_many(:memberships).dependent(:destroy)
   should have_many(:unconfirmed_memberships).dependent(:destroy)
   should have_many(:users).through(:memberships)
+
+  # Waiting for Ownerships to be made polymorphic
+  #
+  # should have_many(:ownerships).dependent(:destroy)
+  # should have_many(:unconfirmed_ownerships).dependent(:destroy)
+  # should have_many(:rubygems).through(:ownerships)
+
+  context "validations" do
+    context "handle" do
+      should allow_value("CapsLOCK").for(:handle)
+      should_not allow_value(nil).for(:handle)
+      should_not allow_value("1abcde").for(:handle)
+      should_not allow_value("abc^%def").for(:handle)
+      should_not allow_value("abc\n<script>bad").for(:handle)
+
+      should "be between 2 and 40 characters" do
+        org = build(:org, handle: "a")
+
+        refute_predicate org, :valid?
+        assert_contains org.errors[:handle], "is too short (minimum is 2 characters)"
+
+        org.handle = "a" * 41
+
+        refute_predicate org, :valid?
+        assert_contains org.errors[:handle], "is too long (maximum is 40 characters)"
+
+        org.handle = "abcdef"
+        org.valid?
+
+        assert_nil org.errors[:handle].first
+      end
+
+      should "be invalid when an empty string" do
+        org = build(:org, handle: "")
+
+        refute_predicate org, :valid?
+      end
+
+      should "be invalid when nil" do
+        refute_predicate build(:org, handle: nil), :valid?
+      end
+
+      should "be invalid with duplicate handle on create" do
+        create(:org, handle: "test")
+        org = build(:org, handle: "Test")
+
+        refute_predicate org, :valid?
+      end
+
+      should "be invalid with duplicate handle on update" do
+        create(:org, handle: "test")
+        org = create(:org, handle: "test2")
+        org.update(handle: "Test")
+
+        assert_contains org.errors[:handle], "has already been taken"
+        refute_predicate org, :valid?
+      end
+
+      should "be invalid if user has handle already" do
+        create(:user, handle: "test")
+        org = build(:org, handle: "Test")
+
+        refute_predicate org, :valid?
+        assert_contains org.errors[:handle], "has already been taken"
+      end
+    end
+  end
 end

From 94dc087c79b9c5b2effa34e3ae02d5a30e3b2690 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 2 Jul 2024 17:41:33 -0700
Subject: [PATCH 027/381] set up avo for orgs, add deletion filters

---
 app/avo/resources/org_resource.rb | 14 +++++++++-----
 app/models/org.rb                 |  3 +++
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/app/avo/resources/org_resource.rb b/app/avo/resources/org_resource.rb
index 7f6d95a8e69..f372d908186 100644
--- a/app/avo/resources/org_resource.rb
+++ b/app/avo/resources/org_resource.rb
@@ -1,14 +1,18 @@
 class OrgResource < Avo::BaseResource
-  self.title = :id
+  self.title = :name
   self.includes = []
-  # self.search_query = -> do
-  #   scope.ransack(id_eq: params[:q], m: "or").result(distinct: false)
-  # end
+  self.search_query = lambda {
+    scope.where("name LIKE ? OR handle LIKE ?", "%#{params[:q]}%", "%#{params[:q]}%")
+  }
+  self.unscoped_queries_on_index = true
+
+  class DeletedFilter < ScopeBooleanFilter; end
+  filter DeletedFilter, arguments: { default: { not_deleted: true, deleted: false } }
 
   field :id, as: :id
   # Fields generated from the model
   field :handle, as: :text
-  field :full_name, as: :text
+  field :name, as: :text
   field :deleted_at, as: :date_time
   # add fields here
 end
diff --git a/app/models/org.rb b/app/models/org.rb
index 94e0418059c..6d87b02956d 100644
--- a/app/models/org.rb
+++ b/app/models/org.rb
@@ -15,4 +15,7 @@ def unique_with_user_handle
   has_many :memberships, -> { where.not(confirmed_at: nil) }, dependent: :destroy, inverse_of: :org
   has_many :unconfirmed_memberships, -> { where(confirmed_at: nil) }, class_name: "Membership", dependent: :destroy, inverse_of: :org
   has_many :users, through: :memberships
+
+  scope :not_deleted, -> { where(deleted_at: nil) }
+  scope :deleted, -> { where.not(deleted_at: nil) }
 end

From a79ca69793183759ac65c5feb9a5b646995b0de1 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 2 Jul 2024 17:52:36 -0700
Subject: [PATCH 028/381] move error message to locale file

---
 app/models/org.rb     | 9 ++++-----
 config/locales/en.yml | 4 ++++
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/app/models/org.rb b/app/models/org.rb
index 6d87b02956d..8e9198f2601 100644
--- a/app/models/org.rb
+++ b/app/models/org.rb
@@ -1,9 +1,8 @@
 class Org < ApplicationRecord
-  validates :handle, presence: true, uniqueness: { case_sensitive: false }, length: { within: 2..40 }
-  validates :handle, format: {
-    with: /\A[A-Za-z][A-Za-z_\-0-9]*\z/,
-    message: "must start with a letter and can only contain letters, numbers, underscores, and dashes"
-  }, allow_nil: true
+  validates :handle, presence: true,
+    uniqueness: { case_sensitive: false },
+    length: { within: 2..40 },
+    format: { with: /\A[A-Za-z][A-Za-z_\-0-9]*\z/ }
   validates :name, presence: true, length: { within: 2..255 }
   validate :unique_with_user_handle
 
diff --git a/config/locales/en.yml b/config/locales/en.yml
index ecc5ab1974d..4cff8620bfd 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -94,6 +94,10 @@ en:
             user_id:
               already_confirmed: "is already an owner of this gem"
               already_invited: "is already invited to this gem"
+        user:
+          attributes:
+            handle:
+              invalid: "must start with a letter and can only contain letters, numbers, underscores, and dashes"
         version:
           attributes:
             gem_full_name:

From fe96adecadd75f76534f516947e0c2ad541ed61f Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 2 Jul 2024 17:53:40 -0700
Subject: [PATCH 029/381] rewrite rubocop todo to ignore past migration

---
 .rubocop_todo.yml | 73 +++++++++++++++++++++--------------------------
 1 file changed, 33 insertions(+), 40 deletions(-)

diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
index f9e7b1044fb..995a27e1011 100644
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -1,13 +1,13 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2022-06-17 19:11:11 UTC using RuboCop version 1.26.1.
+# on 2024-07-03 00:52:11 UTC using RuboCop version 1.60.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 15
-# This cop supports safe auto-correction (--auto-correct).
+# Offense count: 30
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: TreatCommentsAsGroupSeparators, ConsiderPunctuation, Include.
 # Include: **/*.gemfile, **/Gemfile, **/gems.rb
 Bundler/OrderedGems:
@@ -21,26 +21,25 @@ Lint/DuplicateMethods:
     - 'test/functional/api/v1/rubygems_controller_test.rb'
 
 # Offense count: 1
-# This cop supports unsafe auto-correction (--auto-correct-all).
-# Configuration parameters: AllowComments.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Lint/UselessMethodDefinition:
   Exclude:
     - 'config/initializers/gem_version_monkeypatch.rb'
 
-# Offense count: 5
-# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods.
-# IgnoredMethods: refine
+# Offense count: 16
+# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
+# AllowedMethods: refine
 Metrics/BlockLength:
-  Max: 64
+  Max: 61
 
 # Offense count: 1
-# Configuration parameters: IgnoredMethods.
+# Configuration parameters: AllowedMethods, AllowedPatterns, Max.
 Metrics/CyclomaticComplexity:
-  Max: 10
   Exclude:
     - 'app/models/concerns/rubygem_searchable.rb'
 
 # Offense count: 1
+# This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyleForLeadingUnderscores.
 # SupportedStylesForLeadingUnderscores: disallowed, required, optional
 Naming/MemoizedInstanceVariableName:
@@ -48,44 +47,39 @@ Naming/MemoizedInstanceVariableName:
     - 'lib/rubygem_fs.rb'
 
 # Offense count: 16
-# Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers.
+# Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers, AllowedPatterns.
 # SupportedStyles: snake_case, normalcase, non_integer
-# AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339
+# AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339, x86_64
 Naming/VariableNumber:
   Exclude:
     - 'test/functional/api/v1/downloads_controller_test.rb'
-    - 'test/models/gem_download_test.rb'
     - 'test/models/concerns/rubygem_searchable_test.rb'
+    - 'test/models/gem_download_test.rb'
 
 # Offense count: 1
-Rails/DeprecatedActiveModelErrorsMethods:
+# Configuration parameters: Database, Include.
+# SupportedDatabases: mysql, postgresql
+# Include: db/**/*.rb
+Rails/BulkChangeTable:
   Exclude:
-    - 'app/models/rubygem.rb'
+    - 'db/migrate/20240522185716_create_good_job_process_lock_ids.rb'
 
-# Offense count: 78
-# This cop supports unsafe auto-correction (--auto-correct-all).
+# Offense count: 83
+# This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: Whitelist, AllowedMethods, AllowedReceivers.
-# Whitelist: find_by_sql
-# AllowedMethods: find_by_sql
-# AllowedReceivers: Gem::Specification
+# Whitelist: find_by_sql, find_by_token_for
+# AllowedMethods: find_by_sql, find_by_token_for
+# AllowedReceivers: Gem::Specification, page
 Rails/DynamicFindBy:
   Enabled: false
 
-# Offense count: 2
+# Offense count: 6
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasManyOrHasOneDependent:
   Exclude:
     - 'app/models/rubygem.rb'
 
-# Offense count: 7
-# This cop supports safe auto-correction (--auto-correct).
-# Configuration parameters: Include.
-# Include: spec/**/*, test/**/*
-Rails/HttpPositionalArguments:
-  Exclude:
-    - 'test/unit/gemcutter/middleware/redirector_test.rb'
-
 # Offense count: 1
 # Configuration parameters: Include.
 # Include: spec/**/*.rb, test/**/*.rb
@@ -93,7 +87,7 @@ Rails/I18nLocaleAssignment:
   Exclude:
     - 'test/test_helper.rb'
 
-# Offense count: 6
+# Offense count: 7
 Rails/I18nLocaleTexts:
   Exclude:
     - 'app/mailers/mailer.rb'
@@ -107,11 +101,10 @@ Rails/OutputSafety:
     - 'app/helpers/application_helper.rb'
     - 'app/helpers/rubygems_helper.rb'
 
-# Offense count: 7
-# This cop supports safe auto-correction (--auto-correct).
+# Offense count: 6
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/RedundantPresenceValidationOnBelongsTo:
   Exclude:
-    - 'app/models/api_key.rb'
     - 'app/models/api_key_rubygem_scope.rb'
     - 'app/models/deletion.rb'
     - 'app/models/ownership_call.rb'
@@ -120,13 +113,13 @@ Rails/RedundantPresenceValidationOnBelongsTo:
     - 'app/models/version.rb'
 
 # Offense count: 1
-# This cop supports safe auto-correction (--auto-correct).
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/RelativeDateConstant:
   Exclude:
     - 'app/models/gem_typo.rb'
 
-# Offense count: 43
-# This cop supports safe auto-correction (--auto-correct).
+# Offense count: 39
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Security/JSONLoad:
   Exclude:
     - 'config/initializers/yaml_renderer.rb'
@@ -144,7 +137,7 @@ Security/JSONLoad:
     - 'test/models/web_hook_test.rb'
 
 # Offense count: 2
-# This cop supports safe auto-correction (--auto-correct).
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedOctalStyle.
 # SupportedOctalStyles: zero_with_o, zero_only
 Style/NumericLiteralPrefix:
@@ -152,8 +145,8 @@ Style/NumericLiteralPrefix:
     - 'test/models/pusher_test.rb'
 
 # Offense count: 3
-# This cop supports unsafe auto-correction (--auto-correct-all).
-# Configuration parameters: EnforcedStyle, IgnoredMethods.
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyle, AllowedMethods, AllowedPatterns.
 # SupportedStyles: predicate, comparison
 Style/NumericPredicate:
   Exclude:

From ee836f4967095eb2cb0ecebcc66d5617b391e3d0 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sat, 6 Jul 2024 23:57:49 -0700
Subject: [PATCH 030/381] add unconfirmed scope to memberships

---
 app/models/membership.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/models/membership.rb b/app/models/membership.rb
index 14185fd6f87..044af32aae6 100644
--- a/app/models/membership.rb
+++ b/app/models/membership.rb
@@ -2,6 +2,7 @@ class Membership < ApplicationRecord
   belongs_to :user
   belongs_to :org
 
+  scope :unconfirmed, -> { where(confirmed_at: nil) }
   scope :confirmed, -> { where.not(confirmed_at: nil) }
 
   def confirmed?

From 58530ed4ab21ab523c24a536566637b7e8d99512 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sat, 6 Jul 2024 18:51:10 -0700
Subject: [PATCH 031/381] silence faraday warning

---
 Gemfile      | 1 +
 Gemfile.lock | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/Gemfile b/Gemfile
index 1d1c2d0beaa..b7daad2a711 100644
--- a/Gemfile
+++ b/Gemfile
@@ -57,6 +57,7 @@ gem "phlex-rails", "~> 1.2"
 gem "discard", "~> 1.3"
 gem "user_agent_parser", "~> 2.18"
 gem "pghero", "~> 3.6"
+gem "faraday-multipart", "~> 1.0"
 gem "timescaledb", "~> 0.2"
 
 # Admin dashboard
diff --git a/Gemfile.lock b/Gemfile.lock
index 87bb84d09bc..f4d3e56eef3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -244,6 +244,8 @@ GEM
       logger
     faraday-follow_redirects (0.3.0)
       faraday (>= 1, < 3)
+    faraday-multipart (1.0.4)
+      multipart-post (~> 2)
     faraday-net_http (3.1.0)
       net-http
     faraday-retry (2.2.1)
@@ -417,6 +419,7 @@ GEM
     multi_json (1.15.0)
     multi_xml (0.7.1)
       bigdecimal (~> 3.1)
+    multipart-post (2.4.1)
     mutex_m (0.2.0)
     net-http (0.4.1)
       uri
@@ -803,6 +806,7 @@ DEPENDENCIES
   dotenv-rails (~> 3.1)
   factory_bot_rails (~> 6.4)
   faraday (~> 2.10)
+  faraday-multipart (~> 1.0)
   faraday-retry (~> 2.2)
   faraday_middleware-aws-sigv4 (~> 1.0)
   good_job (~> 3.29)
@@ -973,6 +977,7 @@ CHECKSUMS
   factory_bot_rails (6.4.3) sha256=ea73ceac1c0ff3dc11fff390bf2ea8a2604066525ed8ecd3b3bc2c267226dcc8
   faraday (2.10.0) sha256=1a3e6c02acc511fc334d799521f1013e449bde38aa2dceb3af71e8030519bda9
   faraday-follow_redirects (0.3.0) sha256=d92d975635e2c7fe525dd494fcd4b9bb7f0a4a0ec0d5f4c15c729530fdb807f9
+  faraday-multipart (1.0.4) sha256=9012021ab57790f7d712f590b48d5f948b19b43cfa11ca83e6459f06090b0725
   faraday-net_http (3.1.0) sha256=1627be414960d0131691190ff524506ba6607402a50fb6eccda9e64ca60f859f
   faraday-retry (2.2.1) sha256=4146fed14549c0580bf14591fca419a40717de0dd24f267a8ec2d9a728677608
   faraday_middleware-aws-sigv4 (1.0.1) sha256=a001ea4f687ca1c60bad8f2a627196905ce3dbf285e461dc153240e92eaabe8f
@@ -1041,6 +1046,7 @@ CHECKSUMS
   msgpack (1.7.2) sha256=59ab62fd8a4d0dfbde45009f87eb6f158ab2628a7c48886b0256f175166baaa8
   multi_json (1.15.0) sha256=1fd04138b6e4a90017e8d1b804c039031399866ff3fbabb7822aea367c78615d
   multi_xml (0.7.1) sha256=4fce100c68af588ff91b8ba90a0bb3f0466f06c909f21a32f4962059140ba61b
+  multipart-post (2.4.1) sha256=9872d03a8e552020ca096adadbf5e3cb1cd1cdd6acd3c161136b8a5737cdb4a8
   mutex_m (0.2.0) sha256=b6ef0c6c842ede846f2ec0ade9e266b1a9dac0bc151682b04835e8ebd54840d5
   net-http (0.4.1) sha256=a96efc5ea18bcb9715e24dda4159d10f67ff0345c8a980d04630028055b2c282
   net-imap (0.4.14) sha256=a2184b3f09a4f7ca27998d113fd6df8cd0dd56b91e5bf0d6387b8350bb438065

From f527e4b1f6a651b2c708f008b2bf9a7fa8697ff8 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sat, 6 Jul 2024 19:05:34 -0700
Subject: [PATCH 032/381] silence datadog and fix double-require

---
 Gemfile                        | 2 +-
 config/initializers/datadog.rb | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/Gemfile b/Gemfile
index b7daad2a711..604880051f7 100644
--- a/Gemfile
+++ b/Gemfile
@@ -10,7 +10,7 @@ gem "aws-sdk-sqs", "~> 1.80"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.7"
 gem "dalli", "~> 3.2"
-gem "datadog", "~> 2.2", require: "datadog/auto_instrument"
+gem "datadog", "~> 2.2"
 gem "dogstatsd-ruby", "~> 5.5"
 gem "google-protobuf", "~> 4.27"
 gem "faraday", "~> 2.10"
diff --git a/config/initializers/datadog.rb b/config/initializers/datadog.rb
index 5a508fe401d..054e801cb57 100644
--- a/config/initializers/datadog.rb
+++ b/config/initializers/datadog.rb
@@ -43,10 +43,12 @@
   c.tracing.instrument :opensearch, service_name: c.service
   c.tracing.instrument :pg
   c.tracing.instrument :rails, request_queuing: true
-  c.tracing.instrument :shoryuken
+  c.tracing.instrument :shoryuken if defined?(Shoryuken)
 end
 
 Datadog::Tracing.before_flush(
   # Remove spans for the /internal/ping endpoint
   Datadog::Tracing::Pipeline::SpanFilter.new { |span| span.resource == "Internal::PingController#index" }
 )
+
+require "datadog/auto_instrument"

From 3e13f7ceb287df31be6b9ba27d6d6d6d5c51c2a9 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sat, 6 Jul 2024 19:06:04 -0700
Subject: [PATCH 033/381] silence honeybadger below error during require

---
 Gemfile                            |  2 +-
 config/initializers/honeybadger.rb | 19 ++++++++++++++-----
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/Gemfile b/Gemfile
index 604880051f7..ece310ce73b 100644
--- a/Gemfile
+++ b/Gemfile
@@ -17,7 +17,7 @@ gem "faraday", "~> 2.10"
 gem "faraday-retry", "~> 2.2"
 gem "good_job", "~> 3.29"
 gem "gravtastic", "~> 3.2"
-gem "honeybadger", "~> 5.5.1" # see https://github.com/rubygems/rubygems.org/pull/4598
+gem "honeybadger", "~> 5.5.1", require: false # see https://github.com/rubygems/rubygems.org/pull/4598
 gem "http_accept_language", "~> 2.1"
 gem "kaminari", "~> 1.2"
 gem "launchdarkly-server-sdk", "~> 8.6"
diff --git a/config/initializers/honeybadger.rb b/config/initializers/honeybadger.rb
index fa6efe727ab..4e3657d1707 100644
--- a/config/initializers/honeybadger.rb
+++ b/config/initializers/honeybadger.rb
@@ -1,7 +1,16 @@
-Honeybadger.configure do |config|
-  config.report_data = false if Rails.env.development?
-  config.before_notify do |notice|
-    notice.halt! if ActionDispatch::ExceptionWrapper.rescue_responses.key?(notice.error_class)
+Rails.logger.silence(:error) do
+  require "honeybadger"
+
+  Honeybadger.configure do |config|
+    config.before_notify do |notice|
+      notice.halt! if ActionDispatch::ExceptionWrapper.rescue_responses.key?(notice.error_class)
+    end
+
+    config.logger = SemanticLogger[Honeybadger]
+
+    if Rails.env.development?
+      config.report_data = false
+      config.logger.level = :error
+    end
   end
-  config.logger = SemanticLogger[Honeybadger]
 end

From f9278aa78c60b673d29c95390fc10f3d23925f59 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 9 Jul 2024 00:06:27 -0700
Subject: [PATCH 034/381] fill locales

---
 config/locales/de.yml    | 4 ++++
 config/locales/es.yml    | 4 ++++
 config/locales/fr.yml    | 4 ++++
 config/locales/ja.yml    | 4 ++++
 config/locales/nl.yml    | 4 ++++
 config/locales/pt-BR.yml | 4 ++++
 config/locales/zh-CN.yml | 4 ++++
 config/locales/zh-TW.yml | 4 ++++
 8 files changed, 32 insertions(+)

diff --git a/config/locales/de.yml b/config/locales/de.yml
index 5d8b96c1658..a2c6428a22e 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -99,6 +99,10 @@ de:
             user_id:
               already_confirmed: ist bereits Eigentümer dieses Gems
               already_invited: wurde bereits zu diesem Gem eingeladen
+        user:
+          attributes:
+            handle:
+              invalid:
         version:
           attributes:
             gem_full_name:
diff --git a/config/locales/es.yml b/config/locales/es.yml
index 6b8649a9742..832a93b9fcf 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -97,6 +97,10 @@ es:
             user_id:
               already_confirmed: ya es propietario de esta gema
               already_invited: ya ha sido invitado a esta gema
+        user:
+          attributes:
+            handle:
+              invalid:
         version:
           attributes:
             gem_full_name:
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index 5e9e9fa2be8..f1bcc37ab3c 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -95,6 +95,10 @@ fr:
             user_id:
               already_confirmed:
               already_invited:
+        user:
+          attributes:
+            handle:
+              invalid:
         version:
           attributes:
             gem_full_name:
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index ea622b776d7..108f9edbb6f 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -88,6 +88,10 @@ ja:
             user_id:
               already_confirmed: は既にこのgemの所有者です
               already_invited: は既にこのgemに招待されています
+        user:
+          attributes:
+            handle:
+              invalid:
         version:
           attributes:
             gem_full_name:
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index 9bae60eafd8..c73b2b3cd15 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -87,6 +87,10 @@ nl:
             user_id:
               already_confirmed:
               already_invited:
+        user:
+          attributes:
+            handle:
+              invalid:
         version:
           attributes:
             gem_full_name:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index 73cc4a7eef1..61d44d21020 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -94,6 +94,10 @@ pt-BR:
             user_id:
               already_confirmed:
               already_invited:
+        user:
+          attributes:
+            handle:
+              invalid:
         version:
           attributes:
             gem_full_name:
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index 9ad807e5c76..4b8d8f93cf7 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -89,6 +89,10 @@ zh-CN:
             user_id:
               already_confirmed:
               already_invited:
+        user:
+          attributes:
+            handle:
+              invalid:
         version:
           attributes:
             gem_full_name:
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index a459d5180a8..bbbe25d2cc4 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -88,6 +88,10 @@ zh-TW:
             user_id:
               already_confirmed: 已是此 Gem 的擁有者
               already_invited: 已獲邀加入此 Gem
+        user:
+          attributes:
+            handle:
+              invalid:
         version:
           attributes:
             gem_full_name:

From 19e60a6e6873465c9587934a0d3f844d5a7e996b Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 9 Jul 2024 00:07:19 -0700
Subject: [PATCH 035/381] add indexes

---
 db/migrate/20240630025625_create_orgs.rb        | 2 ++
 db/migrate/20240630025804_create_memberships.rb | 1 +
 db/schema.rb                                    | 2 ++
 3 files changed, 5 insertions(+)

diff --git a/db/migrate/20240630025625_create_orgs.rb b/db/migrate/20240630025625_create_orgs.rb
index 3df9ac24df0..d650e3cd712 100644
--- a/db/migrate/20240630025625_create_orgs.rb
+++ b/db/migrate/20240630025625_create_orgs.rb
@@ -6,6 +6,8 @@ def change
       t.timestamp :deleted_at
 
       t.timestamps
+
+      t.index "lower(handle)", unique: true
     end
   end
 end
diff --git a/db/migrate/20240630025804_create_memberships.rb b/db/migrate/20240630025804_create_memberships.rb
index 88a844a0f9f..21f9b81cf62 100644
--- a/db/migrate/20240630025804_create_memberships.rb
+++ b/db/migrate/20240630025804_create_memberships.rb
@@ -6,6 +6,7 @@ def change
       t.timestamp :confirmed_at, default: nil
 
       t.timestamps
+      t.index [:user_id, :org_id], unique: true
     end
   end
 end
diff --git a/db/schema.rb b/db/schema.rb
index 2564d7773e8..48cde34c655 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -322,6 +322,7 @@
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
     t.index ["org_id"], name: "index_memberships_on_org_id"
+    t.index ["user_id", "org_id"], name: "index_memberships_on_user_id_and_org_id", unique: true
     t.index ["user_id"], name: "index_memberships_on_user_id"
   end
 
@@ -398,6 +399,7 @@
     t.datetime "deleted_at", precision: nil
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.index "lower((handle)::text)", name: "index_orgs_on_lower_handle", unique: true
   end
 
   create_table "ownership_calls", force: :cascade do |t|

From d4c6f87d7ebfc8c11407d5c4db66a242db4145c5 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 9 Jul 2024 00:07:34 -0700
Subject: [PATCH 036/381] update membership avo panel attrs / filters

---
 app/avo/resources/membership_resource.rb | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/app/avo/resources/membership_resource.rb b/app/avo/resources/membership_resource.rb
index f3100530202..dda32261be4 100644
--- a/app/avo/resources/membership_resource.rb
+++ b/app/avo/resources/membership_resource.rb
@@ -1,13 +1,11 @@
 class MembershipResource < Avo::BaseResource
   self.title = :id
   self.includes = []
-  # self.search_query = -> do
-  #   scope.ransack(id_eq: params[:q], m: "or").result(distinct: false)
-  # end
+
+  class ConfirmedFilter < ScopeBooleanFilter; end
+  filter ConfirmedFilter, arguments: { default: { confirmed: true, unconfirmed: false } }
 
   field :id, as: :id
-  # Fields generated from the model
-  field :user, as: :text
-  field :org, as: :text
-  # add fields here
+  field :user, as: :belongs_to
+  field :org, as: :belongs_to
 end

From cce6d7a75c2d957d84667308c15cc01635ae8fc1 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 9 Jul 2024 00:07:47 -0700
Subject: [PATCH 037/381] add Org events and track create

---
 app/models/events/org_event.rb | 10 ++++++++++
 app/models/org.rb              |  6 ++++++
 2 files changed, 16 insertions(+)
 create mode 100644 app/models/events/org_event.rb

diff --git a/app/models/events/org_event.rb b/app/models/events/org_event.rb
new file mode 100644
index 00000000000..330634f4e59
--- /dev/null
+++ b/app/models/events/org_event.rb
@@ -0,0 +1,10 @@
+class Events::OrgEvent < ApplicationRecord
+  belongs_to :org
+
+  include Events::Tags
+
+  CREATED = define_event "org:created" do
+    attribute :name, :string
+    attribute :actor_gid, :global_id
+  end
+end
diff --git a/app/models/org.rb b/app/models/org.rb
index 8e9198f2601..db253414623 100644
--- a/app/models/org.rb
+++ b/app/models/org.rb
@@ -1,4 +1,6 @@
 class Org < ApplicationRecord
+  include Events::Recordable
+
   validates :handle, presence: true,
     uniqueness: { case_sensitive: false },
     length: { within: 2..40 },
@@ -17,4 +19,8 @@ def unique_with_user_handle
 
   scope :not_deleted, -> { where(deleted_at: nil) }
   scope :deleted, -> { where.not(deleted_at: nil) }
+
+  after_create do
+    record_event!(Events::OrgEvent::CREATED, actor_id: owner.to_gid)
+  end
 end

From ea5fea57fe204866a0713648e96020dc8c6e51c3 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 9 Jul 2024 00:09:42 -0700
Subject: [PATCH 038/381] add User has_many for memberships, orgs

---
 app/avo/resources/user_resource.rb | 2 ++
 app/models/user.rb                 | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/app/avo/resources/user_resource.rb b/app/avo/resources/user_resource.rb
index f8e28066d22..fd2ca3838c5 100644
--- a/app/avo/resources/user_resource.rb
+++ b/app/avo/resources/user_resource.rb
@@ -59,6 +59,8 @@ class DeletedFilter < ScopeBooleanFilter; end
     end
     field :ownerships, as: :has_many
     field :rubygems, as: :has_many, through: :ownerships
+    field :memberships, as: :has_many
+    field :orgs, as: :has_many, through: :memberships
     field :subscriptions, as: :has_many
     field :subscribed_gems, as: :has_many, through: :subscriptions
     field :deletions, as: :has_many
diff --git a/app/models/user.rb b/app/models/user.rb
index b756fbbae04..c694bc61389 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -64,6 +64,9 @@ class User < ApplicationRecord
   has_many :oidc_pending_trusted_publishers, class_name: "OIDC::PendingTrustedPublisher", inverse_of: :user, dependent: :destroy
   has_many :oidc_rubygem_trusted_publishers, through: :rubygems, class_name: "OIDC::RubygemTrustedPublisher"
 
+  has_many :memberships, dependent: :destroy
+  has_many :orgs, through: :memberships
+
   validates :email, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }, format: { with: URI::MailTo::EMAIL_REGEXP }, presence: true,
 uniqueness: { case_sensitive: false }
   validates :unconfirmed_email, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }, format: { with: URI::MailTo::EMAIL_REGEXP }, allow_blank: true

From c4b75acc3a1ab56842e8293de7fa299dba1e6d30 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 9 Jul 2024 00:13:06 -0700
Subject: [PATCH 039/381] =?UTF-8?q?=F0=9F=92=84?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 db/migrate/20240630025804_create_memberships.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/db/migrate/20240630025804_create_memberships.rb b/db/migrate/20240630025804_create_memberships.rb
index 21f9b81cf62..08c15f92c0f 100644
--- a/db/migrate/20240630025804_create_memberships.rb
+++ b/db/migrate/20240630025804_create_memberships.rb
@@ -6,7 +6,7 @@ def change
       t.timestamp :confirmed_at, default: nil
 
       t.timestamps
-      t.index [:user_id, :org_id], unique: true
+      t.index %i[user_id org_id], unique: true
     end
   end
 end

From ed392c56a42ef6e142c534ed0ce8c1fe7af11a7e Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 9 Jul 2024 19:12:12 -0700
Subject: [PATCH 040/381] remove stray association

---
 app/models/org.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/models/org.rb b/app/models/org.rb
index db253414623..aa247f91cb6 100644
--- a/app/models/org.rb
+++ b/app/models/org.rb
@@ -12,7 +12,6 @@ def unique_with_user_handle
     errors.add(:handle, "has already been taken") if handle && User.where("handle = lower(?)", handle.downcase).any?
   end
 
-  has_many :rubygems, through: :ownerships
   has_many :memberships, -> { where.not(confirmed_at: nil) }, dependent: :destroy, inverse_of: :org
   has_many :unconfirmed_memberships, -> { where(confirmed_at: nil) }, class_name: "Membership", dependent: :destroy, inverse_of: :org
   has_many :users, through: :memberships

From e47e8d84fa38138705f8301add22186e9ccc97e3 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 9 Jul 2024 19:12:29 -0700
Subject: [PATCH 041/381] extract handle pattern

---
 app/models/org.rb  | 2 +-
 app/models/user.rb | 6 +-----
 lib/patterns.rb    | 1 +
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/app/models/org.rb b/app/models/org.rb
index aa247f91cb6..e11fa894fad 100644
--- a/app/models/org.rb
+++ b/app/models/org.rb
@@ -4,7 +4,7 @@ class Org < ApplicationRecord
   validates :handle, presence: true,
     uniqueness: { case_sensitive: false },
     length: { within: 2..40 },
-    format: { with: /\A[A-Za-z][A-Za-z_\-0-9]*\z/ }
+    format: { with: Patterns::HANDLE_PATTERN }
   validates :name, presence: true, length: { within: 2..255 }
   validate :unique_with_user_handle
 
diff --git a/app/models/user.rb b/app/models/user.rb
index c694bc61389..0bf92cf3495 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -72,11 +72,7 @@ class User < ApplicationRecord
   validates :unconfirmed_email, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }, format: { with: URI::MailTo::EMAIL_REGEXP }, allow_blank: true
 
   validates :handle, uniqueness: { case_sensitive: false }, allow_nil: true, if: :handle_changed?
-  validates :handle, format: {
-    with: /\A[A-Za-z][A-Za-z_\-0-9]*\z/,
-    message: "must start with a letter and can only contain letters, numbers, underscores, and dashes"
-  }, allow_nil: true
-  validates :handle, length: { within: 2..40 }, allow_nil: true
+  validates :handle, format: { with: Patterns::HANDLE_PATTERN }, length: { within: 2..40 }, allow_nil: true
 
   validates :twitter_username, format: {
     with: /\A[a-zA-Z0-9_]*\z/,
diff --git a/lib/patterns.rb b/lib/patterns.rb
index 4ac37857d77..ee994260dfb 100644
--- a/lib/patterns.rb
+++ b/lib/patterns.rb
@@ -13,4 +13,5 @@ module Patterns
   VERSION_PATTERN       = /\A#{Gem::Version::VERSION_PATTERN}\z/o
   REQUIREMENT_PATTERN   = Gem::Requirement::PATTERN
   BASE64_SHA256_PATTERN = %r{\A[0-9a-zA-Z_+/-]{43}={0,2}\z}
+  HANDLE_PATTERN        = /\A[A-Za-z][A-Za-z_\-0-9]*\z/
 end

From b0fefe38aed4a87762540a72c3a1e0128872aef2 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 9 Jul 2024 19:12:53 -0700
Subject: [PATCH 042/381] add user handle validation that checks org handles

---
 app/models/user.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/models/user.rb b/app/models/user.rb
index 0bf92cf3495..e3d0d96dd15 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -73,6 +73,7 @@ class User < ApplicationRecord
 
   validates :handle, uniqueness: { case_sensitive: false }, allow_nil: true, if: :handle_changed?
   validates :handle, format: { with: Patterns::HANDLE_PATTERN }, length: { within: 2..40 }, allow_nil: true
+  validate :unique_with_org_handle
 
   validates :twitter_username, format: {
     with: /\A[a-zA-Z0-9_]*\z/,
@@ -357,4 +358,8 @@ def record_email_verified_event
   def record_password_update_event
     record_event!(Events::UserEvent::PASSWORD_CHANGED)
   end
+
+  def unique_with_org_handle
+    errors.add(:handle, "has already been taken") if handle && Org.where("handle = lower(?)", handle.downcase).any?
+  end
 end

From 10c46e0a7296bb68a78b53a7cf65abaf0c58cbb0 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 9 Jul 2024 19:16:43 -0700
Subject: [PATCH 043/381] add org handle format error message

---
 config/locales/de.yml    | 4 ++++
 config/locales/en.yml    | 4 ++++
 config/locales/es.yml    | 4 ++++
 config/locales/fr.yml    | 4 ++++
 config/locales/ja.yml    | 4 ++++
 config/locales/nl.yml    | 4 ++++
 config/locales/pt-BR.yml | 4 ++++
 config/locales/zh-CN.yml | 4 ++++
 config/locales/zh-TW.yml | 4 ++++
 9 files changed, 36 insertions(+)

diff --git a/config/locales/de.yml b/config/locales/de.yml
index a2c6428a22e..6f0085c87f4 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -94,6 +94,10 @@ de:
           attributes:
             expires_at:
               inclusion:
+        org:
+          attributes:
+            handle:
+              invalid:
         ownership:
           attributes:
             user_id:
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 4cff8620bfd..fbb30130976 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -89,6 +89,10 @@ en:
           attributes:
             expires_at:
               inclusion: "must be in the future"
+        org:
+          attributes:
+            handle:
+              invalid: "must start with a letter and can only contain letters, numbers, underscores, and dashes"
         ownership:
           attributes:
             user_id:
diff --git a/config/locales/es.yml b/config/locales/es.yml
index 832a93b9fcf..04ce6f9dac5 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -92,6 +92,10 @@ es:
           attributes:
             expires_at:
               inclusion:
+        org:
+          attributes:
+            handle:
+              invalid:
         ownership:
           attributes:
             user_id:
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index f1bcc37ab3c..4c9173997ac 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -90,6 +90,10 @@ fr:
           attributes:
             expires_at:
               inclusion:
+        org:
+          attributes:
+            handle:
+              invalid:
         ownership:
           attributes:
             user_id:
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index 108f9edbb6f..5f69f29361f 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -83,6 +83,10 @@ ja:
           attributes:
             expires_at:
               inclusion: 未来でなければなりません
+        org:
+          attributes:
+            handle:
+              invalid:
         ownership:
           attributes:
             user_id:
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index c73b2b3cd15..90b43e85b8b 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -82,6 +82,10 @@ nl:
           attributes:
             expires_at:
               inclusion:
+        org:
+          attributes:
+            handle:
+              invalid:
         ownership:
           attributes:
             user_id:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index 61d44d21020..5f4545c3ef9 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -89,6 +89,10 @@ pt-BR:
           attributes:
             expires_at:
               inclusion:
+        org:
+          attributes:
+            handle:
+              invalid:
         ownership:
           attributes:
             user_id:
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index 4b8d8f93cf7..710295de2d8 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -84,6 +84,10 @@ zh-CN:
           attributes:
             expires_at:
               inclusion:
+        org:
+          attributes:
+            handle:
+              invalid:
         ownership:
           attributes:
             user_id:
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index bbbe25d2cc4..6b65fb73fd3 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -83,6 +83,10 @@ zh-TW:
           attributes:
             expires_at:
               inclusion:
+        org:
+          attributes:
+            handle:
+              invalid:
         ownership:
           attributes:
             user_id:

From 2d0ca96ac461356654be81ae0d853c5ef2cb7966 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 9 Jul 2024 20:20:09 -0700
Subject: [PATCH 044/381] add org string limits

---
 db/migrate/20240630025625_create_orgs.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/db/migrate/20240630025625_create_orgs.rb b/db/migrate/20240630025625_create_orgs.rb
index d650e3cd712..124e01760e0 100644
--- a/db/migrate/20240630025625_create_orgs.rb
+++ b/db/migrate/20240630025625_create_orgs.rb
@@ -1,8 +1,8 @@
 class CreateOrgs < ActiveRecord::Migration[7.1]
   def change
     create_table :orgs do |t|
-      t.string :handle
-      t.string :name
+      t.string :handle, limit: 40
+      t.string :name, limit: 255
       t.timestamp :deleted_at
 
       t.timestamps

From 7753f5a96161e9ad6fbd2aadfd95cd45e5b4fc6a Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Thu, 11 Jul 2024 18:00:41 -0700
Subject: [PATCH 045/381] fix tracking the creator of the org in the event

---
 app/models/org.rb       | 2 +-
 db/schema.rb            | 4 ++--
 test/models/org_test.rb | 1 +
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/app/models/org.rb b/app/models/org.rb
index e11fa894fad..c4e84ed85f7 100644
--- a/app/models/org.rb
+++ b/app/models/org.rb
@@ -20,6 +20,6 @@ def unique_with_user_handle
   scope :deleted, -> { where.not(deleted_at: nil) }
 
   after_create do
-    record_event!(Events::OrgEvent::CREATED, actor_id: owner.to_gid)
+    record_event!(Events::OrgEvent::CREATED, actor_gid: memberships.first.to_gid)
   end
 end
diff --git a/db/schema.rb b/db/schema.rb
index 48cde34c655..c6cc0094c37 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -394,8 +394,8 @@
   end
 
   create_table "orgs", force: :cascade do |t|
-    t.string "handle"
-    t.string "name"
+    t.string "handle", limit: 40
+    t.string "name", limit: 255
     t.datetime "deleted_at", precision: nil
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
diff --git a/test/models/org_test.rb b/test/models/org_test.rb
index 5ea3301f364..368828bc457 100644
--- a/test/models/org_test.rb
+++ b/test/models/org_test.rb
@@ -1,6 +1,7 @@
 require "test_helper"
 
 class OrgTest < ActiveSupport::TestCase
+  should belong_to(:created_by)
   should have_many(:memberships).dependent(:destroy)
   should have_many(:unconfirmed_memberships).dependent(:destroy)
   should have_many(:users).through(:memberships)

From 14952ebd1349bf8273e716e92b558bbbd16749dc Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Thu, 11 Jul 2024 18:00:50 -0700
Subject: [PATCH 046/381] add org events table to hold those events

---
 .../20240712003336_create_org_events.rb       | 14 +++++++++++++
 db/schema.rb                                  | 20 ++++++++++++++++++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 db/migrate/20240712003336_create_org_events.rb

diff --git a/db/migrate/20240712003336_create_org_events.rb b/db/migrate/20240712003336_create_org_events.rb
new file mode 100644
index 00000000000..9e606ec1f09
--- /dev/null
+++ b/db/migrate/20240712003336_create_org_events.rb
@@ -0,0 +1,14 @@
+class CreateOrgEvents < ActiveRecord::Migration[7.0]
+  def change
+    create_table :events_org_events do |t|
+      t.string :tag, null: false, index: true
+      t.string :trace_id, null: true
+      t.references :org, null: false, foreign_key: true
+      t.references :ip_address, null: true, foreign_key: true
+      t.references :geoip_info, null: true, foreign_key: true
+      t.jsonb :additional
+
+      t.timestamps
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index c6cc0094c37..f7d8cdc0def 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_06_30_025804) do
+ActiveRecord::Schema[7.1].define(version: 2024_07_12_003336) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "hstore"
   enable_extension "pgcrypto"
@@ -94,6 +94,21 @@
     t.index ["version_id"], name: "index_dependencies_on_version_id"
   end
 
+  create_table "events_org_events", force: :cascade do |t|
+    t.string "tag", null: false
+    t.string "trace_id"
+    t.bigint "org_id", null: false
+    t.bigint "ip_address_id"
+    t.bigint "geoip_info_id"
+    t.jsonb "additional"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["geoip_info_id"], name: "index_events_org_events_on_geoip_info_id"
+    t.index ["ip_address_id"], name: "index_events_org_events_on_ip_address_id"
+    t.index ["org_id"], name: "index_events_org_events_on_org_id"
+    t.index ["tag"], name: "index_events_org_events_on_tag"
+  end
+
   create_table "events_rubygem_events", force: :cascade do |t|
     t.string "tag", null: false
     t.string "trace_id"
@@ -601,6 +616,9 @@
 
   add_foreign_key "api_key_rubygem_scopes", "api_keys", name: "api_key_rubygem_scopes_api_key_id_fk"
   add_foreign_key "audits", "admin_github_users", name: "audits_admin_github_user_id_fk"
+  add_foreign_key "events_org_events", "geoip_infos"
+  add_foreign_key "events_org_events", "ip_addresses"
+  add_foreign_key "events_org_events", "orgs"
   add_foreign_key "events_rubygem_events", "geoip_infos"
   add_foreign_key "events_rubygem_events", "ip_addresses"
   add_foreign_key "events_rubygem_events", "rubygems"

From d1b95b8d5d74a58607b6ae23fe36bcb04c9f8fc1 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Fri, 12 Jul 2024 02:45:23 -0700
Subject: [PATCH 047/381] fixup remove created by test

---
 test/models/org_test.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/test/models/org_test.rb b/test/models/org_test.rb
index 368828bc457..5ea3301f364 100644
--- a/test/models/org_test.rb
+++ b/test/models/org_test.rb
@@ -1,7 +1,6 @@
 require "test_helper"
 
 class OrgTest < ActiveSupport::TestCase
-  should belong_to(:created_by)
   should have_many(:memberships).dependent(:destroy)
   should have_many(:unconfirmed_memberships).dependent(:destroy)
   should have_many(:users).through(:memberships)

From 598253c8264a784e6594f54741935db2f9b62357 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Fri, 12 Jul 2024 02:46:55 -0700
Subject: [PATCH 048/381] add memberships to org factory, validate a member

---
 app/models/org.rb      | 1 +
 test/factories/orgs.rb | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/models/org.rb b/app/models/org.rb
index c4e84ed85f7..40a77ad365c 100644
--- a/app/models/org.rb
+++ b/app/models/org.rb
@@ -6,6 +6,7 @@ class Org < ApplicationRecord
     length: { within: 2..40 },
     format: { with: Patterns::HANDLE_PATTERN }
   validates :name, presence: true, length: { within: 2..255 }
+  validates :memberships, presence: true
   validate :unique_with_user_handle
 
   def unique_with_user_handle
diff --git a/test/factories/orgs.rb b/test/factories/orgs.rb
index 1b88c7e9b60..8cd635145e3 100644
--- a/test/factories/orgs.rb
+++ b/test/factories/orgs.rb
@@ -1,7 +1,11 @@
 FactoryBot.define do
   factory :org do
-    handle { |i| "org_#{i}" }
-    name { |i| "Organization #{i}" }
+    handle
+    name
     deleted_at { nil }
+
+    after(:build) do |org, _evaluator|
+      org.memberships << build(:membership, org: org)
+    end
   end
 end

From f100bc220835ea13eca89c4ef3fa56dc0b3699a5 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sat, 13 Jul 2024 19:46:27 -0700
Subject: [PATCH 049/381] sort the memberships list

---
 app/policies/admin/user_policy.rb | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/app/policies/admin/user_policy.rb b/app/policies/admin/user_policy.rb
index 91a1738210f..a8c105f45e6 100644
--- a/app/policies/admin/user_policy.rb
+++ b/app/policies/admin/user_policy.rb
@@ -6,22 +6,22 @@ def resolve
     end
   end
 
-  has_association :ownerships
-  has_association :rubygems
-  has_association :subscriptions
-  has_association :subscribed_gems
-  has_association :deletions
-  has_association :web_hooks
-  has_association :unconfirmed_ownerships
   has_association :api_keys
+  has_association :audits
+  has_association :deletions
+  has_association :events
+  has_association :oidc_api_key_roles
   has_association :ownership_calls
   has_association :ownership_requests
+  has_association :ownerships
   has_association :pushed_versions
-  has_association :audits
-  has_association :oidc_api_key_roles
+  has_association :rubygems
+  has_association :subscribed_gems
+  has_association :subscriptions
+  has_association :unconfirmed_ownerships
+  has_association :web_hooks
   has_association :webauthn_credentials
   has_association :webauthn_verification
-  has_association :events
 
   def avo_index?
     rubygems_org_admin?

From 0151a0641729b7c848e70e187afb02f263ebe6cc Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sat, 13 Jul 2024 19:46:38 -0700
Subject: [PATCH 050/381] add missing associations to admin policy

---
 app/policies/admin/user_policy.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/policies/admin/user_policy.rb b/app/policies/admin/user_policy.rb
index a8c105f45e6..fb4c63c1d4d 100644
--- a/app/policies/admin/user_policy.rb
+++ b/app/policies/admin/user_policy.rb
@@ -10,7 +10,9 @@ def resolve
   has_association :audits
   has_association :deletions
   has_association :events
+  has_association :memberships
   has_association :oidc_api_key_roles
+  has_association :orgs
   has_association :ownership_calls
   has_association :ownership_requests
   has_association :ownerships

From 3aa074e5114cc9a35785b5ad3d4b29e39269e378 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sat, 13 Jul 2024 19:47:19 -0700
Subject: [PATCH 051/381] add an avo org event policy

---
 app/policies/admin/events/org_event_policy.rb | 13 +++++++++++++
 app/policies/admin/ip_address_policy.rb       |  1 +
 2 files changed, 14 insertions(+)
 create mode 100644 app/policies/admin/events/org_event_policy.rb

diff --git a/app/policies/admin/events/org_event_policy.rb b/app/policies/admin/events/org_event_policy.rb
new file mode 100644
index 00000000000..58ea4e8c014
--- /dev/null
+++ b/app/policies/admin/events/org_event_policy.rb
@@ -0,0 +1,13 @@
+class Admin::Events::OrgEventPolicy < Admin::ApplicationPolicy
+  class Scope < Admin::ApplicationPolicy::Scope
+    def resolve
+      scope.all
+    end
+  end
+
+  has_association :org
+  has_association :ip_address
+
+  def avo_index? = rubygems_org_admin?
+  def avo_show? = rubygems_org_admin?
+end
diff --git a/app/policies/admin/ip_address_policy.rb b/app/policies/admin/ip_address_policy.rb
index e05baef361d..c7479d65fa9 100644
--- a/app/policies/admin/ip_address_policy.rb
+++ b/app/policies/admin/ip_address_policy.rb
@@ -7,6 +7,7 @@ def resolve
 
   has_association :user_events
   has_association :rubygem_events
+  has_association :org_events
 
   def avo_index? = rubygems_org_admin?
   def avo_show? = rubygems_org_admin?

From f00d353e6049fd7131449dbac6c4809fe22ed29d Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sat, 13 Jul 2024 20:34:55 -0700
Subject: [PATCH 052/381] add org memberships to admin policy

---
 app/policies/admin/org_policy.rb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/policies/admin/org_policy.rb b/app/policies/admin/org_policy.rb
index 94ef4d56e9d..98a007ec6cd 100644
--- a/app/policies/admin/org_policy.rb
+++ b/app/policies/admin/org_policy.rb
@@ -5,6 +5,9 @@ def resolve
     end
   end
 
+  has_association :memberships
+  has_association :users
+
   def avo_index?
     rubygems_org_admin?
   end

From 47bf588140f73683147a140c8462f02b29b44ba0 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sat, 13 Jul 2024 22:06:22 -0700
Subject: [PATCH 053/381] add admin org event policy test

---
 .../admin/events/org_event_policy_test.rb      | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 test/policies/admin/events/org_event_policy_test.rb

diff --git a/test/policies/admin/events/org_event_policy_test.rb b/test/policies/admin/events/org_event_policy_test.rb
new file mode 100644
index 00000000000..bfaef5626dd
--- /dev/null
+++ b/test/policies/admin/events/org_event_policy_test.rb
@@ -0,0 +1,18 @@
+require "test_helper"
+
+class Admin::Events::OrgEventPolicyTest < AdminPolicyTestCase
+  def test_scope
+  end
+
+  def test_show
+  end
+
+  def test_create
+  end
+
+  def test_update
+  end
+
+  def test_destroy
+  end
+end

From 4c0cfb38c1c2873cda5279a74dce9b1bc7fe522d Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sat, 13 Jul 2024 22:28:56 -0700
Subject: [PATCH 054/381] set confirmed_at when creating membership

---
 test/factories/memberships.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/factories/memberships.rb b/test/factories/memberships.rb
index 7b619b4e34b..bd88d357de0 100644
--- a/test/factories/memberships.rb
+++ b/test/factories/memberships.rb
@@ -2,5 +2,6 @@
   factory :membership do
     user
     org
+    confirmed_at { Time.now }
   end
 end

From 45ee9a7a52d53b10e844acef5f4544b9a96ec295 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sun, 14 Jul 2024 00:29:17 -0700
Subject: [PATCH 055/381] fix confirmed_at cop

---
 test/factories/memberships.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/factories/memberships.rb b/test/factories/memberships.rb
index bd88d357de0..60d87d85ea2 100644
--- a/test/factories/memberships.rb
+++ b/test/factories/memberships.rb
@@ -2,6 +2,6 @@
   factory :membership do
     user
     org
-    confirmed_at { Time.now }
+    confirmed_at { Time.zone.now }
   end
 end

From 8523eaa85a1d13ebdd7e778c230e99d6ea1b8f56 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sun, 14 Jul 2024 00:29:31 -0700
Subject: [PATCH 056/381] add policy tests

---
 test/policies/admin/membership_policy_test.rb | 39 +++++++++++++++++++
 test/policies/admin/org_policy_test.rb        | 29 ++++++++++++++
 2 files changed, 68 insertions(+)
 create mode 100644 test/policies/admin/membership_policy_test.rb
 create mode 100644 test/policies/admin/org_policy_test.rb

diff --git a/test/policies/admin/membership_policy_test.rb b/test/policies/admin/membership_policy_test.rb
new file mode 100644
index 00000000000..4474bcc0a65
--- /dev/null
+++ b/test/policies/admin/membership_policy_test.rb
@@ -0,0 +1,39 @@
+require "test_helper"
+
+class Admin::MembershipPolicyTest < AdminPolicyTestCase
+  setup do
+    @membership = FactoryBot.create(:membership)
+    @admin = FactoryBot.create(:admin_github_user, :is_admin)
+    @non_admin = FactoryBot.create(:admin_github_user)
+  end
+
+  def test_scope
+    assert_equal [@membership], policy_scope!(@admin, Membership).to_a
+  end
+
+  def test_avo_index
+    refute_authorizes @admin, Membership, :avo_index?
+    refute_authorizes @non_admin, Membership, :avo_index?
+  end
+
+  def test_avo_show
+    assert_authorizes @admin, @membership, :avo_show?
+
+    refute_authorizes @non_admin, @membership, :avo_show?
+  end
+
+  def test_avo_create
+    refute_authorizes @admin, Membership, :avo_create?
+    refute_authorizes @non_admin, Membership, :avo_create?
+  end
+
+  def test_avo_update
+    refute_authorizes @admin, @membership, :avo_update?
+    refute_authorizes @non_admin, @membership, :avo_update?
+  end
+
+  def test_avo_destroy
+    refute_authorizes @admin, @membership, :avo_destroy?
+    refute_authorizes @non_admin, @membership, :avo_destroy?
+  end
+end
diff --git a/test/policies/admin/org_policy_test.rb b/test/policies/admin/org_policy_test.rb
new file mode 100644
index 00000000000..bcd362c4bed
--- /dev/null
+++ b/test/policies/admin/org_policy_test.rb
@@ -0,0 +1,29 @@
+require "test_helper"
+
+class Admin::UserPolicyTest < AdminPolicyTestCase
+  setup do
+    @user = FactoryBot.create(:user)
+    @admin = FactoryBot.create(:admin_github_user, :is_admin)
+    @non_admin = FactoryBot.create(:admin_github_user)
+  end
+
+  def test_scope
+  end
+
+  def test_show
+  end
+
+  def test_create
+  end
+
+  def test_update
+  end
+
+  def test_destroy
+  end
+
+  def test_search
+    assert_authorizes @admin, @user, :avo_search?
+    refute_authorizes @non_admin, @user, :avo_search?
+  end
+end

From 6acca457a660ea0ae81e219f5cf4b239043a857f Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sun, 14 Jul 2024 01:02:46 -0700
Subject: [PATCH 057/381] allow orgs without members, no circular factories

---
 app/models/org.rb      | 3 +--
 test/factories/orgs.rb | 4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/app/models/org.rb b/app/models/org.rb
index 40a77ad365c..7ca230611ec 100644
--- a/app/models/org.rb
+++ b/app/models/org.rb
@@ -6,7 +6,6 @@ class Org < ApplicationRecord
     length: { within: 2..40 },
     format: { with: Patterns::HANDLE_PATTERN }
   validates :name, presence: true, length: { within: 2..255 }
-  validates :memberships, presence: true
   validate :unique_with_user_handle
 
   def unique_with_user_handle
@@ -21,6 +20,6 @@ def unique_with_user_handle
   scope :deleted, -> { where.not(deleted_at: nil) }
 
   after_create do
-    record_event!(Events::OrgEvent::CREATED, actor_gid: memberships.first.to_gid)
+    record_event!(Events::OrgEvent::CREATED, actor_gid: memberships.first&.to_gid)
   end
 end
diff --git a/test/factories/orgs.rb b/test/factories/orgs.rb
index 8cd635145e3..ccb85b24ff5 100644
--- a/test/factories/orgs.rb
+++ b/test/factories/orgs.rb
@@ -4,8 +4,8 @@
     name
     deleted_at { nil }
 
-    after(:build) do |org, _evaluator|
-      org.memberships << build(:membership, org: org)
+    trait :with_members do
+      memberships { build_list(:membership, 2) }
     end
   end
 end

From 430aa4c5aa817482983182d29891b76fb3846296 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sun, 14 Jul 2024 03:02:07 -0700
Subject: [PATCH 058/381] test org event policy with events

---
 test/factories/events/org_events.rb              |  8 ++++++++
 .../admin/events/org_event_policy_test.rb        | 16 ++++++++++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 test/factories/events/org_events.rb

diff --git a/test/factories/events/org_events.rb b/test/factories/events/org_events.rb
new file mode 100644
index 00000000000..d7bcb151591
--- /dev/null
+++ b/test/factories/events/org_events.rb
@@ -0,0 +1,8 @@
+FactoryBot.define do
+  factory :events_org_event, class: "Events::OrgEvent" do
+    tag { "org:created" }
+    org
+    ip_address
+    additional { nil }
+  end
+end
diff --git a/test/policies/admin/events/org_event_policy_test.rb b/test/policies/admin/events/org_event_policy_test.rb
index bfaef5626dd..240e5e8e6db 100644
--- a/test/policies/admin/events/org_event_policy_test.rb
+++ b/test/policies/admin/events/org_event_policy_test.rb
@@ -1,18 +1,34 @@
 require "test_helper"
 
 class Admin::Events::OrgEventPolicyTest < AdminPolicyTestCase
+  setup do
+    @org = FactoryBot.create(:org)
+    @event = Events::OrgEvent.first
+    @admin = FactoryBot.create(:admin_github_user, :is_admin)
+    @non_admin = FactoryBot.create(:admin_github_user)
+  end
+
   def test_scope
+    assert_equal [@event], policy_scope!(@admin, Events::OrgEvent).to_a
   end
 
   def test_show
+    assert_authorizes @admin, @event, :avo_show?
+    refute_authorizes @non_admin, @event, :avo_show?
   end
 
   def test_create
+    refute_authorizes @admin, @event, :avo_create?
+    refute_authorizes @non_admin, @event, :avo_create?
   end
 
   def test_update
+    refute_authorizes @admin, @event, :avo_update?
+    refute_authorizes @non_admin, @event, :avo_update?
   end
 
   def test_destroy
+    refute_authorizes @admin, @event, :avo_destroy?
+    refute_authorizes @non_admin, @event, :avo_destroy?
   end
 end

From 4dec52d6f8fca2c5298901f0ea0b546599efd4ba Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Sun, 14 Jul 2024 03:05:01 -0700
Subject: [PATCH 059/381] fix the org policy test to test orgs

---
 test/policies/admin/org_policy_test.rb | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/test/policies/admin/org_policy_test.rb b/test/policies/admin/org_policy_test.rb
index bcd362c4bed..21c7705d3f1 100644
--- a/test/policies/admin/org_policy_test.rb
+++ b/test/policies/admin/org_policy_test.rb
@@ -1,29 +1,38 @@
 require "test_helper"
 
-class Admin::UserPolicyTest < AdminPolicyTestCase
+class Admin::OrgPolicyTest < AdminPolicyTestCase
   setup do
-    @user = FactoryBot.create(:user)
+    @org = FactoryBot.create(:org)
     @admin = FactoryBot.create(:admin_github_user, :is_admin)
     @non_admin = FactoryBot.create(:admin_github_user)
   end
 
   def test_scope
+    assert_equal [@org], policy_scope!(@admin, Org).to_a
   end
 
   def test_show
+    assert_authorizes @admin, @org, :avo_show?
+    refute_authorizes @non_admin, @org, :avo_show?
   end
 
   def test_create
+    refute_authorizes @admin, @org, :avo_create?
+    refute_authorizes @non_admin, @org, :avo_create?
   end
 
   def test_update
+    refute_authorizes @admin, @org, :avo_update?
+    refute_authorizes @non_admin, @org, :avo_update?
   end
 
   def test_destroy
+    refute_authorizes @admin, @org, :avo_destroy?
+    refute_authorizes @non_admin, @org, :avo_destroy?
   end
 
   def test_search
-    assert_authorizes @admin, @user, :avo_search?
-    refute_authorizes @non_admin, @user, :avo_search?
+    assert_authorizes @admin, @org, :avo_search?
+    refute_authorizes @non_admin, @org, :avo_search?
   end
 end

From 0c25df50a19347597876359396e0d7905a2753fe Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Mon, 15 Jul 2024 02:16:20 -0700
Subject: [PATCH 060/381] =?UTF-8?q?rename=20Org=20=E2=86=92=20Organization?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/avo/resources/membership_resource.rb      |  2 +-
 ...g_resource.rb => organization_resource.rb} |  2 +-
 app/avo/resources/user_resource.rb            |  2 +-
 ...troller.rb => organizations_controller.rb} |  2 +-
 app/models/events/org_event.rb                | 10 ---
 app/models/events/organization_event.rb       | 10 +++
 app/models/membership.rb                      |  2 +-
 app/models/{org.rb => organization.rb}        |  8 +-
 app/models/user.rb                            |  4 +-
 ...policy.rb => organization_event_policy.rb} |  4 +-
 app/policies/admin/ip_address_policy.rb       |  2 +-
 .../{org_policy.rb => organization_policy.rb} |  2 +-
 app/policies/admin/user_policy.rb             |  2 +-
 ...=> 20240630025625_create_organizations.rb} |  4 +-
 .../20240630025804_create_memberships.rb      |  4 +-
 ...40712003336_create_organization_events.rb} |  6 +-
 db/schema.rb                                  | 30 ++++----
 test/factories/events/org_events.rb           |  8 --
 test/factories/events/organization_events.rb  |  8 ++
 test/factories/memberships.rb                 |  2 +-
 test/factories/{orgs.rb => organizations.rb}  |  2 +-
 test/models/membership_test.rb                |  8 +-
 test/models/org_test.rb                       | 74 -------------------
 test/models/organization_test.rb              | 74 +++++++++++++++++++
 ...t.rb => organization_event_policy_test.rb} |  8 +-
 test/policies/admin/org_policy_test.rb        | 38 ----------
 .../admin/organization_policy_test.rb         | 38 ++++++++++
 27 files changed, 178 insertions(+), 178 deletions(-)
 rename app/avo/resources/{org_resource.rb => organization_resource.rb} (91%)
 rename app/controllers/avo/{orgs_controller.rb => organizations_controller.rb} (69%)
 delete mode 100644 app/models/events/org_event.rb
 create mode 100644 app/models/events/organization_event.rb
 rename app/models/{org.rb => organization.rb} (80%)
 rename app/policies/admin/events/{org_event_policy.rb => organization_event_policy.rb} (66%)
 rename app/policies/admin/{org_policy.rb => organization_policy.rb} (83%)
 rename db/migrate/{20240630025625_create_orgs.rb => 20240630025625_create_organizations.rb} (66%)
 rename db/migrate/{20240712003336_create_org_events.rb => 20240712003336_create_organization_events.rb} (61%)
 delete mode 100644 test/factories/events/org_events.rb
 create mode 100644 test/factories/events/organization_events.rb
 rename test/factories/{orgs.rb => organizations.rb} (85%)
 delete mode 100644 test/models/org_test.rb
 create mode 100644 test/models/organization_test.rb
 rename test/policies/admin/events/{org_event_policy_test.rb => organization_event_policy_test.rb} (73%)
 delete mode 100644 test/policies/admin/org_policy_test.rb
 create mode 100644 test/policies/admin/organization_policy_test.rb

diff --git a/app/avo/resources/membership_resource.rb b/app/avo/resources/membership_resource.rb
index dda32261be4..34ade886951 100644
--- a/app/avo/resources/membership_resource.rb
+++ b/app/avo/resources/membership_resource.rb
@@ -7,5 +7,5 @@ class ConfirmedFilter < ScopeBooleanFilter; end
 
   field :id, as: :id
   field :user, as: :belongs_to
-  field :org, as: :belongs_to
+  field :organization, as: :belongs_to
 end
diff --git a/app/avo/resources/org_resource.rb b/app/avo/resources/organization_resource.rb
similarity index 91%
rename from app/avo/resources/org_resource.rb
rename to app/avo/resources/organization_resource.rb
index f372d908186..592fdb766d8 100644
--- a/app/avo/resources/org_resource.rb
+++ b/app/avo/resources/organization_resource.rb
@@ -1,4 +1,4 @@
-class OrgResource < Avo::BaseResource
+class OrganizationResource < Avo::BaseResource
   self.title = :name
   self.includes = []
   self.search_query = lambda {
diff --git a/app/avo/resources/user_resource.rb b/app/avo/resources/user_resource.rb
index fd2ca3838c5..acba5dfe213 100644
--- a/app/avo/resources/user_resource.rb
+++ b/app/avo/resources/user_resource.rb
@@ -60,7 +60,7 @@ class DeletedFilter < ScopeBooleanFilter; end
     field :ownerships, as: :has_many
     field :rubygems, as: :has_many, through: :ownerships
     field :memberships, as: :has_many
-    field :orgs, as: :has_many, through: :memberships
+    field :organizations, as: :has_many, through: :memberships
     field :subscriptions, as: :has_many
     field :subscribed_gems, as: :has_many, through: :subscriptions
     field :deletions, as: :has_many
diff --git a/app/controllers/avo/orgs_controller.rb b/app/controllers/avo/organizations_controller.rb
similarity index 69%
rename from app/controllers/avo/orgs_controller.rb
rename to app/controllers/avo/organizations_controller.rb
index a609597f52a..351db7d415e 100644
--- a/app/controllers/avo/orgs_controller.rb
+++ b/app/controllers/avo/organizations_controller.rb
@@ -1,4 +1,4 @@
 # This controller has been generated to enable Rails' resource routes.
 # More information on https://docs.avohq.io/2.0/controllers.html
-class Avo::OrgsController < Avo::ResourcesController
+class Avo::OrganizationsController < Avo::ResourcesController
 end
diff --git a/app/models/events/org_event.rb b/app/models/events/org_event.rb
deleted file mode 100644
index 330634f4e59..00000000000
--- a/app/models/events/org_event.rb
+++ /dev/null
@@ -1,10 +0,0 @@
-class Events::OrgEvent < ApplicationRecord
-  belongs_to :org
-
-  include Events::Tags
-
-  CREATED = define_event "org:created" do
-    attribute :name, :string
-    attribute :actor_gid, :global_id
-  end
-end
diff --git a/app/models/events/organization_event.rb b/app/models/events/organization_event.rb
new file mode 100644
index 00000000000..8171c3738aa
--- /dev/null
+++ b/app/models/events/organization_event.rb
@@ -0,0 +1,10 @@
+class Events::OrganizationEvent < ApplicationRecord
+  belongs_to :organization
+
+  include Events::Tags
+
+  CREATED = define_event "organization:created" do
+    attribute :name, :string
+    attribute :actor_gid, :global_id
+  end
+end
diff --git a/app/models/membership.rb b/app/models/membership.rb
index 044af32aae6..c15753d8b9a 100644
--- a/app/models/membership.rb
+++ b/app/models/membership.rb
@@ -1,6 +1,6 @@
 class Membership < ApplicationRecord
   belongs_to :user
-  belongs_to :org
+  belongs_to :organization
 
   scope :unconfirmed, -> { where(confirmed_at: nil) }
   scope :confirmed, -> { where.not(confirmed_at: nil) }
diff --git a/app/models/org.rb b/app/models/organization.rb
similarity index 80%
rename from app/models/org.rb
rename to app/models/organization.rb
index 7ca230611ec..45d09307e77 100644
--- a/app/models/org.rb
+++ b/app/models/organization.rb
@@ -1,4 +1,4 @@
-class Org < ApplicationRecord
+class Organization < ApplicationRecord
   include Events::Recordable
 
   validates :handle, presence: true,
@@ -12,14 +12,14 @@ def unique_with_user_handle
     errors.add(:handle, "has already been taken") if handle && User.where("handle = lower(?)", handle.downcase).any?
   end
 
-  has_many :memberships, -> { where.not(confirmed_at: nil) }, dependent: :destroy, inverse_of: :org
-  has_many :unconfirmed_memberships, -> { where(confirmed_at: nil) }, class_name: "Membership", dependent: :destroy, inverse_of: :org
+  has_many :memberships, -> { where.not(confirmed_at: nil) }, dependent: :destroy, inverse_of: :organization
+  has_many :unconfirmed_memberships, -> { where(confirmed_at: nil) }, class_name: "Membership", dependent: :destroy, inverse_of: :organization
   has_many :users, through: :memberships
 
   scope :not_deleted, -> { where(deleted_at: nil) }
   scope :deleted, -> { where.not(deleted_at: nil) }
 
   after_create do
-    record_event!(Events::OrgEvent::CREATED, actor_gid: memberships.first&.to_gid)
+    record_event!(Events::OrganizationEvent::CREATED, actor_gid: memberships.first&.to_gid)
   end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index e3d0d96dd15..6bf943bc942 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -65,7 +65,7 @@ class User < ApplicationRecord
   has_many :oidc_rubygem_trusted_publishers, through: :rubygems, class_name: "OIDC::RubygemTrustedPublisher"
 
   has_many :memberships, dependent: :destroy
-  has_many :orgs, through: :memberships
+  has_many :organizations, through: :memberships
 
   validates :email, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }, format: { with: URI::MailTo::EMAIL_REGEXP }, presence: true,
 uniqueness: { case_sensitive: false }
@@ -360,6 +360,6 @@ def record_password_update_event
   end
 
   def unique_with_org_handle
-    errors.add(:handle, "has already been taken") if handle && Org.where("handle = lower(?)", handle.downcase).any?
+    errors.add(:handle, "has already been taken") if handle && Organization.where("handle = lower(?)", handle.downcase).any?
   end
 end
diff --git a/app/policies/admin/events/org_event_policy.rb b/app/policies/admin/events/organization_event_policy.rb
similarity index 66%
rename from app/policies/admin/events/org_event_policy.rb
rename to app/policies/admin/events/organization_event_policy.rb
index 58ea4e8c014..558bdd4694a 100644
--- a/app/policies/admin/events/org_event_policy.rb
+++ b/app/policies/admin/events/organization_event_policy.rb
@@ -1,11 +1,11 @@
-class Admin::Events::OrgEventPolicy < Admin::ApplicationPolicy
+class Admin::Events::OrganizationEventPolicy < Admin::ApplicationPolicy
   class Scope < Admin::ApplicationPolicy::Scope
     def resolve
       scope.all
     end
   end
 
-  has_association :org
+  has_association :organization
   has_association :ip_address
 
   def avo_index? = rubygems_org_admin?
diff --git a/app/policies/admin/ip_address_policy.rb b/app/policies/admin/ip_address_policy.rb
index c7479d65fa9..2f3fca42a56 100644
--- a/app/policies/admin/ip_address_policy.rb
+++ b/app/policies/admin/ip_address_policy.rb
@@ -7,7 +7,7 @@ def resolve
 
   has_association :user_events
   has_association :rubygem_events
-  has_association :org_events
+  has_association :organization_events
 
   def avo_index? = rubygems_org_admin?
   def avo_show? = rubygems_org_admin?
diff --git a/app/policies/admin/org_policy.rb b/app/policies/admin/organization_policy.rb
similarity index 83%
rename from app/policies/admin/org_policy.rb
rename to app/policies/admin/organization_policy.rb
index 98a007ec6cd..12291ad110a 100644
--- a/app/policies/admin/org_policy.rb
+++ b/app/policies/admin/organization_policy.rb
@@ -1,4 +1,4 @@
-class Admin::OrgPolicy < Admin::ApplicationPolicy
+class Admin::OrganizationPolicy < Admin::ApplicationPolicy
   class Scope < Admin::ApplicationPolicy::Scope
     def resolve
       scope.all
diff --git a/app/policies/admin/user_policy.rb b/app/policies/admin/user_policy.rb
index fb4c63c1d4d..117f703d5d8 100644
--- a/app/policies/admin/user_policy.rb
+++ b/app/policies/admin/user_policy.rb
@@ -12,7 +12,7 @@ def resolve
   has_association :events
   has_association :memberships
   has_association :oidc_api_key_roles
-  has_association :orgs
+  has_association :organizations
   has_association :ownership_calls
   has_association :ownership_requests
   has_association :ownerships
diff --git a/db/migrate/20240630025625_create_orgs.rb b/db/migrate/20240630025625_create_organizations.rb
similarity index 66%
rename from db/migrate/20240630025625_create_orgs.rb
rename to db/migrate/20240630025625_create_organizations.rb
index 124e01760e0..66e7228c92d 100644
--- a/db/migrate/20240630025625_create_orgs.rb
+++ b/db/migrate/20240630025625_create_organizations.rb
@@ -1,6 +1,6 @@
-class CreateOrgs < ActiveRecord::Migration[7.1]
+class CreateOrganizations < ActiveRecord::Migration[7.1]
   def change
-    create_table :orgs do |t|
+    create_table :organizations do |t|
       t.string :handle, limit: 40
       t.string :name, limit: 255
       t.timestamp :deleted_at
diff --git a/db/migrate/20240630025804_create_memberships.rb b/db/migrate/20240630025804_create_memberships.rb
index 08c15f92c0f..ee39a70ece8 100644
--- a/db/migrate/20240630025804_create_memberships.rb
+++ b/db/migrate/20240630025804_create_memberships.rb
@@ -2,11 +2,11 @@ class CreateMemberships < ActiveRecord::Migration[7.1]
   def change
     create_table :memberships do |t|
       t.belongs_to :user, null: false, foreign_key: true
-      t.belongs_to :org, null: false, foreign_key: true
+      t.belongs_to :organization, null: false, foreign_key: true
       t.timestamp :confirmed_at, default: nil
 
       t.timestamps
-      t.index %i[user_id org_id], unique: true
+      t.index %i[user_id organization_id], unique: true
     end
   end
 end
diff --git a/db/migrate/20240712003336_create_org_events.rb b/db/migrate/20240712003336_create_organization_events.rb
similarity index 61%
rename from db/migrate/20240712003336_create_org_events.rb
rename to db/migrate/20240712003336_create_organization_events.rb
index 9e606ec1f09..03cb1b95eaa 100644
--- a/db/migrate/20240712003336_create_org_events.rb
+++ b/db/migrate/20240712003336_create_organization_events.rb
@@ -1,9 +1,9 @@
-class CreateOrgEvents < ActiveRecord::Migration[7.0]
+class CreateOrganizationEvents < ActiveRecord::Migration[7.0]
   def change
-    create_table :events_org_events do |t|
+    create_table :events_organization_events do |t|
       t.string :tag, null: false, index: true
       t.string :trace_id, null: true
-      t.references :org, null: false, foreign_key: true
+      t.references :organization, null: false, foreign_key: true
       t.references :ip_address, null: true, foreign_key: true
       t.references :geoip_info, null: true, foreign_key: true
       t.jsonb :additional
diff --git a/db/schema.rb b/db/schema.rb
index f7d8cdc0def..295f1ba7ef9 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -94,19 +94,19 @@
     t.index ["version_id"], name: "index_dependencies_on_version_id"
   end
 
-  create_table "events_org_events", force: :cascade do |t|
+  create_table "events_organization_events", force: :cascade do |t|
     t.string "tag", null: false
     t.string "trace_id"
-    t.bigint "org_id", null: false
+    t.bigint "organization_id", null: false
     t.bigint "ip_address_id"
     t.bigint "geoip_info_id"
     t.jsonb "additional"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
-    t.index ["geoip_info_id"], name: "index_events_org_events_on_geoip_info_id"
-    t.index ["ip_address_id"], name: "index_events_org_events_on_ip_address_id"
-    t.index ["org_id"], name: "index_events_org_events_on_org_id"
-    t.index ["tag"], name: "index_events_org_events_on_tag"
+    t.index ["geoip_info_id"], name: "index_events_organization_events_on_geoip_info_id"
+    t.index ["ip_address_id"], name: "index_events_organization_events_on_ip_address_id"
+    t.index ["organization_id"], name: "index_events_organization_events_on_organization_id"
+    t.index ["tag"], name: "index_events_organization_events_on_tag"
   end
 
   create_table "events_rubygem_events", force: :cascade do |t|
@@ -332,12 +332,12 @@
 
   create_table "memberships", force: :cascade do |t|
     t.bigint "user_id", null: false
-    t.bigint "org_id", null: false
+    t.bigint "organization_id", null: false
     t.datetime "confirmed_at", precision: nil
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
-    t.index ["org_id"], name: "index_memberships_on_org_id"
-    t.index ["user_id", "org_id"], name: "index_memberships_on_user_id_and_org_id", unique: true
+    t.index ["organization_id"], name: "index_memberships_on_organization_id"
+    t.index ["user_id", "organization_id"], name: "index_memberships_on_user_id_and_organization_id", unique: true
     t.index ["user_id"], name: "index_memberships_on_user_id"
   end
 
@@ -408,13 +408,13 @@
     t.index ["repository_owner", "repository_name", "repository_owner_id", "workflow_filename", "environment"], name: "index_oidc_trusted_publisher_github_actions_claims", unique: true
   end
 
-  create_table "orgs", force: :cascade do |t|
+  create_table "organizations", force: :cascade do |t|
     t.string "handle", limit: 40
     t.string "name", limit: 255
     t.datetime "deleted_at", precision: nil
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
-    t.index "lower((handle)::text)", name: "index_orgs_on_lower_handle", unique: true
+    t.index "lower((handle)::text)", name: "index_organizations_on_lower_handle", unique: true
   end
 
   create_table "ownership_calls", force: :cascade do |t|
@@ -616,9 +616,9 @@
 
   add_foreign_key "api_key_rubygem_scopes", "api_keys", name: "api_key_rubygem_scopes_api_key_id_fk"
   add_foreign_key "audits", "admin_github_users", name: "audits_admin_github_user_id_fk"
-  add_foreign_key "events_org_events", "geoip_infos"
-  add_foreign_key "events_org_events", "ip_addresses"
-  add_foreign_key "events_org_events", "orgs"
+  add_foreign_key "events_organization_events", "geoip_infos"
+  add_foreign_key "events_organization_events", "ip_addresses"
+  add_foreign_key "events_organization_events", "organizations"
   add_foreign_key "events_rubygem_events", "geoip_infos"
   add_foreign_key "events_rubygem_events", "ip_addresses"
   add_foreign_key "events_rubygem_events", "rubygems"
@@ -627,7 +627,7 @@
   add_foreign_key "events_user_events", "users"
   add_foreign_key "ip_addresses", "geoip_infos"
   add_foreign_key "linksets", "rubygems", name: "linksets_rubygem_id_fk"
-  add_foreign_key "memberships", "orgs"
+  add_foreign_key "memberships", "organizations"
   add_foreign_key "memberships", "users"
   add_foreign_key "oidc_api_key_roles", "oidc_providers"
   add_foreign_key "oidc_api_key_roles", "users"
diff --git a/test/factories/events/org_events.rb b/test/factories/events/org_events.rb
deleted file mode 100644
index d7bcb151591..00000000000
--- a/test/factories/events/org_events.rb
+++ /dev/null
@@ -1,8 +0,0 @@
-FactoryBot.define do
-  factory :events_org_event, class: "Events::OrgEvent" do
-    tag { "org:created" }
-    org
-    ip_address
-    additional { nil }
-  end
-end
diff --git a/test/factories/events/organization_events.rb b/test/factories/events/organization_events.rb
new file mode 100644
index 00000000000..09893b5a748
--- /dev/null
+++ b/test/factories/events/organization_events.rb
@@ -0,0 +1,8 @@
+FactoryBot.define do
+  factory :events_organization_event, class: "Events::OrganizationEvent" do
+    tag { "organization:created" }
+    organization
+    ip_address
+    additional { nil }
+  end
+end
diff --git a/test/factories/memberships.rb b/test/factories/memberships.rb
index 60d87d85ea2..7b586fb30f4 100644
--- a/test/factories/memberships.rb
+++ b/test/factories/memberships.rb
@@ -1,7 +1,7 @@
 FactoryBot.define do
   factory :membership do
     user
-    org
+    organization
     confirmed_at { Time.zone.now }
   end
 end
diff --git a/test/factories/orgs.rb b/test/factories/organizations.rb
similarity index 85%
rename from test/factories/orgs.rb
rename to test/factories/organizations.rb
index ccb85b24ff5..1a520024daa 100644
--- a/test/factories/orgs.rb
+++ b/test/factories/organizations.rb
@@ -1,5 +1,5 @@
 FactoryBot.define do
-  factory :org do
+  factory :organization do
     handle
     name
     deleted_at { nil }
diff --git a/test/models/membership_test.rb b/test/models/membership_test.rb
index 28578716518..194cbde5da8 100644
--- a/test/models/membership_test.rb
+++ b/test/models/membership_test.rb
@@ -1,23 +1,23 @@
 require "test_helper"
 
 class MembershipTest < ActiveSupport::TestCase
-  should belong_to(:org)
+  should belong_to(:organization)
   should belong_to(:user)
 
   setup do
-    @org = FactoryBot.create(:org)
+    @organization = FactoryBot.create(:organization)
     @user = FactoryBot.create(:user)
   end
 
   should "be unconfirmed by default" do
-    membership = Membership.create!(org: @org, user: @user)
+    membership = Membership.create!(organization: @organization, user: @user)
 
     assert_not(membership.confirmed?)
     assert_empty(Membership.confirmed)
   end
 
   should "be confirmed with confirmed_at" do
-    membership = Membership.create!(org: @org, user: @user, confirmed_at: Time.zone.now)
+    membership = Membership.create!(organization: @organization, user: @user, confirmed_at: Time.zone.now)
 
     assert_predicate(membership, :confirmed?)
     assert_equal(Membership.confirmed, [membership])
diff --git a/test/models/org_test.rb b/test/models/org_test.rb
deleted file mode 100644
index 5ea3301f364..00000000000
--- a/test/models/org_test.rb
+++ /dev/null
@@ -1,74 +0,0 @@
-require "test_helper"
-
-class OrgTest < ActiveSupport::TestCase
-  should have_many(:memberships).dependent(:destroy)
-  should have_many(:unconfirmed_memberships).dependent(:destroy)
-  should have_many(:users).through(:memberships)
-
-  # Waiting for Ownerships to be made polymorphic
-  #
-  # should have_many(:ownerships).dependent(:destroy)
-  # should have_many(:unconfirmed_ownerships).dependent(:destroy)
-  # should have_many(:rubygems).through(:ownerships)
-
-  context "validations" do
-    context "handle" do
-      should allow_value("CapsLOCK").for(:handle)
-      should_not allow_value(nil).for(:handle)
-      should_not allow_value("1abcde").for(:handle)
-      should_not allow_value("abc^%def").for(:handle)
-      should_not allow_value("abc\n<script>bad").for(:handle)
-
-      should "be between 2 and 40 characters" do
-        org = build(:org, handle: "a")
-
-        refute_predicate org, :valid?
-        assert_contains org.errors[:handle], "is too short (minimum is 2 characters)"
-
-        org.handle = "a" * 41
-
-        refute_predicate org, :valid?
-        assert_contains org.errors[:handle], "is too long (maximum is 40 characters)"
-
-        org.handle = "abcdef"
-        org.valid?
-
-        assert_nil org.errors[:handle].first
-      end
-
-      should "be invalid when an empty string" do
-        org = build(:org, handle: "")
-
-        refute_predicate org, :valid?
-      end
-
-      should "be invalid when nil" do
-        refute_predicate build(:org, handle: nil), :valid?
-      end
-
-      should "be invalid with duplicate handle on create" do
-        create(:org, handle: "test")
-        org = build(:org, handle: "Test")
-
-        refute_predicate org, :valid?
-      end
-
-      should "be invalid with duplicate handle on update" do
-        create(:org, handle: "test")
-        org = create(:org, handle: "test2")
-        org.update(handle: "Test")
-
-        assert_contains org.errors[:handle], "has already been taken"
-        refute_predicate org, :valid?
-      end
-
-      should "be invalid if user has handle already" do
-        create(:user, handle: "test")
-        org = build(:org, handle: "Test")
-
-        refute_predicate org, :valid?
-        assert_contains org.errors[:handle], "has already been taken"
-      end
-    end
-  end
-end
diff --git a/test/models/organization_test.rb b/test/models/organization_test.rb
new file mode 100644
index 00000000000..c8cf1a20f03
--- /dev/null
+++ b/test/models/organization_test.rb
@@ -0,0 +1,74 @@
+require "test_helper"
+
+class OrganizationTest < ActiveSupport::TestCase
+  should have_many(:memberships).dependent(:destroy)
+  should have_many(:unconfirmed_memberships).dependent(:destroy)
+  should have_many(:users).through(:memberships)
+
+  # Waiting for Ownerships to be made polymorphic
+  #
+  # should have_many(:ownerships).dependent(:destroy)
+  # should have_many(:unconfirmed_ownerships).dependent(:destroy)
+  # should have_many(:rubygems).through(:ownerships)
+
+  context "validations" do
+    context "handle" do
+      should allow_value("CapsLOCK").for(:handle)
+      should_not allow_value(nil).for(:handle)
+      should_not allow_value("1abcde").for(:handle)
+      should_not allow_value("abc^%def").for(:handle)
+      should_not allow_value("abc\n<script>bad").for(:handle)
+
+      should "be between 2 and 40 characters" do
+        organization = build(:organization, handle: "a")
+
+        refute_predicate organization, :valid?
+        assert_contains organization.errors[:handle], "is too short (minimum is 2 characters)"
+
+        organization.handle = "a" * 41
+
+        refute_predicate organization, :valid?
+        assert_contains organization.errors[:handle], "is too long (maximum is 40 characters)"
+
+        organization.handle = "abcdef"
+        organization.valid?
+
+        assert_nil organization.errors[:handle].first
+      end
+
+      should "be invalid when an empty string" do
+        organization = build(:organization, handle: "")
+
+        refute_predicate organization, :valid?
+      end
+
+      should "be invalid when nil" do
+        refute_predicate build(:organization, handle: nil), :valid?
+      end
+
+      should "be invalid with duplicate handle on create" do
+        create(:organization, handle: "test")
+        organization = build(:organization, handle: "Test")
+
+        refute_predicate organization, :valid?
+      end
+
+      should "be invalid with duplicate handle on update" do
+        create(:organization, handle: "test")
+        organization = create(:organization, handle: "test2")
+        organization.update(handle: "Test")
+
+        assert_contains organization.errors[:handle], "has already been taken"
+        refute_predicate organization, :valid?
+      end
+
+      should "be invalid if user has handle already" do
+        create(:user, handle: "test")
+        organization = build(:organization, handle: "Test")
+
+        refute_predicate organization, :valid?
+        assert_contains organization.errors[:handle], "has already been taken"
+      end
+    end
+  end
+end
diff --git a/test/policies/admin/events/org_event_policy_test.rb b/test/policies/admin/events/organization_event_policy_test.rb
similarity index 73%
rename from test/policies/admin/events/org_event_policy_test.rb
rename to test/policies/admin/events/organization_event_policy_test.rb
index 240e5e8e6db..103096ebebd 100644
--- a/test/policies/admin/events/org_event_policy_test.rb
+++ b/test/policies/admin/events/organization_event_policy_test.rb
@@ -1,15 +1,15 @@
 require "test_helper"
 
-class Admin::Events::OrgEventPolicyTest < AdminPolicyTestCase
+class Admin::Events::OrganizationEventPolicyTest < AdminPolicyTestCase
   setup do
-    @org = FactoryBot.create(:org)
-    @event = Events::OrgEvent.first
+    @organization = FactoryBot.create(:organization)
+    @event = Events::OrganizationEvent.first
     @admin = FactoryBot.create(:admin_github_user, :is_admin)
     @non_admin = FactoryBot.create(:admin_github_user)
   end
 
   def test_scope
-    assert_equal [@event], policy_scope!(@admin, Events::OrgEvent).to_a
+    assert_equal [@event], policy_scope!(@admin, Events::OrganizationEvent).to_a
   end
 
   def test_show
diff --git a/test/policies/admin/org_policy_test.rb b/test/policies/admin/org_policy_test.rb
deleted file mode 100644
index 21c7705d3f1..00000000000
--- a/test/policies/admin/org_policy_test.rb
+++ /dev/null
@@ -1,38 +0,0 @@
-require "test_helper"
-
-class Admin::OrgPolicyTest < AdminPolicyTestCase
-  setup do
-    @org = FactoryBot.create(:org)
-    @admin = FactoryBot.create(:admin_github_user, :is_admin)
-    @non_admin = FactoryBot.create(:admin_github_user)
-  end
-
-  def test_scope
-    assert_equal [@org], policy_scope!(@admin, Org).to_a
-  end
-
-  def test_show
-    assert_authorizes @admin, @org, :avo_show?
-    refute_authorizes @non_admin, @org, :avo_show?
-  end
-
-  def test_create
-    refute_authorizes @admin, @org, :avo_create?
-    refute_authorizes @non_admin, @org, :avo_create?
-  end
-
-  def test_update
-    refute_authorizes @admin, @org, :avo_update?
-    refute_authorizes @non_admin, @org, :avo_update?
-  end
-
-  def test_destroy
-    refute_authorizes @admin, @org, :avo_destroy?
-    refute_authorizes @non_admin, @org, :avo_destroy?
-  end
-
-  def test_search
-    assert_authorizes @admin, @org, :avo_search?
-    refute_authorizes @non_admin, @org, :avo_search?
-  end
-end
diff --git a/test/policies/admin/organization_policy_test.rb b/test/policies/admin/organization_policy_test.rb
new file mode 100644
index 00000000000..2bda6ccfc65
--- /dev/null
+++ b/test/policies/admin/organization_policy_test.rb
@@ -0,0 +1,38 @@
+require "test_helper"
+
+class Admin::OrganizationPolicyTest < AdminPolicyTestCase
+  setup do
+    @organization = FactoryBot.create(:organization)
+    @admin = FactoryBot.create(:admin_github_user, :is_admin)
+    @non_admin = FactoryBot.create(:admin_github_user)
+  end
+
+  def test_scope
+    assert_equal [@organization], policy_scope!(@admin, Organization).to_a
+  end
+
+  def test_show
+    assert_authorizes @admin, @organization, :avo_show?
+    refute_authorizes @non_admin, @organization, :avo_show?
+  end
+
+  def test_create
+    refute_authorizes @admin, @organization, :avo_create?
+    refute_authorizes @non_admin, @organization, :avo_create?
+  end
+
+  def test_update
+    refute_authorizes @admin, @organization, :avo_update?
+    refute_authorizes @non_admin, @organization, :avo_update?
+  end
+
+  def test_destroy
+    refute_authorizes @admin, @organization, :avo_destroy?
+    refute_authorizes @non_admin, @organization, :avo_destroy?
+  end
+
+  def test_search
+    assert_authorizes @admin, @organization, :avo_search?
+    refute_authorizes @non_admin, @organization, :avo_search?
+  end
+end

From c03a818f11b8fce4a3bc096b6c1a3845c964c24c Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Mon, 15 Jul 2024 10:04:14 -0700
Subject: [PATCH 061/381] Add deny reason to pundit policies (#4890)

---
 app/controllers/api/base_controller.rb        |  4 ++-
 app/controllers/application_controller.rb     |  7 +++--
 app/policies/api/application_policy.rb        | 28 +++++++++++++++----
 .../oidc/rubygem_trusted_publisher_policy.rb  |  6 ++--
 app/policies/api/rubygem_policy.rb            |  2 +-
 app/policies/application_policy.rb            | 15 +++++++++-
 .../oidc/rubygem_trusted_publisher_policy.rb  |  6 ++--
 app/policies/ownership_call_policy.rb         |  4 +--
 app/policies/ownership_policy.rb              |  4 +--
 app/policies/ownership_request_policy.rb      |  4 +--
 app/policies/rubygem_policy.rb                | 20 +++++++------
 config/locales/de.yml                         |  1 +
 config/locales/en.yml                         |  1 +
 config/locales/es.yml                         |  1 +
 config/locales/fr.yml                         |  1 +
 config/locales/ja.yml                         |  1 +
 config/locales/nl.yml                         |  1 +
 config/locales/pt-BR.yml                      |  1 +
 config/locales/zh-CN.yml                      |  1 +
 config/locales/zh-TW.yml                      |  1 +
 test/functional/owners_controller_test.rb     |  2 +-
 ...ygem_trusted_publishers_controller_test.rb |  2 +-
 test/system/oidc_test.rb                      |  2 +-
 23 files changed, 81 insertions(+), 34 deletions(-)

diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
index 5ae17b2a49d..bc9438b6cd8 100644
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -2,7 +2,9 @@ class Api::BaseController < ApplicationController
   skip_before_action :verify_authenticity_token
   after_action :skip_session
 
-  rescue_from(Pundit::NotAuthorizedError) { |_| render_forbidden(t(:api_key_forbidden)) }
+  rescue_from(Pundit::NotAuthorizedError) do |e|
+    render_forbidden(e.policy.error)
+  end
 
   private
 
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index e9fe1221041..6bd038dc973 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -9,7 +9,9 @@ class ApplicationController < ActionController::Base
   rescue_from ActiveRecord::RecordNotFound, with: :render_not_found
   rescue_from ActionController::InvalidAuthenticityToken, with: :render_forbidden
   rescue_from ActionController::UnpermittedParameters, with: :render_bad_request
-  rescue_from(Pundit::NotAuthorizedError) { |_| render_forbidden } # don't pass pundit error message
+  rescue_from(Pundit::NotAuthorizedError) do |e|
+    render_forbidden(e.policy.error)
+  end
 
   before_action :set_locale
   before_action :reject_null_char_param
@@ -138,7 +140,8 @@ def render_not_found
     end
   end
 
-  def render_forbidden(error = "forbidden")
+  def render_forbidden(error = nil)
+    error ||= t(:forbidden)
     render plain: error, status: :forbidden
   end
 
diff --git a/app/policies/api/application_policy.rb b/app/policies/api/application_policy.rb
index 29821e94bed..60c8d750b33 100644
--- a/app/policies/api/application_policy.rb
+++ b/app/policies/api/application_policy.rb
@@ -16,12 +16,13 @@ def resolve
     attr_reader :api_key, :scope
   end
 
-  attr_reader :api_key, :record
+  attr_reader :api_key, :record, :error
 
   def initialize(api_key, record)
-    @api_key = api_key
     @user = api_key.user
     @record = record
+    @error = nil
+    @api_key = api_key
   end
 
   def index? = false
@@ -34,7 +35,24 @@ def destroy? = false
 
   private
 
-  def policy!(user, record) = Pundit.policy!(user, record)
-  def user_policy! = policy!(api_key.user, record)
-  def api_key_scope?(...) = api_key.scope?(...)
+  delegate :t, to: I18n
+
+  def deny(error)
+    @error = error
+    false
+  end
+
+  def user_policy!(record)
+    Pundit.policy!(api_key.user, record)
+  end
+
+  def user_authorized?(record, action)
+    policy = user_policy!(record)
+    policy.send(action) || deny(policy.error)
+  end
+
+  def api_key_scope?(scope, rubygem = nil)
+    rubygem = nil unless rubygem.is_a?(Rubygem)
+    api_key.scope?(scope, rubygem) || deny(t(:api_key_insufficient_scope))
+  end
 end
diff --git a/app/policies/api/oidc/rubygem_trusted_publisher_policy.rb b/app/policies/api/oidc/rubygem_trusted_publisher_policy.rb
index 9723db57fee..68177daea79 100644
--- a/app/policies/api/oidc/rubygem_trusted_publisher_policy.rb
+++ b/app/policies/api/oidc/rubygem_trusted_publisher_policy.rb
@@ -5,15 +5,15 @@ class Scope < Api::ApplicationPolicy::Scope
   delegate :rubygem, to: :record
 
   def show?
-    can_configure_trusted_publishers? && user_policy!.show?
+    can_configure_trusted_publishers? && user_authorized?(record, :show?)
   end
 
   def create?
-    can_configure_trusted_publishers? && user_policy!.create?
+    can_configure_trusted_publishers? && user_authorized?(record, :create?)
   end
 
   def destroy?
-    can_configure_trusted_publishers? && user_policy!.destroy?
+    can_configure_trusted_publishers? && user_authorized?(record, :destroy?)
   end
 
   private
diff --git a/app/policies/api/rubygem_policy.rb b/app/policies/api/rubygem_policy.rb
index f198211f833..1a00cb2e62f 100644
--- a/app/policies/api/rubygem_policy.rb
+++ b/app/policies/api/rubygem_policy.rb
@@ -25,6 +25,6 @@ def remove_owner?
   end
 
   def show_trusted_publishers?
-    api_key_scope?(:configure_trusted_publishers, rubygem) && user_policy!.show_trusted_publishers?
+    api_key_scope?(:configure_trusted_publishers, rubygem) && user_authorized?(record, :show_trusted_publishers?)
   end
 end
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
index 3f25a3cede5..a1803de7e82 100644
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@@ -18,11 +18,12 @@ def resolve
     attr_reader :user, :scope
   end
 
-  attr_reader :user, :record
+  attr_reader :user, :record, :error
 
   def initialize(user, record)
     @user = user
     @record = record
+    @error = nil
   end
 
   def index?
@@ -59,7 +60,19 @@ def search?
 
   private
 
+  delegate :t, to: I18n
+
+  def deny(error)
+    @error = error
+    false
+  end
+
   def current_user?(record_user)
     user && user == record_user
   end
+
+  def rubygem_owned_by?(user)
+    return true if rubygem.owned_by?(user)
+    deny(t(:forbidden))
+  end
 end
diff --git a/app/policies/oidc/rubygem_trusted_publisher_policy.rb b/app/policies/oidc/rubygem_trusted_publisher_policy.rb
index 8d1400908af..b035c911d03 100644
--- a/app/policies/oidc/rubygem_trusted_publisher_policy.rb
+++ b/app/policies/oidc/rubygem_trusted_publisher_policy.rb
@@ -5,14 +5,14 @@ class Scope < ApplicationPolicy::Scope
   delegate :rubygem, to: :record
 
   def show?
-    rubygem.owned_by?(user)
+    rubygem_owned_by?(user)
   end
 
   def create?
-    rubygem.owned_by?(user)
+    rubygem_owned_by?(user)
   end
 
   def destroy?
-    rubygem.owned_by?(user)
+    rubygem_owned_by?(user)
   end
 end
diff --git a/app/policies/ownership_call_policy.rb b/app/policies/ownership_call_policy.rb
index b5f74a089b2..eae5d07be29 100644
--- a/app/policies/ownership_call_policy.rb
+++ b/app/policies/ownership_call_policy.rb
@@ -5,10 +5,10 @@ class Scope < ApplicationPolicy::Scope
   delegate :rubygem, to: :record
 
   def create?
-    rubygem.owned_by?(user) && current_user?(record.user)
+    rubygem_owned_by?(user) && current_user?(record.user)
   end
 
   def close?
-    rubygem.owned_by?(user)
+    rubygem_owned_by?(user)
   end
 end
diff --git a/app/policies/ownership_policy.rb b/app/policies/ownership_policy.rb
index a0ba9d4fac6..c112ecebbde 100644
--- a/app/policies/ownership_policy.rb
+++ b/app/policies/ownership_policy.rb
@@ -5,10 +5,10 @@ class Scope < ApplicationPolicy::Scope
   delegate :rubygem, to: :record
 
   def create?
-    rubygem.owned_by?(user) && current_user?(record.authorizer)
+    rubygem_owned_by?(user) && current_user?(record.authorizer)
   end
 
   def destroy?
-    rubygem.owned_by?(user)
+    rubygem_owned_by?(user)
   end
 end
diff --git a/app/policies/ownership_request_policy.rb b/app/policies/ownership_request_policy.rb
index 88b16d29323..67b18fae0fa 100644
--- a/app/policies/ownership_request_policy.rb
+++ b/app/policies/ownership_request_policy.rb
@@ -9,10 +9,10 @@ def create?
   end
 
   def approve?
-    rubygem.owned_by?(user)
+    rubygem_owned_by?(user)
   end
 
   def close?
-    current_user?(record.user) || rubygem.owned_by?(user)
+    current_user?(record.user) || rubygem_owned_by?(user)
   end
 end
diff --git a/app/policies/rubygem_policy.rb b/app/policies/rubygem_policy.rb
index ef7dde21fd7..f2da1b7e64f 100644
--- a/app/policies/rubygem_policy.rb
+++ b/app/policies/rubygem_policy.rb
@@ -5,6 +5,8 @@ class Scope < ApplicationPolicy::Scope
   ABANDONED_RELEASE_AGE = 1.year
   ABANDONED_DOWNLOADS_MAX = 10_000
 
+  alias rubygem record
+
   def show?
     true
   end
@@ -22,30 +24,30 @@ def destroy?
   end
 
   def show_adoption?
-    record.owned_by?(user) || request_ownership?
+    rubygem_owned_by?(user) || request_ownership?
   end
 
   def show_events?
-    record.owned_by?(user)
+    rubygem_owned_by?(user)
   end
 
   def request_ownership?
-    return false if record.owned_by?(user)
-    return true if record.ownership_calls.any?
-    return false if record.downloads >= ABANDONED_DOWNLOADS_MAX
-    return false unless record.latest_version&.created_at&.before?(ABANDONED_RELEASE_AGE.ago)
+    return false if rubygem_owned_by?(user)
+    return true if rubygem.ownership_calls.any?
+    return deny("above maximum downloads to be considered abandoned") if rubygem.downloads >= ABANDONED_DOWNLOADS_MAX
+    return false unless rubygem.latest_version&.created_at&.before?(ABANDONED_RELEASE_AGE.ago)
     true
   end
 
   def close_ownership_requests?
-    record.owned_by?(user)
+    rubygem_owned_by?(user)
   end
 
   def show_trusted_publishers?
-    record.owned_by?(user)
+    rubygem_owned_by?(user)
   end
 
   def show_unconfirmed_ownerships?
-    record.owned_by?(user)
+    rubygem_owned_by?(user)
   end
 end
diff --git a/config/locales/de.yml b/config/locales/de.yml
index 5d8b96c1658..c4d37660ee4 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -26,6 +26,7 @@ de:
   locale_name: Deutsch
   none: None
   not_found: Nicht gefunden
+  forbidden:
   api_gem_not_found:
   api_key_forbidden:
   api_key_soft_deleted:
diff --git a/config/locales/en.yml b/config/locales/en.yml
index ecc5ab1974d..1bbf6fef00c 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -26,6 +26,7 @@ en:
   locale_name: English
   none: None
   not_found: Not Found
+  forbidden: Forbidden
   api_gem_not_found: This gem could not be found
   api_key_forbidden: The API key doesn't have access
   api_key_soft_deleted: An invalid API key cannot be used. Please delete it and create a new one.
diff --git a/config/locales/es.yml b/config/locales/es.yml
index 6b8649a9742..b29db2cce64 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -26,6 +26,7 @@ es:
   locale_name: Español
   none: Ninguno
   not_found: No encontrado
+  forbidden:
   api_gem_not_found:
   api_key_forbidden: La clave API no tiene acceso
   api_key_soft_deleted:
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index 5e9e9fa2be8..125e48daa7b 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -27,6 +27,7 @@ fr:
   locale_name: Français
   none:
   not_found: Introuvable
+  forbidden:
   api_gem_not_found:
   api_key_forbidden:
   api_key_soft_deleted:
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index ea622b776d7..ba6d0a0ac9b 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -20,6 +20,7 @@ ja:
   locale_name: 日本語
   none: なし
   not_found: 見つかりませんでした
+  forbidden:
   api_gem_not_found:
   api_key_forbidden: APIキーにアクセス権がありません
   api_key_soft_deleted:
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index 9bae60eafd8..ccd41801d2d 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -19,6 +19,7 @@ nl:
   locale_name: Nederlands
   none: Geen
   not_found: Niet gevonden
+  forbidden:
   api_gem_not_found:
   api_key_forbidden:
   api_key_soft_deleted:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index 73cc4a7eef1..12d70637b6d 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -25,6 +25,7 @@ pt-BR:
   locale_name: Português do Brasil
   none: Nenhum
   not_found: Não encontrado
+  forbidden:
   api_gem_not_found:
   api_key_forbidden:
   api_key_soft_deleted:
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index 9ad807e5c76..1ba787f6ead 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -21,6 +21,7 @@ zh-CN:
   locale_name: 简体中文
   none: 无
   not_found: 未找到
+  forbidden:
   api_gem_not_found:
   api_key_forbidden: API 密钥没有访问权限
   api_key_soft_deleted:
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index a459d5180a8..c4c1c8301d3 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -20,6 +20,7 @@ zh-TW:
   locale_name: 正體中文
   none: 無
   not_found: 沒有找到
+  forbidden:
   api_gem_not_found:
   api_key_forbidden: API 金鑰沒有存取權限
   api_key_soft_deleted:
diff --git a/test/functional/owners_controller_test.rb b/test/functional/owners_controller_test.rb
index e2877971228..30cbb604abc 100644
--- a/test/functional/owners_controller_test.rb
+++ b/test/functional/owners_controller_test.rb
@@ -42,7 +42,7 @@ class OwnersControllerTest < ActionController::TestCase
         should respond_with :forbidden
 
         should "render forbidden message" do
-          assert page.has_content?("forbidden")
+          assert page.has_content?("Forbidden")
         end
       end
     end
diff --git a/test/integration/api/v1/oidc/rubygem_trusted_publishers_controller_test.rb b/test/integration/api/v1/oidc/rubygem_trusted_publishers_controller_test.rb
index 637d6746a6f..64af8414c8c 100644
--- a/test/integration/api/v1/oidc/rubygem_trusted_publishers_controller_test.rb
+++ b/test/integration/api/v1/oidc/rubygem_trusted_publishers_controller_test.rb
@@ -62,7 +62,7 @@ class Api::V1::OIDC::RubygemTrustedPublishersControllerTest < ActionDispatch::In
 
     should "deny access" do
       assert_response :forbidden
-      assert_match "The API key doesn't have access", @response.body
+      assert_includes @response.body, "This API key cannot perform the specified action on this gem."
     end
   end
 
diff --git a/test/system/oidc_test.rb b/test/system/oidc_test.rb
index 2f42f6eb0d5..65bae4ece8e 100644
--- a/test/system/oidc_test.rb
+++ b/test/system/oidc_test.rb
@@ -227,7 +227,7 @@ def verify_session # rubocop:disable Minitest/TestMethodName
     visit new_rubygem_trusted_publisher_path(rubygem.slug)
     verify_session
 
-    assert_text "forbidden"
+    assert_text "Forbidden"
 
     create(:ownership, rubygem: rubygem, user: @user)
 

From 5f8ae2166032c6fa7fedfcf8dac4fb7a03ccd65a Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Mon, 15 Jul 2024 11:32:07 -0700
Subject: [PATCH 062/381] Authorize api key scopes (#4889)

* Refactor configure_trusted_publishers
* Add api key scope check for index_rubygems
* Add api key scope check for yank_rubygem
* Add api key scope check for add_owner & remove_owner
* Add api key scope check for access_webhooks
* Add Api::RubygemPolicy::create? with tests
---
 .../api/v1/deletions_controller.rb            |   5 -
 .../rubygem_trusted_publishers_controller.rb  |   6 +-
 app/controllers/api/v1/owners_controller.rb   |   2 -
 app/controllers/api/v1/rubygems_controller.rb |   3 +-
 .../api/v1/web_hooks_controller.rb            |   5 -
 .../rubygem_trusted_publishers_controller.rb  |   2 +-
 .../oidc/rubygem_trusted_publisher_policy.rb  |  24 ---
 app/policies/api/rubygem_policy.rb            |  14 +-
 app/policies/api/web_hook_policy.rb           |  16 +-
 app/policies/rubygem_policy.rb                |   4 +-
 .../api/v1/deletions_controller_test.rb       |   2 +-
 .../api/v1/owners_controller_test.rb          |   8 +-
 .../rubygem_trusted_publisher_policy_test.rb  |  65 -------
 test/policies/api/rubygem_policy_test.rb      | 161 +++++++++++++++---
 .../rubygem_trusted_publisher_policy_test.rb  |  28 ---
 test/policies/rubygem_policy_test.rb          |   8 +-
 16 files changed, 174 insertions(+), 179 deletions(-)
 delete mode 100644 app/policies/api/oidc/rubygem_trusted_publisher_policy.rb
 delete mode 100644 test/policies/api/oidc/rubygem_trusted_publisher_policy_test.rb
 delete mode 100644 test/policies/oidc/rubygem_trusted_publisher_policy_test.rb

diff --git a/app/controllers/api/v1/deletions_controller.rb b/app/controllers/api/v1/deletions_controller.rb
index 5f5590fa4e1..b1fac678067 100644
--- a/app/controllers/api/v1/deletions_controller.rb
+++ b/app/controllers/api/v1/deletions_controller.rb
@@ -5,7 +5,6 @@ class Api::V1::DeletionsController < Api::BaseController
   before_action :verify_api_key_gem_scope
   before_action :validate_gem_and_version
   before_action :verify_with_otp
-  before_action :render_forbidden, if: :api_key_unauthorized?
   before_action :verify_mfa_requirement
 
   def create
@@ -47,8 +46,4 @@ def validate_gem_and_version
       end
     end
   end
-
-  def api_key_unauthorized?
-    !@api_key.can_yank_rubygem?
-  end
 end
diff --git a/app/controllers/api/v1/oidc/rubygem_trusted_publishers_controller.rb b/app/controllers/api/v1/oidc/rubygem_trusted_publishers_controller.rb
index f1bb0a6b9df..de5ab739f95 100644
--- a/app/controllers/api/v1/oidc/rubygem_trusted_publishers_controller.rb
+++ b/app/controllers/api/v1/oidc/rubygem_trusted_publishers_controller.rb
@@ -19,7 +19,7 @@ def show
   end
 
   def create
-    trusted_publisher = authorize @rubygem.oidc_rubygem_trusted_publishers.build(create_params)
+    trusted_publisher = @rubygem.oidc_rubygem_trusted_publishers.build(create_params)
 
     if trusted_publisher.save
       render json: trusted_publisher, status: :created
@@ -36,11 +36,11 @@ def destroy
 
   def find_rubygem
     super
-    authorize @rubygem, :show_trusted_publishers?
+    authorize @rubygem, :configure_trusted_publishers?
   end
 
   def find_rubygem_trusted_publisher
-    @rubygem_trusted_publisher = authorize @rubygem.oidc_rubygem_trusted_publishers.find(params.permit(:id).require(:id))
+    @rubygem_trusted_publisher = @rubygem.oidc_rubygem_trusted_publishers.find(params.permit(:id).require(:id))
   end
 
   def set_trusted_publisher_type
diff --git a/app/controllers/api/v1/owners_controller.rb b/app/controllers/api/v1/owners_controller.rb
index 2ee1b5fc215..4a24211cce8 100644
--- a/app/controllers/api/v1/owners_controller.rb
+++ b/app/controllers/api/v1/owners_controller.rb
@@ -16,7 +16,6 @@ def show
 
   def create
     authorize @rubygem, :add_owner?
-    return render_forbidden(t(:api_key_forbidden)) unless @api_key.can_add_owner?
 
     owner = User.find_by_name(email_param)
     if owner
@@ -36,7 +35,6 @@ def create
 
   def destroy
     authorize @rubygem, :remove_owner?
-    return render_forbidden(t(:api_key_forbidden)) unless @api_key.can_remove_owner?
 
     owner = @rubygem.owners_including_unconfirmed.find_by_name(email_param)
     if owner
diff --git a/app/controllers/api/v1/rubygems_controller.rb b/app/controllers/api/v1/rubygems_controller.rb
index c7c29cf8529..34a5ea4c439 100644
--- a/app/controllers/api/v1/rubygems_controller.rb
+++ b/app/controllers/api/v1/rubygems_controller.rb
@@ -9,7 +9,6 @@ class Api::V1::RubygemsController < Api::BaseController
 
   def index
     authorize Rubygem, :index?
-    return render_forbidden(t(:api_key_insufficient_scope)) unless @api_key.can_index_rubygems?
 
     @rubygems = @api_key.user.rubygems.with_versions
       .preload(:linkset, :gem_download, most_recent_version: { dependencies: :rubygem, gem_download: nil })
@@ -40,6 +39,8 @@ def create
     gemcutter = Pusher.new(@api_key, request.body, request:)
     gemcutter.process
     render plain: response_with_mfa_warning(gemcutter.message), status: gemcutter.code
+  rescue Pundit::NotAuthorizedError
+    raise # allow rescue_from in base_controller to handle this
   rescue StandardError => e
     Rails.error.report(e, handled: true)
     render plain: "Server error. Please try again.", status: :internal_server_error
diff --git a/app/controllers/api/v1/web_hooks_controller.rb b/app/controllers/api/v1/web_hooks_controller.rb
index 20ebff61aef..16dd6040d60 100644
--- a/app/controllers/api/v1/web_hooks_controller.rb
+++ b/app/controllers/api/v1/web_hooks_controller.rb
@@ -1,7 +1,6 @@
 class Api::V1::WebHooksController < Api::BaseController
   before_action :authenticate_with_api_key
   before_action :verify_user_api_key
-  before_action :render_forbidden, if: :api_key_unauthorized?
   before_action :find_rubygem_by_name, :set_url, except: :index
 
   def index
@@ -56,8 +55,4 @@ def set_url
     render_bad_request "URL was not provided" unless params[:url]
     @url = params[:url]
   end
-
-  def api_key_unauthorized?
-    !@api_key.can_access_webhooks?
-  end
 end
diff --git a/app/controllers/oidc/rubygem_trusted_publishers_controller.rb b/app/controllers/oidc/rubygem_trusted_publishers_controller.rb
index 2f6b30b2f31..14ba48a3faf 100644
--- a/app/controllers/oidc/rubygem_trusted_publishers_controller.rb
+++ b/app/controllers/oidc/rubygem_trusted_publishers_controller.rb
@@ -53,7 +53,7 @@ def create_params_key = :oidc_rubygem_trusted_publisher
 
   def find_rubygem
     super
-    authorize @rubygem, :show_trusted_publishers?
+    authorize @rubygem, :configure_trusted_publishers?
   end
 
   def find_rubygem_trusted_publisher
diff --git a/app/policies/api/oidc/rubygem_trusted_publisher_policy.rb b/app/policies/api/oidc/rubygem_trusted_publisher_policy.rb
deleted file mode 100644
index 68177daea79..00000000000
--- a/app/policies/api/oidc/rubygem_trusted_publisher_policy.rb
+++ /dev/null
@@ -1,24 +0,0 @@
-class Api::OIDC::RubygemTrustedPublisherPolicy < Api::ApplicationPolicy
-  class Scope < Api::ApplicationPolicy::Scope
-  end
-
-  delegate :rubygem, to: :record
-
-  def show?
-    can_configure_trusted_publishers? && user_authorized?(record, :show?)
-  end
-
-  def create?
-    can_configure_trusted_publishers? && user_authorized?(record, :create?)
-  end
-
-  def destroy?
-    can_configure_trusted_publishers? && user_authorized?(record, :destroy?)
-  end
-
-  private
-
-  def can_configure_trusted_publishers?
-    api_key_scope?(:configure_trusted_publishers, rubygem)
-  end
-end
diff --git a/app/policies/api/rubygem_policy.rb b/app/policies/api/rubygem_policy.rb
index 1a00cb2e62f..42b527a2e29 100644
--- a/app/policies/api/rubygem_policy.rb
+++ b/app/policies/api/rubygem_policy.rb
@@ -5,26 +5,26 @@ class Scope < Api::ApplicationPolicy::Scope
   alias rubygem record
 
   def index?
-    true
+    api_key_scope?(:index_rubygems)
   end
 
   def create?
-    true
+    api_key_scope?(:push_rubygem, rubygem)
   end
 
   def yank?
-    true
+    api_key_scope?(:yank_rubygem, rubygem)
   end
 
   def add_owner?
-    true
+    api_key_scope?(:add_owner, rubygem)
   end
 
   def remove_owner?
-    true
+    api_key_scope?(:remove_owner, rubygem)
   end
 
-  def show_trusted_publishers?
-    api_key_scope?(:configure_trusted_publishers, rubygem) && user_authorized?(record, :show_trusted_publishers?)
+  def configure_trusted_publishers?
+    api_key_scope?(:configure_trusted_publishers, rubygem) && user_authorized?(rubygem, :configure_trusted_publishers?)
   end
 end
diff --git a/app/policies/api/web_hook_policy.rb b/app/policies/api/web_hook_policy.rb
index ab90e3dc3b5..51f8ea73473 100644
--- a/app/policies/api/web_hook_policy.rb
+++ b/app/policies/api/web_hook_policy.rb
@@ -2,19 +2,27 @@ class Api::WebHookPolicy < Api::ApplicationPolicy
   class Scope < Api::ApplicationPolicy::Scope
   end
 
+  delegate :rubygem, to: :record
+
   def index?
-    true
+    can_access_webhooks?
   end
 
   def create?
-    true
+    can_access_webhooks?(rubygem)
   end
 
   def fire?
-    true
+    can_access_webhooks?(rubygem)
   end
 
   def remove?
-    true
+    can_access_webhooks?(rubygem)
+  end
+
+  private
+
+  def can_access_webhooks?(rubygem = nil)
+    api_key_scope?(:access_webhooks, rubygem)
   end
 end
diff --git a/app/policies/rubygem_policy.rb b/app/policies/rubygem_policy.rb
index f2da1b7e64f..a519b880a5f 100644
--- a/app/policies/rubygem_policy.rb
+++ b/app/policies/rubygem_policy.rb
@@ -34,7 +34,7 @@ def show_events?
   def request_ownership?
     return false if rubygem_owned_by?(user)
     return true if rubygem.ownership_calls.any?
-    return deny("above maximum downloads to be considered abandoned") if rubygem.downloads >= ABANDONED_DOWNLOADS_MAX
+    return false if rubygem.downloads >= ABANDONED_DOWNLOADS_MAX
     return false unless rubygem.latest_version&.created_at&.before?(ABANDONED_RELEASE_AGE.ago)
     true
   end
@@ -43,7 +43,7 @@ def close_ownership_requests?
     rubygem_owned_by?(user)
   end
 
-  def show_trusted_publishers?
+  def configure_trusted_publishers?
     rubygem_owned_by?(user)
   end
 
diff --git a/test/functional/api/v1/deletions_controller_test.rb b/test/functional/api/v1/deletions_controller_test.rb
index d10cbef1274..9be60bb1bea 100644
--- a/test/functional/api/v1/deletions_controller_test.rb
+++ b/test/functional/api/v1/deletions_controller_test.rb
@@ -584,7 +584,7 @@ class Api::V1::DeletionsControllerTest < ActionController::TestCase
     should respond_with :forbidden
 
     should "return body that starts with denied access message" do
-      assert @response.body.start_with?("The API key doesn't have access")
+      assert_equal "This API key cannot perform the specified action on this gem.", @response.body
     end
   end
 end
diff --git a/test/functional/api/v1/owners_controller_test.rb b/test/functional/api/v1/owners_controller_test.rb
index 7f5e8df6e40..c0755b85999 100644
--- a/test/functional/api/v1/owners_controller_test.rb
+++ b/test/functional/api/v1/owners_controller_test.rb
@@ -531,8 +531,8 @@ def self.should_respond_to(format)
 
       should respond_with :forbidden
 
-      should "return body that starts with denied access message" do
-        assert @response.body.start_with?("The API key doesn't have access")
+      should "return body with denied access message" do
+        assert_equal "This API key cannot perform the specified action on this gem.", @response.body
       end
     end
   end
@@ -895,8 +895,8 @@ def self.should_respond_to(format)
 
       should respond_with :forbidden
 
-      should "return body that starts with denied access message" do
-        assert @response.body.start_with?("The API key doesn't have access")
+      should "return body that has the denied access message" do
+        assert_equal "This API key cannot perform the specified action on this gem.", @response.body
       end
     end
   end
diff --git a/test/policies/api/oidc/rubygem_trusted_publisher_policy_test.rb b/test/policies/api/oidc/rubygem_trusted_publisher_policy_test.rb
deleted file mode 100644
index d597a73caa3..00000000000
--- a/test/policies/api/oidc/rubygem_trusted_publisher_policy_test.rb
+++ /dev/null
@@ -1,65 +0,0 @@
-require "test_helper"
-
-class Api::OIDC::RubygemTrustedPublisherPolicyTest < ActiveSupport::TestCase
-  setup do
-    @owner = create(:user)
-    @rubygem = create(:rubygem, owners: [@owner])
-    @trusted_publisher = create(:oidc_rubygem_trusted_publisher, rubygem: @rubygem)
-
-    OIDC::RubygemTrustedPublisherPolicy.any_instance.stubs(show?: true, create?: true, destroy?: true)
-  end
-
-  def policy!(api_key, record = @trusted_publisher)
-    Pundit.policy!(api_key, [:api, record])
-  end
-
-  def refute_authorized(api_key)
-    refute_predicate policy!(api_key), :show?
-    refute_predicate policy!(api_key), :create?
-    refute_predicate policy!(api_key), :destroy?
-  end
-
-  def assert_authorized(api_key)
-    assert_predicate policy!(api_key), :show?
-    assert_predicate policy!(api_key), :create?
-    assert_predicate policy!(api_key), :destroy?
-  end
-
-  should "be false if the ApiKey scope does not include :configure_trusted_publishers" do
-    api_key = create(:api_key, owner: @owner, scopes: %w[push_rubygem])
-
-    refute_authorized api_key
-  end
-
-  should "be false if the ApiKey scope includes the rubygem but does not include :configure_trusted_publishers" do
-    api_key = create(:api_key, owner: @owner, scopes: %w[push_rubygem], rubygem: @rubygem)
-
-    refute_authorized api_key
-  end
-
-  should "be false if the ApiKey specifies a different rubygem" do
-    other_gem = create(:rubygem, owners: [@owner])
-    api_key = create(:api_key, owner: @owner, scopes: %w[configure_trusted_publishers], rubygem: other_gem)
-
-    refute_authorized api_key
-  end
-
-  should "be false if the user policy for the gem does not allow show_trusted_publishers?" do
-    OIDC::RubygemTrustedPublisherPolicy.any_instance.stubs(show?: false, create?: false, destroy?: false)
-    api_key = create(:api_key, owner: @owner, scopes: %w[configure_trusted_publishers])
-
-    refute_authorized api_key
-  end
-
-  should "be true for ApiKey without rubygem" do
-    api_key = create(:api_key, owner: @owner, scopes: %w[configure_trusted_publishers])
-
-    assert_authorized api_key
-  end
-
-  should "be true for ApiKey with correct rubygem" do
-    api_key = create(:api_key, owner: @owner, scopes: %w[configure_trusted_publishers], rubygem: @rubygem)
-
-    assert_authorized api_key
-  end
-end
diff --git a/test/policies/api/rubygem_policy_test.rb b/test/policies/api/rubygem_policy_test.rb
index 63e7c1093b8..b11e75687a3 100644
--- a/test/policies/api/rubygem_policy_test.rb
+++ b/test/policies/api/rubygem_policy_test.rb
@@ -2,53 +2,168 @@
 
 class Api::RubygemPolicyTest < ActiveSupport::TestCase
   setup do
-    @owner = create(:user)
+    @owner = create(:user, handle: "owner")
     @rubygem = create(:rubygem, owners: [@owner])
 
-    RubygemPolicy.any_instance.stubs(show_trusted_publishers?: true)
+    RubygemPolicy.any_instance.stubs(
+      configure_trusted_publishers?: true,
+      add_owner?: true,
+      remove_owner?: true
+    )
   end
 
   def policy!(api_key, rubygem = @rubygem)
     Pundit.policy!(api_key, [:api, rubygem])
   end
 
-  context "#show_trusted_publishers?" do
-    should "be false if the ApiKey scope does not include :configure_trusted_publishers" do
-      api_key = create(:api_key, owner: @owner, scopes: %w[push_rubygem])
+  def key_without_scope(scope, rubygem = nil)
+    scopes = (ApiKey::APPLICABLE_GEM_API_SCOPES - [scope]).sample(2)
+    create(:api_key, owner: @owner, scopes: scopes, rubygem:)
+  end
+
+  def key_with_scope(scope, rubygem = nil)
+    create(:api_key, owner: @owner, scopes: [scope], rubygem:)
+  end
+
+  context "#index?" do
+    setup do
+      @action = :index?
+      @scope = :index_rubygems
+    end
+
+    should "deny ApiKey without scope" do
+      refute_predicate policy!(key_without_scope(@scope)), @action
+    end
 
-      refute_predicate policy!(api_key), :show_trusted_publishers?
+    should "allow ApiKey with scope" do
+      assert_predicate policy!(key_with_scope(@scope)), @action
     end
+  end
 
-    should "be false if the ApiKey scope includes the rubygem but does not include :configure_trusted_publishers" do
-      api_key = create(:api_key, owner: @owner, scopes: %w[push_rubygem], rubygem: @rubygem)
+  context "#create?" do
+    setup do
+      @action = :create?
+      @scope = :push_rubygem
+    end
 
-      refute_predicate policy!(api_key), :show_trusted_publishers?
+    should "deny ApiKey without scope" do
+      refute_predicate policy!(key_without_scope(@scope)), @action
     end
 
-    should "be false if the ApiKey specifies a different rubygem" do
-      other_gem = create(:rubygem, owners: [@owner])
-      api_key = create(:api_key, owner: @owner, scopes: %w[configure_trusted_publishers], rubygem: other_gem)
+    should "deny ApiKey with rubygem without scope" do
+      refute_predicate policy!(key_without_scope(@scope, @rubygem)), @action
+    end
 
-      refute_predicate policy!(api_key), :show_trusted_publishers?
+    should "allow ApiKey with scope" do
+      assert_predicate policy!(key_with_scope(@scope)), @action
     end
+  end
 
-    should "be false if the user policy for the gem does not allow show_trusted_publishers?" do
-      RubygemPolicy.any_instance.stubs(show_trusted_publishers?: false)
-      api_key = create(:api_key, owner: @owner, scopes: %w[configure_trusted_publishers])
+  context "#yank?" do
+    setup do
+      @action = :yank?
+      @scope = :yank_rubygem
+    end
 
-      refute_predicate policy!(api_key), :show_trusted_publishers?
+    should "deny ApiKey without scope" do
+      refute_predicate policy!(key_without_scope(@scope)), @action
     end
 
-    should "be true for ApiKey without rubygem" do
-      api_key = create(:api_key, owner: @owner, scopes: %w[configure_trusted_publishers])
+    should "deny ApiKey with rubygem without scope" do
+      refute_predicate policy!(key_without_scope(@scope)), @action
+    end
 
-      assert_predicate policy!(api_key), :show_trusted_publishers?
+    should "deny ApiKey with scope wrong rubygem" do
+      refute_predicate policy!(key_with_scope(@scope, create(:rubygem, owners: [@owner]))), @action
     end
 
-    should "be true for ApiKey with correct rubygem" do
-      api_key = create(:api_key, owner: @owner, scopes: %w[configure_trusted_publishers], rubygem: @rubygem)
+    should "allow ApiKey with scope" do
+      assert_predicate policy!(key_with_scope(@scope)), @action
+    end
+
+    should "allow ApiKey with scope and rubygem" do
+      assert_predicate policy!(key_with_scope(@scope, @rubygem)), @action
+    end
+  end
+
+  context "#configure_trusted_publishers?" do
+    setup do
+      @action = :configure_trusted_publishers?
+      @scope = :configure_trusted_publishers
+    end
+
+    should "deny ApiKey without scope" do
+      refute_predicate policy!(key_without_scope(@scope)), @action
+    end
+
+    should "deny ApiKey with rubygem without scope" do
+      refute_predicate policy!(key_without_scope(@scope)), @action
+    end
+
+    should "deny ApiKey with scope wrong rubygem" do
+      refute_predicate policy!(key_with_scope(@scope, create(:rubygem, owners: [@owner]))), @action
+    end
+
+    should "allow ApiKey with scope" do
+      assert_predicate policy!(key_with_scope(@scope)), @action
+    end
+
+    should "allow ApiKey with scope and rubygem" do
+      assert_predicate policy!(key_with_scope(@scope, @rubygem)), @action
+    end
+  end
+
+  context "#add_owner" do
+    setup do
+      @action = :add_owner?
+      @scope = :add_owner
+    end
+
+    should "deny ApiKey without scope" do
+      refute_predicate policy!(key_without_scope(@scope)), @action
+    end
+
+    should "deny ApiKey with rubygem without scope" do
+      refute_predicate policy!(key_without_scope(@scope)), @action
+    end
+
+    should "deny ApiKey with scope wrong rubygem" do
+      refute_predicate policy!(key_with_scope(@scope, create(:rubygem, owners: [@owner]))), @action
+    end
+
+    should "allow ApiKey with scope" do
+      assert_predicate policy!(key_with_scope(@scope)), @action
+    end
+
+    should "allow ApiKey with scope and rubygem" do
+      assert_predicate policy!(key_with_scope(@scope, @rubygem)), @action
+    end
+  end
+
+  context "#remove_owner" do
+    setup do
+      @action = :remove_owner?
+      @scope = :remove_owner
+    end
+
+    should "deny ApiKey without scope" do
+      refute_predicate policy!(key_without_scope(@scope)), @action
+    end
+
+    should "deny ApiKey with rubygem without scope" do
+      refute_predicate policy!(key_without_scope(@scope)), @action
+    end
+
+    should "deny ApiKey with scope wrong rubygem" do
+      refute_predicate policy!(key_with_scope(@scope, create(:rubygem, owners: [@owner]))), @action
+    end
+
+    should "allow ApiKey with scope" do
+      assert_predicate policy!(key_with_scope(@scope)), @action
+    end
 
-      assert_predicate policy!(api_key), :show_trusted_publishers?
+    should "allow ApiKey with scope and rubygem" do
+      assert_predicate policy!(key_with_scope(@scope, @rubygem)), @action
     end
   end
 end
diff --git a/test/policies/oidc/rubygem_trusted_publisher_policy_test.rb b/test/policies/oidc/rubygem_trusted_publisher_policy_test.rb
deleted file mode 100644
index c485853307a..00000000000
--- a/test/policies/oidc/rubygem_trusted_publisher_policy_test.rb
+++ /dev/null
@@ -1,28 +0,0 @@
-require "test_helper"
-
-class OIDC::RubygemTrustedPublisherPolicyTest < ActiveSupport::TestCase
-  setup do
-    @owner = FactoryBot.create(:user)
-    @rubygem = FactoryBot.create(:rubygem, owners: [@owner])
-    @trusted_publisher = create(:oidc_rubygem_trusted_publisher, rubygem: @rubygem)
-    @user = FactoryBot.create(:user)
-  end
-
-  def test_show
-    assert_predicate Pundit.policy!(@owner, @trusted_publisher), :show?
-    refute_predicate Pundit.policy!(@user, @trusted_publisher), :show?
-    refute_predicate Pundit.policy!(nil, @trusted_publisher), :show?
-  end
-
-  def test_create
-    assert_predicate Pundit.policy!(@owner, @trusted_publisher), :create?
-    refute_predicate Pundit.policy!(@user, @trusted_publisher), :create?
-    refute_predicate Pundit.policy!(nil, @trusted_publisher), :create?
-  end
-
-  def test_destroy
-    assert_predicate Pundit.policy!(@owner, @trusted_publisher), :destroy?
-    refute_predicate Pundit.policy!(@user, @trusted_publisher), :destroy?
-    refute_predicate Pundit.policy!(nil, @trusted_publisher), :destroy?
-  end
-end
diff --git a/test/policies/rubygem_policy_test.rb b/test/policies/rubygem_policy_test.rb
index c363254351e..0af79a3be89 100644
--- a/test/policies/rubygem_policy_test.rb
+++ b/test/policies/rubygem_policy_test.rb
@@ -64,11 +64,11 @@ class RubygemPolicyTest < ActiveSupport::TestCase
     end
   end
 
-  context "#show_trusted_publishers?" do
+  context "#configure_trusted_publishers?" do
     should "only allow the owner" do
-      assert_predicate Pundit.policy!(@owner, @rubygem), :show_trusted_publishers?
-      refute_predicate Pundit.policy!(@user, @rubygem), :show_trusted_publishers?
-      refute_predicate Pundit.policy!(nil, @rubygem), :show_trusted_publishers?
+      assert_predicate Pundit.policy!(@owner, @rubygem), :configure_trusted_publishers?
+      refute_predicate Pundit.policy!(@user, @rubygem), :configure_trusted_publishers?
+      refute_predicate Pundit.policy!(nil, @rubygem), :configure_trusted_publishers?
     end
   end
 

From ba393615961098ba6f2645f7752ae607d6f4211c Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Mon, 15 Jul 2024 13:06:05 -0700
Subject: [PATCH 063/381] Authorize mfa_requirement with policies (#4891)

---
 app/controllers/api/base_controller.rb        | 10 ----------
 .../api/v1/deletions_controller.rb            |  1 -
 .../rubygem_trusted_publishers_controller.rb  |  1 -
 app/controllers/api/v1/owners_controller.rb   |  1 -
 app/controllers/api/v1/rubygems_controller.rb |  1 -
 app/policies/api/application_policy.rb        | 20 +++++++++++++++++--
 app/policies/api/rubygem_policy.rb            | 20 ++++++++++++++-----
 7 files changed, 33 insertions(+), 21 deletions(-)

diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
index bc9438b6cd8..24d455a07ea 100644
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -35,16 +35,6 @@ def verify_with_otp
     render plain: prompt_text, status: :unauthorized
   end
 
-  def verify_mfa_requirement
-    if @rubygem && !@rubygem.mfa_requirement_satisfied_for?(@api_key.user)
-      render_forbidden t("multifactor_auths.api.mfa_required")
-    elsif @api_key.mfa_required_not_yet_enabled?
-      render_forbidden t("multifactor_auths.api.mfa_required_not_yet_enabled").chomp
-    elsif @api_key.mfa_required_weak_level_enabled?
-      render_forbidden t("multifactor_auths.api.mfa_required_weak_level_enabled").chomp
-    end
-  end
-
   def response_with_mfa_warning(message)
     if @api_key.mfa_recommended_not_yet_enabled?
       +message << "\n\n" << t("multifactor_auths.api.mfa_recommended_not_yet_enabled").chomp
diff --git a/app/controllers/api/v1/deletions_controller.rb b/app/controllers/api/v1/deletions_controller.rb
index b1fac678067..27e7d1fb000 100644
--- a/app/controllers/api/v1/deletions_controller.rb
+++ b/app/controllers/api/v1/deletions_controller.rb
@@ -5,7 +5,6 @@ class Api::V1::DeletionsController < Api::BaseController
   before_action :verify_api_key_gem_scope
   before_action :validate_gem_and_version
   before_action :verify_with_otp
-  before_action :verify_mfa_requirement
 
   def create
     authorize @rubygem, :yank?
diff --git a/app/controllers/api/v1/oidc/rubygem_trusted_publishers_controller.rb b/app/controllers/api/v1/oidc/rubygem_trusted_publishers_controller.rb
index de5ab739f95..e600e3c4ab9 100644
--- a/app/controllers/api/v1/oidc/rubygem_trusted_publishers_controller.rb
+++ b/app/controllers/api/v1/oidc/rubygem_trusted_publishers_controller.rb
@@ -5,7 +5,6 @@ class Api::V1::OIDC::RubygemTrustedPublishersController < Api::BaseController
   before_action :find_rubygem
 
   before_action :verify_with_otp
-  before_action :verify_mfa_requirement
 
   before_action :find_rubygem_trusted_publisher, except: %i[index create]
   before_action :set_trusted_publisher_type, only: %i[create]
diff --git a/app/controllers/api/v1/owners_controller.rb b/app/controllers/api/v1/owners_controller.rb
index 4a24211cce8..1e658c8336c 100644
--- a/app/controllers/api/v1/owners_controller.rb
+++ b/app/controllers/api/v1/owners_controller.rb
@@ -4,7 +4,6 @@ class Api::V1::OwnersController < Api::BaseController
   before_action :find_rubygem, except: :gems
   before_action :verify_api_key_gem_scope, except: %i[show gems]
   before_action :verify_gem_ownership, except: %i[show gems]
-  before_action :verify_mfa_requirement, except: %i[show gems]
   before_action :verify_with_otp, except: %i[show gems]
 
   def show
diff --git a/app/controllers/api/v1/rubygems_controller.rb b/app/controllers/api/v1/rubygems_controller.rb
index 34a5ea4c439..9c9f63d7ed6 100644
--- a/app/controllers/api/v1/rubygems_controller.rb
+++ b/app/controllers/api/v1/rubygems_controller.rb
@@ -4,7 +4,6 @@ class Api::V1::RubygemsController < Api::BaseController
   before_action :find_rubygem, only: %i[show reverse_dependencies]
   before_action :cors_preflight_check, only: :show
   before_action :verify_with_otp, only: %i[create]
-  before_action :verify_mfa_requirement, only: %i[create]
   after_action  :cors_set_access_control_headers, only: :show
 
   def index
diff --git a/app/policies/api/application_policy.rb b/app/policies/api/application_policy.rb
index 60c8d750b33..3b69c8e5f12 100644
--- a/app/policies/api/application_policy.rb
+++ b/app/policies/api/application_policy.rb
@@ -16,7 +16,7 @@ def resolve
     attr_reader :api_key, :scope
   end
 
-  attr_reader :api_key, :record, :error
+  attr_reader :user, :record, :error, :api_key
 
   def initialize(api_key, record)
     @user = api_key.user
@@ -52,7 +52,23 @@ def user_authorized?(record, action)
   end
 
   def api_key_scope?(scope, rubygem = nil)
-    rubygem = nil unless rubygem.is_a?(Rubygem)
     api_key.scope?(scope, rubygem) || deny(t(:api_key_insufficient_scope))
   end
+
+  def mfa_requirement_satisfied?(rubygem = nil)
+    if rubygem && !rubygem.mfa_requirement_satisfied_for?(user)
+      deny t("multifactor_auths.api.mfa_required")
+    elsif user&.mfa_required_not_yet_enabled?
+      deny t("multifactor_auths.api.mfa_required_not_yet_enabled").chomp
+    elsif user&.mfa_required_weak_level_enabled?
+      deny t("multifactor_auths.api.mfa_required_weak_level_enabled").chomp
+    else
+      true
+    end
+  end
+
+  def user_api_key?
+    return true if user
+    deny t(:api_key_forbidden)
+  end
 end
diff --git a/app/policies/api/rubygem_policy.rb b/app/policies/api/rubygem_policy.rb
index 42b527a2e29..bb073edebde 100644
--- a/app/policies/api/rubygem_policy.rb
+++ b/app/policies/api/rubygem_policy.rb
@@ -9,22 +9,32 @@ def index?
   end
 
   def create?
-    api_key_scope?(:push_rubygem, rubygem)
+    mfa_requirement_satisfied? &&
+      api_key_scope?(:push_rubygem)
   end
 
   def yank?
-    api_key_scope?(:yank_rubygem, rubygem)
+    user_api_key? &&
+      mfa_requirement_satisfied?(rubygem) &&
+      api_key_scope?(:yank_rubygem, rubygem)
   end
 
   def add_owner?
-    api_key_scope?(:add_owner, rubygem)
+    user_api_key? &&
+      mfa_requirement_satisfied?(rubygem) &&
+      api_key_scope?(:add_owner, rubygem)
   end
 
   def remove_owner?
-    api_key_scope?(:remove_owner, rubygem)
+    user_api_key? &&
+      mfa_requirement_satisfied?(rubygem) &&
+      api_key_scope?(:remove_owner, rubygem)
   end
 
   def configure_trusted_publishers?
-    api_key_scope?(:configure_trusted_publishers, rubygem) && user_authorized?(rubygem, :configure_trusted_publishers?)
+    user_api_key? &&
+      mfa_requirement_satisfied?(rubygem) &&
+      api_key_scope?(:configure_trusted_publishers, rubygem) &&
+      user_authorized?(rubygem, :configure_trusted_publishers?)
   end
 end

From ac184dce92fdbed74aa9ad27b83ac9f93b32855c Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Mon, 15 Jul 2024 13:16:41 -0700
Subject: [PATCH 064/381] =?UTF-8?q?missed=20locales=20for=20Org=20?=
 =?UTF-8?q?=E2=86=92=20Organization?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config/locales/de.yml    | 2 +-
 config/locales/en.yml    | 2 +-
 config/locales/es.yml    | 2 +-
 config/locales/fr.yml    | 2 +-
 config/locales/ja.yml    | 2 +-
 config/locales/nl.yml    | 2 +-
 config/locales/pt-BR.yml | 2 +-
 config/locales/zh-CN.yml | 2 +-
 config/locales/zh-TW.yml | 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/config/locales/de.yml b/config/locales/de.yml
index 6f0085c87f4..965f10b77ff 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -94,7 +94,7 @@ de:
           attributes:
             expires_at:
               inclusion:
-        org:
+        organization:
           attributes:
             handle:
               invalid:
diff --git a/config/locales/en.yml b/config/locales/en.yml
index fbb30130976..5f5bbe96056 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -89,7 +89,7 @@ en:
           attributes:
             expires_at:
               inclusion: "must be in the future"
-        org:
+        organization:
           attributes:
             handle:
               invalid: "must start with a letter and can only contain letters, numbers, underscores, and dashes"
diff --git a/config/locales/es.yml b/config/locales/es.yml
index 04ce6f9dac5..8e277dcfbdf 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -92,7 +92,7 @@ es:
           attributes:
             expires_at:
               inclusion:
-        org:
+        organization:
           attributes:
             handle:
               invalid:
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index 4c9173997ac..c57e45ac101 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -90,7 +90,7 @@ fr:
           attributes:
             expires_at:
               inclusion:
-        org:
+        organization:
           attributes:
             handle:
               invalid:
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index 5f69f29361f..fd918d322f6 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -83,7 +83,7 @@ ja:
           attributes:
             expires_at:
               inclusion: 未来でなければなりません
-        org:
+        organization:
           attributes:
             handle:
               invalid:
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index 90b43e85b8b..5b4cf382108 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -82,7 +82,7 @@ nl:
           attributes:
             expires_at:
               inclusion:
-        org:
+        organization:
           attributes:
             handle:
               invalid:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index 5f4545c3ef9..ca1870d92a9 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -89,7 +89,7 @@ pt-BR:
           attributes:
             expires_at:
               inclusion:
-        org:
+        organization:
           attributes:
             handle:
               invalid:
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index 710295de2d8..5415dc1cdfd 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -84,7 +84,7 @@ zh-CN:
           attributes:
             expires_at:
               inclusion:
-        org:
+        organization:
           attributes:
             handle:
               invalid:
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index 6b65fb73fd3..811384dcd6c 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -83,7 +83,7 @@ zh-TW:
           attributes:
             expires_at:
               inclusion:
-        org:
+        organization:
           attributes:
             handle:
               invalid:

From b2837d0cae5ade78b22229bd31b0691efb11d388 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Mon, 15 Jul 2024 13:18:36 -0700
Subject: [PATCH 065/381] fix handle comparison across user/org

---
 app/models/organization.rb | 2 +-
 app/models/user.rb         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/models/organization.rb b/app/models/organization.rb
index 45d09307e77..9194f21afa6 100644
--- a/app/models/organization.rb
+++ b/app/models/organization.rb
@@ -9,7 +9,7 @@ class Organization < ApplicationRecord
   validate :unique_with_user_handle
 
   def unique_with_user_handle
-    errors.add(:handle, "has already been taken") if handle && User.where("handle = lower(?)", handle.downcase).any?
+    errors.add(:handle, "has already been taken") if handle && User.where("lower(handle) = lower(?)", handle).any?
   end
 
   has_many :memberships, -> { where.not(confirmed_at: nil) }, dependent: :destroy, inverse_of: :organization
diff --git a/app/models/user.rb b/app/models/user.rb
index 6bf943bc942..dd96e510961 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -360,6 +360,6 @@ def record_password_update_event
   end
 
   def unique_with_org_handle
-    errors.add(:handle, "has already been taken") if handle && Organization.where("handle = lower(?)", handle.downcase).any?
+    errors.add(:handle, "has already been taken") if handle && Organization.where("lower(handle) = lower(?)", handle).any?
   end
 end

From cb79c61779cb33417e634959917843a0c8ca995a Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Mon, 15 Jul 2024 13:59:48 -0700
Subject: [PATCH 066/381] Add Pundit policies for ownership API and refactor
 policies (#4857)

---
 app/controllers/api/base_controller.rb        |   8 +-
 .../api/v1/deletions_controller.rb            |   2 +-
 app/controllers/api/v1/owners_controller.rb   |  71 +++----
 app/controllers/api/v1/rubygems_controller.rb |   1 -
 app/controllers/owners_controller.rb          |   6 +-
 app/models/user.rb                            |   5 +
 app/policies/api/nil_class_policy.rb          |  11 +
 app/policies/api/rubygem_policy.rb            |   6 +-
 app/policies/application_policy.rb            |   7 +-
 app/policies/ownership_policy.rb              |   4 +-
 app/policies/rubygem_policy.rb                |   8 +
 test/factories/api_key.rb                     |   5 +
 test/integration/api/v1/owner_test.rb         |   4 +-
 test/policies/api/rubygem_policy_test.rb      | 193 +++++++++---------
 test/test_helper.rb                           |  25 +++
 15 files changed, 197 insertions(+), 159 deletions(-)
 create mode 100644 app/policies/api/nil_class_policy.rb

diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb
index 24d455a07ea..3eefc10e801 100644
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -36,9 +36,9 @@ def verify_with_otp
   end
 
   def response_with_mfa_warning(message)
-    if @api_key.mfa_recommended_not_yet_enabled?
+    if @api_key&.mfa_recommended_not_yet_enabled?
       +message << "\n\n" << t("multifactor_auths.api.mfa_recommended_not_yet_enabled").chomp
-    elsif @api_key.mfa_recommended_weak_level_enabled?
+    elsif @api_key&.mfa_recommended_weak_level_enabled?
       +message << "\n\n" << t("multifactor_auths.api.mfa_recommended_weak_level_enabled").chomp
     else
       message
@@ -76,7 +76,9 @@ def render_unauthorized
     render plain: t(:please_sign_up), status: :unauthorized
   end
 
-  def render_forbidden(error = t(:api_key_forbidden))
+  def render_forbidden(error = nil)
+    error = error.message if error.respond_to?(:message)
+    error ||= t(:api_key_forbidden)
     respond_to do |format|
       format.any(:all) { render plain: error, status: :forbidden }
       format.json { render json: { error: }, status: :forbidden }
diff --git a/app/controllers/api/v1/deletions_controller.rb b/app/controllers/api/v1/deletions_controller.rb
index 27e7d1fb000..bb06d5acae3 100644
--- a/app/controllers/api/v1/deletions_controller.rb
+++ b/app/controllers/api/v1/deletions_controller.rb
@@ -7,7 +7,7 @@ class Api::V1::DeletionsController < Api::BaseController
   before_action :verify_with_otp
 
   def create
-    authorize @rubygem, :yank?
+    authorize @rubygem, :yank? # TODO: change to @version
     @deletion = @api_key.user.deletions.build(version: @version)
     if @deletion.save
       StatsD.increment "yank.success"
diff --git a/app/controllers/api/v1/owners_controller.rb b/app/controllers/api/v1/owners_controller.rb
index 1e658c8336c..57bec65a620 100644
--- a/app/controllers/api/v1/owners_controller.rb
+++ b/app/controllers/api/v1/owners_controller.rb
@@ -1,10 +1,9 @@
 class Api::V1::OwnersController < Api::BaseController
   before_action :authenticate_with_api_key, except: %i[show gems]
-  before_action :verify_user_api_key, except: %i[show gems]
-  before_action :find_rubygem, except: :gems
-  before_action :verify_api_key_gem_scope, except: %i[show gems]
-  before_action :verify_gem_ownership, except: %i[show gems]
   before_action :verify_with_otp, except: %i[show gems]
+  before_action :find_rubygem, except: :gems
+
+  rescue_from ActiveRecord::RecordNotFound, with: :render_not_found
 
   def show
     respond_to do |format|
@@ -15,61 +14,47 @@ def show
 
   def create
     authorize @rubygem, :add_owner?
-
-    owner = User.find_by_name(email_param)
-    if owner
-      ownership = @rubygem.ownerships.new(user: owner, authorizer: @api_key.user)
-      if ownership.save
-        OwnersMailer.ownership_confirmation(ownership).deliver_later
-        render plain: response_with_mfa_warning("#{owner.display_handle} was added as an unconfirmed owner. " \
-                                                "Ownership access will be enabled after the user clicks on the " \
-                                                "confirmation mail sent to their email.")
-      else
-        render plain: response_with_mfa_warning(ownership.errors.full_messages.to_sentence), status: :unprocessable_entity
-      end
+    owner = User.find_by_name!(email_param)
+    ownership = @rubygem.ownerships.new(user: owner, authorizer: @api_key.user)
+    if ownership.save
+      OwnersMailer.ownership_confirmation(ownership).deliver_later
+      render plain: response_with_mfa_warning("#{owner.display_handle} was added as an unconfirmed owner. " \
+                                              "Ownership access will be enabled after the user clicks on the " \
+                                              "confirmation mail sent to their email.")
     else
-      render plain: response_with_mfa_warning("Owner could not be found."), status: :not_found
+      render plain: response_with_mfa_warning(ownership.errors.full_messages.to_sentence), status: :unprocessable_entity
     end
   end
 
   def destroy
     authorize @rubygem, :remove_owner?
-
-    owner = @rubygem.owners_including_unconfirmed.find_by_name(email_param)
-    if owner
-      ownership = @rubygem.ownerships_including_unconfirmed.find_by(user_id: owner.id)
-      if ownership.safe_destroy
-        OwnersMailer.owner_removed(ownership.user_id, @api_key.user.id, ownership.rubygem_id).deliver_later
-        render plain: response_with_mfa_warning("Owner removed successfully.")
-      else
-        render_forbidden response_with_mfa_warning("Unable to remove owner.")
-      end
+    owner = User.find_by_name!(email_param)
+    ownership = @rubygem.ownerships_including_unconfirmed.find_by!(user: owner)
+    if ownership.safe_destroy
+      OwnersMailer.owner_removed(ownership.user_id, @api_key.user.id, ownership.rubygem_id).deliver_later
+      render plain: response_with_mfa_warning("Owner removed successfully.")
     else
-      render plain: response_with_mfa_warning("Owner could not be found."), status: :not_found
+      render plain: response_with_mfa_warning("Unable to remove owner."), status: :forbidden
     end
   end
 
   def gems
-    user = User.find_by_slug(params[:handle])
-    if user
-      rubygems = user.rubygems.with_versions.preload(
-        :linkset, :gem_download,
-        most_recent_version: { dependencies: :rubygem, gem_download: nil }
-      ).strict_loading
-      respond_to do |format|
-        format.json { render json: rubygems }
-        format.yaml { render yaml: rubygems }
-      end
-    else
-      render plain: "Owner could not be found.", status: :not_found
+    owner = User.find_by_slug!(params[:handle])
+    rubygems = owner.rubygems.with_versions.preload(
+      :linkset, :gem_download,
+      most_recent_version: { dependencies: :rubygem, gem_download: nil }
+    ).strict_loading
+
+    respond_to do |format|
+      format.json { render json: rubygems }
+      format.yaml { render yaml: rubygems }
     end
   end
 
   protected
 
-  def verify_gem_ownership
-    return if @api_key.user.rubygems.find_by_name(params[:rubygem_id])
-    render plain: response_with_mfa_warning("You do not have permission to manage this gem."), status: :unauthorized
+  def render_not_found
+    render plain: response_with_mfa_warning("Owner could not be found."), status: :not_found
   end
 
   def email_param
diff --git a/app/controllers/api/v1/rubygems_controller.rb b/app/controllers/api/v1/rubygems_controller.rb
index 9c9f63d7ed6..04b2b5c8007 100644
--- a/app/controllers/api/v1/rubygems_controller.rb
+++ b/app/controllers/api/v1/rubygems_controller.rb
@@ -8,7 +8,6 @@ class Api::V1::RubygemsController < Api::BaseController
 
   def index
     authorize Rubygem, :index?
-
     @rubygems = @api_key.user.rubygems.with_versions
       .preload(:linkset, :gem_download, most_recent_version: { dependencies: :rubygem, gem_download: nil })
     respond_to do |format|
diff --git a/app/controllers/owners_controller.rb b/app/controllers/owners_controller.rb
index 82735cee4ac..6134249f78a 100644
--- a/app/controllers/owners_controller.rb
+++ b/app/controllers/owners_controller.rb
@@ -33,8 +33,9 @@ def index
   end
 
   def create
+    authorize @rubygem, :add_owner?
     owner = User.find_by_name(handle_params)
-    ownership = authorize @rubygem.ownerships.new(user: owner, authorizer: current_user)
+    ownership = @rubygem.ownerships.new(user: owner, authorizer: current_user)
     if ownership.save
       OwnersMailer.ownership_confirmation(ownership).deliver_later
       redirect_to rubygem_owners_path(@rubygem.slug), notice: t(".success_notice", handle: owner.name)
@@ -44,7 +45,8 @@ def create
   end
 
   def destroy
-    @ownership = authorize @rubygem.ownerships_including_unconfirmed.find_by_owner_handle!(handle_params)
+    authorize @rubygem, :remove_owner?
+    @ownership = @rubygem.ownerships_including_unconfirmed.find_by_owner_handle!(handle_params)
     if @ownership.safe_destroy
       OwnersMailer.owner_removed(@ownership.user_id, current_user.id, @ownership.rubygem_id).deliver_later
       redirect_to rubygem_owners_path(@ownership.rubygem.slug), notice: t(".removed_notice", owner_name: @ownership.owner_name)
diff --git a/app/models/user.rb b/app/models/user.rb
index dd96e510961..6b307c39565 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -117,6 +117,11 @@ def self.find_by_slug(slug)
     find_by(id: slug) || find_by(handle: slug)
   end
 
+  def self.find_by_name!(name)
+    raise ActiveRecord::RecordNotFound if name.blank?
+    find_by_email(name) || find_by!(handle: name)
+  end
+
   def self.find_by_name(name)
     return if name.blank?
     find_by_email(name) || find_by(handle: name)
diff --git a/app/policies/api/nil_class_policy.rb b/app/policies/api/nil_class_policy.rb
new file mode 100644
index 00000000000..820bb9d6e89
--- /dev/null
+++ b/app/policies/api/nil_class_policy.rb
@@ -0,0 +1,11 @@
+class Api::NilClassPolicy < ApplicationPolicy
+  class Scope < ApplicationPolicy::Scope
+    def resolve
+      raise Pundit::NotDefinedError, "Cannot scope NilClass"
+    end
+  end
+
+  def destroy?
+    false
+  end
+end
diff --git a/app/policies/api/rubygem_policy.rb b/app/policies/api/rubygem_policy.rb
index bb073edebde..e181f66850a 100644
--- a/app/policies/api/rubygem_policy.rb
+++ b/app/policies/api/rubygem_policy.rb
@@ -22,13 +22,15 @@ def yank?
   def add_owner?
     user_api_key? &&
       mfa_requirement_satisfied?(rubygem) &&
-      api_key_scope?(:add_owner, rubygem)
+      api_key_scope?(:add_owner, rubygem) &&
+      user_authorized?(rubygem, :add_owner?)
   end
 
   def remove_owner?
     user_api_key? &&
       mfa_requirement_satisfied?(rubygem) &&
-      api_key_scope?(:remove_owner, rubygem)
+      api_key_scope?(:remove_owner, rubygem) &&
+      user_authorized?(rubygem, :remove_owner?)
   end
 
   def configure_trusted_publishers?
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
index a1803de7e82..1055cd56b07 100644
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@@ -72,7 +72,10 @@ def current_user?(record_user)
   end
 
   def rubygem_owned_by?(user)
-    return true if rubygem.owned_by?(user)
-    deny(t(:forbidden))
+    rubygem.owned_by?(user) || deny(t(:forbidden))
+  end
+
+  def policy!(user, record)
+    Pundit.policy!(user, record)
   end
 end
diff --git a/app/policies/ownership_policy.rb b/app/policies/ownership_policy.rb
index c112ecebbde..de8fbc958fa 100644
--- a/app/policies/ownership_policy.rb
+++ b/app/policies/ownership_policy.rb
@@ -5,10 +5,10 @@ class Scope < ApplicationPolicy::Scope
   delegate :rubygem, to: :record
 
   def create?
-    rubygem_owned_by?(user) && current_user?(record.authorizer)
+    policy!(user, rubygem).add_owner?
   end
 
   def destroy?
-    rubygem_owned_by?(user)
+    policy!(user, rubygem).remove_owner?
   end
 end
diff --git a/app/policies/rubygem_policy.rb b/app/policies/rubygem_policy.rb
index a519b880a5f..73121f6cdc1 100644
--- a/app/policies/rubygem_policy.rb
+++ b/app/policies/rubygem_policy.rb
@@ -50,4 +50,12 @@ def configure_trusted_publishers?
   def show_unconfirmed_ownerships?
     rubygem_owned_by?(user)
   end
+
+  def add_owner?
+    rubygem_owned_by?(user)
+  end
+
+  def remove_owner?
+    rubygem_owned_by?(user)
+  end
 end
diff --git a/test/factories/api_key.rb b/test/factories/api_key.rb
index e7c1fc38de8..549209452db 100644
--- a/test/factories/api_key.rb
+++ b/test/factories/api_key.rb
@@ -14,5 +14,10 @@
     after(:build) do |api_key, evaluator|
       api_key.rubygem_id = evaluator.rubygem.id if evaluator.rubygem
     end
+
+    trait :trusted_publisher do
+      owner factory: %i[oidc_trusted_publisher_github_action]
+      transient { key { SecureRandom.hex(4) } }
+    end
   end
 end
diff --git a/test/integration/api/v1/owner_test.rb b/test/integration/api/v1/owner_test.rb
index 1bff0a5706e..936b49c6124 100644
--- a/test/integration/api/v1/owner_test.rb
+++ b/test/integration/api/v1/owner_test.rb
@@ -63,13 +63,13 @@ class Api::V1::OwnerTest < ActionDispatch::IntegrationTest
       params: { email: @other_user.email },
       headers: { "HTTP_AUTHORIZATION" => @other_user_api_key }
 
-    assert_response :unauthorized
+    assert_response :forbidden
 
     delete api_v1_rubygem_owners_path(@rubygem.slug),
       params: { email: @other_user.email },
       headers: { "HTTP_AUTHORIZATION" => @other_user_api_key }
 
-    assert_response :unauthorized
+    assert_response :forbidden
 
     post api_v1_rubygem_owners_path(@rubygem.slug),
       params: { email: @other_user.email },
diff --git a/test/policies/api/rubygem_policy_test.rb b/test/policies/api/rubygem_policy_test.rb
index b11e75687a3..19e678f18bb 100644
--- a/test/policies/api/rubygem_policy_test.rb
+++ b/test/policies/api/rubygem_policy_test.rb
@@ -1,7 +1,8 @@
 require "test_helper"
 
-class Api::RubygemPolicyTest < ActiveSupport::TestCase
+class Api::RubygemPolicyTest < ApiPolicyTestCase
   setup do
+    @user = create(:user, handle: "user")
     @owner = create(:user, handle: "owner")
     @rubygem = create(:rubygem, owners: [@owner])
 
@@ -12,8 +13,10 @@ class Api::RubygemPolicyTest < ActiveSupport::TestCase
     )
   end
 
-  def policy!(api_key, rubygem = @rubygem)
-    Pundit.policy!(api_key, [:api, rubygem])
+  def record = @rubygem
+
+  def trusted_publisher_key(scope)
+    create(:api_key, :trusted_publisher, key: "tp", scopes: [scope])
   end
 
   def key_without_scope(scope, rubygem = nil)
@@ -25,145 +28,133 @@ def key_with_scope(scope, rubygem = nil)
     create(:api_key, owner: @owner, scopes: [scope], rubygem:)
   end
 
-  context "#index?" do
-    setup do
-      @action = :index?
-      @scope = :index_rubygems
-    end
-
+  def self.should_require_scope(scope, action)
     should "deny ApiKey without scope" do
-      refute_predicate policy!(key_without_scope(@scope)), @action
+      refute_authorized key_without_scope(scope), action
     end
 
     should "allow ApiKey with scope" do
-      assert_predicate policy!(key_with_scope(@scope)), @action
+      assert_authorized key_with_scope(scope), action
     end
   end
 
-  context "#create?" do
-    setup do
-      @action = :create?
-      @scope = :push_rubygem
+  def self.should_require_rubygem_scope(scope, action)
+    should "deny ApiKey with rubygem without scope" do
+      refute_authorized key_without_scope(scope, @rubygem), action
     end
 
-    should "deny ApiKey without scope" do
-      refute_predicate policy!(key_without_scope(@scope)), @action
+    should "deny ApiKey with scope but wrong rubygem" do
+      refute_authorized key_with_scope(scope, create(:rubygem, owners: [@owner])), action
     end
 
-    should "deny ApiKey with rubygem without scope" do
-      refute_predicate policy!(key_without_scope(@scope, @rubygem)), @action
+    should "allow ApiKey with scope and rubygem" do
+      assert_authorized key_with_scope(scope, @rubygem), action
     end
+  end
 
-    should "allow ApiKey with scope" do
-      assert_predicate policy!(key_with_scope(@scope)), @action
+  def self.should_require_user_key(scope, action)
+    should "deny ApiKey not owned by a user" do
+      refute_authorized trusted_publisher_key(scope), action, I18n.t(:api_key_forbidden)
     end
   end
 
-  context "#yank?" do
-    setup do
-      @action = :yank?
-      @scope = :yank_rubygem
-    end
+  def self.should_require_mfa(scope, action)
+    context "mfa required" do
+      setup do
+        GemDownload.increment(Rubygem::MFA_REQUIRED_THRESHOLD + 1, rubygem_id: @rubygem.id)
+        @rubygem.reload
+      end
 
-    should "deny ApiKey without scope" do
-      refute_predicate policy!(key_without_scope(@scope)), @action
-    end
+      should "deny ApiKey with owner.mfa_required_not_yet_enabled?" do
+        assert_predicate @owner, :mfa_required_not_yet_enabled?
+        refute_authorized key_with_scope(scope), action, I18n.t("multifactor_auths.api.mfa_required_not_yet_enabled")
+      end
 
-    should "deny ApiKey with rubygem without scope" do
-      refute_predicate policy!(key_without_scope(@scope)), @action
-    end
+      should "deny ApiKey with owner.mfa_required_weak_level_enabled?" do
+        @owner.enable_totp!(ROTP::Base32.random_base32, :ui_only)
 
-    should "deny ApiKey with scope wrong rubygem" do
-      refute_predicate policy!(key_with_scope(@scope, create(:rubygem, owners: [@owner]))), @action
-    end
+        assert_predicate @owner, :mfa_required_weak_level_enabled?
+        refute_authorized key_with_scope(scope), action, I18n.t("multifactor_auths.api.mfa_required_weak_level_enabled")
+      end
 
-    should "allow ApiKey with scope" do
-      assert_predicate policy!(key_with_scope(@scope)), @action
-    end
+      should "allow ApiKey with strong level mfa" do
+        @owner.enable_totp!(ROTP::Base32.random_base32, :ui_and_api)
 
-    should "allow ApiKey with scope and rubygem" do
-      assert_predicate policy!(key_with_scope(@scope, @rubygem)), @action
+        assert_predicate @owner, :strong_mfa_level?
+        assert_authorized key_with_scope(scope), action
+      end
     end
   end
 
-  context "#configure_trusted_publishers?" do
-    setup do
-      @action = :configure_trusted_publishers?
-      @scope = :configure_trusted_publishers
-    end
-
-    should "deny ApiKey without scope" do
-      refute_predicate policy!(key_without_scope(@scope)), @action
-    end
+  def self.should_delegate_to_user_policy(scope, action)
+    should "be true if the base RubygemPolicy for the gem allows add_owner?" do
+      RubygemPolicy.any_instance.stubs(action => true)
 
-    should "deny ApiKey with rubygem without scope" do
-      refute_predicate policy!(key_without_scope(@scope)), @action
+      assert_authorized key_with_scope(scope), action
     end
 
-    should "deny ApiKey with scope wrong rubygem" do
-      refute_predicate policy!(key_with_scope(@scope, create(:rubygem, owners: [@owner]))), @action
-    end
+    should "be false if the base RubygemPolicy for the gem does not allow add_owner?" do
+      RubygemPolicy.any_instance.stubs(action => false, :error => "error")
 
-    should "allow ApiKey with scope" do
-      assert_predicate policy!(key_with_scope(@scope)), @action
+      refute_authorized key_with_scope(scope), action, "error"
     end
+  end
 
-    should "allow ApiKey with scope and rubygem" do
-      assert_predicate policy!(key_with_scope(@scope, @rubygem)), @action
-    end
+  context "#index?" do
+    should_require_scope :index_rubygems, :index?
   end
 
-  context "#add_owner" do
-    setup do
-      @action = :add_owner?
-      @scope = :add_owner
-    end
+  context "#create?" do
+    scope = :push_rubygem
+    action = :create?
 
-    should "deny ApiKey without scope" do
-      refute_predicate policy!(key_without_scope(@scope)), @action
-    end
+    should_require_scope scope, action
+    should_require_mfa scope, action
 
     should "deny ApiKey with rubygem without scope" do
-      refute_predicate policy!(key_without_scope(@scope)), @action
-    end
-
-    should "deny ApiKey with scope wrong rubygem" do
-      refute_predicate policy!(key_with_scope(@scope, create(:rubygem, owners: [@owner]))), @action
-    end
-
-    should "allow ApiKey with scope" do
-      assert_predicate policy!(key_with_scope(@scope)), @action
-    end
-
-    should "allow ApiKey with scope and rubygem" do
-      assert_predicate policy!(key_with_scope(@scope, @rubygem)), @action
+      refute_authorized key_without_scope(:push_rubygem, @rubygem), :create?
     end
   end
 
-  context "#remove_owner" do
-    setup do
-      @action = :remove_owner?
-      @scope = :remove_owner
-    end
-
-    should "deny ApiKey without scope" do
-      refute_predicate policy!(key_without_scope(@scope)), @action
-    end
+  context "#yank?" do
+    scope = :yank_rubygem
+    action = :yank?
 
-    should "deny ApiKey with rubygem without scope" do
-      refute_predicate policy!(key_without_scope(@scope)), @action
-    end
+    should_require_user_key scope, action
+    should_require_scope scope, action
+    should_require_rubygem_scope scope, action
+  end
 
-    should "deny ApiKey with scope wrong rubygem" do
-      refute_predicate policy!(key_with_scope(@scope, create(:rubygem, owners: [@owner]))), @action
-    end
+  context "#configure_trusted_publishers?" do
+    scope = :configure_trusted_publishers
+    action = :configure_trusted_publishers?
+
+    should_require_user_key scope, action
+    should_require_mfa scope, action
+    should_require_scope scope, action
+    should_require_rubygem_scope scope, action
+    should_delegate_to_user_policy scope, action
+  end
 
-    should "allow ApiKey with scope" do
-      assert_predicate policy!(key_with_scope(@scope)), @action
-    end
+  context "#add_owner" do
+    scope = :add_owner
+    action = :add_owner?
+
+    should_require_user_key scope, action
+    should_require_mfa scope, action
+    should_require_scope scope, action
+    should_require_rubygem_scope scope, action
+    should_delegate_to_user_policy scope, action
+  end
 
-    should "allow ApiKey with scope and rubygem" do
-      assert_predicate policy!(key_with_scope(@scope, @rubygem)), @action
-    end
+  context "#remove_owner" do
+    scope = :remove_owner
+    action = :remove_owner?
+
+    should_require_user_key scope, action
+    should_require_mfa scope, action
+    should_require_scope scope, action
+    should_require_rubygem_scope scope, action
+    should_delegate_to_user_policy scope, action
   end
 end
diff --git a/test/test_helper.rb b/test/test_helper.rb
index f77de05f3c0..afcdc5d02b0 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -273,6 +273,31 @@ def policy_scope!(user, record)
   end
 end
 
+class ApiPolicyTestCase < ActiveSupport::TestCase
+  def policy!(api_key, rec = nil)
+    rec ||= record
+    Pundit.policy!(api_key, [:api, rec])
+  end
+
+  def record
+    raise NotImplementedError, "You must define #record in #{self.class}"
+  end
+
+  def assert_authorized(actor, action)
+    policy = policy!(actor)
+
+    assert_predicate policy, action
+    assert_nil policy.error
+  end
+
+  def refute_authorized(actor, action, message = I18n.t(:api_key_insufficient_scope))
+    policy = policy!(actor)
+
+    refute_predicate policy, action
+    assert_equal message.chomp, policy.error&.chomp if message
+  end
+end
+
 class ComponentTest < ActiveSupport::TestCase
   include Phlex::Testing::Rails::ViewHelper
   include Capybara::Minitest::Assertions

From 965529e6570b42e5bc8752162b461b4c33d79565 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Jul 2024 21:40:51 +0000
Subject: [PATCH 067/381] Bump rack from 3.1.6 to 3.1.7 (#4880)

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index f4d3e56eef3..c699cc57005 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -514,7 +514,7 @@ GEM
     pwned (2.3.0)
     raabro (1.4.0)
     racc (1.8.0)
-    rack (3.1.6)
+    rack (3.1.7)
     rack-attack (6.7.0)
       rack (>= 1.0, < 4)
     rack-oauth2 (2.2.1)
@@ -1087,7 +1087,7 @@ CHECKSUMS
   pwned (2.3.0) sha256=63f5a9576f109203684e9dd053f815649fd5bc0a0348b7190568272641b22353
   raabro (1.4.0) sha256=d4fa9ff5172391edb92b242eed8be802d1934b1464061ae5e70d80962c5da882
   racc (1.8.0) sha256=09349a65c37c4fe710a435f25c9f1652e39f29ad6b1fa08d4a8d30c0553d3a08
-  rack (3.1.6) sha256=08cd573725c9c223bb0466d483153cae9bb3606d17760328c814902e6bf83c32
+  rack (3.1.7) sha256=0e9982db4ea9013326788ca2a7f48e32a4e746765e7c3512d424ef0dd22ae58b
   rack-attack (6.7.0) sha256=3ca47e8f66cd33b2c96af53ea4754525cd928ed3fa8da10ee6dad0277791d77c
   rack-oauth2 (2.2.1) sha256=c73aa87c508043e2258f02b4fb110cacba9b37d2ccf884e22487d014a120d1a5
   rack-protection (4.0.0) sha256=d0db6185caa46a8c0d134c2c6b4803f4f392a67b2984da311409cb505f67bbf6

From b189af77015f35730cfdf439bcdd5778eb752489 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Jul 2024 21:41:23 +0000
Subject: [PATCH 068/381] Bump github/codeql-action from 3.25.11 to 3.25.12
 (#4887)

---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 49a79c89f3e..36bfaa0789f 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
+        uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
+        uses: github/codeql-action/autobuild@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
+        uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 10dd6c427b4..97289616a63 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
+        uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
         with:
           sarif_file: results.sarif

From 16d390680b8a189b0e1f924fc53bef88c5453315 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Jul 2024 21:41:36 +0000
Subject: [PATCH 069/381] Bump opensearch-ruby from 3.3.0 to 3.4.0 (#4888)

---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index ece310ce73b..12f32844115 100644
--- a/Gemfile
+++ b/Gemfile
@@ -39,7 +39,7 @@ gem "ruby-magic", "~> 0.6"
 gem "shoryuken", "~> 6.2", require: false
 gem "statsd-instrument", "~> 3.8"
 gem "validates_formatting_of", "~> 0.9"
-gem "opensearch-ruby", "~> 3.3"
+gem "opensearch-ruby", "~> 3.4"
 gem "searchkick", "~> 5.3"
 gem "faraday_middleware-aws-sigv4", "~> 1.0"
 gem "xml-simple", "~> 1.1"
diff --git a/Gemfile.lock b/Gemfile.lock
index c699cc57005..6ff265f6f71 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -473,7 +473,7 @@ GEM
       tzinfo
       validate_url
       webfinger (~> 2.0)
-    opensearch-ruby (3.3.0)
+    opensearch-ruby (3.4.0)
       faraday (>= 1.0, < 3)
       multi_json (>= 1.0)
     openssl (3.2.0)
@@ -837,7 +837,7 @@ DEPENDENCIES
   omniauth-github (~> 2.0)
   omniauth-rails_csrf_protection (~> 1.0)
   openid_connect (~> 2.3)
-  opensearch-ruby (~> 3.3)
+  opensearch-ruby (~> 3.4)
   pg (~> 1.5)
   pg_query (~> 5.1)
   pghero (~> 3.6)
@@ -1063,7 +1063,7 @@ CHECKSUMS
   omniauth-oauth2 (1.8.0) sha256=b2f8e9559cc7e2d4efba57607691d6d2b634b879fc5b5b6ccfefa3da85089e78
   omniauth-rails_csrf_protection (1.0.2) sha256=1170fd672aff092b9b7ebebc1453559f073ed001e3ce62a1df616e32f8dc5fe0
   openid_connect (2.3.0) sha256=0dbb9cefeb11e0a65e706349266355bbbb060382ae138fc9e199ab1aa622744c
-  opensearch-ruby (3.3.0) sha256=f490c0150bdb2a6444f1d4ec128e9947aadb1c74f0315a29c574c0d31acfeced
+  opensearch-ruby (3.4.0) sha256=0a8621686bed3c59b4c23e08cbaef873685a3fe4568e9d2703155ca92b8ca05d
   openssl (3.2.0) sha256=3c4bb8760977b4becd2819c6c2569bcf5c6f48b32b9f7a4ce1fd37f996378d14
   openssl-signature_algorithm (1.3.0) sha256=a3b40b5e8276162d4a6e50c7c97cdaf1446f9b2c3946a6fa2c14628e0c957e80
   optimist (3.1.0) sha256=81886f53ee8919f330aa30076d320d88eef9bc85aae2275376b4afb007c69260

From 768be62accf0ebac5de9fd13d0ab2387736e6dbf Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Tue, 16 Jul 2024 12:16:42 -0700
Subject: [PATCH 070/381] No auto-sign in after password reset (#4811)

* Don't sign in user after password reset
* Move password_reset_session_verified to before_action
* Add test coverage for password reset when sign in as another user
---
 app/controllers/concerns/require_mfa.rb       |   4 +-
 .../multifactor_auths_controller.rb           |   5 +-
 app/controllers/passwords_controller.rb       |  72 ++++---
 app/controllers/sessions_controller.rb        |   4 +
 app/views/passwords/edit.html.erb             |   2 +-
 test/functional/passwords_controller_test.rb  | 200 ++++++++----------
 test/integration/password_reset_test.rb       |  26 +--
 7 files changed, 157 insertions(+), 156 deletions(-)

diff --git a/app/controllers/concerns/require_mfa.rb b/app/controllers/concerns/require_mfa.rb
index 8dc1c3195e2..872ed47833d 100644
--- a/app/controllers/concerns/require_mfa.rb
+++ b/app/controllers/concerns/require_mfa.rb
@@ -54,12 +54,12 @@ def incorrect_otp
   end
 
   def webauthn_failure
-    invalidate_mfa_session(@webauthn_error)
+    mfa_failure(@webauthn_error)
   end
 
   def invalidate_mfa_session(message)
     delete_mfa_session
-    mfa_failure(message)
+    login_failure(message)
   end
 
   def delete_mfa_session
diff --git a/app/controllers/multifactor_auths_controller.rb b/app/controllers/multifactor_auths_controller.rb
index efd8cebb682..ccc4fe14113 100644
--- a/app/controllers/multifactor_auths_controller.rb
+++ b/app/controllers/multifactor_auths_controller.rb
@@ -84,12 +84,13 @@ def mfa_failure(message)
     delete_mfa_session
     redirect_to edit_settings_path, flash: { error: message }
   end
+  alias login_failure mfa_failure
 
   def otp_verification_url
-    otp_update_multifactor_auth_url(token: current_user.confirmation_token, level: level_param)
+    otp_update_multifactor_auth_url(level: level_param)
   end
 
   def webauthn_verification_url
-    webauthn_update_multifactor_auth_url(token: current_user.confirmation_token, level: level_param)
+    webauthn_update_multifactor_auth_url(level: level_param)
   end
 end
diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb
index b979302e3d3..9a20498dcfd 100644
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@@ -2,7 +2,6 @@ class PasswordsController < ApplicationController
   include MfaExpiryMethods
   include RequireMfa
   include WebauthnVerifiable
-  include SessionVerifiable
 
   before_action :ensure_email_present, only: %i[create]
 
@@ -11,16 +10,15 @@ class PasswordsController < ApplicationController
   before_action :require_mfa, only: %i[edit]
   before_action :validate_otp, only: %i[otp_edit]
   before_action :validate_webauthn, only: %i[webauthn_edit]
+  before_action :password_reset_session_verified, only: %i[edit otp_edit webauthn_edit]
   after_action :delete_mfa_expiry_session, only: %i[otp_edit webauthn_edit]
 
-  verify_session_before only: %i[update]
+  before_action :validate_password_reset_session, only: :update
 
   def new
   end
 
   def edit
-    # When user doesn't have mfa, a valid token is a full "magic link" sign in.
-    verified_sign_in
     render :edit
   end
 
@@ -36,11 +34,11 @@ def create
   end
 
   def update
-    if current_user.update_password reset_params[:password]
-      current_user.reset_api_key! if reset_params[:reset_api_key] == "true" # singular
-      current_user.api_keys.expire_all! if reset_params[:reset_api_keys] == "true" # plural
-      redirect_to dashboard_path
-      session[:password_reset_token] = nil
+    if @user.update_password reset_params[:password]
+      @user.reset_api_key! if reset_params[:reset_api_key] == "true" # singular
+      @user.api_keys.expire_all! if reset_params[:reset_api_keys] == "true" # plural
+      delete_password_reset_session
+      redirect_to signed_in? ? dashboard_path : sign_in_path
     else
       flash.now[:alert] = t(".failure")
       render :edit
@@ -48,28 +46,15 @@ def update
   end
 
   def otp_edit
-    verified_sign_in
     render :edit
   end
 
   def webauthn_edit
-    verified_sign_in
     render :edit
   end
 
   private
 
-  def verified_sign_in
-    sign_in @user
-    session_verified
-    @user.update!(confirmation_token: nil)
-    StatsD.increment "login.success"
-  end
-
-  def reset_params
-    params.fetch(:password_reset, {}).permit(:password, :reset_api_key, :reset_api_keys)
-  end
-
   def ensure_email_present
     @email = params.dig(:password, :email)
     return if @email.present?
@@ -79,22 +64,47 @@ def ensure_email_present
   end
 
   def validate_confirmation_token
-    @user = User.find_by(confirmation_token: params[:token].to_s)
-    redirect_to root_path, alert: t("passwords.edit.token_failure") unless @user&.valid_confirmation_token?
+    confirmation_token = params.permit(:token).fetch(:token, "").to_s
+    @user = User.find_by(confirmation_token:)
+    return login_failure(t("passwords.edit.token_failure")) unless @user&.valid_confirmation_token?
+    sign_out if signed_in? && @user != current_user
   end
 
-  def login_failure(message)
-    flash.now.alert = message
-    render template: "multifactor_auths/prompt", status: :unauthorized
+  # The order of these methods intends to leave the session fully reset if we
+  # fail to invalidate the token for some reason, since this would indicate
+  # something is wrong with the user, necessitating help from an admin.
+  def password_reset_session_verified
+    reset_session
+    @user.update!(confirmation_token: nil)
+    session[:password_reset_verified_user] = @user.id
+    session[:password_reset_verified] = Gemcutter::PASSWORD_VERIFICATION_EXPIRY.from_now
+  end
+
+  def validate_password_reset_session
+    return login_failure(t("passwords.edit.token_failure")) if session[:password_reset_verified].nil?
+    return login_failure(t("verification_expired")) if session[:password_reset_verified] < Time.current
+    @user = User.find_by(id: session[:password_reset_verified_user])
+    login_failure(t("verification_expired")) unless @user
+  end
+
+  def delete_password_reset_session
+    delete_mfa_session
+    session.delete(:password_reset_verified_user)
+    session.delete(:password_reset_verified)
+  end
+
+  def reset_params
+    params.permit(password_reset: %i[password reset_api_key reset_api_keys]).require(:password_reset)
   end
 
   def mfa_failure(message)
-    login_failure(message)
+    flash.now.alert = message
+    render template: "multifactor_auths/prompt", status: :unauthorized
   end
 
-  def redirect_to_verify
-    session[:redirect_uri] = verify_session_redirect_path
-    redirect_to verify_session_path, alert: t("verification_expired")
+  def login_failure(alert)
+    reset_session
+    redirect_to sign_in_path, alert:
   end
 
   def otp_verification_url
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index b424fc0c13f..570b02dc4f8 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -109,6 +109,10 @@ def login_failure(message)
     render "sessions/new", status: :unauthorized
   end
 
+  def webauthn_failure
+    invalidate_mfa_session(@webauthn_error)
+  end
+
   def mfa_failure(message)
     login_failure(message)
   end
diff --git a/app/views/passwords/edit.html.erb b/app/views/passwords/edit.html.erb
index 18a49cb6f8a..e5e5bd17d08 100644
--- a/app/views/passwords/edit.html.erb
+++ b/app/views/passwords/edit.html.erb
@@ -1,7 +1,7 @@
 <% @title = t('.title') %>
 
 <%= form_for(:password_reset, url: password_path, html: { method: :put }) do |form| %>
-  <%= error_messages_for current_user %>
+  <%= error_messages_for @user %>
   <div class="password_field">
     <%= form.label :password, "Password", :class => 'form__label' %>
     <%= form.password_field :password, autocomplete: 'new-password', class: 'form__input' %>
diff --git a/test/functional/passwords_controller_test.rb b/test/functional/passwords_controller_test.rb
index be178e1b6b1..95105e48220 100644
--- a/test/functional/passwords_controller_test.rb
+++ b/test/functional/passwords_controller_test.rb
@@ -33,39 +33,93 @@ class PasswordsControllerTest < ActionController::TestCase
         get :edit, params: { token: "invalidtoken" }
       end
 
-      should redirect_to("the home page") { root_path }
+      should redirect_to("the sign in page") { sign_in_path }
+      should set_flash[:alert].to "Please double check the URL or try submitting a new password reset."
 
       should "not sign in the user" do
         refute_predicate @controller.request.env[:clearance], :signed_in?
       end
-
-      should "warn about invalid url" do
-        assert_equal "Please double check the URL or try submitting a new password reset.", flash[:alert]
-      end
     end
 
     context "with valid confirmation_token" do
-      setup do
-        get :edit, params: { token: @user.confirmation_token }
-      end
+      context "when not signed in" do
+        setup do
+          get :edit, params: { token: @user.confirmation_token }
+        end
 
-      should respond_with :success
+        should respond_with :success
 
-      should "sign in the user" do
-        assert_predicate @controller.request.env[:clearance], :signed_in?
-      end
+        should "not sign in the user" do
+          refute_predicate @controller.request.env[:clearance], :signed_in?
+        end
 
-      should "invalidate the confirmation_token" do
-        assert_nil @user.reload.confirmation_token
+        should "invalidate the confirmation_token" do
+          assert_nil @user.reload.confirmation_token
+        end
+
+        should "display edit form" do
+          page.assert_text("Reset password")
+          page.assert_selector("input[type=password][autocomplete=new-password]")
+        end
+
+        should "instruct the browser not to send referrer that contains the token" do
+          assert_equal "no-referrer", response.headers["Referrer-Policy"]
+        end
       end
 
-      should "display edit form" do
-        page.assert_text("Reset password")
-        page.assert_selector("input[type=password][autocomplete=new-password]")
+      context "when signed in as the user" do
+        setup do
+          sign_in_as @user
+
+          get :edit, params: { token: @user.confirmation_token }
+        end
+
+        should respond_with :success
+
+        should "leave the user signed in" do
+          assert_predicate @controller.request.env[:clearance], :signed_in?
+        end
+
+        should "invalidate the confirmation_token" do
+          assert_nil @user.reload.confirmation_token
+        end
+
+        should "display edit form" do
+          page.assert_text("Reset password")
+          page.assert_selector("input[type=password][autocomplete=new-password]")
+        end
+
+        should "instruct the browser not to send referrer that contains the token" do
+          assert_equal "no-referrer", response.headers["Referrer-Policy"]
+        end
       end
 
-      should "instruct the browser not to send referrer that contains the token" do
-        assert_equal "no-referrer", response.headers["Referrer-Policy"]
+      context "when signed in as another user" do
+        setup do
+          @other_user = create(:user, api_key: "otheruserkey")
+          sign_in_as @other_user
+
+          get :edit, params: { token: @user.confirmation_token }
+        end
+
+        should respond_with :success
+
+        should "sign the current user out" do
+          refute_predicate @controller.request.env[:clearance], :signed_in?
+        end
+
+        should "invalidate the confirmation_token" do
+          assert_nil @user.reload.confirmation_token
+        end
+
+        should "display edit form" do
+          page.assert_text("Reset password")
+          page.assert_selector("input[type=password][autocomplete=new-password]")
+        end
+
+        should "instruct the browser not to send referrer that contains the token" do
+          assert_equal "no-referrer", response.headers["Referrer-Policy"]
+        end
       end
     end
 
@@ -75,15 +129,12 @@ class PasswordsControllerTest < ActionController::TestCase
         get :edit, params: { token: @user.confirmation_token }
       end
 
-      should redirect_to("the home page") { root_path }
+      should redirect_to("the sign in page") { sign_in_path }
+      should set_flash[:alert].to "Please double check the URL or try submitting a new password reset."
 
       should "not sign in the user" do
         refute_predicate @controller.request.env[:clearance], :signed_in?
       end
-
-      should "warn about invalid url" do
-        assert_equal "Please double check the URL or try submitting a new password reset.", flash[:alert]
-      end
     end
 
     context "with totp enabled" do
@@ -190,8 +241,8 @@ class PasswordsControllerTest < ActionController::TestCase
 
         should respond_with :success
 
-        should "sign in the user" do
-          assert_predicate @controller.request.env[:clearance], :signed_in?
+        should "not sign in the user" do
+          refute_predicate @controller.request.env[:clearance], :signed_in?
         end
 
         should "invalidate the confirmation_token" do
@@ -214,14 +265,11 @@ class PasswordsControllerTest < ActionController::TestCase
         end
 
         should respond_with :unauthorized
+        should set_flash.now[:alert].to "Your OTP code is incorrect."
 
         should "not sign in the user" do
           refute_predicate @controller.request.env[:clearance], :signed_in?
         end
-
-        should "alert about otp being incorrect" do
-          assert_equal "Your OTP code is incorrect.", flash[:alert]
-        end
       end
 
       context "when the OTP session is expired" do
@@ -232,17 +280,12 @@ class PasswordsControllerTest < ActionController::TestCase
           end
         end
 
-        should set_flash.now[:alert]
-        should respond_with :unauthorized
+        should set_flash[:alert].to "Your login page session has expired."
+        should redirect_to("the sign in page") { sign_in_path }
 
         should "clear mfa_expires_at" do
           assert_nil @controller.session[:mfa_expires_at]
         end
-
-        should "render sign in page" do
-          page.assert_text "Sign in"
-        end
-
         should "not sign in the user" do
           refute_predicate @controller.request.env[:clearance], :signed_in?
         end
@@ -282,8 +325,8 @@ class PasswordsControllerTest < ActionController::TestCase
 
       should respond_with :success
 
-      should "sign in the user" do
-        assert_predicate @controller.request.env[:clearance], :signed_in?
+      should "not sign in the user" do
+        refute_predicate @controller.request.env[:clearance], :signed_in?
       end
 
       should "invalidate the confirmation_token" do
@@ -304,15 +347,12 @@ class PasswordsControllerTest < ActionController::TestCase
         post(:webauthn_edit, params: { token: "badtoken" })
       end
 
-      should redirect_to("the home page") { root_path }
+      should redirect_to("the sign in page") { sign_in_path }
+      should set_flash[:alert].to "Please double check the URL or try submitting a new password reset."
 
       should "not sign in the user" do
         refute_predicate @controller.request.env[:clearance], :signed_in?
       end
-
-      should "warn about invalid url" do
-        assert_equal "Please double check the URL or try submitting a new password reset.", flash[:alert]
-      end
     end
 
     context "when not providing credentials" do
@@ -388,17 +428,13 @@ class PasswordsControllerTest < ActionController::TestCase
         end
       end
 
-      should respond_with :unauthorized
-      should set_flash.now[:alert]
+      should redirect_to("the sign in page") { sign_in_path }
+      should set_flash[:alert]
 
       should "clear mfa_expires_at" do
         assert_nil @controller.session[:mfa_expires_at]
       end
 
-      should "render sign in page" do
-        page.assert_text "Sign in"
-      end
-
       should "not sign in the user" do
         refute_predicate @controller.request.env[:clearance], :signed_in?
       end
@@ -413,7 +449,7 @@ class PasswordsControllerTest < ActionController::TestCase
       @old_encrypted_password = @user.encrypted_password
     end
 
-    context "when not signed in" do
+    context "when not verified for password reset" do
       setup do
         put :update, params: {
           password_reset: { reset_api_key: "true", reset_api_keys: "true", password: PasswordHelpers::SECURE_TEST_PASSWORD }
@@ -433,57 +469,15 @@ class PasswordsControllerTest < ActionController::TestCase
       end
     end
 
-    context "when signed in as another user" do
-      setup do
-        @other_user = create(:user, api_key: "otheruserkey")
-        @other_api_key = @other_user.api_key
-        @other_new_api_key = create(:api_key, owner: @other_user, key: "rubygems_otheruserkey")
-        @other_old_encrypted_password = @other_user.encrypted_password
-        sign_in_as @other_user
-        session[:verification] = 10.minutes.from_now
-        session[:verified_user] = @other_user.id
-
-        put :update, params: {
-          password_reset: { reset_api_key: "true", reset_api_keys: "true", password: PasswordHelpers::SECURE_TEST_PASSWORD }
-        }
-      end
-
-      teardown do
-        session[:verification] = nil
-        session[:verified_user] = nil
-      end
-
-      should redirect_to("the dashboard") { dashboard_path }
-
-      should "not change the signed in user's api_key" do
-        assert_equal(@user.reload.api_key, @api_key)
-      end
-      should "not change the sign in user's password" do
-        assert_equal(@user.reload.encrypted_password, @old_encrypted_password)
-      end
-
-      # The password controller does not care who is signed in.
-      should "change logged in user's api_key" do
-        refute_equal(@other_user.reload.api_key, @other_api_key)
-      end
-      should "change logged in user's password" do
-        refute_equal(@other_user.reload.encrypted_password, @other_old_encrypted_password)
-      end
-      should "expire logged in user's new api key" do
-        assert_empty @other_user.reload.api_keys.unexpired
-        refute_empty @other_user.reload.api_keys.expired
-      end
-    end
-
-    context "when signed in but not verified" do
+    context "when not verified for password reset" do
       setup do
-        sign_in_as @user
         put :update, params: {
           password_reset: { password: PasswordHelpers::SECURE_TEST_PASSWORD }
         }
       end
 
-      should redirect_to("the verification page") { verify_session_path }
+      should redirect_to("the sign in page") { sign_in_path }
+      should set_flash[:alert].to "Please double check the URL or try submitting a new password reset."
 
       should "not change api_key" do
         assert_equal(@user.reload.api_key, @api_key)
@@ -496,13 +490,7 @@ class PasswordsControllerTest < ActionController::TestCase
     context "when signed in" do
       setup do
         sign_in_as @user
-        session[:verification] = 10.minutes.from_now
-        session[:verified_user] = @user.id
-      end
-
-      teardown do
-        session[:verification] = nil
-        session[:verified_user] = nil
+        get :edit, params: { token: @user.confirmation_token }
       end
 
       context "with invalid password" do
@@ -513,6 +501,7 @@ class PasswordsControllerTest < ActionController::TestCase
         end
 
         should respond_with :success
+        should set_flash.now[:alert].to "Your password could not be changed. Please try again."
 
         should "not change api_key" do
           assert_equal(@user.reload.api_key, @api_key)
@@ -520,9 +509,6 @@ class PasswordsControllerTest < ActionController::TestCase
         should "not change password" do
           assert_equal(@user.reload.encrypted_password, @old_encrypted_password)
         end
-        should "alert about invalid password" do
-          assert_equal "Your password could not be changed. Please try again.", flash[:alert]
-        end
       end
 
       context "with a valid password" do
@@ -536,7 +522,7 @@ class PasswordsControllerTest < ActionController::TestCase
           end
 
           should set_flash[:alert]
-          should redirect_to("the verification page") { verify_session_path }
+          should redirect_to("the sign in page") { sign_in_path }
 
           should "not sign the user out" do
             assert_predicate @controller.request.env[:clearance], :signed_in?
diff --git a/test/integration/password_reset_test.rb b/test/integration/password_reset_test.rb
index 7ddc617c325..327ff07a8a0 100644
--- a/test/integration/password_reset_test.rb
+++ b/test/integration/password_reset_test.rb
@@ -38,11 +38,8 @@ def forgot_password_with(email)
     fill_in "Password", with: PasswordHelpers::SECURE_TEST_PASSWORD
     click_button "Save this password"
 
-    assert_equal dashboard_path, page.current_path
+    assert_equal sign_in_path, page.current_path
 
-    click_link "Sign out"
-
-    visit sign_in_path
     fill_in "Email or Username", with: @user.email
     fill_in "Password", with: PasswordHelpers::SECURE_TEST_PASSWORD
     click_button "Sign in"
@@ -55,8 +52,6 @@ def forgot_password_with(email)
 
     visit password_reset_link
 
-    assert page.has_content?("Sign out")
-
     fill_in "Password", with: ""
     click_button "Save this password"
 
@@ -75,6 +70,7 @@ def forgot_password_with(email)
     fill_in "Password", with: PasswordHelpers::SECURE_TEST_PASSWORD
     click_button "Save this password"
 
+    assert_equal sign_in_path, page.current_path
     assert @user.reload.authenticated? PasswordHelpers::SECURE_TEST_PASSWORD
   end
 
@@ -113,6 +109,7 @@ def forgot_password_with(email)
     fill_in "Password", with: PasswordHelpers::SECURE_TEST_PASSWORD
     click_button "Save this password"
 
+    assert_equal sign_in_path, page.current_path
     assert @user.reload.authenticated? PasswordHelpers::SECURE_TEST_PASSWORD
 
     assert_event Events::UserEvent::PASSWORD_CHANGED, {},
@@ -130,10 +127,13 @@ def forgot_password_with(email)
     fill_in "otp", with: ROTP::TOTP.new(@user.totp_seed).now
     click_button "Authenticate"
 
-    assert page.has_content?("Sign out")
+    refute page.has_content?("Sign out")
 
     fill_in "Password", with: PasswordHelpers::SECURE_TEST_PASSWORD
     click_button "Save this password"
+
+    assert_equal sign_in_path, page.current_path
+    assert @user.reload.authenticated? PasswordHelpers::SECURE_TEST_PASSWORD
   end
 
   test "resetting a password when mfa is enabled but mfa session is expired" do
@@ -166,9 +166,9 @@ def forgot_password_with(email)
     fill_in "Password", with: PasswordHelpers::SECURE_TEST_PASSWORD
     click_button "Save this password"
 
-    find(:css, ".header__popup-link").click
-
-    assert page.has_content?("SIGN OUT")
+    assert page.has_content?("Sign in")
+    assert_equal sign_in_path, page.current_path
+    assert @user.reload.authenticated? PasswordHelpers::SECURE_TEST_PASSWORD
   end
 
   test "resetting password when webauthn is enabled using recovery codes" do
@@ -190,9 +190,9 @@ def forgot_password_with(email)
     fill_in "Password", with: PasswordHelpers::SECURE_TEST_PASSWORD
     click_button "Save this password"
 
-    find(:css, ".header__popup-link").click
-
-    assert page.has_content?("SIGN OUT")
+    assert page.has_content?("Sign in")
+    assert_equal sign_in_path, page.current_path
+    assert @user.reload.authenticated? PasswordHelpers::SECURE_TEST_PASSWORD
   end
 
   test "resetting password with pending email change" do

From eb43aa913f7e913e60a722cec5bfc10e808c00eb Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Tue, 16 Jul 2024 12:58:22 -0700
Subject: [PATCH 071/381] Ensure adoption actions require verified session
 (#4828)

These actions are protected at the adpotions controller view, but the
actual POST and PATCH actions were not protected by the verified session check
---
 app/controllers/ownership_calls_controller.rb |  3 +
 .../ownership_requests_controller.rb          |  3 +
 .../ownership_calls_controller_test.rb        | 73 +++++++++++++++++--
 .../ownership_requests_controller_test.rb     | 54 +++++++++++++-
 4 files changed, 125 insertions(+), 8 deletions(-)

diff --git a/app/controllers/ownership_calls_controller.rb b/app/controllers/ownership_calls_controller.rb
index 6a33c8b52c4..67fd36844cf 100644
--- a/app/controllers/ownership_calls_controller.rb
+++ b/app/controllers/ownership_calls_controller.rb
@@ -1,8 +1,11 @@
 class OwnershipCallsController < ApplicationController
+  include SessionVerifiable
+
   before_action :find_rubygem, except: :index
   before_action :redirect_to_signin, unless: :signed_in?, except: :index
   before_action :redirect_to_new_mfa, if: :mfa_required_not_yet_enabled?, except: :index
   before_action :redirect_to_settings_strong_mfa_required, if: :mfa_required_weak_level_enabled?, except: :index
+  before_action :redirect_to_verify, only: %i[create close], unless: :verified_session_active?
   before_action :find_ownership_call, only: :close
 
   rescue_from ActiveRecord::RecordInvalid, with: :redirect_try_again
diff --git a/app/controllers/ownership_requests_controller.rb b/app/controllers/ownership_requests_controller.rb
index b1152961557..71f9c9109d8 100644
--- a/app/controllers/ownership_requests_controller.rb
+++ b/app/controllers/ownership_requests_controller.rb
@@ -1,8 +1,11 @@
 class OwnershipRequestsController < ApplicationController
+  include SessionVerifiable
+
   before_action :find_rubygem
   before_action :redirect_to_signin, unless: :signed_in?
   before_action :redirect_to_new_mfa, if: :mfa_required_not_yet_enabled?
   before_action :redirect_to_settings_strong_mfa_required, if: :mfa_required_weak_level_enabled?
+  before_action :redirect_to_verify, only: %i[update close_all], if: -> { @rubygem.owned_by?(current_user) && !verified_session_active? }
 
   rescue_from ActiveRecord::RecordInvalid, with: :redirect_try_again
   rescue_from ActiveRecord::RecordNotSaved, with: :redirect_try_again
diff --git a/test/functional/ownership_calls_controller_test.rb b/test/functional/ownership_calls_controller_test.rb
index ec7d02b4aa5..e53d1e3e5d1 100644
--- a/test/functional/ownership_calls_controller_test.rb
+++ b/test/functional/ownership_calls_controller_test.rb
@@ -16,7 +16,17 @@ class OwnershipCallsControllerTest < ActionController::TestCase
         @rubygem = create(:rubygem, owners: [@user], number: "1.0.0")
       end
 
-      context "user is owner of rubygem" do
+      context "user is owner of rubygem and verified" do
+        setup do
+          session[:verification] = 10.minutes.from_now
+          session[:verified_user] = @user.id
+        end
+
+        teardown do
+          session[:verification] = nil
+          session[:verified_user] = nil
+        end
+
         context "with correct params" do
           setup do
             post :create, params: { rubygem_id: @rubygem.name, note: "short note" }
@@ -64,12 +74,28 @@ class OwnershipCallsControllerTest < ActionController::TestCase
         end
       end
 
+      context "user is owner and not verified" do
+        setup do
+          post :create, params: { rubygem_id: @rubygem.name, note: "short note" }
+        end
+
+        should redirect_to("verify page") { verify_session_path }
+      end
+
       context "user is not owner of rubygem" do
         setup do
-          user = create(:user)
-          sign_in_as(user)
+          @user = create(:user)
+          sign_in_as(@user)
+          session[:verification] = 10.minutes.from_now
+          session[:verified_user] = @user.id
           post :create, params: { rubygem_id: @rubygem.name, note: "short note" }
         end
+
+        teardown do
+          session[:verification] = nil
+          session[:verified_user] = nil
+        end
+
         should respond_with :forbidden
 
         should "not create a call" do
@@ -83,7 +109,17 @@ class OwnershipCallsControllerTest < ActionController::TestCase
         @rubygem = create(:rubygem, owners: [@user], number: "1.0.0")
       end
 
-      context "user is owner of rubygem" do
+      context "user is owner of rubygem and verified" do
+        setup do
+          session[:verification] = 10.minutes.from_now
+          session[:verified_user] = @user.id
+        end
+
+        teardown do
+          session[:verification] = nil
+          session[:verified_user] = nil
+        end
+
         context "ownership call exists" do
           setup do
             create(:ownership_call, rubygem: @rubygem, user: @user, status: "opened")
@@ -112,13 +148,31 @@ class OwnershipCallsControllerTest < ActionController::TestCase
         end
       end
 
+      context "user is owner and not verified" do
+        setup do
+          create(:ownership_call, rubygem: @rubygem, user: @user)
+          patch :close, params: { rubygem_id: @rubygem.name }
+        end
+
+        should redirect_to("verify page") { verify_session_path }
+      end
+
       context "user is not owner of rubygem" do
         setup do
-          user = create(:user)
-          sign_in_as(user)
+          @user = create(:user)
+          sign_in_as(@user)
+          session[:verification] = 10.minutes.from_now
+          session[:verified_user] = @user.id
+
           create(:ownership_call, rubygem: @rubygem, user: @user)
           patch :close, params: { rubygem_id: @rubygem.name }
         end
+
+        teardown do
+          session[:verification] = nil
+          session[:verified_user] = nil
+        end
+
         should respond_with :forbidden
 
         should "not update status to close" do
@@ -214,6 +268,13 @@ class OwnershipCallsControllerTest < ActionController::TestCase
       context "user has MFA set to strong level, expect normal behaviour" do
         setup do
           @user.enable_totp!(ROTP::Base32.random_base32, :ui_and_api)
+          session[:verification] = 10.minutes.from_now
+          session[:verified_user] = @user.id
+        end
+
+        teardown do
+          session[:verification] = nil
+          session[:verified_user] = nil
         end
 
         context "on GET to index" do
diff --git a/test/functional/ownership_requests_controller_test.rb b/test/functional/ownership_requests_controller_test.rb
index 980a93328d2..fad27e5c633 100644
--- a/test/functional/ownership_requests_controller_test.rb
+++ b/test/functional/ownership_requests_controller_test.rb
@@ -20,6 +20,7 @@ class OwnershipRequestsControllerTest < ActionController::TestCase
             create(:ownership, user: @user, rubygem: @rubygem)
             post :create, params: { rubygem_id: @rubygem.name, note: "small note" }
           end
+
           should respond_with :forbidden
 
           should "not create ownership request" do
@@ -120,10 +121,18 @@ class OwnershipRequestsControllerTest < ActionController::TestCase
         @rubygem = create(:rubygem, downloads: 2_000_000)
         create(:version, rubygem: @rubygem, created_at: 2.years.ago, number: "1.0.0")
       end
-      context "when user is owner" do
+      context "when user is owner and verified" do
         setup do
           create(:ownership, user: @user, rubygem: @rubygem)
+          session[:verification] = 10.minutes.from_now
+          session[:verified_user] = @user.id
+        end
+
+        teardown do
+          session[:verification] = nil
+          session[:verified_user] = nil
         end
+
         context "on close" do
           setup do
             @requester = create(:user)
@@ -193,12 +202,29 @@ class OwnershipRequestsControllerTest < ActionController::TestCase
         end
       end
 
+      context "when user is owner and not verified" do
+        setup do
+          create(:ownership, user: @user, rubygem: @rubygem)
+          @requester = create(:user)
+          ownership_request = create(:ownership_request, rubygem: @rubygem, user: @requester)
+          patch :update, params: { rubygem_id: @rubygem.name, id: ownership_request.id, status: "close" }
+        end
+        should redirect_to("verify page") { verify_session_path }
+      end
+
       context "when user is not an owner" do
         setup do
           request = create(:ownership_request, rubygem: @rubygem)
+          session[:verification] = 10.minutes.from_now
+          session[:verified_user] = @user.id
           patch :update, params: { rubygem_id: @rubygem.name, id: request.id, status: "close" }
         end
 
+        teardown do
+          session[:verification] = nil
+          session[:verified_user] = nil
+        end
+
         should respond_with :forbidden
       end
     end
@@ -208,10 +234,17 @@ class OwnershipRequestsControllerTest < ActionController::TestCase
         @rubygem = create(:rubygem, downloads: 2_000_000)
         create(:version, rubygem: @rubygem, created_at: 2.years.ago, number: "1.0.0")
       end
-      context "when user is owner" do
+      context "when user is owner and verified" do
         setup do
           create(:ownership, rubygem: @rubygem, user: @user)
           create_list(:ownership_request, 3, rubygem: @rubygem)
+          session[:verification] = 10.minutes.from_now
+          session[:verified_user] = @user.id
+        end
+
+        teardown do
+          session[:verification] = nil
+          session[:verified_user] = nil
         end
 
         context "with successful update" do
@@ -244,11 +277,20 @@ class OwnershipRequestsControllerTest < ActionController::TestCase
         end
       end
 
+      context "when user is owner and not verified" do
+        setup do
+          create(:ownership, rubygem: @rubygem, user: @user)
+          patch :close_all, params: { rubygem_id: @rubygem.name }
+        end
+        should redirect_to("verify page") { verify_session_path }
+      end
+
       context "user is not owner" do
         setup do
           create_list(:ownership_request, 3, rubygem: @rubygem)
           patch :close_all, params: { rubygem_id: @rubygem.name }
         end
+
         should respond_with :forbidden
 
         should "not close all open requests" do
@@ -363,7 +405,15 @@ class OwnershipRequestsControllerTest < ActionController::TestCase
       context "user has MFA set to strong level, expect normal behaviour" do
         setup do
           @user.enable_totp!(ROTP::Base32.random_base32, :ui_and_api)
+          session[:verification] = 10.minutes.from_now
+          session[:verified_user] = @user.id
         end
+
+        teardown do
+          session[:verification] = nil
+          session[:verified_user] = nil
+        end
+
         context "POST to create" do
           setup { post :create, params: { rubygem_id: @rubygem.name, note: "small note" } }
 

From fbe739108f7f7447659b7b2adffb99a94d7c70d4 Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Tue, 16 Jul 2024 13:05:47 -0700
Subject: [PATCH 072/381] Refactor Api::Policy tests to allow more than one
 policy (#4892)

When adding Api::VersionPolicy, it became clear I needed to abstract better
to remove a ton of duplication.
---
 app/policies/application_policy.rb          |  15 ++-
 app/policies/ownership_request_policy.rb    |   2 +-
 app/policies/rubygem_policy.rb              |   6 +-
 test/helpers/api_policy_helpers.rb          | 109 ++++++++++++++++++++
 test/helpers/policy_helpers.rb              |  17 +++
 test/policies/api/rubygem_policy_test.rb    | 103 +++---------------
 test/policies/ownership_call_policy_test.rb |  20 ++--
 test/policies/rubygem_policy_test.rb        |  40 +++----
 test/test_helper.rb                         |  27 ++---
 9 files changed, 196 insertions(+), 143 deletions(-)
 create mode 100644 test/helpers/api_policy_helpers.rb
 create mode 100644 test/helpers/policy_helpers.rb

diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
index 1055cd56b07..0ec698761ba 100644
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@@ -62,11 +62,16 @@ def search?
 
   delegate :t, to: I18n
 
-  def deny(error)
+  def deny(error = t(:forbidden))
     @error = error
     false
   end
 
+  def allow
+    @error = nil
+    true
+  end
+
   def current_user?(record_user)
     user && user == record_user
   end
@@ -75,7 +80,11 @@ def rubygem_owned_by?(user)
     rubygem.owned_by?(user) || deny(t(:forbidden))
   end
 
-  def policy!(user, record)
-    Pundit.policy!(user, record)
+  def policy!(user, record) = Pundit.policy!(user, record)
+  def user_policy!(record) = policy!(user, record)
+
+  def user_authorized?(record, action)
+    policy = user_policy!(record)
+    policy.send(action) || deny(policy.error)
   end
 end
diff --git a/app/policies/ownership_request_policy.rb b/app/policies/ownership_request_policy.rb
index 67b18fae0fa..c1db2e38200 100644
--- a/app/policies/ownership_request_policy.rb
+++ b/app/policies/ownership_request_policy.rb
@@ -5,7 +5,7 @@ class Scope < ApplicationPolicy::Scope
   delegate :rubygem, to: :record
 
   def create?
-    current_user?(record.user) && Pundit.policy!(user, rubygem).request_ownership?
+    current_user?(record.user) && user_authorized?(rubygem, :request_ownership?)
   end
 
   def approve?
diff --git a/app/policies/rubygem_policy.rb b/app/policies/rubygem_policy.rb
index 73121f6cdc1..b4f2eb2af12 100644
--- a/app/policies/rubygem_policy.rb
+++ b/app/policies/rubygem_policy.rb
@@ -33,10 +33,10 @@ def show_events?
 
   def request_ownership?
     return false if rubygem_owned_by?(user)
-    return true if rubygem.ownership_calls.any?
+    return allow if rubygem.ownership_calls.any?
     return false if rubygem.downloads >= ABANDONED_DOWNLOADS_MAX
-    return false unless rubygem.latest_version&.created_at&.before?(ABANDONED_RELEASE_AGE.ago)
-    true
+    return false if rubygem.latest_version.nil? || rubygem.latest_version.created_at.after?(ABANDONED_RELEASE_AGE.ago)
+    allow
   end
 
   def close_ownership_requests?
diff --git a/test/helpers/api_policy_helpers.rb b/test/helpers/api_policy_helpers.rb
new file mode 100644
index 00000000000..0d8ab5d7a7c
--- /dev/null
+++ b/test/helpers/api_policy_helpers.rb
@@ -0,0 +1,109 @@
+require_relative "policy_helpers"
+
+module ApiPolicyHelpers
+  extend ActiveSupport::Concern
+  include PolicyHelpers
+
+  class_methods do
+    def should_require_scope(scope, action)
+      context "requires #{scope} scope" do
+        should "deny ApiKey without scope" do
+          refute_authorized key_without_scope(scope), action
+        end
+
+        should "allow ApiKey with scope" do
+          assert_authorized key_with_scope(scope), action
+        end
+      end
+    end
+
+    def should_require_rubygem_scope(scope, action)
+      context "requires #{scope} and matching rubygem" do
+        should "deny ApiKey with rubygem without scope" do
+          refute_authorized key_without_scope(scope, rubygem: @rubygem), action
+        end
+
+        should "deny ApiKey with scope but wrong rubygem" do
+          refute_authorized key_with_scope(scope, rubygem: create(:rubygem, owners: [@owner])), action
+        end
+
+        should "allow ApiKey with scope and rubygem" do
+          assert_authorized key_with_scope(scope, rubygem: @rubygem), action
+        end
+      end
+    end
+
+    def should_require_user_key(scope, action)
+      context "requires ApiKey owned by a user" do
+        should "deny ApiKey not owned by a user" do
+          refute_authorized trusted_publisher_key(scope), action, I18n.t(:api_key_forbidden)
+        end
+
+        should "allow ApiKey owned by a user" do
+          assert_authorized key_with_scope(scope), action
+        end
+      end
+    end
+
+    def should_require_mfa(scope, action)
+      context "mfa required" do
+        setup do
+          GemDownload.increment(Rubygem::MFA_REQUIRED_THRESHOLD + 1, rubygem_id: @rubygem.id)
+          @rubygem.reload
+        end
+
+        should "deny ApiKey with owner.mfa_required_not_yet_enabled?" do
+          assert_predicate @owner, :mfa_required_not_yet_enabled?
+          refute_authorized key_with_scope(scope), action, I18n.t("multifactor_auths.api.mfa_required_not_yet_enabled")
+        end
+
+        should "deny ApiKey with owner.mfa_required_weak_level_enabled?" do
+          @owner.enable_totp!(ROTP::Base32.random_base32, :ui_only)
+
+          assert_predicate @owner, :mfa_required_weak_level_enabled?
+          refute_authorized key_with_scope(scope), action, I18n.t("multifactor_auths.api.mfa_required_weak_level_enabled")
+        end
+
+        should "allow ApiKey with strong level mfa" do
+          @owner.enable_totp!(ROTP::Base32.random_base32, :ui_and_api)
+
+          assert_predicate @owner, :strong_mfa_level?
+          assert_authorized key_with_scope(scope), action
+        end
+      end
+    end
+
+    def should_delegate_to_policy(scope, action, policy_class)
+      context "delegates to #{policy_class}##{action}" do
+        should "allow if the #{policy_class} allows #{action}" do
+          policy_class.any_instance.stubs(action => true)
+
+          assert_authorized key_with_scope(scope), action
+        end
+
+        should "deny if the #{policy_class} denies #{action}" do
+          policy_class.any_instance.stubs(action => false, :error => "error")
+
+          refute_authorized key_with_scope(scope), action, "error"
+        end
+      end
+    end
+  end
+
+  def trusted_publisher_key(scope)
+    create(:api_key, :trusted_publisher, scopes: [scope])
+  end
+
+  def key_without_scope(scopes, **)
+    scopes = (ApiKey::APPLICABLE_GEM_API_SCOPES - Array.wrap(scopes)).sample(2)
+    key_with_scope(scopes, **)
+  end
+
+  def key_with_scope(scopes, owner: @owner, **)
+    create(:api_key, owner:, scopes: Array.wrap(scopes), **)
+  end
+
+  def refute_authorized(actor, action, message = I18n.t(:api_key_insufficient_scope))
+    super
+  end
+end
diff --git a/test/helpers/policy_helpers.rb b/test/helpers/policy_helpers.rb
new file mode 100644
index 00000000000..a5e3871543e
--- /dev/null
+++ b/test/helpers/policy_helpers.rb
@@ -0,0 +1,17 @@
+module PolicyHelpers
+  extend ActiveSupport::Concern
+
+  def assert_authorized(actor, action)
+    policy = policy!(actor)
+
+    assert_predicate policy, action
+    assert_nil policy.error
+  end
+
+  def refute_authorized(actor, action, message = nil)
+    policy = policy!(actor)
+
+    refute_predicate policy, action
+    assert_equal message.chomp, policy.error&.chomp if message
+  end
+end
diff --git a/test/policies/api/rubygem_policy_test.rb b/test/policies/api/rubygem_policy_test.rb
index 19e678f18bb..fd4e0cff8b8 100644
--- a/test/policies/api/rubygem_policy_test.rb
+++ b/test/policies/api/rubygem_policy_test.rb
@@ -2,7 +2,6 @@
 
 class Api::RubygemPolicyTest < ApiPolicyTestCase
   setup do
-    @user = create(:user, handle: "user")
     @owner = create(:user, handle: "owner")
     @rubygem = create(:rubygem, owners: [@owner])
 
@@ -13,97 +12,23 @@ class Api::RubygemPolicyTest < ApiPolicyTestCase
     )
   end
 
-  def record = @rubygem
-
-  def trusted_publisher_key(scope)
-    create(:api_key, :trusted_publisher, key: "tp", scopes: [scope])
-  end
-
-  def key_without_scope(scope, rubygem = nil)
-    scopes = (ApiKey::APPLICABLE_GEM_API_SCOPES - [scope]).sample(2)
-    create(:api_key, owner: @owner, scopes: scopes, rubygem:)
-  end
-
-  def key_with_scope(scope, rubygem = nil)
-    create(:api_key, owner: @owner, scopes: [scope], rubygem:)
-  end
-
-  def self.should_require_scope(scope, action)
-    should "deny ApiKey without scope" do
-      refute_authorized key_without_scope(scope), action
-    end
-
-    should "allow ApiKey with scope" do
-      assert_authorized key_with_scope(scope), action
-    end
-  end
-
-  def self.should_require_rubygem_scope(scope, action)
-    should "deny ApiKey with rubygem without scope" do
-      refute_authorized key_without_scope(scope, @rubygem), action
-    end
-
-    should "deny ApiKey with scope but wrong rubygem" do
-      refute_authorized key_with_scope(scope, create(:rubygem, owners: [@owner])), action
-    end
-
-    should "allow ApiKey with scope and rubygem" do
-      assert_authorized key_with_scope(scope, @rubygem), action
-    end
+  def policy!(api_key)
+    Pundit.policy!(api_key, [:api, @rubygem])
   end
 
-  def self.should_require_user_key(scope, action)
-    should "deny ApiKey not owned by a user" do
-      refute_authorized trusted_publisher_key(scope), action, I18n.t(:api_key_forbidden)
-    end
-  end
-
-  def self.should_require_mfa(scope, action)
-    context "mfa required" do
-      setup do
-        GemDownload.increment(Rubygem::MFA_REQUIRED_THRESHOLD + 1, rubygem_id: @rubygem.id)
-        @rubygem.reload
-      end
-
-      should "deny ApiKey with owner.mfa_required_not_yet_enabled?" do
-        assert_predicate @owner, :mfa_required_not_yet_enabled?
-        refute_authorized key_with_scope(scope), action, I18n.t("multifactor_auths.api.mfa_required_not_yet_enabled")
-      end
-
-      should "deny ApiKey with owner.mfa_required_weak_level_enabled?" do
-        @owner.enable_totp!(ROTP::Base32.random_base32, :ui_only)
-
-        assert_predicate @owner, :mfa_required_weak_level_enabled?
-        refute_authorized key_with_scope(scope), action, I18n.t("multifactor_auths.api.mfa_required_weak_level_enabled")
-      end
-
-      should "allow ApiKey with strong level mfa" do
-        @owner.enable_totp!(ROTP::Base32.random_base32, :ui_and_api)
-
-        assert_predicate @owner, :strong_mfa_level?
-        assert_authorized key_with_scope(scope), action
-      end
-    end
-  end
-
-  def self.should_delegate_to_user_policy(scope, action)
-    should "be true if the base RubygemPolicy for the gem allows add_owner?" do
-      RubygemPolicy.any_instance.stubs(action => true)
+  context "#index?" do
+    scope = :index_rubygems
+    action = :index?
 
-      assert_authorized key_with_scope(scope), action
-    end
+    should_require_scope scope, action
 
-    should "be false if the base RubygemPolicy for the gem does not allow add_owner?" do
-      RubygemPolicy.any_instance.stubs(action => false, :error => "error")
+    should "allow ApiKey with scope and any rubygem" do
+      api_key = key_with_scope([:push_rubygem, scope], rubygem: create(:rubygem, owners: [@owner]))
 
-      refute_authorized key_with_scope(scope), action, "error"
+      assert_authorized api_key, action
     end
   end
 
-  context "#index?" do
-    should_require_scope :index_rubygems, :index?
-  end
-
   context "#create?" do
     scope = :push_rubygem
     action = :create?
@@ -111,8 +36,8 @@ def self.should_delegate_to_user_policy(scope, action)
     should_require_scope scope, action
     should_require_mfa scope, action
 
-    should "deny ApiKey with rubygem without scope" do
-      refute_authorized key_without_scope(:push_rubygem, @rubygem), :create?
+    should "deny ApiKey without scope but with rubygem" do
+      refute_authorized key_without_scope(:push_rubygem, rubygem: @rubygem), :create?
     end
   end
 
@@ -133,7 +58,7 @@ def self.should_delegate_to_user_policy(scope, action)
     should_require_mfa scope, action
     should_require_scope scope, action
     should_require_rubygem_scope scope, action
-    should_delegate_to_user_policy scope, action
+    should_delegate_to_policy scope, action, RubygemPolicy
   end
 
   context "#add_owner" do
@@ -144,7 +69,7 @@ def self.should_delegate_to_user_policy(scope, action)
     should_require_mfa scope, action
     should_require_scope scope, action
     should_require_rubygem_scope scope, action
-    should_delegate_to_user_policy scope, action
+    should_delegate_to_policy scope, action, RubygemPolicy
   end
 
   context "#remove_owner" do
@@ -155,6 +80,6 @@ def self.should_delegate_to_user_policy(scope, action)
     should_require_mfa scope, action
     should_require_scope scope, action
     should_require_rubygem_scope scope, action
-    should_delegate_to_user_policy scope, action
+    should_delegate_to_policy scope, action, RubygemPolicy
   end
 end
diff --git a/test/policies/ownership_call_policy_test.rb b/test/policies/ownership_call_policy_test.rb
index 7437de1bef1..33138e98acf 100644
--- a/test/policies/ownership_call_policy_test.rb
+++ b/test/policies/ownership_call_policy_test.rb
@@ -1,21 +1,25 @@
 require "test_helper"
 
-class OwnershipCallPolicyTest < ActiveSupport::TestCase
+class OwnershipCallPolicyTest < PolicyTestCase
   setup do
-    @owner = FactoryBot.create(:user)
-    @rubygem = FactoryBot.create(:rubygem, owners: [@owner])
+    @owner = create(:user)
+    @rubygem = create(:rubygem, owners: [@owner])
     @ownership_call = @rubygem.ownership_calls.create(user: @owner, note: "valid note")
 
-    @user = FactoryBot.create(:user)
+    @user = create(:user)
+  end
+
+  def policy!(user)
+    Pundit.policy!(user, @ownership_call)
   end
 
   def test_create
-    assert_predicate Pundit.policy!(@owner, @ownership_call), :create?
-    refute_predicate Pundit.policy!(@user, @ownership_call), :create?
+    assert_authorized @owner, :create?
+    refute_authorized @user, :create?
   end
 
   def test_destroy
-    assert_predicate Pundit.policy!(@owner, @ownership_call), :close?
-    refute_predicate Pundit.policy!(@user, @ownership_call), :close?
+    assert_authorized @owner, :close?
+    refute_authorized @user, :close?
   end
 end
diff --git a/test/policies/rubygem_policy_test.rb b/test/policies/rubygem_policy_test.rb
index 0af79a3be89..dbb2674e3e3 100644
--- a/test/policies/rubygem_policy_test.rb
+++ b/test/policies/rubygem_policy_test.rb
@@ -1,21 +1,25 @@
 require "test_helper"
 
-class RubygemPolicyTest < ActiveSupport::TestCase
+class RubygemPolicyTest < PolicyTestCase
   setup do
     @owner = create(:user, handle: "owner")
     @rubygem = create(:rubygem, owners: [@owner])
     @user = create(:user, handle: "user")
   end
 
+  def policy!(user)
+    Pundit.policy!(user, @rubygem)
+  end
+
   context "#request_ownership?" do
     should "be false if the gem is owned by the user" do
-      refute_predicate Pundit.policy!(@owner, @rubygem), :request_ownership?
+      refute_authorized @owner, :request_ownership?
     end
 
     should "be true if the gem has ownership calls" do
       create(:ownership_call, rubygem: @rubygem, user: @owner)
 
-      assert_predicate Pundit.policy!(@user, @rubygem), :request_ownership?
+      assert_authorized @user, :request_ownership?
     end
 
     should "be false if the gem has more than 10,000 downloads" do
@@ -23,60 +27,60 @@ class RubygemPolicyTest < ActiveSupport::TestCase
       create(:version, rubygem: @rubygem, created_at: 2.years.ago)
 
       assert_operator @rubygem.downloads, :>, RubygemPolicy::ABANDONED_DOWNLOADS_MAX
-      refute_predicate Pundit.policy!(@user, @rubygem), :request_ownership?
+      refute_authorized @user, :request_ownership?
     end
 
     should "be false if the gem has no versions" do
       assert_empty @rubygem.versions
-      refute_predicate Pundit.policy!(@user, @rubygem), :request_ownership?
+      refute_authorized @user, :request_ownership?
     end
 
     should "be false if the gem has a version newer than 1 year" do
       create(:version, rubygem: @rubygem, created_at: 11.months.ago)
 
-      refute_predicate Pundit.policy!(@user, @rubygem), :request_ownership?
+      refute_authorized @user, :request_ownership?
     end
 
     should "be true if the gem's latest version is older than 1 year and less than 10,000 downloads" do
       create(:version, rubygem: @rubygem, created_at: 2.years.ago)
 
-      assert_predicate Pundit.policy!(@user, @rubygem), :request_ownership?
+      assert_authorized @user, :request_ownership?
     end
   end
 
   context "#show_adoption?" do
     should "be true if the gem is owned by the user" do
-      assert_predicate Pundit.policy!(@owner, @rubygem), :show_adoption?
+      assert_authorized @owner, :show_adoption?
     end
 
     should "be true if the rubygem is adoptable" do
       create(:version, rubygem: @rubygem, created_at: 2.years.ago)
 
-      assert_predicate Pundit.policy!(@owner, @rubygem), :show_adoption?
+      assert_authorized @owner, :show_adoption?
     end
   end
 
   context "#show_events?" do
     should "only allow the owner" do
-      assert_predicate Pundit.policy!(@owner, @rubygem), :show_events?
-      refute_predicate Pundit.policy!(@user, @rubygem), :show_events?
-      refute_predicate Pundit.policy!(nil, @rubygem), :show_events?
+      assert_authorized @owner, :show_events?
+      refute_authorized @user, :show_events?
+      refute_authorized nil, :show_events?
     end
   end
 
   context "#configure_trusted_publishers?" do
     should "only allow the owner" do
-      assert_predicate Pundit.policy!(@owner, @rubygem), :configure_trusted_publishers?
-      refute_predicate Pundit.policy!(@user, @rubygem), :configure_trusted_publishers?
-      refute_predicate Pundit.policy!(nil, @rubygem), :configure_trusted_publishers?
+      assert_authorized @owner, :configure_trusted_publishers?
+      refute_authorized @user, :configure_trusted_publishers?
+      refute_authorized nil, :configure_trusted_publishers?
     end
   end
 
   context "#show_unconfirmed_ownerships?" do
     should "only allow the owner" do
-      assert_predicate Pundit.policy!(@owner, @rubygem), :show_unconfirmed_ownerships?
-      refute_predicate Pundit.policy!(@user, @rubygem), :show_unconfirmed_ownerships?
-      refute_predicate Pundit.policy!(nil, @rubygem), :show_unconfirmed_ownerships?
+      assert_authorized @owner, :show_unconfirmed_ownerships?
+      refute_authorized @user, :show_unconfirmed_ownerships?
+      refute_authorized nil, :show_unconfirmed_ownerships?
     end
   end
 end
diff --git a/test/test_helper.rb b/test/test_helper.rb
index afcdc5d02b0..8e31f8a4bb5 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -25,10 +25,12 @@
 require "shoulda/context"
 require "shoulda/matchers"
 require "helpers/admin_helpers"
+require "helpers/api_policy_helpers"
 require "helpers/gem_helpers"
 require "helpers/email_helpers"
 require "helpers/es_helper"
 require "helpers/password_helpers"
+require "helpers/policy_helpers"
 require "helpers/webauthn_helpers"
 require "helpers/oauth_helpers"
 require "webmock/minitest"
@@ -274,28 +276,11 @@ def policy_scope!(user, record)
 end
 
 class ApiPolicyTestCase < ActiveSupport::TestCase
-  def policy!(api_key, rec = nil)
-    rec ||= record
-    Pundit.policy!(api_key, [:api, rec])
-  end
-
-  def record
-    raise NotImplementedError, "You must define #record in #{self.class}"
-  end
-
-  def assert_authorized(actor, action)
-    policy = policy!(actor)
-
-    assert_predicate policy, action
-    assert_nil policy.error
-  end
-
-  def refute_authorized(actor, action, message = I18n.t(:api_key_insufficient_scope))
-    policy = policy!(actor)
+  include ApiPolicyHelpers
+end
 
-    refute_predicate policy, action
-    assert_equal message.chomp, policy.error&.chomp if message
-  end
+class PolicyTestCase < ActiveSupport::TestCase
+  include PolicyHelpers
 end
 
 class ComponentTest < ActiveSupport::TestCase

From 08b32b4cfed2456098e81a888d9557b7815f9bee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 16 Jul 2024 13:18:12 -0700
Subject: [PATCH 073/381] Bump mocha from 2.4.0 to 2.4.1 (#4895)

Bumps [mocha](https://github.com/freerange/mocha) from 2.4.0 to 2.4.1.
- [Changelog](https://github.com/freerange/mocha/blob/main/RELEASE.md)
- [Commits](https://github.com/freerange/mocha/compare/v2.4.0...v2.4.1)

---
updated-dependencies:
- dependency-name: mocha
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 6ff265f6f71..1ade100274f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -413,7 +413,7 @@ GEM
       ruby-progressbar
     minitest-retry (0.2.2)
       minitest (>= 5.0)
-    mocha (2.4.0)
+    mocha (2.4.1)
       ruby2_keywords (>= 0.0.5)
     msgpack (1.7.2)
     multi_json (1.15.0)
@@ -1042,7 +1042,7 @@ CHECKSUMS
   minitest-gcstats (1.3.1) sha256=cb25490f93aac02e3a5ff307e560d41afcdcafa7952c1c32efdeb9886b1f4711
   minitest-reporters (1.7.1) sha256=5060413a0c95b8c32fe73e0606f3631c173a884d7900e50013e15094eb50562c
   minitest-retry (0.2.2) sha256=ea39f8abc3d67a8145ead04ff3828eb45169655c9e6078f182c0271516c03fb0
-  mocha (2.4.0) sha256=dae4d68652b7b70c711e57cfcc1778bed6d740933edb692ac83741346bc7f7af
+  mocha (2.4.1) sha256=75effab2599bf4a82eb2cafac89effdebd3225921621f37d8eac76efcf8d0225
   msgpack (1.7.2) sha256=59ab62fd8a4d0dfbde45009f87eb6f158ab2628a7c48886b0256f175166baaa8
   multi_json (1.15.0) sha256=1fd04138b6e4a90017e8d1b804c039031399866ff3fbabb7822aea367c78615d
   multi_xml (0.7.1) sha256=4fce100c68af588ff91b8ba90a0bb3f0466f06c909f21a32f4962059140ba61b

From 73e6d51df578d451b376ca5442e63e0d548a332e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 16 Jul 2024 13:19:11 -0700
Subject: [PATCH 074/381] Bump datadog-ci from 1.1.0 to 1.2.0 (#4897)

Bumps [datadog-ci](https://github.com/DataDog/datadog-ci-rb) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/DataDog/datadog-ci-rb/releases)
- [Changelog](https://github.com/DataDog/datadog-ci-rb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/DataDog/datadog-ci-rb/compare/v1.1.0...v1.2.0)

---
updated-dependencies:
- dependency-name: datadog-ci
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 12f32844115..cd36d2d878b 100644
--- a/Gemfile
+++ b/Gemfile
@@ -124,7 +124,7 @@ group :development do
 end
 
 group :test do
-  gem "datadog-ci", "~> 1.1"
+  gem "datadog-ci", "~> 1.2"
   gem "minitest", "~> 5.24", require: false
   gem "minitest-retry", "~> 0.2.2"
   gem "capybara", "~> 3.40"
diff --git a/Gemfile.lock b/Gemfile.lock
index 1ade100274f..c85f1a472af 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -199,7 +199,7 @@ GEM
       libdatadog (~> 10.0.0.1.0)
       libddwaf (~> 1.14.0.0.0)
       msgpack
-    datadog-ci (1.1.0)
+    datadog-ci (1.2.0)
       datadog (~> 2.0)
       msgpack
     date (3.3.4)
@@ -799,7 +799,7 @@ DEPENDENCIES
   dalli (~> 3.2)
   dartsass-sprockets (~> 3.1)
   datadog (~> 2.2)
-  datadog-ci (~> 1.1)
+  datadog-ci (~> 1.2)
   derailed_benchmarks (~> 2.1)
   discard (~> 1.3)
   dogstatsd-ruby (~> 5.5)
@@ -956,7 +956,7 @@ CHECKSUMS
   dalli (3.2.8) sha256=2e63595084d91fae2655514a02c5d4fc0f16c0799893794abe23bf628bebaaa5
   dartsass-sprockets (3.1.0) sha256=c238ec9f7f496489ac5a7813cd1f83d1e077a1826921acefc7e290a521b7a20a
   datadog (2.2.0) sha256=fa96d565e055593294706d7767c4d3213b5250f0ddd2b8697b868ae60dbdda4a
-  datadog-ci (1.1.0) sha256=15153b9f15deb5e55e81c91aaff6911c8dc7f4e2f139f80e803d079890739fbd
+  datadog-ci (1.2.0) sha256=e563d4e1a890402f7f9e60a0510ed30d428c1a9070b71afec95e31ee96b6b241
   date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
   dead_end (4.0.0) sha256=695c8438993bb4c5415b1618a1b6e0afcae849ef2812fb8cb3846723904307eb
   debase-ruby_core_source (3.3.1) sha256=ed904cae290edf0cf274ad707f8981bf1cefad8081e78d4bb71be2a483bc2c08

From 83985fa214551cb8e033a144b1c3c279c734ed0b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 16 Jul 2024 13:20:16 -0700
Subject: [PATCH 075/381] Bump view_component from 3.12.1 to 3.13.0 (#4898)

Bumps [view_component](https://github.com/viewcomponent/view_component) from 3.12.1 to 3.13.0.
- [Release notes](https://github.com/viewcomponent/view_component/releases)
- [Changelog](https://github.com/ViewComponent/view_component/blob/main/docs/CHANGELOG.md)
- [Commits](https://github.com/viewcomponent/view_component/compare/v3.12.1...v3.13.0)

---
updated-dependencies:
- dependency-name: view_component
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index cd36d2d878b..9d165c5c136 100644
--- a/Gemfile
+++ b/Gemfile
@@ -62,7 +62,7 @@ gem "timescaledb", "~> 0.2"
 
 # Admin dashboard
 gem "avo", "~> 2.51"
-gem "view_component", "~> 3.12"
+gem "view_component", "~> 3.13"
 gem "pundit", "~> 2.3"
 gem "chartkick", "~> 5.0"
 gem "groupdate", "~> 6.2"
diff --git a/Gemfile.lock b/Gemfile.lock
index c85f1a472af..65ec30c72d3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -743,7 +743,7 @@ GEM
     validates_formatting_of (0.9.0)
       activemodel
     version_gem (1.1.1)
-    view_component (3.12.1)
+    view_component (3.13.0)
       activesupport (>= 5.2.0, < 8.0)
       concurrent-ruby (~> 1.0)
       method_source (~> 1.0)
@@ -887,7 +887,7 @@ DEPENDENCIES
   unpwn (~> 1.0)
   user_agent_parser (~> 2.18)
   validates_formatting_of (~> 0.9)
-  view_component (~> 3.12)
+  view_component (~> 3.13)
   webauthn (~> 3.1)
   webmock (~> 3.23)
   xml-simple (~> 1.1)
@@ -1175,7 +1175,7 @@ CHECKSUMS
   validate_url (1.0.15) sha256=72fe164c0713d63a9970bd6700bea948babbfbdcec392f2342b6704042f57451
   validates_formatting_of (0.9.0) sha256=139590a4b87596dbfb04d93e897bd2e6d30fb849d04fab0343e71ed2ca856e7e
   version_gem (1.1.1) sha256=3c2da6ded29045ddcc0387e152dc634e1f0c490b7128dce0697ccc1cf0915b6c
-  view_component (3.12.1) sha256=f2ce2ad2945389f4bbd4ff77465605e9019041e5c804d16d093791be2542b18b
+  view_component (3.13.0) sha256=316e6479f51387160e7eb372d33cbb97d586ac2ed9d9fe80495cec48b346187b
   webauthn (3.1.0) sha256=e545fcf17d8a6b821161a37c1c4bc8c3d2ead0ff6ff3b098f57f417e731790b7
   webfinger (2.1.3) sha256=567a52bde77fb38ca6b67e55db755f988766ec4651c1d24916a65aa70540695c
   webmock (3.23.1) sha256=0fa738c0767d1c4ec8cc57f6b21998f0c238c8a5b32450df1c847f2767140d95

From b0aa0c6f4b2e8e77e066270de7e4eec6eb611803 Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Tue, 16 Jul 2024 13:32:57 -0700
Subject: [PATCH 076/381] OwnershipRequest by owner should be invalid (#4893)

The principal we use to decide if something should be a validation or a
policy is whether or not an admin could override the choice. In this
case, it never makes sense to allow an ownership request by an existing
owner, so I'm moving the check to validations.
---
 app/models/ownership_request.rb               | 10 +++++++-
 app/policies/rubygem_policy.rb                |  1 -
 config/locales/de.yml                         |  5 ++++
 config/locales/en.yml                         |  5 ++++
 config/locales/es.yml                         |  5 ++++
 config/locales/fr.yml                         |  5 ++++
 config/locales/ja.yml                         |  5 ++++
 config/locales/nl.yml                         |  5 ++++
 config/locales/pt-BR.yml                      |  5 ++++
 config/locales/zh-CN.yml                      |  5 ++++
 config/locales/zh-TW.yml                      |  5 ++++
 .../ownership_requests_controller_test.rb     | 23 +++++++------------
 test/integration/profile_test.rb              |  3 ++-
 test/jobs/delete_user_job_test.rb             |  6 ++---
 test/models/ownership_request_test.rb         | 11 ++++++++-
 test/policies/rubygem_policy_test.rb          |  6 +----
 16 files changed, 78 insertions(+), 27 deletions(-)

diff --git a/app/models/ownership_request.rb b/app/models/ownership_request.rb
index 545ce581a30..da0ca052e47 100644
--- a/app/models/ownership_request.rb
+++ b/app/models/ownership_request.rb
@@ -4,9 +4,10 @@ class OwnershipRequest < ApplicationRecord
   belongs_to :ownership_call, optional: true
   belongs_to :approver, class_name: "User", optional: true
 
-  validates :rubygem_id, :user_id, :status, :note, presence: true
+  validates :status, :note, presence: true
   validates :note, length: { maximum: Gemcutter::MAX_TEXT_FIELD_LENGTH }
   validates :user_id, uniqueness: { scope: :rubygem_id, conditions: -> { opened } }
+  validate :not_already_owner, on: :create
 
   delegate :name, to: :user, prefix: true
   delegate :name, to: :rubygem, prefix: true
@@ -32,4 +33,11 @@ def close!(closer = nil)
     return if closer && closer == user # Don't notify the requester if they closed their own request
     OwnersMailer.ownership_request_closed(id).deliver_later
   end
+
+  private
+
+  def not_already_owner
+    return unless rubygem.owned_by?(user)
+    errors.add(:user_id, I18n.t("activerecord.errors.models.ownership_request.attributes.user_id.existing"))
+  end
 end
diff --git a/app/policies/rubygem_policy.rb b/app/policies/rubygem_policy.rb
index b4f2eb2af12..221c6d8d048 100644
--- a/app/policies/rubygem_policy.rb
+++ b/app/policies/rubygem_policy.rb
@@ -32,7 +32,6 @@ def show_events?
   end
 
   def request_ownership?
-    return false if rubygem_owned_by?(user)
     return allow if rubygem.ownership_calls.any?
     return false if rubygem.downloads >= ABANDONED_DOWNLOADS_MAX
     return false if rubygem.latest_version.nil? || rubygem.latest_version.created_at.after?(ABANDONED_RELEASE_AGE.ago)
diff --git a/config/locales/de.yml b/config/locales/de.yml
index cecd89e7448..4902aaec0c9 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -104,6 +104,11 @@ de:
             user_id:
               already_confirmed: ist bereits Eigentümer dieses Gems
               already_invited: wurde bereits zu diesem Gem eingeladen
+        ownership_request:
+          attributes:
+            user_id:
+              taken:
+              existing:
         user:
           attributes:
             handle:
diff --git a/config/locales/en.yml b/config/locales/en.yml
index c73698fec50..72b06b38594 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -99,6 +99,11 @@ en:
             user_id:
               already_confirmed: "is already an owner of this gem"
               already_invited: "is already invited to this gem"
+        ownership_request:
+          attributes:
+            user_id:
+              taken: "has already requested ownership"
+              existing: "is already an owner"
         user:
           attributes:
             handle:
diff --git a/config/locales/es.yml b/config/locales/es.yml
index fea966eade8..1af195c46c1 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -102,6 +102,11 @@ es:
             user_id:
               already_confirmed: ya es propietario de esta gema
               already_invited: ya ha sido invitado a esta gema
+        ownership_request:
+          attributes:
+            user_id:
+              taken:
+              existing:
         user:
           attributes:
             handle:
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index ccb2ba045eb..86ef627cc4c 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -100,6 +100,11 @@ fr:
             user_id:
               already_confirmed:
               already_invited:
+        ownership_request:
+          attributes:
+            user_id:
+              taken:
+              existing:
         user:
           attributes:
             handle:
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index 97bdfb67a8b..f24add618e5 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -93,6 +93,11 @@ ja:
             user_id:
               already_confirmed: は既にこのgemの所有者です
               already_invited: は既にこのgemに招待されています
+        ownership_request:
+          attributes:
+            user_id:
+              taken:
+              existing:
         user:
           attributes:
             handle:
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index f54f1999d11..05f34c219d9 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -92,6 +92,11 @@ nl:
             user_id:
               already_confirmed:
               already_invited:
+        ownership_request:
+          attributes:
+            user_id:
+              taken:
+              existing:
         user:
           attributes:
             handle:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index 131c21acae9..d188d76dd57 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -99,6 +99,11 @@ pt-BR:
             user_id:
               already_confirmed:
               already_invited:
+        ownership_request:
+          attributes:
+            user_id:
+              taken:
+              existing:
         user:
           attributes:
             handle:
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index d9dcdd8b4d6..1c718f10013 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -94,6 +94,11 @@ zh-CN:
             user_id:
               already_confirmed:
               already_invited:
+        ownership_request:
+          attributes:
+            user_id:
+              taken:
+              existing:
         user:
           attributes:
             handle:
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index 73db1d94e60..7a6a0fa97a3 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -93,6 +93,11 @@ zh-TW:
             user_id:
               already_confirmed: 已是此 Gem 的擁有者
               already_invited: 已獲邀加入此 Gem
+        ownership_request:
+          attributes:
+            user_id:
+              taken:
+              existing:
         user:
           attributes:
             handle:
diff --git a/test/functional/ownership_requests_controller_test.rb b/test/functional/ownership_requests_controller_test.rb
index fad27e5c633..2a29093de1d 100644
--- a/test/functional/ownership_requests_controller_test.rb
+++ b/test/functional/ownership_requests_controller_test.rb
@@ -59,14 +59,17 @@ class OwnershipRequestsControllerTest < ActionController::TestCase
           @rubygem = create(:rubygem, downloads: 2_000)
           create(:version, rubygem: @rubygem, created_at: 2.years.ago, number: "1.0.0")
         end
+
         context "when user is owner" do
           setup do
             create(:ownership, user: @user, rubygem: @rubygem)
             post :create, params: { rubygem_id: @rubygem.name, note: "small note" }
           end
-          should respond_with :forbidden
 
-          should "not create ownership request" do
+          should redirect_to("adoptions index") { rubygem_adoptions_path(@rubygem.slug) }
+          should set_flash[:alert].to("User is already an owner")
+
+          should "not create ownership call" do
             assert_nil @rubygem.ownership_requests.find_by(user: @user)
           end
         end
@@ -77,11 +80,8 @@ class OwnershipRequestsControllerTest < ActionController::TestCase
               post :create, params: { rubygem_id: @rubygem.name, note: "small note" }
             end
             should redirect_to("adoptions index") { rubygem_adoptions_path(@rubygem.slug) }
-            should "set success notice flash" do
-              expected_notice = "Your ownership request was submitted."
+            should set_flash[:notice].to("Your ownership request was submitted.")
 
-              assert_equal expected_notice, flash[:notice]
-            end
             should "create ownership request" do
               assert_not_nil @rubygem.ownership_requests.find_by(user: @user)
             end
@@ -91,11 +91,8 @@ class OwnershipRequestsControllerTest < ActionController::TestCase
               post :create, params: { rubygem_id: @rubygem.name }
             end
             should redirect_to("adoptions index") { rubygem_adoptions_path(@rubygem.slug) }
-            should "set error alert flash" do
-              expected_notice = "Note can't be blank"
+            should set_flash[:alert].to("Note can't be blank")
 
-              assert_equal expected_notice, flash[:alert]
-            end
             should "not create ownership call" do
               assert_nil @rubygem.ownership_requests.find_by(user: @user)
             end
@@ -106,11 +103,7 @@ class OwnershipRequestsControllerTest < ActionController::TestCase
               post :create, params: { rubygem_id: @rubygem.name, note: "new note" }
             end
             should redirect_to("adoptions index") { rubygem_adoptions_path(@rubygem.slug) }
-            should "set error alert flash" do
-              expected_notice = "User has already been taken"
-
-              assert_equal expected_notice, flash[:alert]
-            end
+            should set_flash[:alert].to("User has already requested ownership")
           end
         end
       end
diff --git a/test/integration/profile_test.rb b/test/integration/profile_test.rb
index 748e159fb10..34540ceee86 100644
--- a/test/integration/profile_test.rb
+++ b/test/integration/profile_test.rb
@@ -166,8 +166,9 @@ def sign_out
 
   test "seeing ownership calls and requests" do
     rubygem = create(:rubygem, owners: [@user], number: "1.0.0")
+    requested_gem = create(:rubygem, number: "2.0.0")
     create(:ownership_call, rubygem: rubygem, user: @user, note: "special note")
-    create(:ownership_request, rubygem: rubygem, user: @user, note: "request note")
+    create(:ownership_request, rubygem: requested_gem, user: @user, note: "request note")
 
     sign_in
     visit profile_path("nick1")
diff --git a/test/jobs/delete_user_job_test.rb b/test/jobs/delete_user_job_test.rb
index 77cbfcfa034..361d13954d3 100644
--- a/test/jobs/delete_user_job_test.rb
+++ b/test/jobs/delete_user_job_test.rb
@@ -134,9 +134,9 @@ class DeleteUserJobTest < ActiveJob::TestCase
     open_call = create(:ownership_call, rubygem: rubygem, user: user)
 
     other_call = create(:ownership_call, rubygem: other_rubygem, user: other_user)
-    closed_request = create(:ownership_request, ownership_call: other_call, rubygem: rubygem, user: user, status: :closed)
-    approved_request = create(:ownership_request, ownership_call: other_call, rubygem: rubygem, user: user, status: :approved)
-    open_request = create(:ownership_request, ownership_call: other_call, rubygem: rubygem, user: user)
+    closed_request = create(:ownership_request, ownership_call: other_call, rubygem: other_rubygem, user: user, status: :closed)
+    approved_request = create(:ownership_request, ownership_call: other_call, rubygem: other_rubygem, user: user, status: :approved)
+    open_request = create(:ownership_request, ownership_call: other_call, rubygem: other_rubygem, user: user)
     other_request = create(:ownership_request, ownership_call: open_call, rubygem: rubygem, user: other_user)
 
     assert_delete user
diff --git a/test/models/ownership_request_test.rb b/test/models/ownership_request_test.rb
index 94c6ce58943..7b81a9a3983 100644
--- a/test/models/ownership_request_test.rb
+++ b/test/models/ownership_request_test.rb
@@ -57,7 +57,16 @@ class OwnershipRequestTest < ActiveSupport::TestCase
       ownership_request = build(:ownership_request, user: @user, rubygem: @rubygem)
 
       refute_predicate ownership_request, :valid?
-      assert_contains ownership_request.errors[:user_id], "has already been taken"
+      assert_contains ownership_request.errors[:user_id], "has already requested ownership"
+    end
+
+    should "not create a call when already an owner" do
+      owner = create(:user, handle: "owner")
+      create(:ownership, rubygem: @rubygem, user: owner)
+      ownership_request = build(:ownership_request, user: owner, rubygem: @rubygem)
+
+      refute_predicate ownership_request, :valid?
+      assert_contains ownership_request.errors[:user_id], "is already an owner"
     end
   end
 
diff --git a/test/policies/rubygem_policy_test.rb b/test/policies/rubygem_policy_test.rb
index dbb2674e3e3..25b4d473d55 100644
--- a/test/policies/rubygem_policy_test.rb
+++ b/test/policies/rubygem_policy_test.rb
@@ -12,10 +12,6 @@ def policy!(user)
   end
 
   context "#request_ownership?" do
-    should "be false if the gem is owned by the user" do
-      refute_authorized @owner, :request_ownership?
-    end
-
     should "be true if the gem has ownership calls" do
       create(:ownership_call, rubygem: @rubygem, user: @owner)
 
@@ -56,7 +52,7 @@ def policy!(user)
     should "be true if the rubygem is adoptable" do
       create(:version, rubygem: @rubygem, created_at: 2.years.ago)
 
-      assert_authorized @owner, :show_adoption?
+      assert_authorized @user, :show_adoption?
     end
   end
 

From 98c02fb74c1031cb8ecef274f809b832090f26b8 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 16 Jul 2024 14:40:55 -0700
Subject: [PATCH 077/381] bump ruby to 3.3.4

---
 .ruby-version | 2 +-
 Dockerfile    | 2 +-
 Gemfile.lock  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.ruby-version b/.ruby-version
index 619b5376684..a0891f563f3 100644
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-3.3.3
+3.3.4
diff --git a/Dockerfile b/Dockerfile
index 64d7cf992f9..0649c9227df 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,7 @@
 # syntax = docker/dockerfile:1.4
 
 # Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
-ARG RUBY_VERSION=3.3.3
+ARG RUBY_VERSION=3.3.4
 ARG ALPINE_VERSION=3.20
 FROM ruby:$RUBY_VERSION-alpine${ALPINE_VERSION} as base
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 65ec30c72d3..4bbe4c01b98 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1189,7 +1189,7 @@ CHECKSUMS
   zeitwerk (2.6.16) sha256=17df48537f09a937804f79bd9a92817da3b199e268634972d0e98a21ca588e21
 
 RUBY VERSION
-   ruby 3.3.3p89
+   ruby 3.3.4p94
 
 BUNDLED WITH
    2.5.14

From 4c59a32badd63973b6cfa20bdb19d6907f48e798 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 16 Jul 2024 14:42:46 -0700
Subject: [PATCH 078/381] bump parser to 3.3.4

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 4bbe4c01b98..3f616b8b923 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -482,7 +482,7 @@ GEM
     optimist (3.1.0)
     pagy (8.4.0)
     parallel (1.25.1)
-    parser (3.3.3.0)
+    parser (3.3.4.0)
       ast (~> 2.4.1)
       racc
     pg (1.5.6)
@@ -1069,7 +1069,7 @@ CHECKSUMS
   optimist (3.1.0) sha256=81886f53ee8919f330aa30076d320d88eef9bc85aae2275376b4afb007c69260
   pagy (8.4.0) sha256=21dd68453d24e752a1bc81aef5b6f1346ff95e1c2e5b53448355f7856f3ef901
   parallel (1.25.1) sha256=12e089b9aa36ea2343f6e93f18cfcebd031798253db8260590d26a7f70b1ab90
-  parser (3.3.3.0) sha256=a2e23c90918d9b7e866b18dca2b6835f227769dd2fa8e59c5841f3389cf53eeb
+  parser (3.3.4.0) sha256=8d247769c3873fe92201d591a7463384022a1a25e214853df5d6806623179e82
   pg (1.5.6) sha256=4bc3ad2438825eea68457373555e3fd4ea1a82027b8a6be98ef57c0d57292b1c
   pg_query (5.1.0) sha256=b7f7f47c864f08ccbed46a8244906fb6ee77ee344fd27250717963928c93145d
   pghero (3.6.0) sha256=cad9cb865f99ff40bb5ba47d3dae20d06be06ac8ea6b01172f6a8ccc85671109

From 2d57c6146e9ca824cdf19a189e469a4766e1f9a2 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 16 Jul 2024 16:21:11 -0700
Subject: [PATCH 079/381] update CI to 3.3.4 as well

---
 .github/workflows/docker.yml | 2 +-
 .github/workflows/test.yml   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 9ecd1b5dd62..4649bc4fec7 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-24.04
     env:
       RUBYGEMS_VERSION: 3.5.14
-      RUBY_VERSION: 3.3.3
+      RUBY_VERSION: 3.3.4
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up Docker Buildx
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index e132e78f586..cc9fbc38ce6 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -29,7 +29,7 @@ jobs:
             version: "3.5.14"
           - name: latest
             version: latest
-        ruby_version: ["3.3.3"]
+        ruby_version: ["3.3.4"]
         tests:
           - name: general
             command: test

From 4582b0da571149440f645ec017d345bb552b397a Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Tue, 16 Jul 2024 16:26:32 -0700
Subject: [PATCH 080/381] update ruby-setup

---
 .github/actions/setup-rubygems.org/action.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/actions/setup-rubygems.org/action.yml b/.github/actions/setup-rubygems.org/action.yml
index c1af62e1fea..298a01efb6f 100644
--- a/.github/actions/setup-rubygems.org/action.yml
+++ b/.github/actions/setup-rubygems.org/action.yml
@@ -14,7 +14,7 @@ runs:
       shell: bash
       run: |
         docker compose up -d --wait
-    - uses: ruby/setup-ruby@3783f195e29b74ae398d7caca108814bbafde90e # v1.180.1
+    - uses: ruby/setup-ruby@161cd54b698f1fb3ea539faab2e036d409550e3c # v1.187.0
       with:
         ruby-version: ${{ inputs.ruby-version }}
         bundler-cache: true

From 5ee0d56400d660c7ab36c4e9f912f44d928fd83a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 17 Jul 2024 14:57:34 +0000
Subject: [PATCH 081/381] Bump tailwindcss-rails from 2.6.1 to 2.6.3

Bumps [tailwindcss-rails](https://github.com/rails/tailwindcss-rails) from 2.6.1 to 2.6.3.
- [Release notes](https://github.com/rails/tailwindcss-rails/releases)
- [Changelog](https://github.com/rails/tailwindcss-rails/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/tailwindcss-rails/compare/v2.6.1...v2.6.3)

---
updated-dependencies:
- dependency-name: tailwindcss-rails
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 3f616b8b923..bc7684444fc 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -707,7 +707,7 @@ GEM
       attr_required (>= 0.0.5)
       faraday (~> 2.0)
       faraday-follow_redirects
-    tailwindcss-rails (2.6.1)
+    tailwindcss-rails (2.6.3)
       railties (>= 7.0.0)
     terser (1.2.3)
       execjs (>= 0.3.0, < 3)
@@ -1157,7 +1157,7 @@ CHECKSUMS
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d
   strscan (3.1.0) sha256=01b8a81d214fbf7b5308c6fb51b5972bbfc4a6aa1f166fd3618ba97e0fcd5555
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
-  tailwindcss-rails (2.6.1) sha256=60e66e243761402f9ce834132f59dd6c08b6fea5987e321bd9886dd0b0ce04ac
+  tailwindcss-rails (2.6.3) sha256=63a5f3d6f92d0784024b352ab472f0bb85047081c2b51e2679fce558721bb6a6
   terser (1.2.3) sha256=c03111b9b01a7e70cd456b5d9aedf0a56fb99314a19311c4278c01ccebe3da9c
   thor (1.3.1) sha256=fa7e3471d4f6a27138e3d9c9b0d4daac9c3d7383927667ae83e9ab42ae7401ef
   tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c

From 7354f690f0ff66b3dc4e76cd085ce9e484a96840 Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Wed, 17 Jul 2024 17:41:39 -0700
Subject: [PATCH 082/381] Don't report error on bad encoding in normalize_email
 (#4901)

---
 app/models/user.rb       |  3 +--
 test/models/user_test.rb | 22 ++++++++++++++++++++--
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index 6b307c39565..69be1896d66 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -146,8 +146,7 @@ def self.ownership_request_notifiable_owners
 
   def self.normalize_email(email)
     email.to_s.gsub(/\s+/, "")
-  rescue ArgumentError => e
-    Rails.error.report(e, handled: true)
+  rescue ArgumentError
     ""
   end
 
diff --git a/test/models/user_test.rb b/test/models/user_test.rb
index ad5e82958c2..6d05c1fd070 100644
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@@ -926,11 +926,29 @@ class UserTest < ActiveSupport::TestCase
 
   context ".normalize_email" do
     should "return the normalized email" do
-      assert_equal "UsEr@example.COM", User.normalize_email(:"UsEr@ example . COM")
+      assert_equal "UsEr@example.COM", User.normalize_email(:"UsEr@\texample . COM")
+    end
+
+    should "preserve valid characters so that the format error can be returned" do
+      # UTF-8 "香" character, which is valid UTF-8, but we reject utf-8 in email addresses
+      assert_equal "香@example.com", User.normalize_email("\u9999@example.com".force_encoding("utf-8"))
+
+      # ISO-8859-1 "Å" character (valid in ISO-8859-1)
+      encoded_email = "myem\xC5il@example.com".force_encoding("ISO-8859-1")
+
+      assert_equal encoded_email, User.normalize_email(encoded_email)
     end
 
     should "return an empty string on invalid inputs" do
-      assert_equal "", User.normalize_email("\u9999".force_encoding("ascii"))
+      # bad encoding when sent as ASCII-8BIT
+      assert_equal "", User.normalize_email("\u9999@example.com".force_encoding("ascii"))
+
+      # ISO-8859-1 "Å" character (invalid in UTF-8, which uses \xC385 for this character)
+      assert_equal "", User.normalize_email("myem\xC5il@example.com".force_encoding("UTF-8"))
+    end
+
+    should "return an empty string for nil" do
+      assert_equal "", User.normalize_email(nil)
     end
   end
 end

From db1fb6feedf4567ffcce542ee386a268dc956204 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 18 Jul 2024 14:18:53 +0000
Subject: [PATCH 083/381] Bump mocha from 2.4.1 to 2.4.2

Bumps [mocha](https://github.com/freerange/mocha) from 2.4.1 to 2.4.2.
- [Changelog](https://github.com/freerange/mocha/blob/main/RELEASE.md)
- [Commits](https://github.com/freerange/mocha/compare/v2.4.1...v2.4.2)

---
updated-dependencies:
- dependency-name: mocha
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index bc7684444fc..110a58b1ff4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -413,7 +413,7 @@ GEM
       ruby-progressbar
     minitest-retry (0.2.2)
       minitest (>= 5.0)
-    mocha (2.4.1)
+    mocha (2.4.2)
       ruby2_keywords (>= 0.0.5)
     msgpack (1.7.2)
     multi_json (1.15.0)
@@ -1042,7 +1042,7 @@ CHECKSUMS
   minitest-gcstats (1.3.1) sha256=cb25490f93aac02e3a5ff307e560d41afcdcafa7952c1c32efdeb9886b1f4711
   minitest-reporters (1.7.1) sha256=5060413a0c95b8c32fe73e0606f3631c173a884d7900e50013e15094eb50562c
   minitest-retry (0.2.2) sha256=ea39f8abc3d67a8145ead04ff3828eb45169655c9e6078f182c0271516c03fb0
-  mocha (2.4.1) sha256=75effab2599bf4a82eb2cafac89effdebd3225921621f37d8eac76efcf8d0225
+  mocha (2.4.2) sha256=5fb89b7b42f2bcd9ae3ee6042d4435890bfc9226c1a0ea63925cd33c50cc3558
   msgpack (1.7.2) sha256=59ab62fd8a4d0dfbde45009f87eb6f158ab2628a7c48886b0256f175166baaa8
   multi_json (1.15.0) sha256=1fd04138b6e4a90017e8d1b804c039031399866ff3fbabb7822aea367c78615d
   multi_xml (0.7.1) sha256=4fce100c68af588ff91b8ba90a0bb3f0466f06c909f21a32f4962059140ba61b

From 7821826525e2fbb3643dad35576547401efbca6d Mon Sep 17 00:00:00 2001
From: Earlopain <14981592+Earlopain@users.noreply.github.com>
Date: Fri, 12 Jul 2024 14:35:13 +0200
Subject: [PATCH 084/381] Fix `<em>` tag in the gem search page

Caused by https://github.com/rubygems/rubygems.org/pull/4860
Fixes https://github.com/rubygems/rubygems.org/issues/4877

There don't appear to be other instances where this would happen
---
 app/views/searches/show.html.erb | 4 ++--
 config/locales/de.yml            | 2 +-
 config/locales/en.yml            | 2 +-
 config/locales/es.yml            | 2 +-
 config/locales/fr.yml            | 2 +-
 config/locales/ja.yml            | 2 +-
 config/locales/nl.yml            | 2 +-
 config/locales/pt-BR.yml         | 2 +-
 config/locales/zh-CN.yml         | 2 +-
 config/locales/zh-TW.yml         | 2 +-
 10 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/app/views/searches/show.html.erb b/app/views/searches/show.html.erb
index faabe5a83e5..2075bfb7830 100644
--- a/app/views/searches/show.html.erb
+++ b/app/views/searches/show.html.erb
@@ -7,7 +7,7 @@
 <% end %>
 <%= link_to t("advanced_search"), advanced_search_path, class: "t-link--gray t-link--has-arrow" %>
 <% if @yanked_filter %>
-  <% @subtitle = t('.subtitle', :query => content_tag(:em, h(params[:query]))) %>
+  <% @subtitle = t('.subtitle_html', :query => params[:query]) %>
 
   <% if @yanked_gem.present? %>
     <%= link_to rubygem_path(@yanked_gem.slug), :class => 'gems__gem' do %>
@@ -22,7 +22,7 @@
   <% end %>
 <% else %>
   <% if @gems %>
-    <% @subtitle = t('.subtitle', :query => content_tag(:em, h(params[:query]))) %>
+    <% @subtitle = t('.subtitle_html', :query => params[:query]) %>
 
     <header class="gems__header push--s">
       <p class="gems__meter"><%= page_entries_info(@gems, :entry_name => 'gem') %></p>
diff --git a/config/locales/de.yml b/config/locales/de.yml
index 4902aaec0c9..05ea1a97e7c 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -807,7 +807,7 @@ de:
       updated:
       yanked:
     show:
-      subtitle: für %{query}
+      subtitle_html: für <em>%{query}</em>
       month_update:
       week_update:
       filter:
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 72b06b38594..7bd9587da3e 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -720,7 +720,7 @@ en:
       updated: Updated
       yanked: Yanked
     show:
-      subtitle: for %{query}
+      subtitle_html: for <em>%{query}</em>
       month_update: Updated last month (%{count})
       week_update: Updated last week (%{count})
       filter: "Filter:"
diff --git a/config/locales/es.yml b/config/locales/es.yml
index 1af195c46c1..315466f7d70 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -833,7 +833,7 @@ es:
       updated: Actualizada
       yanked: Borrada
     show:
-      subtitle: para %{query}
+      subtitle_html: para <em>%{query}</em>
       month_update: Actualizadas en el último mes (%{count})
       week_update: Actualizadas en la última semana (%{count})
       filter: 'Filtro:'
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index 86ef627cc4c..d9fdef24909 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -757,7 +757,7 @@ fr:
       updated: Mis à jour
       yanked:
     show:
-      subtitle: pour %{query}
+      subtitle_html: pour <em>%{query}</em>
       month_update:
       week_update:
       filter:
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index f24add618e5..254592e147c 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -718,7 +718,7 @@ ja:
       updated: 更新日
       yanked: ヤンク済み
     show:
-      subtitle: "%{query}の検索結果"
+      subtitle_html: "<em>%{query}</em>の検索結果"
       month_update: 先月更新（%{count}件）
       week_update: 先週更新（%{count}件）
       filter: 絞り込み：
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index 05f34c219d9..0bbba0c11d6 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -712,7 +712,7 @@ nl:
       updated:
       yanked:
     show:
-      subtitle: voor %{query}
+      subtitle_html: voor <em>%{query}</em>
       month_update:
       week_update:
       filter:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index d188d76dd57..0d8c9a12263 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -735,7 +735,7 @@ pt-BR:
       updated:
       yanked:
     show:
-      subtitle: para %{query}
+      subtitle_html: para <em>%{query}</em>
       month_update:
       week_update:
       filter:
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index 1c718f10013..b2282b754fb 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -724,7 +724,7 @@ zh-CN:
       updated: 更新
       yanked: 撤回
     show:
-      subtitle: "%{query}"
+      subtitle_html: "<em>%{query}</em>"
       month_update: 上个月更新 (%{count})
       week_update: 上周更新 (%{count})
       filter: 过滤：
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index 7a6a0fa97a3..72988f60f0b 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -714,7 +714,7 @@ zh-TW:
       updated: 更新於
       yanked: 移除於
     show:
-      subtitle: "%{query}"
+      subtitle_html: "<em>%{query}</em>"
       month_update: 於最近一個月更新 (%{count})
       week_update: 於最近一週更新 (%{count})
       filter:

From 075816045b2b985ef76f36378e89001866c22ff7 Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Thu, 18 Jul 2024 20:11:00 -0700
Subject: [PATCH 085/381] Remove unused owner? method in ApplicationController
 (#4904)

---
 app/controllers/application_controller.rb | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 6bd038dc973..d017ae5a988 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -107,10 +107,6 @@ def find_rubygem
     end
   end
 
-  def owner?
-    @rubygem.owned_by?(current_user)
-  end
-
   def find_versioned_links
     @versioned_links = @rubygem.links(@latest_version)
   end

From 87d104c49128afa1ef7b4e2a3423ad8010c84cb7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 19 Jul 2024 17:38:58 -0700
Subject: [PATCH 086/381] Bump selenium-webdriver from 4.22.0 to 4.23.0 (#4906)

Bumps [selenium-webdriver](https://github.com/SeleniumHQ/selenium) from 4.22.0 to 4.23.0.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.22.0...selenium-4.23.0)

---
updated-dependencies:
- dependency-name: selenium-webdriver
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Gemfile b/Gemfile
index 9d165c5c136..5cbd45b347c 100644
--- a/Gemfile
+++ b/Gemfile
@@ -134,7 +134,7 @@ group :test do
   gem "mocha", "~> 2.4", require: false
   gem "shoulda-context", "~> 3.0.0.rc1"
   gem "shoulda-matchers", "~> 6.2"
-  gem "selenium-webdriver", "~> 4.22"
+  gem "selenium-webdriver", "~> 4.23"
   gem "webmock", "~> 3.23"
   gem "simplecov", "~> 0.22", require: false
   gem "simplecov-cobertura", "~> 2.1", require: false
diff --git a/Gemfile.lock b/Gemfile.lock
index 110a58b1ff4..8d8ceb2aaa0 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -596,7 +596,7 @@ GEM
     regexp_parser (2.9.2)
     reline (0.5.9)
       io-console (~> 0.5)
-    rexml (3.3.1)
+    rexml (3.3.2)
       strscan
     roadie (5.2.1)
       css_parser (~> 1.4)
@@ -659,7 +659,7 @@ GEM
     searchkick (5.3.1)
       activemodel (>= 6.1)
       hashie
-    selenium-webdriver (4.22.0)
+    selenium-webdriver (4.23.0)
       base64 (~> 0.2)
       logger (~> 1.4)
       rexml (~> 3.2, >= 3.2.5)
@@ -765,7 +765,7 @@ GEM
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
     webrick (1.8.1)
-    websocket (1.2.10)
+    websocket (1.2.11)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
@@ -870,7 +870,7 @@ DEPENDENCIES
   rubocop-rails (~> 2.25)
   ruby-magic (~> 0.6)
   searchkick (~> 5.3)
-  selenium-webdriver (~> 4.22)
+  selenium-webdriver (~> 4.23)
   shoryuken (~> 6.2)
   shoulda-context (~> 3.0.0.rc1)
   shoulda-matchers (~> 6.2)
@@ -1112,7 +1112,7 @@ CHECKSUMS
   redcarpet (3.6.0) sha256=8ad1889c0355ff4c47174af14edd06d62f45a326da1da6e8a121d59bdcd2e9e9
   regexp_parser (2.9.2) sha256=5a27e767ad634f8a4b544520d5cd28a0db7aa1198a5d7c9d7e11d7b3d9066446
   reline (0.5.9) sha256=5d2dd7ed0fd078e79a05e4eaa47dc91b8dacec7358e9e1dd6d9c4636cff7d378
-  rexml (3.3.1) sha256=34af9fb38eff6c451abd187c53fded98378aa91766d4c62fbbce10e40ed7c325
+  rexml (3.3.2) sha256=4513686f858d0ff2e5a412d734c8a192e16cb1df4cb2063f56b72a8ad4c5257f
   roadie (5.2.1) sha256=e4a4f61ce792bd91b228b6844b4bad6b160cdc1b8df86c81a8b983082a5001d6
   roadie-rails (3.2.0) sha256=90a534857fcfe9fdbe4f9ebfdbc47e5d33462c4f36f478fc80ba6a7b6257433f
   rotp (6.3.0) sha256=75d40087e65ed0d8022c33055a6306c1c400d1c12261932533b5d6cbcd868854
@@ -1137,7 +1137,7 @@ CHECKSUMS
   sassc-embedded (1.70.1) sha256=a95172c9c6725dfc412c702a0e705fb8a5bcb3aac2a32586b18e5432987103d3
   sawyer (0.9.2) sha256=fa3a72d62a4525517b18857ddb78926aab3424de0129be6772a8e2ba240e7aca
   searchkick (5.3.1) sha256=dc1181543f6a68354e380651f235fa7f3df6a09e4cd67fc284dc293fa9860f57
-  selenium-webdriver (4.22.0) sha256=644370abcdcf1f14b2581c125d39014a1933b20e355c74b0dc5d0ca877a45d66
+  selenium-webdriver (4.23.0) sha256=490aeddee879cfea58a4db6628338d60a905bc56cd5e1a60dfbaa9090a19b801
   semantic (1.6.1) sha256=3cdbb48f59198ebb782a3fdfb87b559e0822a311610db153bae22777a7d0c163
   semantic_logger (4.16.0) sha256=ffba0bd0e008ceaf6be26da588f610a61208b9a9f55676b32729e962904023d9
   shoryuken (6.2.1) sha256=95ddc0a717624a54e799d25a0a05100cb5a0c3728a96211935c214faaf16b3b6
@@ -1180,7 +1180,7 @@ CHECKSUMS
   webfinger (2.1.3) sha256=567a52bde77fb38ca6b67e55db755f988766ec4651c1d24916a65aa70540695c
   webmock (3.23.1) sha256=0fa738c0767d1c4ec8cc57f6b21998f0c238c8a5b32450df1c847f2767140d95
   webrick (1.8.1) sha256=19411ec6912911fd3df13559110127ea2badd0c035f7762873f58afc803e158f
-  websocket (1.2.10) sha256=2cc1a4a79b6e63637b326b4273e46adcddf7871caa5dc5711f2ca4061a629fa8
+  websocket (1.2.11) sha256=b7e7a74e2410b5e85c25858b26b3322f29161e300935f70a0e0d3c35e0462737
   websocket-driver (0.7.6) sha256=f69400be7bc197879726ad8e6f5869a61823147372fd8928836a53c2c741d0db
   websocket-extensions (0.1.5) sha256=1c6ba63092cda343eb53fc657110c71c754c56484aad42578495227d717a8241
   xml-simple (1.1.9) sha256=d21131e519c86f1a5bc2b6d2d57d46e6998e47f18ed249b25cad86433dbd695d

From 3282ce1e9f546e327f8f1d8f91eb2a9672b5a10d Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Sat, 20 Jul 2024 13:52:37 -0700
Subject: [PATCH 087/381] Set Cross-Origin-Opener-Policy: same-origin (#4910)

---
 config/application.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/config/application.rb b/config/application.rb
index 7de954883d6..548551b8d00 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -69,6 +69,10 @@ class Application < Rails::Application
     config.active_support.cache_format_version = 7.1
 
     config.action_dispatch.rescue_responses["Rack::Multipart::EmptyContentError"] = :bad_request
+
+    config.action_dispatch.default_headers.merge!(
+      "Cross-Origin-Opener-Policy" => "same-origin"
+    )
   end
 
   def self.config

From bc19379d6fb7c58fd091e6dc051825ae79c21a61 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Sun, 21 Jul 2024 23:26:46 -0700
Subject: [PATCH 088/381] Forbid gem name/version number&platform from ending
 in punctuation or common extension (#4909)

---
 app/models/version.rb        |  5 +++++
 lib/name_format_validator.rb | 22 +++++++++++++---------
 lib/patterns.rb              |  5 ++++-
 test/models/rubygem_test.rb  |  4 ++++
 test/models/version_test.rb  |  5 +++++
 5 files changed, 31 insertions(+), 10 deletions(-)

diff --git a/app/models/version.rb b/app/models/version.rb
index 2bf906ccf02..cf29ffbb611 100644
--- a/app/models/version.rb
+++ b/app/models/version.rb
@@ -47,6 +47,11 @@ class Version < ApplicationRecord # rubocop:disable Metrics/ClassLength
     allow_blank: true
   validates :sha256, :spec_sha256, format: { with: Patterns::BASE64_SHA256_PATTERN }, allow_nil: true
 
+  validates :number, :platform, :gem_platform, :full_name, :gem_full_name, :canonical_number,
+    name_format: { requires_letter: false },
+    if: -> { validation_context == :create || number_changed? || platform_changed? },
+    presence: true
+
   validate :unique_canonical_number, on: :create
   validate :platform_and_number_are_unique, on: :create
   validate :gem_platform_and_number_are_unique, on: :create
diff --git a/lib/name_format_validator.rb b/lib/name_format_validator.rb
index d8fae743d2c..fa59e37b185 100644
--- a/lib/name_format_validator.rb
+++ b/lib/name_format_validator.rb
@@ -2,14 +2,18 @@
 
 class NameFormatValidator < ActiveModel::EachValidator
   def validate_each(record, attribute, value)
-    if value.class != String
-      record.errors.add attribute, "must be a String"
-    elsif !Patterns::LETTER_REGEXP.match?(value)
-      record.errors.add attribute, "must include at least one letter"
-    elsif !Patterns::NAME_PATTERN.match?(value)
-      record.errors.add attribute, "can only include letters, numbers, dashes, and underscores"
-    elsif Patterns::SPECIAL_CHAR_PREFIX_REGEXP.match?(value)
-      record.errors.add attribute, "can not begin with a period, dash, or underscore"
-    end
+    return record.errors.add attribute, "must be a String" if value.class != String
+
+    record.errors.add attribute, "must include at least one letter" if requires_letter? && !Patterns::LETTER_REGEXP.match?(value)
+    record.errors.add attribute, "can only include letters, numbers, dashes, and underscores" unless Patterns::NAME_PATTERN.match?(value)
+    record.errors.add attribute, "can not begin with a period, dash, or underscore" if Patterns::SPECIAL_CHAR_PREFIX_REGEXP.match?(value)
+    record.errors.add attribute, "can not end with a period, dash, or underscore" if Patterns::SPECIAL_CHAR_SUFFIX_REGEXP.match?(value)
+    record.errors.add attribute, "can not end with a common file extension" if Patterns::BANNED_EXTENSION_REGEXP.match?(value)
+  end
+
+  private
+
+  def requires_letter?
+    options.fetch(:requires_letter, true)
   end
 end
diff --git a/lib/patterns.rb b/lib/patterns.rb
index ee994260dfb..b2c37d3ccd3 100644
--- a/lib/patterns.rb
+++ b/lib/patterns.rb
@@ -8,10 +8,13 @@ module Patterns
   LAZY_ROUTE_PATTERN    = /#{ALLOWED_CHARACTERS}?/
   NAME_PATTERN          = /\A#{ALLOWED_CHARACTERS}\z/
   LETTER_REGEXP         = /[a-zA-Z]+/
-  SPECIAL_CHAR_PREFIX_REGEXP = /\A[#{Regexp.escape(SPECIAL_CHARACTERS)}]/o
   URL_VALIDATION_REGEXP = %r{\Ahttps?://([^\s:@]+:[^\s:@]*@)?[A-Za-z\d-]+(\.[A-Za-z\d-]+)+\.?(:\d{1,5})?([/?]\S*)?\z}
   VERSION_PATTERN       = /\A#{Gem::Version::VERSION_PATTERN}\z/o
   REQUIREMENT_PATTERN   = Gem::Requirement::PATTERN
   BASE64_SHA256_PATTERN = %r{\A[0-9a-zA-Z_+/-]{43}={0,2}\z}
   HANDLE_PATTERN        = /\A[A-Za-z][A-Za-z_\-0-9]*\z/
+  SPECIAL_CHAR_PREFIX_REGEXP = /\A[#{Regexp.escape(SPECIAL_CHARACTERS)}]/o
+  SPECIAL_CHAR_SUFFIX_REGEXP = /[#{Regexp.escape(SPECIAL_CHARACTERS)}]\z/o
+  BANNED_EXTENSIONS          = %w[gem json html gemspec].freeze
+  BANNED_EXTENSION_REGEXP    = /\.(?:#{Regexp.union(BANNED_EXTENSIONS)})\z/i
 end
diff --git a/test/models/rubygem_test.rb b/test/models/rubygem_test.rb
index 7ccddf44871..7b4f1794e02 100644
--- a/test/models/rubygem_test.rb
+++ b/test/models/rubygem_test.rb
@@ -21,11 +21,15 @@ class RubygemTest < ActiveSupport::TestCase
     should allow_value("factory_girl").for(:name)
     should allow_value("rack-test").for(:name)
     should allow_value("perftools.rb").for(:name)
+    should allow_value("s3-4-2").for(:name)
+    should allow_value("its.a.gem.ok").for(:name)
     should_not allow_value("\342\230\203").for(:name)
     should_not allow_value("2.2").for(:name)
     should_not allow_value(".omghi").for(:name)
     should_not allow_value("-omghi").for(:name)
     should_not allow_value("_omghi").for(:name)
+    should_not allow_value("omg-").for(:name)
+    should_not allow_value("omg.gem").for(:name)
 
     context "with reserved Ruby gem" do
       setup do
diff --git a/test/models/version_test.rb b/test/models/version_test.rb
index 0e361d26b46..726ecf497e9 100644
--- a/test/models/version_test.rb
+++ b/test/models/version_test.rb
@@ -406,16 +406,21 @@ class VersionTest < ActiveSupport::TestCase
     end
     subject { @version }
 
+    should allow_value("1.2.3.pre").for(:number)
     should_not allow_value("#YAML<CEREALIZATION-FAIL>").for(:number)
     should_not allow_value("1.2.3-\"[javalol]\"").for(:number)
     should_not allow_value("0.8.45::Gem::PLATFORM::FAILBOAT").for(:number)
     should_not allow_value("1.2.3\n<bad>").for(:number)
     should_not allow_value("1.2.3-bad").for(:number)
+    should_not allow_value("1.2.3.").for(:number)
+    should_not allow_value("1.2.3.gem").for(:number)
 
     should allow_value("ruby").for(:platform)
     should allow_value("mswin32").for(:platform)
     should allow_value("x86_64-linux").for(:platform)
+    should allow_value("it.is.fine").for(:platform)
     should_not allow_value("Gem::Platform::Ruby").for(:platform)
+    should_not allow_value("ruby.gem").for(:platform)
 
     should "be invalid with platform longer than maximum field length" do
       @version.platform = "r" * (Gemcutter::MAX_FIELD_LENGTH + 1)

From a6f358c95f0c0c234504ebac5b0d015b728bba5d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Jul 2024 10:01:04 -0700
Subject: [PATCH 089/381] Bump mocha from 2.4.2 to 2.4.3 (#4912)

Bumps [mocha](https://github.com/freerange/mocha) from 2.4.2 to 2.4.3.
- [Changelog](https://github.com/freerange/mocha/blob/main/RELEASE.md)
- [Commits](https://github.com/freerange/mocha/compare/v2.4.2...v2.4.3)

---
updated-dependencies:
- dependency-name: mocha
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 8d8ceb2aaa0..dbd58a13b5c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -413,7 +413,7 @@ GEM
       ruby-progressbar
     minitest-retry (0.2.2)
       minitest (>= 5.0)
-    mocha (2.4.2)
+    mocha (2.4.3)
       ruby2_keywords (>= 0.0.5)
     msgpack (1.7.2)
     multi_json (1.15.0)
@@ -1042,7 +1042,7 @@ CHECKSUMS
   minitest-gcstats (1.3.1) sha256=cb25490f93aac02e3a5ff307e560d41afcdcafa7952c1c32efdeb9886b1f4711
   minitest-reporters (1.7.1) sha256=5060413a0c95b8c32fe73e0606f3631c173a884d7900e50013e15094eb50562c
   minitest-retry (0.2.2) sha256=ea39f8abc3d67a8145ead04ff3828eb45169655c9e6078f182c0271516c03fb0
-  mocha (2.4.2) sha256=5fb89b7b42f2bcd9ae3ee6042d4435890bfc9226c1a0ea63925cd33c50cc3558
+  mocha (2.4.3) sha256=b47c553f39f6cd77302707d7317346e2a6138c56147948023f73a35833bb37b9
   msgpack (1.7.2) sha256=59ab62fd8a4d0dfbde45009f87eb6f158ab2628a7c48886b0256f175166baaa8
   multi_json (1.15.0) sha256=1fd04138b6e4a90017e8d1b804c039031399866ff3fbabb7822aea367c78615d
   multi_xml (0.7.1) sha256=4fce100c68af588ff91b8ba90a0bb3f0466f06c909f21a32f4962059140ba61b

From 62171087250cd11a877e369e84cbc861b0cf2937 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Jul 2024 10:01:20 -0700
Subject: [PATCH 090/381] Bump docker/setup-buildx-action from 3.4.0 to 3.5.0
 (#4913)

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/4fd812986e6c8c2a69e18311145f9371337f27d4...aa33708b10e362ff993539393ff100fa93ed6a27)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 4649bc4fec7..f27dd5f81ad 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -20,7 +20,7 @@ jobs:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # master
+        uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # master
       - name: Cache Docker layers
         uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:

From 2688bb819bcc48244d7264a89950034e605b50ba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Jul 2024 10:01:31 -0700
Subject: [PATCH 091/381] Bump github/codeql-action from 3.25.12 to 3.25.13
 (#4914)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.12 to 3.25.13.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/4fa2a7953630fd2f3fb380f21be14ede0169dd4f...2d790406f505036ef40ecba973cc774a50395aac)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 36bfaa0789f..cdfc82b671e 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
+        uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
+        uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
+        uses: github/codeql-action/analyze@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 97289616a63..f8c23cbb04f 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
+        uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
         with:
           sarif_file: results.sarif

From 435fa0cede9dea6c689e4f6f480ba584438b6991 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Jul 2024 10:33:55 -0700
Subject: [PATCH 092/381] Bump ruby/setup-ruby from 1.187.0 to 1.188.0 (#4915)

Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.187.0 to 1.188.0.
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/161cd54b698f1fb3ea539faab2e036d409550e3c...50ba3386b050ad5b97a41fcb81240cbee1d1821f)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/lint.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 0f8daf2864a..9478f3358f2 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@161cd54b698f1fb3ea539faab2e036d409550e3c # v1.187.0
+      - uses: ruby/setup-ruby@50ba3386b050ad5b97a41fcb81240cbee1d1821f # v1.188.0
         with:
           bundler-cache: true
       - name: Rubocop
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@161cd54b698f1fb3ea539faab2e036d409550e3c # v1.187.0
+      - uses: ruby/setup-ruby@50ba3386b050ad5b97a41fcb81240cbee1d1821f # v1.188.0
         with:
           bundler-cache: true
       - name: Brakeman
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@161cd54b698f1fb3ea539faab2e036d409550e3c # v1.187.0
+      - uses: ruby/setup-ruby@50ba3386b050ad5b97a41fcb81240cbee1d1821f # v1.188.0
         with:
           bundler-cache: true
       - name: Importmap Verify
@@ -51,7 +51,7 @@ jobs:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@161cd54b698f1fb3ea539faab2e036d409550e3c # v1.187.0
+      - uses: ruby/setup-ruby@50ba3386b050ad5b97a41fcb81240cbee1d1821f # v1.188.0
         with:
           bundler-cache: true
       - name: krane render

From 5a3ad812836f4be55916187bc091023776eea954 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Jul 2024 10:42:16 -0700
Subject: [PATCH 093/381] Bump mocha from 2.4.3 to 2.4.4 (#4918)

Bumps [mocha](https://github.com/freerange/mocha) from 2.4.3 to 2.4.4.
- [Changelog](https://github.com/freerange/mocha/blob/main/RELEASE.md)
- [Commits](https://github.com/freerange/mocha/compare/v2.4.3...v2.4.4)

---
updated-dependencies:
- dependency-name: mocha
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index dbd58a13b5c..41e8c2f2055 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -413,7 +413,7 @@ GEM
       ruby-progressbar
     minitest-retry (0.2.2)
       minitest (>= 5.0)
-    mocha (2.4.3)
+    mocha (2.4.4)
       ruby2_keywords (>= 0.0.5)
     msgpack (1.7.2)
     multi_json (1.15.0)
@@ -1042,7 +1042,7 @@ CHECKSUMS
   minitest-gcstats (1.3.1) sha256=cb25490f93aac02e3a5ff307e560d41afcdcafa7952c1c32efdeb9886b1f4711
   minitest-reporters (1.7.1) sha256=5060413a0c95b8c32fe73e0606f3631c173a884d7900e50013e15094eb50562c
   minitest-retry (0.2.2) sha256=ea39f8abc3d67a8145ead04ff3828eb45169655c9e6078f182c0271516c03fb0
-  mocha (2.4.3) sha256=b47c553f39f6cd77302707d7317346e2a6138c56147948023f73a35833bb37b9
+  mocha (2.4.4) sha256=c80e9fea53f9920bbb2334e8e458efe2b83e676e5be9d1022dd313f724f1ec86
   msgpack (1.7.2) sha256=59ab62fd8a4d0dfbde45009f87eb6f158ab2628a7c48886b0256f175166baaa8
   multi_json (1.15.0) sha256=1fd04138b6e4a90017e8d1b804c039031399866ff3fbabb7822aea367c78615d
   multi_xml (0.7.1) sha256=4fce100c68af588ff91b8ba90a0bb3f0466f06c909f21a32f4962059140ba61b

From 8d9a513467dd80e3f65aedc60a858554a27348cc Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Tue, 23 Jul 2024 10:42:37 -0700
Subject: [PATCH 094/381] Upgrade rubocop* (#4917)

---
 Gemfile.lock | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 41e8c2f2055..54bdde9bb2f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -610,13 +610,13 @@ GEM
       chunky_png (~> 1.0)
       rqrcode_core (~> 1.0)
     rqrcode_core (1.2.0)
-    rubocop (1.64.1)
+    rubocop (1.65.0)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
+      regexp_parser (>= 2.4, < 3.0)
       rexml (>= 3.2.5, < 4.0)
       rubocop-ast (>= 1.31.1, < 2.0)
       ruby-progressbar (~> 1.7)
@@ -627,7 +627,7 @@ GEM
       rubocop (~> 1.41)
     rubocop-factory_bot (2.26.1)
       rubocop (~> 1.61)
-    rubocop-minitest (0.35.0)
+    rubocop-minitest (0.35.1)
       rubocop (>= 1.61, < 2.0)
       rubocop-ast (>= 1.31.1, < 2.0)
     rubocop-performance (1.21.1)
@@ -1119,11 +1119,11 @@ CHECKSUMS
   rouge (4.3.0) sha256=9ee3d9ec53338e78c03fff0cbcd08881d80d69152349b046761e48ccf2de581c
   rqrcode (2.2.0) sha256=23eea88bb44c7ee6d6cab9354d08c287f7ebcdc6112e1fe7bcc2d010d1ffefc1
   rqrcode_core (1.2.0) sha256=cf4989dc82d24e2877984738c4ee569308625fed2a810960f1b02d68d0308d1a
-  rubocop (1.64.1) sha256=3145bf1863771e400a1c041060e751e5ff0edd9ceb99d01df36db1902f611f3b
+  rubocop (1.65.0) sha256=624316407a3f8e3999c6f75c528471ed3d4513ca39cec3bede1964c69630e4a1
   rubocop-ast (1.31.3) sha256=1b07d618d8776993ec6053a706d1c09f0bf15139fd69415924656cbff07e7818
   rubocop-capybara (2.21.0) sha256=5d264efdd8b6c7081a3d4889decf1451a1cfaaec204d81534e236bc825b280ab
   rubocop-factory_bot (2.26.1) sha256=8de13cd4edcee5ca800f255188167ecef8dbfc3d1fae9f15734e9d2e755392aa
-  rubocop-minitest (0.35.0) sha256=8411f3a858a445f1930f41876eabf4a0511aa258b339ec19010fdca159272e00
+  rubocop-minitest (0.35.1) sha256=afd0a630a6212e46d855fc1eca09caf62f4abbdb6bf9c2afe89dc4a2fe536a12
   rubocop-performance (1.21.1) sha256=5cf20002a544275ad6aa99abca4b945d2a2ed71be925c38fe83700360ed8734e
   rubocop-rails (2.25.1) sha256=4988933ee02fdb213d22d0f61dc57d6c582317b43867d5106ea1c7a628aae6a5
   ruby-graphviz (1.2.5) sha256=1c2bb44e3f6da9e2b829f5e7fd8d75a521485fb6b4d1fc66ff0f93f906121504

From 28ac8d5d1553a833f26ce911df7e225bc3ad70fc Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Tue, 23 Jul 2024 16:50:05 -0700
Subject: [PATCH 095/381] Fix destroying rubygem with indexed versions and
 security events (#4908)

Not used in prod, but makes development much more pleasant
---
 app/models/rubygem.rb       |  5 ++++-
 test/models/rubygem_test.rb | 12 ++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/app/models/rubygem.rb b/app/models/rubygem.rb
index 2bef507f40b..a306bcbfd31 100644
--- a/app/models/rubygem.rb
+++ b/app/models/rubygem.rb
@@ -1,7 +1,6 @@
 class Rubygem < ApplicationRecord
   include Patterns
   include RubygemSearchable
-  include Events::Recordable
 
   has_many :ownerships, -> { confirmed }, dependent: :destroy, inverse_of: :rubygem
   has_many :ownerships_including_unconfirmed, dependent: :destroy, class_name: "Ownership"
@@ -27,6 +26,10 @@ class Rubygem < ApplicationRecord
   has_many :reverse_development_dependencies, -> { merge(Dependency.development) }, through: :incoming_dependencies, source: :version_rubygem
   has_many :reverse_runtime_dependencies, -> { merge(Dependency.runtime) }, through: :incoming_dependencies, source: :version_rubygem
 
+  # needs to come last so its dependent: :destroy works, since yanking a version
+  # will create an event
+  include Events::Recordable
+
   has_one :most_recent_version,
     lambda {
       order(Arel.sql("case when #{quoted_table_name}.latest AND #{quoted_table_name}.platform = 'ruby' then 2 else 1 end desc"))
diff --git a/test/models/rubygem_test.rb b/test/models/rubygem_test.rb
index 7b4f1794e02..68626ff4a44 100644
--- a/test/models/rubygem_test.rb
+++ b/test/models/rubygem_test.rb
@@ -269,6 +269,18 @@ class RubygemTest < ActiveSupport::TestCase
       assert_nil dependency.rubygem_id
       assert_equal dependency.unresolved_name, @rubygem.name
     end
+
+    should "allow destroying a gem with versions" do
+      @rubygem.save!
+      create(:ownership, rubygem: @rubygem)
+      create(:version, rubygem: @rubygem)
+      v2 = create(:version, rubygem: @rubygem)
+      create(:deletion, version: v2)
+
+      @rubygem.destroy!
+
+      assert_predicate Rubygem.where(id: @rubygem.id), :none?
+    end
   end
 
   context "with reverse dependencies" do

From 4919cb0acbd801d7954c4e94b41093a8b33f4389 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Tue, 23 Jul 2024 16:58:44 -0700
Subject: [PATCH 096/381] Add gem server conformance test (#4907)

---
 Gemfile                                       |  1 +
 Gemfile.lock                                  | 24 +++++++
 .../api/compact_index_controller.rb           |  1 +
 lib/patterns.rb                               |  2 +-
 test/system/gem_server_conformance_test.rb    | 68 +++++++++++++++++++
 5 files changed, 95 insertions(+), 1 deletion(-)
 create mode 100644 test/system/gem_server_conformance_test.rb

diff --git a/Gemfile b/Gemfile
index 5cbd45b347c..2c8b8963714 100644
--- a/Gemfile
+++ b/Gemfile
@@ -141,4 +141,5 @@ group :test do
   gem "aggregate_assertions", "~> 0.2.0"
   gem "minitest-gcstats", "~> 1.3"
   gem "minitest-reporters", "~> 1.7"
+  gem "gem_server_conformance", "~> 0.1.4"
 end
diff --git a/Gemfile.lock b/Gemfile.lock
index 54bdde9bb2f..74ac66eabbb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -217,6 +217,7 @@ GEM
       rake (> 10, < 14)
       ruby-statistics (>= 2.1)
       thor (>= 0.19, < 2)
+    diff-lcs (1.5.1)
     discard (1.3.0)
       activerecord (>= 4.2, < 8)
     docile (1.4.0)
@@ -260,6 +261,8 @@ GEM
     fugit (1.11.0)
       et-orbi (~> 1, >= 1.2.11)
       raabro (~> 1.4)
+    gem_server_conformance (0.1.4)
+      rspec (~> 3.0)
     get_process_mem (0.2.7)
       ffi (~> 1.0)
     globalid (1.2.1)
@@ -610,6 +613,19 @@ GEM
       chunky_png (~> 1.0)
       rqrcode_core (~> 1.0)
     rqrcode_core (1.2.0)
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.0)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.1)
     rubocop (1.65.0)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
@@ -809,6 +825,7 @@ DEPENDENCIES
   faraday-multipart (~> 1.0)
   faraday-retry (~> 2.2)
   faraday_middleware-aws-sigv4 (~> 1.0)
+  gem_server_conformance (~> 0.1.4)
   good_job (~> 3.29)
   google-protobuf (~> 4.27)
   gravtastic (~> 3.2)
@@ -961,6 +978,7 @@ CHECKSUMS
   dead_end (4.0.0) sha256=695c8438993bb4c5415b1618a1b6e0afcae849ef2812fb8cb3846723904307eb
   debase-ruby_core_source (3.3.1) sha256=ed904cae290edf0cf274ad707f8981bf1cefad8081e78d4bb71be2a483bc2c08
   derailed_benchmarks (2.1.2) sha256=eaadc6206ceeb5538ff8f5e04a0023d54ebdd95d04f33e8960fb95a5f189a14f
+  diff-lcs (1.5.1) sha256=273223dfb40685548436d32b4733aa67351769c7dea621da7d9dd4813e63ddfe
   discard (1.3.0) sha256=55218997ca4dc11f0594f1bb2d1196c4a959ceb562f1ab6490130233598dda67
   docile (1.4.0) sha256=5f1734bde23721245c20c3d723e76c104208e1aa01277a69901ce770f0ebb8d3
   dogstatsd-ruby (5.6.1) sha256=615dd1328c57ab66fb48cbf83b38ce2060d8353707be0bc3deb0ae960a659982
@@ -984,6 +1002,7 @@ CHECKSUMS
   ffi (1.17.0) sha256=51630e43425078311c056ca75f961bb3bda1641ab36e44ad4c455e0b0e4a231c
   ffi-compiler (1.3.2) sha256=a94f3d81d12caf5c5d4ecf13980a70d0aeaa72268f3b9cc13358bcc6509184a0
   fugit (1.11.0) sha256=addc9cd3031611921d1dbac094de3a645bc8858828639fd035c9cedd3b460bb9
+  gem_server_conformance (0.1.4) sha256=ee404d5405eabcb6f7ab440d2193177375481a77bfa0ec3106165dd6c8e733bb
   get_process_mem (0.2.7) sha256=4afd3c3641dd6a817c09806c7d6d509d8a9984512ac38dea8b917426bbf77eba
   globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9
   good_job (3.29.5) sha256=3d71236c7e89b9678ba0cf16d6a93b9ee2ff12795959a0c10f77fd52f6479a13
@@ -1119,6 +1138,11 @@ CHECKSUMS
   rouge (4.3.0) sha256=9ee3d9ec53338e78c03fff0cbcd08881d80d69152349b046761e48ccf2de581c
   rqrcode (2.2.0) sha256=23eea88bb44c7ee6d6cab9354d08c287f7ebcdc6112e1fe7bcc2d010d1ffefc1
   rqrcode_core (1.2.0) sha256=cf4989dc82d24e2877984738c4ee569308625fed2a810960f1b02d68d0308d1a
+  rspec (3.13.0) sha256=d490914ac1d5a5a64a0e1400c1d54ddd2a501324d703b8cfe83f458337bab993
+  rspec-core (3.13.0) sha256=557792b4e88da883d580342b263d9652b6a10a12d5bda9ef967b01a48f15454c
+  rspec-expectations (3.13.1) sha256=814cf8dadc797b00be55a84d7bc390c082735e5c914e62cbe8d0e19774b74200
+  rspec-mocks (3.13.1) sha256=087189899c337937bcf1d66a50dc3fc999ac88335bbeba4d385c2a38c87d7b38
+  rspec-support (3.13.1) sha256=48877d4f15b772b7538f3693c22225f2eda490ba65a0515c4e7cf6f2f17de70f
   rubocop (1.65.0) sha256=624316407a3f8e3999c6f75c528471ed3d4513ca39cec3bede1964c69630e4a1
   rubocop-ast (1.31.3) sha256=1b07d618d8776993ec6053a706d1c09f0bf15139fd69415924656cbff07e7818
   rubocop-capybara (2.21.0) sha256=5d264efdd8b6c7081a3d4889decf1451a1cfaaec204d81534e236bc825b280ab
diff --git a/app/controllers/api/compact_index_controller.rb b/app/controllers/api/compact_index_controller.rb
index 386e3cad3c1..bdae9f274cd 100644
--- a/app/controllers/api/compact_index_controller.rb
+++ b/app/controllers/api/compact_index_controller.rb
@@ -33,6 +33,7 @@ def render_range(response_body)
     headers["Digest"] = "sha-256=#{digest}"
     headers["Repr-Digest"] = "sha-256=:#{digest}:"
     headers["Accept-Ranges"] = "bytes"
+    headers["Content-Type"] = "text/plain; charset=utf-8"
 
     ranges = Rack::Utils.byte_ranges(request.env, response_body.bytesize)
     if ranges
diff --git a/lib/patterns.rb b/lib/patterns.rb
index b2c37d3ccd3..edde659b41f 100644
--- a/lib/patterns.rb
+++ b/lib/patterns.rb
@@ -4,7 +4,7 @@ module Patterns
   JAVA_HTTP_USER_AGENT  = /^java/i
   SPECIAL_CHARACTERS    = ".-_".freeze
   ALLOWED_CHARACTERS    = "[A-Za-z0-9#{Regexp.escape(SPECIAL_CHARACTERS)}]+".freeze
-  ROUTE_PATTERN         = /#{ALLOWED_CHARACTERS}/
+  ROUTE_PATTERN         = /#{ALLOWED_CHARACTERS}(?<!\.gem)/
   LAZY_ROUTE_PATTERN    = /#{ALLOWED_CHARACTERS}?/
   NAME_PATTERN          = /\A#{ALLOWED_CHARACTERS}\z/
   LETTER_REGEXP         = /[a-zA-Z]+/
diff --git a/test/system/gem_server_conformance_test.rb b/test/system/gem_server_conformance_test.rb
new file mode 100644
index 00000000000..ec64139de96
--- /dev/null
+++ b/test/system/gem_server_conformance_test.rb
@@ -0,0 +1,68 @@
+require "application_system_test_case"
+
+require_relative "../../lib/gemcutter/middleware/hostess"
+
+class GemServerConformanceTest < ApplicationSystemTestCase
+  include ActionDispatch::Assertions::RoutingAssertions
+  include ActiveJob::TestHelper
+
+  setup do
+    @tmp_versions_file = Tempfile.new("tmp_versions_file")
+    tmp_path = @tmp_versions_file.path
+
+    Rails.application.config.rubygems.stubs(:[]).with("versions_file_location").returns(tmp_path)
+    Rails.application.config.rubygems.stubs(:[]).with("s3_compact_index_bucket").returns("s3_compact_index_bucket")
+    Rails.application.config.rubygems.stubs(:[]).with("s3_contents_bucket").returns("s3_contents_bucket")
+
+    test = self
+    Rails.application.routes.disable_clear_and_finalize = true
+    Rails.application.routes.draw do
+      post "/set_time", to: lambda { |env|
+        test.travel_to Time.iso8601(Rack::Request.new(env).body.read)
+        [200, {}, ["OK"]]
+      }
+      post "/rebuild_versions_list", to: lambda { |_env|
+        Rake::Task["compact_index:update_versions_file"].execute
+        Rake::Task["compact_index:update_versions_file"].reenable
+        [200, {}, ["OK"]]
+      }
+      hostess = Gemcutter::Middleware::Hostess.new(nil)
+      to = lambda { |env|
+        hostess.call(env)
+          .tap do |response|
+          response[1].delete("x-cascade")
+        end
+      }
+      match "/quick/Marshal.4.8/:name", to:, via: :get, constraints: { name: /[A-Za-z0-9._-]+/ }
+      match "/gems/:name", to:, via: :get, constraints: { name: Patterns::ROUTE_PATTERN }
+      match "/specs.4.8.gz", to:, via: :get
+      match "/prerelease_specs.4.8.gz", to:, via: :get
+      match "/latest_specs.4.8.gz", to:, via: :get
+    end
+
+    Indexer.perform_now
+    @subscriber = ActiveSupport::Notifications.subscribe("process_action.action_controller") do
+      perform_enqueued_jobs only: [Indexer]
+    end
+  end
+
+  teardown do
+    ActiveSupport::Notifications.unsubscribe(@subscriber)
+    Rails.application.reload_routes!
+  end
+
+  test "is a conformant gem server" do
+    create(:api_key, scopes: %w[push_rubygem yank_rubygem])
+
+    output, status = Open3.capture2e(
+      {
+        "UPSTREAM" => "http://#{Capybara.current_session.config.server_host}:#{Capybara.current_session.config.server_port}",
+        "GEM_HOST_API_KEY" => "12345"
+      },
+      "gem_server_conformance",
+      "--fail-fast", "--tag=~content_type_header", "--tag=~content_length_header"
+    )
+
+    assert_predicate status, :success?, output
+  end
+end

From 95a8dd3c74d9ada09f994c54e0c900f71ff15d66 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Tue, 23 Jul 2024 18:31:02 -0700
Subject: [PATCH 097/381] Add a mailer for one-off messages from admins (#4919)

Useful when we want to reach out to users after taking a manual admin action such as force-resetting passwords
---
 app/mailers/mailer.rb                   | 11 +++++++++++
 app/views/mailer/admin_manual.html.erb  | 20 ++++++++++++++++++++
 app/views/mailer/admin_manual.text.erb  |  3 +++
 config/initializers/better_html.rb      |  2 +-
 config/locales/de.yml                   |  2 ++
 config/locales/en.yml                   |  2 ++
 config/locales/es.yml                   |  2 ++
 config/locales/fr.yml                   |  2 ++
 config/locales/ja.yml                   |  2 ++
 config/locales/nl.yml                   |  2 ++
 config/locales/pt-BR.yml                |  2 ++
 config/locales/zh-CN.yml                |  2 ++
 config/locales/zh-TW.yml                |  2 ++
 test/mailers/previews/mailer_preview.rb | 10 ++++++++++
 14 files changed, 63 insertions(+), 1 deletion(-)
 create mode 100644 app/views/mailer/admin_manual.html.erb
 create mode 100644 app/views/mailer/admin_manual.text.erb

diff --git a/app/mailers/mailer.rb b/app/mailers/mailer.rb
index d9ee97a0db8..98bda5678fe 100644
--- a/app/mailers/mailer.rb
+++ b/app/mailers/mailer.rb
@@ -30,6 +30,17 @@ def email_confirmation(user)
     end
   end
 
+  def admin_manual(user, subject, body)
+    @user = user
+    @body = body
+    @sub_title = subject
+    mail to: @user.email,
+         subject: subject do |format|
+           format.html
+           format.text
+         end
+  end
+
   def deletion_complete(email)
     mail to: email,
          subject: I18n.t("mailer.deletion_complete.subject")
diff --git a/app/views/mailer/admin_manual.html.erb b/app/views/mailer/admin_manual.html.erb
new file mode 100644
index 00000000000..e53371b916d
--- /dev/null
+++ b/app/views/mailer/admin_manual.html.erb
@@ -0,0 +1,20 @@
+<% @title = t(".title") %>
+
+<!-- Body -->
+<table width="100%" border="0" cellspacing="0" cellpadding="0" bgcolor="#ffffff">
+  <tr>
+    <td class="content-spacing" style="font-size:0pt; line-height:0pt; text-align:left" width="20"></td>
+    <td>
+      <table width="100%" border="0" cellspacing="0" cellpadding="0" class="spacer" style="font-size:0pt; line-height:0pt; text-align:center; width:100%; min-width:100%"><tr><td height="40" class="spacer" style="font-size:0pt; line-height:0pt; text-align:center; width:100%; min-width:100%">&nbsp;</td></tr></table>
+
+      <div class="h3-1-center" style="color:#1e1e1e; font-family:Georgia, serif; min-width:auto !important; font-size:20px; line-height:26px; text-align:center">
+        <%= simple_format @body %><br />
+      </div>
+
+      <table width="100%" border="0" cellspacing="0" cellpadding="0" class="spacer" style="font-size:0pt; line-height:0pt; text-align:center; width:100%; min-width:100%"><tr><td height="35" class="spacer" style="font-size:0pt; line-height:0pt; text-align:center; width:100%; min-width:100%">&nbsp;</td></tr></table>
+
+    </td>
+    <td class="content-spacing" style="font-size:0pt; line-height:0pt; text-align:left" width="20"></td>
+  </tr>
+</table>
+<!-- END Body -->
diff --git a/app/views/mailer/admin_manual.text.erb b/app/views/mailer/admin_manual.text.erb
new file mode 100644
index 00000000000..9e66ef58e6d
--- /dev/null
+++ b/app/views/mailer/admin_manual.text.erb
@@ -0,0 +1,3 @@
+Hi <%= @user.handle %>
+
+<%= strip_tags @body %>
diff --git a/config/initializers/better_html.rb b/config/initializers/better_html.rb
index 07b30994ef3..3eb5dc80cfe 100644
--- a/config/initializers/better_html.rb
+++ b/config/initializers/better_html.rb
@@ -1,5 +1,5 @@
 BetterHtml.configure do |config|
   config.template_exclusion_filter = proc { |filename|
-    filename.include?("avo")
+    filename.include?("avo") || filename.include?("/railties-")
   }
 end
diff --git a/config/locales/de.yml b/config/locales/de.yml
index 05ea1a97e7c..45dfb79110c 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -427,6 +427,8 @@ de:
         gepusht wurde.
     gem_trusted_publisher_added:
       title: VERTRAUENSWÜRDIGER PUBLISHER HINZUGEFÜGT
+    admin_manual:
+      title:
   news:
     show:
       title: Neue Veröffentlichungen — Alle Gems
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 7bd9587da3e..24b224df018 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -377,6 +377,8 @@ en:
       gem_html: This webhook was previously called when <strong><a href="https://rubygems.org/gems/%{gem}">%{gem}</a></strong> was pushed.
     gem_trusted_publisher_added:
       title: TRUSTED PUBLISHER ADDED
+    admin_manual:
+      title: MESSAGE FROM RUBYGEMS.ORG ADMINS
   news:
     show:
       title: New Releases — All Gems
diff --git a/config/locales/es.yml b/config/locales/es.yml
index 315466f7d70..53126188d4b 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -418,6 +418,8 @@ es:
       gem_html: Este webhook se ejecutaba antes cuando se subía <strong><a href="https://rubygems.org/gems/%{gem}">%{gem}</a></strong>.
     gem_trusted_publisher_added:
       title:
+    admin_manual:
+      title:
   news:
     show:
       title: Nuevos lanzamientos — Todas las Gemas
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index d9fdef24909..6cf3dc8fa38 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -383,6 +383,8 @@ fr:
       gem_html:
     gem_trusted_publisher_added:
       title:
+    admin_manual:
+      title:
   news:
     show:
       title: Nouvelles Versions - Toutes les Gems
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index 254592e147c..c07d1cfe93d 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -377,6 +377,8 @@ ja:
       gem_html: このwebhookは以前<strong><a href="https://rubygems.org/gems/%{gem}">%{gem}</a></strong>がプッシュされたときに呼ばれました。
     gem_trusted_publisher_added:
       title: 信頼できる発行元が追加されました
+    admin_manual:
+      title:
   news:
     show:
       title: 新しいリリース - 全てのgem
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index 0bbba0c11d6..f4d63d2a5e7 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -368,6 +368,8 @@ nl:
       gem_html:
     gem_trusted_publisher_added:
       title:
+    admin_manual:
+      title:
   news:
     show:
       title:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index 0d8c9a12263..e095dd86717 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -380,6 +380,8 @@ pt-BR:
       gem_html:
     gem_trusted_publisher_added:
       title:
+    admin_manual:
+      title:
   news:
     show:
       title: Novos Releases - Todas as Gems
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index b2282b754fb..35eeae1c007 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -382,6 +382,8 @@ zh-CN:
         被推送时被调用。
     gem_trusted_publisher_added:
       title:
+    admin_manual:
+      title:
   news:
     show:
       title: 新的发布 — 所有 Gem
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index 72988f60f0b..dedf71f927f 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -374,6 +374,8 @@ zh-TW:
         被推送的時候被呼叫。
     gem_trusted_publisher_added:
       title:
+    admin_manual:
+      title:
   news:
     show:
       title: 最新發佈
diff --git a/test/mailers/previews/mailer_preview.rb b/test/mailers/previews/mailer_preview.rb
index 7487ff01316..0f9d7debf59 100644
--- a/test/mailers/previews/mailer_preview.rb
+++ b/test/mailers/previews/mailer_preview.rb
@@ -215,4 +215,14 @@ def totp_disabled
 
     Mailer.totp_disabled(user_id, Time.now.utc)
   end
+
+  def admin_manual
+    Mailer.admin_manual(User.last, "A subject", <<~TEXT)
+      A body
+      with multiple lines
+      and a link to https://example.com
+      and an emoji 🎉
+      and a p tag <p foo="bar" style="color: yellow;">with html</p> and a <a href="https://example.com">link</a>
+    TEXT
+  end
 end

From 6e27b3855afb69296dd657e30b3f3abb72664b76 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 24 Jul 2024 12:52:41 -0700
Subject: [PATCH 098/381] Bump mocha from 2.4.4 to 2.4.5 (#4921)

Bumps [mocha](https://github.com/freerange/mocha) from 2.4.4 to 2.4.5.
- [Changelog](https://github.com/freerange/mocha/blob/main/RELEASE.md)
- [Commits](https://github.com/freerange/mocha/compare/v2.4.4...v2.4.5)

---
updated-dependencies:
- dependency-name: mocha
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 74ac66eabbb..f591c0c8988 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -416,7 +416,7 @@ GEM
       ruby-progressbar
     minitest-retry (0.2.2)
       minitest (>= 5.0)
-    mocha (2.4.4)
+    mocha (2.4.5)
       ruby2_keywords (>= 0.0.5)
     msgpack (1.7.2)
     multi_json (1.15.0)
@@ -1061,7 +1061,7 @@ CHECKSUMS
   minitest-gcstats (1.3.1) sha256=cb25490f93aac02e3a5ff307e560d41afcdcafa7952c1c32efdeb9886b1f4711
   minitest-reporters (1.7.1) sha256=5060413a0c95b8c32fe73e0606f3631c173a884d7900e50013e15094eb50562c
   minitest-retry (0.2.2) sha256=ea39f8abc3d67a8145ead04ff3828eb45169655c9e6078f182c0271516c03fb0
-  mocha (2.4.4) sha256=c80e9fea53f9920bbb2334e8e458efe2b83e676e5be9d1022dd313f724f1ec86
+  mocha (2.4.5) sha256=b4c17e103a9b20ec9e21374f4e9be41006dbd20c5e7cb1c215f8ec56599a6112
   msgpack (1.7.2) sha256=59ab62fd8a4d0dfbde45009f87eb6f158ab2628a7c48886b0256f175166baaa8
   multi_json (1.15.0) sha256=1fd04138b6e4a90017e8d1b804c039031399866ff3fbabb7822aea367c78615d
   multi_xml (0.7.1) sha256=4fce100c68af588ff91b8ba90a0bb3f0466f06c909f21a32f4962059140ba61b

From e2f1aef3e9c4b79c585c57fc5a7928f0b7d34f2b Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Tue, 23 Jul 2024 18:42:20 -0700
Subject: [PATCH 099/381] Paginate apikeys#index

To avoid unbounded db query
---
 app/controllers/api_keys_controller.rb | 3 ++-
 app/views/api_keys/index.html.erb      | 9 +++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api_keys_controller.rb b/app/controllers/api_keys_controller.rb
index 3be2f3403fa..65663f0cff9 100644
--- a/app/controllers/api_keys_controller.rb
+++ b/app/controllers/api_keys_controller.rb
@@ -1,5 +1,6 @@
 class ApiKeysController < ApplicationController
   before_action :disable_cache, only: :index
+  before_action :set_page, only: :index
 
   include ApiKeyable
 
@@ -8,7 +9,7 @@ class ApiKeysController < ApplicationController
 
   def index
     @api_key  = session.delete(:api_key)
-    @api_keys = current_user.api_keys.unexpired.not_oidc.preload(ownership: :rubygem)
+    @api_keys = current_user.api_keys.unexpired.not_oidc.preload(ownership: :rubygem).page(@page)
     redirect_to new_profile_api_key_path if @api_keys.empty?
   end
 
diff --git a/app/views/api_keys/index.html.erb b/app/views/api_keys/index.html.erb
index c4ace3d48fe..c1816ee1a9c 100644
--- a/app/views/api_keys/index.html.erb
+++ b/app/views/api_keys/index.html.erb
@@ -9,6 +9,12 @@
   </div>
 <% end %>
 
+<header class="gems__header">
+  <p class="gems__meter">
+    <%= page_entries_info @api_keys, entry_name: 'API keys' %>
+  </p>
+</header>
+
 <div class="t-body">
   <table class="owners__table">
     <tr class="owners__row owners__header">
@@ -85,6 +91,7 @@
         </td>
       </tr>
     <% end %>
+
     <tr class="owners__row">
       <td class="owners__cell">
       </td>
@@ -114,6 +121,8 @@
     </tr>
   </table>
 
+  <%= paginate @api_keys %>
+
   <p><%= button_to t(".new_key"), new_profile_api_key_path, method: "get", class: "form__submit" %></p>
   <% if current_user.oidc_api_key_roles.any? %>
     <h2 class="t-display"><%= link_to t("oidc.api_key_roles.index.api_key_roles"), profile_oidc_api_key_roles_path, class: "t-link t-underline" %> →</h2>

From e1ae15703c70f0db17c1524bee7b8f25cb9e7c27 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Wed, 24 Jul 2024 13:45:21 -0700
Subject: [PATCH 100/381] Upgrade to good_job 4.x (#4916)

---
 Gemfile                                           |  2 +-
 Gemfile.lock                                      |  6 +++---
 config/initializers/statsd.rb                     |  6 ++++--
 ...22182907_create_good_job_execution_duration.rb | 15 +++++++++++++++
 db/schema.rb                                      |  3 ++-
 5 files changed, 25 insertions(+), 7 deletions(-)
 create mode 100644 db/migrate/20240722182907_create_good_job_execution_duration.rb

diff --git a/Gemfile b/Gemfile
index 2c8b8963714..bbb0cadf668 100644
--- a/Gemfile
+++ b/Gemfile
@@ -15,7 +15,7 @@ gem "dogstatsd-ruby", "~> 5.5"
 gem "google-protobuf", "~> 4.27"
 gem "faraday", "~> 2.10"
 gem "faraday-retry", "~> 2.2"
-gem "good_job", "~> 3.29"
+gem "good_job", "~> 3.99"
 gem "gravtastic", "~> 3.2"
 gem "honeybadger", "~> 5.5.1", require: false # see https://github.com/rubygems/rubygems.org/pull/4598
 gem "http_accept_language", "~> 2.1"
diff --git a/Gemfile.lock b/Gemfile.lock
index f591c0c8988..e56114b870d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -267,7 +267,7 @@ GEM
       ffi (~> 1.0)
     globalid (1.2.1)
       activesupport (>= 6.1)
-    good_job (3.29.5)
+    good_job (3.99.1)
       activejob (>= 6.0.0)
       activerecord (>= 6.0.0)
       concurrent-ruby (>= 1.0.2)
@@ -826,7 +826,7 @@ DEPENDENCIES
   faraday-retry (~> 2.2)
   faraday_middleware-aws-sigv4 (~> 1.0)
   gem_server_conformance (~> 0.1.4)
-  good_job (~> 3.29)
+  good_job (~> 3.99)
   google-protobuf (~> 4.27)
   gravtastic (~> 3.2)
   groupdate (~> 6.2)
@@ -1005,7 +1005,7 @@ CHECKSUMS
   gem_server_conformance (0.1.4) sha256=ee404d5405eabcb6f7ab440d2193177375481a77bfa0ec3106165dd6c8e733bb
   get_process_mem (0.2.7) sha256=4afd3c3641dd6a817c09806c7d6d509d8a9984512ac38dea8b917426bbf77eba
   globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9
-  good_job (3.29.5) sha256=3d71236c7e89b9678ba0cf16d6a93b9ee2ff12795959a0c10f77fd52f6479a13
+  good_job (3.99.1) sha256=7d3869d8a8ee8ef7048fee5d746f41c21987b7822c20038a2f773036bef0830a
   google-protobuf (4.27.2) sha256=9f69eb20acde6e3cf3cd197c09f38911cd7eed5fdf1bf4d4bce4c55e9dc9966f
   gravtastic (3.2.6) sha256=ef98abcecf7c402b61cff1ae7c50a2c6d97dd22bac21ea9b421ce05bc03d734f
   groupdate (6.4.0) sha256=65940645bf2a48f9b2d10ab7a1d19bdc78f3c89559d8fce39cea3448a15aec54
diff --git a/config/initializers/statsd.rb b/config/initializers/statsd.rb
index 2e91b49bc84..a3721b165bb 100644
--- a/config/initializers/statsd.rb
+++ b/config/initializers/statsd.rb
@@ -57,8 +57,10 @@
 
 ActiveSupport::Notifications.subscribe("perform_job.good_job") do |event|
   execution = event.payload[:execution]
+  # TODO: remove || execution after GoodJob 4 upgrade
+  job = event.payload[:job] || execution
 
-  result = if event.payload[:retried] || execution.retried_good_job_id.present?
+  result = if event.payload[:retried] || job.retried_good_job_id.present?
              :retried
            elsif event.payload[:unhandled_error]
              :unhandled_error
@@ -72,7 +74,7 @@
     job_class: execution.serialized_params['job_class'],
     exception: event.payload.dig(:exception, 0),
     queue: execution.queue_name,
-    priority: execution.priority,
+    priority: job.priority,
     result:
   }
 
diff --git a/db/migrate/20240722182907_create_good_job_execution_duration.rb b/db/migrate/20240722182907_create_good_job_execution_duration.rb
new file mode 100644
index 00000000000..fef37f07bc1
--- /dev/null
+++ b/db/migrate/20240722182907_create_good_job_execution_duration.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class CreateGoodJobExecutionDuration < ActiveRecord::Migration[7.1]
+  def change
+    reversible do |dir|
+      dir.up do
+        # Ensure this incremental update migration is idempotent
+        # with monolithic install migration.
+        return if connection.column_exists?(:good_job_executions, :duration)
+      end
+    end
+
+    add_column :good_job_executions, :duration, :interval
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 295f1ba7ef9..8fbfefc8343 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_07_12_003336) do
+ActiveRecord::Schema[7.1].define(version: 2024_07_22_182907) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "hstore"
   enable_extension "pgcrypto"
@@ -202,6 +202,7 @@
     t.integer "error_event", limit: 2
     t.text "error_backtrace", array: true
     t.uuid "process_id"
+    t.interval "duration"
     t.index ["active_job_id", "created_at"], name: "index_good_job_executions_on_active_job_id_and_created_at"
     t.index ["process_id", "created_at"], name: "index_good_job_executions_on_process_id_and_created_at"
   end

From 3e6a31ad71dc665dfdc831a0ec8f672ff098c4a6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 Jul 2024 10:52:36 -0700
Subject: [PATCH 101/381] Bump github/codeql-action from 3.25.13 to 3.25.14
 (#4923)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.13 to 3.25.14.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/2d790406f505036ef40ecba973cc774a50395aac...5cf07d8b700b67e235fbb65cbc84f69c0cf10464)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index cdfc82b671e..4a9c4b017f3 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        uses: github/codeql-action/init@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        uses: github/codeql-action/autobuild@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        uses: github/codeql-action/analyze@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index f8c23cbb04f..000c4ac7eb7 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        uses: github/codeql-action/upload-sarif@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14
         with:
           sarif_file: results.sarif

From b93dd4ca912e891e81836d3c5c3bfbaffcc04b6c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Jul 2024 09:43:14 -0700
Subject: [PATCH 102/381] Bump ossf/scorecard-action from 2.3.3 to 2.4.0
 (#4927)

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.3 to 2.4.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](https://github.com/ossf/scorecard-action/compare/dc50aa9510b46c811795eb24b2f1ba02a914e534...62b2cac7ed8198b15735ed49ab1e5cf35480ba46)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/scorecards.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 000c4ac7eb7..77fba148218 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -37,7 +37,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif

From 4b540bf9197ff76eabac58603ed89aebf43193a6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Jul 2024 09:43:25 -0700
Subject: [PATCH 103/381] Bump ruby/setup-ruby from 1.188.0 to 1.190.0 (#4928)

Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.188.0 to 1.190.0.
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/50ba3386b050ad5b97a41fcb81240cbee1d1821f...a6e6f86333f0a2523ece813039b8b4be04560854)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/lint.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 9478f3358f2..deb16137cf1 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@50ba3386b050ad5b97a41fcb81240cbee1d1821f # v1.188.0
+      - uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
         with:
           bundler-cache: true
       - name: Rubocop
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@50ba3386b050ad5b97a41fcb81240cbee1d1821f # v1.188.0
+      - uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
         with:
           bundler-cache: true
       - name: Brakeman
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@50ba3386b050ad5b97a41fcb81240cbee1d1821f # v1.188.0
+      - uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
         with:
           bundler-cache: true
       - name: Importmap Verify
@@ -51,7 +51,7 @@ jobs:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@50ba3386b050ad5b97a41fcb81240cbee1d1821f # v1.188.0
+      - uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
         with:
           bundler-cache: true
       - name: krane render

From 4a9ef6efbe22b7d955e8542aa006eff3bade6d33 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Jul 2024 09:43:38 -0700
Subject: [PATCH 104/381] Bump docker/setup-buildx-action from 3.5.0 to 3.6.0
 (#4929)

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/aa33708b10e362ff993539393ff100fa93ed6a27...3d68780484996aa9d417bb9016193885cdf1f299)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index f27dd5f81ad..e0683cb6a12 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -20,7 +20,7 @@ jobs:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # master
+        uses: docker/setup-buildx-action@3d68780484996aa9d417bb9016193885cdf1f299 # master
       - name: Cache Docker layers
         uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:

From 25c9aad57e085210ca5f6643562f0ec20b063db6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Jul 2024 09:44:48 -0700
Subject: [PATCH 105/381] Bump tailwindcss-rails from 2.6.3 to 2.6.4 (#4930)

Bumps [tailwindcss-rails](https://github.com/rails/tailwindcss-rails) from 2.6.3 to 2.6.4.
- [Release notes](https://github.com/rails/tailwindcss-rails/releases)
- [Changelog](https://github.com/rails/tailwindcss-rails/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/tailwindcss-rails/compare/v2.6.3...v2.6.4)

---
updated-dependencies:
- dependency-name: tailwindcss-rails
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index e56114b870d..72870dfd021 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -436,7 +436,7 @@ GEM
     net-smtp (0.5.0)
       net-protocol
     nio4r (2.7.0)
-    nokogiri (1.16.6)
+    nokogiri (1.16.7)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     oauth2 (2.0.9)
@@ -723,7 +723,7 @@ GEM
       attr_required (>= 0.0.5)
       faraday (~> 2.0)
       faraday-follow_redirects
-    tailwindcss-rails (2.6.3)
+    tailwindcss-rails (2.6.4)
       railties (>= 7.0.0)
     terser (1.2.3)
       execjs (>= 0.3.0, < 3)
@@ -1073,7 +1073,7 @@ CHECKSUMS
   net-protocol (0.2.2) sha256=aa73e0cba6a125369de9837b8d8ef82a61849360eba0521900e2c3713aa162a8
   net-smtp (0.5.0) sha256=5fc0415e6ea1cc0b3dfea7270438ec22b278ca8d524986a3ae4e5ae8d087b42a
   nio4r (2.7.0) sha256=9586a685eca8246d6406e712a525e705d15bb88f709d78fc3f141e864df97276
-  nokogiri (1.16.6) sha256=935fe4dd67d4377f4a05002acb1ffbadbcae265ea8e7869fc40e3a8121f3e1ef
+  nokogiri (1.16.7) sha256=f819cbfdfb0a7b19c9c52c6f2ca63df0e58a6125f4f139707b586b9511d7fe95
   oauth2 (2.0.9) sha256=b21f9defcf52dc1610e0dfab4c868342173dcd707fd15c777d9f4f04e153f7fb
   observer (0.1.2) sha256=d8a3107131ba661138d748e7be3dbafc0d82e732fffba9fccb3d7829880950ac
   octokit (9.1.0) sha256=7849a659d2722c629181f48d1d7e567c9539f1a85c9676144dbdbfc6ce288253
@@ -1181,7 +1181,7 @@ CHECKSUMS
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d
   strscan (3.1.0) sha256=01b8a81d214fbf7b5308c6fb51b5972bbfc4a6aa1f166fd3618ba97e0fcd5555
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
-  tailwindcss-rails (2.6.3) sha256=63a5f3d6f92d0784024b352ab472f0bb85047081c2b51e2679fce558721bb6a6
+  tailwindcss-rails (2.6.4) sha256=175cd2009a6a27b10d16772c072c44974e03a6516e58beb37f185d6bfcd7ebe5
   terser (1.2.3) sha256=c03111b9b01a7e70cd456b5d9aedf0a56fb99314a19311c4278c01ccebe3da9c
   thor (1.3.1) sha256=fa7e3471d4f6a27138e3d9c9b0d4daac9c3d7383927667ae83e9ab42ae7401ef
   tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c

From 752db2c881815e1a508a2fe15963e4a61c2669b2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Jul 2024 09:45:26 -0700
Subject: [PATCH 106/381] Bump pg from 1.5.6 to 1.5.7 (#4931)

Bumps [pg](https://github.com/ged/ruby-pg) from 1.5.6 to 1.5.7.
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.md)
- [Commits](https://github.com/ged/ruby-pg/compare/v1.5.6...v1.5.7)

---
updated-dependencies:
- dependency-name: pg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 72870dfd021..ce3cd1ad57c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -488,7 +488,7 @@ GEM
     parser (3.3.4.0)
       ast (~> 2.4.1)
       racc
-    pg (1.5.6)
+    pg (1.5.7)
     pg_query (5.1.0)
       google-protobuf (>= 3.22.3)
     pghero (3.6.0)
@@ -1089,7 +1089,7 @@ CHECKSUMS
   pagy (8.4.0) sha256=21dd68453d24e752a1bc81aef5b6f1346ff95e1c2e5b53448355f7856f3ef901
   parallel (1.25.1) sha256=12e089b9aa36ea2343f6e93f18cfcebd031798253db8260590d26a7f70b1ab90
   parser (3.3.4.0) sha256=8d247769c3873fe92201d591a7463384022a1a25e214853df5d6806623179e82
-  pg (1.5.6) sha256=4bc3ad2438825eea68457373555e3fd4ea1a82027b8a6be98ef57c0d57292b1c
+  pg (1.5.7) sha256=07a7d86e5aac8b964a0288076a7a7c699c27b25c9b40b001726f6eb03ed13427
   pg_query (5.1.0) sha256=b7f7f47c864f08ccbed46a8244906fb6ee77ee344fd27250717963928c93145d
   pghero (3.6.0) sha256=cad9cb865f99ff40bb5ba47d3dae20d06be06ac8ea6b01172f6a8ccc85671109
   phlex (1.10.2) sha256=49dca7df081258f937be5e4ee0a81b11743f2b4fea25ac7537912b9c9344b1e6

From a8f6a1571e632bbf606e1eb03c10c3a85f920acc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Jul 2024 23:07:00 +0000
Subject: [PATCH 107/381] Bump github/codeql-action from 3.25.14 to 3.25.15
 (#4925)

---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 4a9c4b017f3..2da37184725 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14
+        uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14
+        uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14
+        uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 77fba148218..ed918f9dde5 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 # v3.25.14
+        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
         with:
           sarif_file: results.sarif

From 8c7ab773c2b47304225b8fb3dd7c4a95bd6d4506 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Jul 2024 23:07:22 +0000
Subject: [PATCH 108/381] Bump launchdarkly-server-sdk from 8.6.0 to 8.7.0
 (#4926)

---
 Gemfile      |  2 +-
 Gemfile.lock | 13 ++++++++-----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/Gemfile b/Gemfile
index bbb0cadf668..df70395c9a7 100644
--- a/Gemfile
+++ b/Gemfile
@@ -20,7 +20,7 @@ gem "gravtastic", "~> 3.2"
 gem "honeybadger", "~> 5.5.1", require: false # see https://github.com/rubygems/rubygems.org/pull/4598
 gem "http_accept_language", "~> 2.1"
 gem "kaminari", "~> 1.2"
-gem "launchdarkly-server-sdk", "~> 8.6"
+gem "launchdarkly-server-sdk", "~> 8.7"
 gem "mail", "~> 2.8"
 gem "octokit", "~> 9.1"
 gem "omniauth-github", "~> 2.0"
diff --git a/Gemfile.lock b/Gemfile.lock
index ce3cd1ad57c..518a44b7d8e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -339,13 +339,14 @@ GEM
       kaminari-core (= 1.2.2)
     kaminari-core (1.2.2)
     language_server-protocol (3.17.0.3)
-    launchdarkly-server-sdk (8.6.0)
+    launchdarkly-server-sdk (8.7.0)
       concurrent-ruby (~> 1.1)
       http (>= 4.4.0, < 6.0.0)
       json (~> 2.3)
       ld-eventsource (= 2.2.2)
       observer (~> 0.1.2)
       semantic (~> 1.6)
+      zlib (~> 3.1)
     launchy (3.0.1)
       addressable (~> 2.8)
       childprocess (~> 5.0)
@@ -509,7 +510,7 @@ GEM
       pry (>= 0.13, < 0.15)
     psych (5.1.2)
       stringio
-    public_suffix (6.0.0)
+    public_suffix (6.0.1)
     puma (6.4.2)
       nio4r (~> 2.0)
     pundit (2.3.2)
@@ -791,6 +792,7 @@ GEM
       nokogiri (~> 1.8)
     yard (0.9.36)
     zeitwerk (2.6.16)
+    zlib (3.1.1)
 
 PLATFORMS
   ruby
@@ -834,7 +836,7 @@ DEPENDENCIES
   http_accept_language (~> 2.1)
   importmap-rails (~> 2.0)
   kaminari (~> 1.2)
-  launchdarkly-server-sdk (~> 8.6)
+  launchdarkly-server-sdk (~> 8.7)
   launchy (~> 3.0)
   letter_opener (~> 1.10)
   letter_opener_web (~> 3.0)
@@ -1035,7 +1037,7 @@ CHECKSUMS
   kaminari-activerecord (1.2.2) sha256=0dd3a67bab356a356f36b3b7236bcb81cef313095365befe8e98057dd2472430
   kaminari-core (1.2.2) sha256=3bd26fec7370645af40ca73b9426a448d09b8a8ba7afa9ba3c3e0d39cdbb83ff
   language_server-protocol (3.17.0.3) sha256=3d5c58c02f44a20d972957a9febe386d7e7468ab3900ce6bd2b563dd910c6b3f
-  launchdarkly-server-sdk (8.6.0) sha256=c18c62d08f90b795105e98f07a24997a5628126623fadbd3b80c0d23b9409b75
+  launchdarkly-server-sdk (8.7.0) sha256=062e7dc42c2884ed9deed42c49937917faa911128a659386e4bd45d1ad1506eb
   launchy (3.0.1) sha256=b7fa60bda0197cf57614e271a250a8ca1f6a34ab889a3c73f67ec5d57c8a7f2c
   ld-eventsource (2.2.2) sha256=5ea087a6f06bbd8e325d2c1aaead50f37f13d025b952985739e9380a78a96beb
   letter_opener (1.10.0) sha256=2ff33f2e3b5c3c26d1959be54b395c086ca6d44826e8bf41a14ff96fdf1bdbb2
@@ -1100,7 +1102,7 @@ CHECKSUMS
   pry (0.14.1) sha256=99b6df0665875dd5a39d85e0150aa5a12e2bb4fef401b6c4f64d32ee502f8454
   pry-byebug (3.10.1) sha256=c8f975c32255bfdb29e151f5532130be64ff3d0042dc858d0907e849125581f8
   psych (5.1.2) sha256=337322f58fc2bf24827d2b9bd5ab595f6a72971867d151bb39980060ea40a368
-  public_suffix (6.0.0) sha256=d2c8e12e076813f8fca0307205c088c6903adc70b92c65ab22479dfa9bc0a89e
+  public_suffix (6.0.1) sha256=61d44e1cab5cbbbe5b31068481cf16976dd0dc1b6b07bd95617ef8c5e3e00c6f
   puma (6.4.2) sha256=3eb41999d00733280be3faeb00d610331b6965a537a8cd3d905f316c38575b44
   pundit (2.3.2) sha256=7ca09a5801ebaedad1966f7eb0b1c52ecb8c94b3b6ab70122cb22856ac187fa3
   pwned (2.3.0) sha256=63f5a9576f109203684e9dd053f815649fd5bc0a0348b7190568272641b22353
@@ -1211,6 +1213,7 @@ CHECKSUMS
   xpath (3.2.0) sha256=6dfda79d91bb3b949b947ecc5919f042ef2f399b904013eb3ef6d20dd3a4082e
   yard (0.9.36) sha256=5505736c1b00c926f71053a606ab75f02070c5960d0778b901fe9d8b0a470be4
   zeitwerk (2.6.16) sha256=17df48537f09a937804f79bd9a92817da3b199e268634972d0e98a21ca588e21
+  zlib (3.1.1) sha256=f61bb03139bbe256c36ba99ef9fece1fb223e9034ed9e5fa3ddb1588d99abc71
 
 RUBY VERSION
    ruby 3.3.4p94

From e3d5602c0ad207cadd8bbc13b66efb0320bdd023 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 30 Jul 2024 14:48:33 +0000
Subject: [PATCH 109/381] Bump docker/setup-buildx-action from 3.6.0 to 3.6.1

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.6.0 to 3.6.1.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/3d68780484996aa9d417bb9016193885cdf1f299...988b5a0280414f521da01fcc63a27aeeb4b104db)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index e0683cb6a12..3c1a1bf61c1 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -20,7 +20,7 @@ jobs:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@3d68780484996aa9d417bb9016193885cdf1f299 # master
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # master
       - name: Cache Docker layers
         uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:

From dea13e57f06ebe9d71b216c663fedb071693def5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 30 Jul 2024 14:08:49 +0000
Subject: [PATCH 110/381] Bump datadog-ci from 1.2.0 to 1.3.0

Bumps [datadog-ci](https://github.com/DataDog/datadog-ci-rb) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/DataDog/datadog-ci-rb/releases)
- [Changelog](https://github.com/DataDog/datadog-ci-rb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/DataDog/datadog-ci-rb/compare/v1.2.0...v1.3.0)

---
updated-dependencies:
- dependency-name: datadog-ci
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Gemfile b/Gemfile
index df70395c9a7..93f1ef48b8e 100644
--- a/Gemfile
+++ b/Gemfile
@@ -124,7 +124,7 @@ group :development do
 end
 
 group :test do
-  gem "datadog-ci", "~> 1.2"
+  gem "datadog-ci", "~> 1.3"
   gem "minitest", "~> 5.24", require: false
   gem "minitest-retry", "~> 0.2.2"
   gem "capybara", "~> 3.40"
diff --git a/Gemfile.lock b/Gemfile.lock
index 518a44b7d8e..852608207c4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -199,8 +199,8 @@ GEM
       libdatadog (~> 10.0.0.1.0)
       libddwaf (~> 1.14.0.0.0)
       msgpack
-    datadog-ci (1.2.0)
-      datadog (~> 2.0)
+    datadog-ci (1.3.0)
+      datadog (~> 2.2)
       msgpack
     date (3.3.4)
     dead_end (4.0.0)
@@ -817,7 +817,7 @@ DEPENDENCIES
   dalli (~> 3.2)
   dartsass-sprockets (~> 3.1)
   datadog (~> 2.2)
-  datadog-ci (~> 1.2)
+  datadog-ci (~> 1.3)
   derailed_benchmarks (~> 2.1)
   discard (~> 1.3)
   dogstatsd-ruby (~> 5.5)
@@ -975,7 +975,7 @@ CHECKSUMS
   dalli (3.2.8) sha256=2e63595084d91fae2655514a02c5d4fc0f16c0799893794abe23bf628bebaaa5
   dartsass-sprockets (3.1.0) sha256=c238ec9f7f496489ac5a7813cd1f83d1e077a1826921acefc7e290a521b7a20a
   datadog (2.2.0) sha256=fa96d565e055593294706d7767c4d3213b5250f0ddd2b8697b868ae60dbdda4a
-  datadog-ci (1.2.0) sha256=e563d4e1a890402f7f9e60a0510ed30d428c1a9070b71afec95e31ee96b6b241
+  datadog-ci (1.3.0) sha256=3c1c4721d14a1f7736330a0fdc6c5dc63c14235a53e9f07af10a34feef23eab7
   date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
   dead_end (4.0.0) sha256=695c8438993bb4c5415b1618a1b6e0afcae849ef2812fb8cb3846723904307eb
   debase-ruby_core_source (3.3.1) sha256=ed904cae290edf0cf274ad707f8981bf1cefad8081e78d4bb71be2a483bc2c08

From 656d882d64201ac07df0122a858ea006dc40d682 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Tue, 30 Jul 2024 21:06:45 +0200
Subject: [PATCH 111/381] Migrate to modern rack-sanitizer.

---
 Gemfile               | 2 +-
 Gemfile.lock          | 8 ++++----
 config/application.rb | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Gemfile b/Gemfile
index 93f1ef48b8e..098e04bb9d2 100644
--- a/Gemfile
+++ b/Gemfile
@@ -31,7 +31,7 @@ gem "pg", "~> 1.5"
 gem "puma", "~> 6.4"
 gem "rack", "~> 3.1"
 gem "rackup", "~> 2.1"
-gem "rack-utf8_sanitizer", "~> 1.8"
+gem "rack-sanitizer", "~> 2.0"
 gem "rbtrace", "~> 0.5.1"
 gem "rdoc", "~> 6.7"
 gem "roadie-rails", "~> 3.2"
diff --git a/Gemfile.lock b/Gemfile.lock
index 852608207c4..3ee74086716 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -531,12 +531,12 @@ GEM
     rack-protection (4.0.0)
       base64 (>= 0.1.0)
       rack (>= 3.0.0, < 4)
+    rack-sanitizer (2.0.2)
+      rack (>= 1.0, < 4.0)
     rack-session (2.0.0)
       rack (>= 3.0.0)
     rack-test (2.1.0)
       rack (>= 1.3)
-    rack-utf8_sanitizer (1.9.1)
-      rack (>= 1.0, < 4.0)
     rackup (2.1.0)
       rack (>= 3)
       webrick (~> 1.8)
@@ -868,8 +868,8 @@ DEPENDENCIES
   pundit (~> 2.3)
   rack (~> 3.1)
   rack-attack (~> 6.6)
+  rack-sanitizer (~> 2.0)
   rack-test (~> 2.1)
-  rack-utf8_sanitizer (~> 1.8)
   rackup (~> 2.1)
   rails (~> 7.1.0, >= 7.1.3.2)
   rails-controller-testing (~> 1.0)
@@ -1112,9 +1112,9 @@ CHECKSUMS
   rack-attack (6.7.0) sha256=3ca47e8f66cd33b2c96af53ea4754525cd928ed3fa8da10ee6dad0277791d77c
   rack-oauth2 (2.2.1) sha256=c73aa87c508043e2258f02b4fb110cacba9b37d2ccf884e22487d014a120d1a5
   rack-protection (4.0.0) sha256=d0db6185caa46a8c0d134c2c6b4803f4f392a67b2984da311409cb505f67bbf6
+  rack-sanitizer (2.0.2) sha256=a4881a8955d7671c9245c198895afb91114462b190462dc941c9a49a6858d039
   rack-session (2.0.0) sha256=db04b2063e180369192a9046b4559af311990af38c6a93d4c600cee4eb6d4e81
   rack-test (2.1.0) sha256=0c61fc61904049d691922ea4bb99e28004ed3f43aa5cfd495024cc345f125dfb
-  rack-utf8_sanitizer (1.9.1) sha256=6414b70172f5678e23044abf1d00f6a32e62a335507c9548bc5caf9e3bff6da0
   rackup (2.1.0) sha256=6ecb884a581990332e45ee17bdfdc14ccbee46c2f710ae1566019907869a6c4d
   rails (7.1.3.4) sha256=3a7fca9df74ee641dc1e89b8302ac6d03f22883de771e786a0e9f3094e5aa6ad
   rails-controller-testing (1.0.5) sha256=741448db59366073e86fc965ba403f881c636b79a2c39a48d0486f2607182e94
diff --git a/config/application.rb b/config/application.rb
index 548551b8d00..340006377d5 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -44,7 +44,7 @@ class Application < Rails::Application
     config.i18n.available_locales = [:en, :nl, "zh-CN", "zh-TW", "pt-BR", :fr, :es, :de, :ja]
     config.i18n.fallbacks = [:en]
 
-    config.middleware.insert 0, Rack::UTF8Sanitizer
+    config.middleware.insert 0, Rack::Sanitizer
     config.middleware.use Rack::Attack
     config.middleware.use Rack::Deflater
 

From 19eb5578205ee2e4692c7027ebb4e6ac776a2472 Mon Sep 17 00:00:00 2001
From: Robby Russell <robby@planetargon.com>
Date: Tue, 30 Jul 2024 13:34:17 -0700
Subject: [PATCH 112/381] Providing some context to how long ago a version was
 released (#4352)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Providing some context to how long ago a version was released when viewing any gem version.

* Updating class name to rubygem version and reducing font size to fit longer timespans.

* Migrate to local_time gem and local_time JS.

---------

Co-authored-by: Josef Šimánek <josef.simanek@gmail.com>
---
 Gemfile                                | 1 +
 Gemfile.lock                           | 3 +++
 app/assets/stylesheets/modules/gem.css | 8 ++++++++
 app/javascript/application.js          | 4 ++++
 app/views/rubygems/_aside.html.erb     | 8 ++++++++
 config/importmap.rb                    | 1 +
 config/locales/de.yml                  | 1 +
 config/locales/en.yml                  | 1 +
 config/locales/es.yml                  | 1 +
 config/locales/fr.yml                  | 1 +
 config/locales/ja.yml                  | 1 +
 config/locales/nl.yml                  | 1 +
 config/locales/pt-BR.yml               | 1 +
 config/locales/zh-CN.yml               | 1 +
 config/locales/zh-TW.yml               | 1 +
 vendor/javascript/local-time.js        | 2 ++
 16 files changed, 36 insertions(+)
 create mode 100644 vendor/javascript/local-time.js

diff --git a/Gemfile b/Gemfile
index 098e04bb9d2..88d25bbed39 100644
--- a/Gemfile
+++ b/Gemfile
@@ -80,6 +80,7 @@ gem "observer", "~> 0.1.2" # launchdarkly-server-sdk-8.0.0
 gem "sprockets-rails", "~> 3.5"
 gem "importmap-rails", "~> 2.0"
 gem "stimulus-rails", "~> 1.3" # this adds stimulus-loading.js so it must be available at runtime
+gem "local_time", "~> 3.0"
 gem "better_html", "~> 2.1"
 
 group :assets, :development do
diff --git a/Gemfile.lock b/Gemfile.lock
index 3ee74086716..68483732a4d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -369,6 +369,7 @@ GEM
     llhttp-ffi (0.5.0)
       ffi-compiler (~> 1.0)
       rake (~> 13.0)
+    local_time (3.0.2)
     logger (1.6.0)
     loofah (2.22.0)
       crass (~> 1.0.2)
@@ -841,6 +842,7 @@ DEPENDENCIES
   letter_opener (~> 1.10)
   letter_opener_web (~> 3.0)
   listen (~> 3.9)
+  local_time (~> 3.0)
   lookbook (~> 2.3)
   mail (~> 2.8)
   maintenance_tasks (~> 2.7)
@@ -1046,6 +1048,7 @@ CHECKSUMS
   libddwaf (1.14.0.0.0) sha256=b91ea9675f7d79d1cd10dd6513e3706760ac442cb8902164fbcef79b7082a8fd
   listen (3.9.0) sha256=db9e4424e0e5834480385197c139cb6b0ae0ef28cc13310cfd1ca78377d59c67
   llhttp-ffi (0.5.0) sha256=496f40ad44bcbf99de02da1f26b1ad64e6593cd487b931508a86228e2a3af0fa
+  local_time (3.0.2) sha256=cb8abb2d56726ae285d00b0bd7f4c34bafc38c0c1cbc70ddc28f3a5661168d9d
   logger (1.6.0) sha256=0ab7c120262dd8de2a18cb8d377f1f318cbe98535160a508af9e7710ff43ef3e
   loofah (2.22.0) sha256=10d76e070c86b12fec74b6a9515fd1940f4459198b991342d0a7897d86c372fe
   lookbook (2.3.2) sha256=abcdefeb13d9150ab30ab8022a2f459db85cbd02e90a0e8e066b32f9048e160a
diff --git a/app/assets/stylesheets/modules/gem.css b/app/assets/stylesheets/modules/gem.css
index 22c4eba7734..f04b793d00e 100644
--- a/app/assets/stylesheets/modules/gem.css
+++ b/app/assets/stylesheets/modules/gem.css
@@ -96,6 +96,14 @@
   font-size: 18px;
   color: #141c22; }
 
+.gem__rubygem-version-age {
+  margin-top: 10px;
+  margin-bottom: 30px;
+  display: block;
+  font-weight: 800;
+  font-size: 14px;
+  color: #141c22; }
+
 .gem__code-wrap {
   margin-top: 12px;
   position: relative;
diff --git a/app/javascript/application.js b/app/javascript/application.js
index 25a991a9917..338c6f33691 100644
--- a/app/javascript/application.js
+++ b/app/javascript/application.js
@@ -1,6 +1,10 @@
 // Configure your import map in config/importmap.rb. Read more: https://github.com/rails/importmap-rails
 import Rails from "@rails/ujs";
 Rails.start();
+
+import LocalTime from "local-time"
+LocalTime.start()
+
 import "controllers"
 
 import "src/clipboard_buttons";
diff --git a/app/views/rubygems/_aside.html.erb b/app/views/rubygems/_aside.html.erb
index f12a8e7b4e9..9073ea0e1ee 100644
--- a/app/views/rubygems/_aside.html.erb
+++ b/app/views/rubygems/_aside.html.erb
@@ -15,6 +15,14 @@
       <span class="gem__downloads"><%= number_with_delimiter(@latest_version.downloads_count) %></span>
     </h2>
   </div>
+
+  <h2 class="gem__ruby-version__heading t-list__heading">
+    <%= t('.gem_version_age') %>:
+    <span class="gem__rubygem-version-age">
+      <p><%= local_time_ago(@latest_version.authored_at) %></p>
+    </span>
+  </h2>
+
   <h2 class="gem__ruby-version__heading t-list__heading">
     <%= pluralized_licenses_header @latest_version %>:
     <span class="gem__ruby-version">
diff --git a/config/importmap.rb b/config/importmap.rb
index c4acae20adf..d25a50aee3e 100644
--- a/config/importmap.rb
+++ b/config/importmap.rb
@@ -20,3 +20,4 @@
 # Avo custom JS entrypoint
 pin "avo.custom", preload: false
 pin "stimulus-rails-nested-form", preload: false # @4.1.0
+pin "local-time" # @3.0.2
diff --git a/config/locales/de.yml b/config/locales/de.yml
index 45dfb79110c..fdbace32003 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -723,6 +723,7 @@ de:
   rubygems:
     aside:
       downloads_for_this_version: Für diese Version
+      gem_version_age: Version veröffentlicht
       required_ruby_version: Erforderliche Ruby-Version
       required_rubygems_version:
       requires_mfa:
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 24b224df018..b3c9b6c60fd 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -636,6 +636,7 @@ en:
   rubygems:
     aside:
       downloads_for_this_version: For this version
+      gem_version_age: Version Released
       required_ruby_version: Required Ruby Version
       required_rubygems_version: Required Rubygems Version
       requires_mfa: New versions require MFA
diff --git a/config/locales/es.yml b/config/locales/es.yml
index 53126188d4b..4c4f5d65958 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -734,6 +734,7 @@ es:
   rubygems:
     aside:
       downloads_for_this_version: Para esta versión
+      gem_version_age: Versión publicada
       required_ruby_version: Versión de Ruby requerida
       required_rubygems_version: Versión de Rubygems requerida
       requires_mfa: Nuevas versiones requieren AMF
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index 6cf3dc8fa38..84a029f80e7 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -660,6 +660,7 @@ fr:
   rubygems:
     aside:
       downloads_for_this_version: Pour cette version
+      gem_version_age: Version publiée
       required_ruby_version: Version de Ruby requise
       required_rubygems_version:
       requires_mfa:
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index c07d1cfe93d..53e12fe4203 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -629,6 +629,7 @@ ja:
   rubygems:
     aside:
       downloads_for_this_version: このバージョンのみ
+      gem_version_age: 解放された
       required_ruby_version: 必要なRubyのバージョン
       required_rubygems_version: 必要なRubyGemsのバージョン
       requires_mfa: 新しいバージョンはMFAを必要とします
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index f4d63d2a5e7..2c41e12c4f2 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -628,6 +628,7 @@ nl:
   rubygems:
     aside:
       downloads_for_this_version: Voor deze versie
+      gem_version_age: Versie vrijgegeven
       required_ruby_version: Required Ruby Version
       required_rubygems_version: Required Rubygems Version
       requires_mfa:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index e095dd86717..34a5748e8d5 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -639,6 +639,7 @@ pt-BR:
   rubygems:
     aside:
       downloads_for_this_version: Desta versão
+      gem_version_age: Versão lançada
       required_ruby_version: Versão Requerida do Ruby
       required_rubygems_version: Versão Requerida do RubyGems
       requires_mfa:
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index 35eeae1c007..7bac93b6af7 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -636,6 +636,7 @@ zh-CN:
   rubygems:
     aside:
       downloads_for_this_version: 这个版本
+      gem_version_age: 版本发布
       required_ruby_version: 需要的 Ruby 版本
       required_rubygems_version: 需要的 RubyGems 版本
       requires_mfa: 新的版本需要开启多因素验证
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index dedf71f927f..3dca89fcae8 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -630,6 +630,7 @@ zh-TW:
   rubygems:
     aside:
       downloads_for_this_version: 這個版本
+      gem_version_age: 版本发布
       required_ruby_version: Ruby 版本需求
       required_rubygems_version: RubyGems 版本需求
       requires_mfa: 新版本需要 MFA
diff --git a/vendor/javascript/local-time.js b/vendor/javascript/local-time.js
new file mode 100644
index 00000000000..3776cc68e62
--- /dev/null
+++ b/vendor/javascript/local-time.js
@@ -0,0 +1,2 @@
+var t;t={config:{},run:function(){return this.getController().processElements()},process:function(...t){var e,r,a;for(r=0,a=t.length;r<a;r++)e=t[r],this.getController().processElement(e);return t.length},getController:function(){return null!=this.controller?this.controller:this.controller=new t.Controller}};var e,r,a,n,s,i,o,u,l,c,d,m,h,f,g,p,S,v,y,T,b,M,D,w,E,I,C,N,A,O,$,F,Y,k,W,L=t;L.config.useFormat24=!1,L.config.i18n={en:{date:{dayNames:["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],abbrDayNames:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],monthNames:["January","February","March","April","May","June","July","August","September","October","November","December"],abbrMonthNames:["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],yesterday:"yesterday",today:"today",tomorrow:"tomorrow",on:"on {date}",formats:{default:"%b %e, %Y",thisYear:"%b %e"}},time:{am:"am",pm:"pm",singular:"a {time}",singularAn:"an {time}",elapsed:"{time} ago",second:"second",seconds:"seconds",minute:"minute",minutes:"minutes",hour:"hour",hours:"hours",formats:{default:"%l:%M%P",default_24h:"%H:%M"}},datetime:{at:"{date} at {time}",formats:{default:"%B %e, %Y at %l:%M%P %Z",default_24h:"%B %e, %Y at %H:%M %Z"}}}},L.config.locale="en",L.config.defaultLocale="en",L.config.timerInterval=6e4,a=!isNaN(Date.parse("2011-01-01T12:00:00-05:00")),L.parseDate=function(t){return t=t.toString(),a||(t=r(t)),new Date(Date.parse(t))},e=/^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})(Z|[-+]?[\d:]+)$/,r=function(t){var r,a,n,s,i,o,u,l,c,d;if(s=t.match(e))return[r,c,o,a,n,i,l,d]=s,"Z"!==d&&(u=d.replace(":","")),`${c}/${o}/${a} ${n}:${i}:${l} GMT${[u]}`},L.elementMatchesSelector=(n=document.documentElement,s=null!=(i=null!=(o=null!=(u=null!=(l=n.matches)?l:n.matchesSelector)?u:n.webkitMatchesSelector)?o:n.mozMatchesSelector)?i:n.msMatchesSelector,function(t,e){if((null!=t?t.nodeType:void 0)===Node.ELEMENT_NODE)return s.call(t,e)}),({config:c}=L),({i18n:m}=c),L.getI18nValue=function(t="",{locale:e}={locale:c.locale}){var r;return null!=(r=d(m[e],t))?r:e!==c.defaultLocale?L.getI18nValue(t,{locale:c.defaultLocale}):void 0},L.translate=function(t,e={},r){var a,n,s;for(a in s=L.getI18nValue(t,r),e)n=e[a],s=s.replace(`{${a}}`,n);return s},d=function(t,e){var r,a,n,s,i;for(i=t,r=0,n=(s=e.split(".")).length;r<n;r++){if(null==i[a=s[r]])return null;i=i[a]}return i},({getI18nValue:f,translate:M}=L),b="function"==typeof("undefined"!=typeof Intl&&null!==Intl?Intl.DateTimeFormat:void 0),g={"Central European Standard Time":"CET","Central European Summer Time":"CEST","China Standard Time":"CST","Israel Daylight Time":"IDT","Israel Standard Time":"IST","Moscow Standard Time":"MSK","Philippine Standard Time":"PHT","Singapore Standard Time":"SGT","Western Indonesia Time":"WIB"},L.knownEdgeCaseTimeZones=g,L.strftime=T=function(t,e){var r,a,n,s,i,o,u;return a=t.getDay(),r=t.getDate(),i=t.getMonth(),u=t.getFullYear(),n=t.getHours(),s=t.getMinutes(),o=t.getSeconds(),e.replace(/%(-?)([%aAbBcdeHIlmMpPSwyYZ])/g,(function(e,l,c){switch(c){case"%":return"%";case"a":return f("date.abbrDayNames")[a];case"A":return f("date.dayNames")[a];case"b":return f("date.abbrMonthNames")[i];case"B":return f("date.monthNames")[i];case"c":return t.toString();case"d":return p(r,l);case"e":return r;case"H":return p(n,l);case"I":return p(T(t,"%l"),l);case"l":return 0===n||12===n?12:(n+12)%12;case"m":return p(i+1,l);case"M":return p(s,l);case"p":return M("time."+(n>11?"pm":"am")).toUpperCase();case"P":return M("time."+(n>11?"pm":"am"));case"S":return p(o,l);case"w":return a;case"y":return p(u%100,l);case"Y":return u;case"Z":return S(t)}}))},p=function(t,e){return"-"===e?t:`0${t}`.slice(-2)},S=function(t){var e,r,a;return(r=h(t))?g[r]:(a=y(t,{allowGMT:!1}))||(a=v(t))?a:(e=y(t,{allowGMT:!0}))?e:""},h=function(t){return Object.keys(g).find((function(e){return b?new Date(t).toLocaleString("en-US",{timeZoneName:"long"}).includes(e):t.toString().includes(e)}))},y=function(t,{allowGMT:e}){var r;if(b&&(r=new Date(t).toLocaleString("en-US",{timeZoneName:"short"}).split(" ").pop(),e||!r.includes("GMT")))return r},v=function(t){var e,r,a,n,s;return(e=null!=(r=(s=t.toString()).match(/\(([\w\s]+)\)$/))?r[1]:void 0)?/\s/.test(e)?e.match(/\b(\w)/g).join(""):e:(e=null!=(a=s.match(/(\w{3,4})\s\d{4}$/))?a[1]:void 0)||(e=null!=(n=s.match(/(UTC[\+\-]\d+)/))?n[1]:void 0)?e:void 0},L.CalendarDate=class{static fromDate(t){return new this(t.getFullYear(),t.getMonth()+1,t.getDate())}static today(){return this.fromDate(new Date)}constructor(t,e,r){this.date=new Date(Date.UTC(t,e-1)),this.date.setUTCDate(r),this.year=this.date.getUTCFullYear(),this.month=this.date.getUTCMonth()+1,this.day=this.date.getUTCDate(),this.value=this.date.getTime()}equals(t){return(null!=t?t.value:void 0)===this.value}is(t){return this.equals(t)}isToday(){return this.is(this.constructor.today())}occursOnSameYearAs(t){return this.year===(null!=t?t.year:void 0)}occursThisYear(){return this.occursOnSameYearAs(this.constructor.today())}daysSince(t){if(t)return(this.date-t.date)/864e5}daysPassed(){return this.constructor.today().daysSince(this)}},({strftime:E,translate:I,getI18nValue:w,config:D}=L),L.RelativeTime=class{constructor(t){this.date=t,this.calendarDate=L.CalendarDate.fromDate(this.date)}toString(){var t,e;return(e=this.toTimeElapsedString())?I("time.elapsed",{time:e}):(t=this.toWeekdayString())?(e=this.toTimeString(),I("datetime.at",{date:t,time:e})):I("date.on",{date:this.toDateString()})}toTimeOrDateString(){return this.calendarDate.isToday()?this.toTimeString():this.toDateString()}toTimeElapsedString(){var t,e,r,a,n;return r=(new Date).getTime()-this.date.getTime(),a=Math.round(r/1e3),e=Math.round(a/60),t=Math.round(e/60),r<0?null:a<10?(n=I("time.second"),I("time.singular",{time:n})):a<45?`${a} ${I("time.seconds")}`:a<90?(n=I("time.minute"),I("time.singular",{time:n})):e<45?`${e} ${I("time.minutes")}`:e<90?(n=I("time.hour"),I("time.singularAn",{time:n})):t<24?`${t} ${I("time.hours")}`:""}toWeekdayString(){switch(this.calendarDate.daysPassed()){case 0:return I("date.today");case 1:return I("date.yesterday");case-1:return I("date.tomorrow");case 2:case 3:case 4:case 5:case 6:return E(this.date,"%A");default:return""}}toDateString(){var t;return t=this.calendarDate.occursThisYear()?w("date.formats.thisYear"):w("date.formats.default"),E(this.date,t)}toTimeString(){var t;return t=D.useFormat24?"default_24h":"default",E(this.date,w(`time.formats.${t}`))}},({elementMatchesSelector:C}=L),L.PageObserver=class{constructor(t,e){this.processMutations=this.processMutations.bind(this),this.processInsertion=this.processInsertion.bind(this),this.selector=t,this.callback=e}start(){if(!this.started)return this.observeWithMutationObserver()||this.observeWithMutationEvent(),this.started=!0}observeWithMutationObserver(){if("undefined"!=typeof MutationObserver&&null!==MutationObserver)return new MutationObserver(this.processMutations).observe(document.documentElement,{childList:!0,subtree:!0}),!0}observeWithMutationEvent(){return addEventListener("DOMNodeInserted",this.processInsertion,!1),!0}findSignificantElements(t){var e;return e=[],(null!=t?t.nodeType:void 0)===Node.ELEMENT_NODE&&(C(t,this.selector)&&e.push(t),e.push(...t.querySelectorAll(this.selector))),e}processMutations(t){var e,r,a,n,s,i,o,u;for(e=[],r=0,n=t.length;r<n;r++)if("childList"===(i=t[r]).type)for(a=0,s=(u=i.addedNodes).length;a<s;a++)o=u[a],e.push(...this.findSignificantElements(o));return this.notify(e)}processInsertion(t){var e;return e=this.findSignificantElements(t.target),this.notify(e)}notify(t){if(null!=t?t.length:void 0)return"function"==typeof this.callback?this.callback(t):void 0}},({parseDate:O,strftime:$,getI18nValue:A,config:N}=L),L.Controller=function(){var t,e,r,a;return t="time[data-local]:not([data-localized])",e=function(t){return t.setAttribute("data-localized","")},r=function(t){return t.setAttribute("data-processed-at",(new Date).toISOString())},a=function(t){return new L.RelativeTime(t)},class{constructor(){this.processElements=this.processElements.bind(this),this.pageObserver=new L.PageObserver(t,this.processElements)}start(){if(!this.started)return this.processElements(),this.startTimer(),this.pageObserver.start(),this.started=!0}startTimer(){var t;if(t=N.timerInterval)return null!=this.timer?this.timer:this.timer=setInterval(this.processElements,t)}processElements(e=document.querySelectorAll(t)){var r,a,n;for(a=0,n=e.length;a<n;a++)r=e[a],this.processElement(r);return e.length}processElement(t){var n,s,i,o,u,l;if(n=t.getAttribute("datetime"),i=t.getAttribute("data-local"),s=N.useFormat24&&t.getAttribute("data-format24")||t.getAttribute("data-format"),o=O(n),!isNaN(o))return t.hasAttribute("title")||(l=N.useFormat24?"default_24h":"default",u=$(o,A(`datetime.formats.${l}`)),t.setAttribute("title",u)),r(t),t.textContent=function(){switch(i){case"time":return e(t),$(o,s);case"date":return e(t),a(o).toDateString();case"time-ago":return a(o).toString();case"time-or-date":return a(o).toTimeOrDateString();case"weekday":return a(o).toWeekdayString();case"weekday-or-date":return a(o).toWeekdayString()||a(o).toDateString()}}()}}}.call(window),W=!1,F=function(){return document.attachEvent?"complete"===document.readyState:"loading"!==document.readyState},Y=function(t){var e;return null!=(e="function"==typeof requestAnimationFrame?requestAnimationFrame(t):void 0)?e:setTimeout(t,17)},k=function(){return L.getController().start()},L.start=function(){return W?L.run():(W=!0,"undefined"!=typeof MutationObserver&&null!==MutationObserver||F()?k():Y(k))},L.processing=function(){return L.getController().started},window.LocalTime===L&&L.start();export{L as default};
+

From f8771330fd89138252a7d20a62b9b1b34e9b6d8b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 31 Jul 2024 10:27:55 -0700
Subject: [PATCH 113/381] Bump tailwindcss-rails from 2.6.4 to 2.6.5 (#4935)

Bumps [tailwindcss-rails](https://github.com/rails/tailwindcss-rails) from 2.6.4 to 2.6.5.
- [Release notes](https://github.com/rails/tailwindcss-rails/releases)
- [Changelog](https://github.com/rails/tailwindcss-rails/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/tailwindcss-rails/compare/v2.6.4...v2.6.5)

---
updated-dependencies:
- dependency-name: tailwindcss-rails
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 68483732a4d..4eb3891f6cf 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -518,7 +518,7 @@ GEM
       activesupport (>= 3.0.0)
     pwned (2.3.0)
     raabro (1.4.0)
-    racc (1.8.0)
+    racc (1.8.1)
     rack (3.1.7)
     rack-attack (6.7.0)
       rack (>= 1.0, < 4)
@@ -725,7 +725,7 @@ GEM
       attr_required (>= 0.0.5)
       faraday (~> 2.0)
       faraday-follow_redirects
-    tailwindcss-rails (2.6.4)
+    tailwindcss-rails (2.6.5)
       railties (>= 7.0.0)
     terser (1.2.3)
       execjs (>= 0.3.0, < 3)
@@ -792,7 +792,7 @@ GEM
     xpath (3.2.0)
       nokogiri (~> 1.8)
     yard (0.9.36)
-    zeitwerk (2.6.16)
+    zeitwerk (2.6.17)
     zlib (3.1.1)
 
 PLATFORMS
@@ -1110,7 +1110,7 @@ CHECKSUMS
   pundit (2.3.2) sha256=7ca09a5801ebaedad1966f7eb0b1c52ecb8c94b3b6ab70122cb22856ac187fa3
   pwned (2.3.0) sha256=63f5a9576f109203684e9dd053f815649fd5bc0a0348b7190568272641b22353
   raabro (1.4.0) sha256=d4fa9ff5172391edb92b242eed8be802d1934b1464061ae5e70d80962c5da882
-  racc (1.8.0) sha256=09349a65c37c4fe710a435f25c9f1652e39f29ad6b1fa08d4a8d30c0553d3a08
+  racc (1.8.1) sha256=4a7f6929691dbec8b5209a0b373bc2614882b55fc5d2e447a21aaa691303d62f
   rack (3.1.7) sha256=0e9982db4ea9013326788ca2a7f48e32a4e746765e7c3512d424ef0dd22ae58b
   rack-attack (6.7.0) sha256=3ca47e8f66cd33b2c96af53ea4754525cd928ed3fa8da10ee6dad0277791d77c
   rack-oauth2 (2.2.1) sha256=c73aa87c508043e2258f02b4fb110cacba9b37d2ccf884e22487d014a120d1a5
@@ -1186,7 +1186,7 @@ CHECKSUMS
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d
   strscan (3.1.0) sha256=01b8a81d214fbf7b5308c6fb51b5972bbfc4a6aa1f166fd3618ba97e0fcd5555
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
-  tailwindcss-rails (2.6.4) sha256=175cd2009a6a27b10d16772c072c44974e03a6516e58beb37f185d6bfcd7ebe5
+  tailwindcss-rails (2.6.5) sha256=4548b1c7232ca5fbebac875181354948fa8540e213555b997c55b87ded332f51
   terser (1.2.3) sha256=c03111b9b01a7e70cd456b5d9aedf0a56fb99314a19311c4278c01ccebe3da9c
   thor (1.3.1) sha256=fa7e3471d4f6a27138e3d9c9b0d4daac9c3d7383927667ae83e9ab42ae7401ef
   tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c
@@ -1215,7 +1215,7 @@ CHECKSUMS
   xml-simple (1.1.9) sha256=d21131e519c86f1a5bc2b6d2d57d46e6998e47f18ed249b25cad86433dbd695d
   xpath (3.2.0) sha256=6dfda79d91bb3b949b947ecc5919f042ef2f399b904013eb3ef6d20dd3a4082e
   yard (0.9.36) sha256=5505736c1b00c926f71053a606ab75f02070c5960d0778b901fe9d8b0a470be4
-  zeitwerk (2.6.16) sha256=17df48537f09a937804f79bd9a92817da3b199e268634972d0e98a21ca588e21
+  zeitwerk (2.6.17) sha256=0895160c92ea5ffc88c38556fbbca798b61164daca97461ab5f47b8a07fb2aac
   zlib (3.1.1) sha256=f61bb03139bbe256c36ba99ef9fece1fb223e9034ed9e5fa3ddb1588d99abc71
 
 RUBY VERSION

From 72f20acaebf451011707d944a9dfb03679efb3e6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 31 Jul 2024 17:37:07 +0000
Subject: [PATCH 114/381] Bump faraday from 2.10.0 to 2.10.1 (#4936)

Bumps [faraday](https://github.com/lostisland/faraday) from 2.10.0 to 2.10.1.
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lostisland/faraday/compare/v2.10.0...v2.10.1)

---
updated-dependencies:
- dependency-name: faraday
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 4eb3891f6cf..c122d9cbf87 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -240,14 +240,14 @@ GEM
     factory_bot_rails (6.4.3)
       factory_bot (~> 6.4)
       railties (>= 5.0.0)
-    faraday (2.10.0)
+    faraday (2.10.1)
       faraday-net_http (>= 2.0, < 3.2)
       logger
     faraday-follow_redirects (0.3.0)
       faraday (>= 1, < 3)
     faraday-multipart (1.0.4)
       multipart-post (~> 2)
-    faraday-net_http (3.1.0)
+    faraday-net_http (3.1.1)
       net-http
     faraday-retry (2.2.1)
       faraday (~> 2.0)
@@ -997,10 +997,10 @@ CHECKSUMS
   execjs (2.9.1) sha256=e8fd066f6df60c8e8fbebc32c6fb356b5212c77374e8416a9019ca4bb154dcfb
   factory_bot (6.4.5) sha256=d71dd29bc95f0ec2bf27e3dd9b1b4d557bd534caca744663cb7db4bacf3198be
   factory_bot_rails (6.4.3) sha256=ea73ceac1c0ff3dc11fff390bf2ea8a2604066525ed8ecd3b3bc2c267226dcc8
-  faraday (2.10.0) sha256=1a3e6c02acc511fc334d799521f1013e449bde38aa2dceb3af71e8030519bda9
+  faraday (2.10.1) sha256=6bc9fba3f6191684449d94215195b2c43e2a07bd40b321d245881450923d9a80
   faraday-follow_redirects (0.3.0) sha256=d92d975635e2c7fe525dd494fcd4b9bb7f0a4a0ec0d5f4c15c729530fdb807f9
   faraday-multipart (1.0.4) sha256=9012021ab57790f7d712f590b48d5f948b19b43cfa11ca83e6459f06090b0725
-  faraday-net_http (3.1.0) sha256=1627be414960d0131691190ff524506ba6607402a50fb6eccda9e64ca60f859f
+  faraday-net_http (3.1.1) sha256=da93f0f426f4de2c09af0a9a95887726da7889b76eca2a2aff0ce5e66e768938
   faraday-retry (2.2.1) sha256=4146fed14549c0580bf14591fca419a40717de0dd24f267a8ec2d9a728677608
   faraday_middleware-aws-sigv4 (1.0.1) sha256=a001ea4f687ca1c60bad8f2a627196905ce3dbf285e461dc153240e92eaabe8f
   ffi (1.17.0) sha256=51630e43425078311c056ca75f961bb3bda1641ab36e44ad4c455e0b0e4a231c

From 4c4a00840c23338b7867e0a290b354e7a7847eb0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Aug 2024 18:29:45 +0000
Subject: [PATCH 115/381] Bump autoprefixer-rails from 10.4.16.0 to 10.4.19.0
 (#4938)

Bumps [autoprefixer-rails](https://github.com/ai/autoprefixer-rails) from 10.4.16.0 to 10.4.19.0.
- [Changelog](https://github.com/ai/autoprefixer-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ai/autoprefixer-rails/compare/10.4.16.0...10.4.19.0)

---
updated-dependencies:
- dependency-name: autoprefixer-rails
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index c122d9cbf87..1a31ccc5502 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -91,7 +91,7 @@ GEM
       ffi-compiler (~> 1.0)
     ast (2.4.2)
     attr_required (1.0.2)
-    autoprefixer-rails (10.4.16.0)
+    autoprefixer-rails (10.4.19.0)
       execjs (~> 2)
     avo (2.51.0)
       actionview (>= 6.0)
@@ -935,7 +935,7 @@ CHECKSUMS
   argon2 (2.3.0) sha256=980ef65172bf512ad37b6cbb0d61eef40b6dccab6a7db4e70557527e1dce9557
   ast (2.4.2) sha256=1e280232e6a33754cde542bc5ef85520b74db2aac73ec14acef453784447cc12
   attr_required (1.0.2) sha256=f0ebfc56b35e874f4d0ae799066dbc1f81efefe2364ca3803dc9ea6a4de6cb99
-  autoprefixer-rails (10.4.16.0) sha256=40c4b14d6f26f66026cd0d4631baf18d6c56aab425b36059c8abbda17f19a706
+  autoprefixer-rails (10.4.19.0) sha256=ccd21f47e5a07a581c7d239025e0d8d06a005825e96e06f72382d818fe665f4e
   avo (2.51.0) sha256=0d5785cda01b5b0d2575e7419cda4dc7a5d7805068f160d48ecc7458ee74ec03
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f

From cb42ba828981ea17b427408aed47207a0f5ecb13 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Aug 2024 18:30:09 +0000
Subject: [PATCH 116/381] Bump sprockets-rails from 3.5.1 to 3.5.2 (#4937)

Bumps [sprockets-rails](https://github.com/rails/sprockets-rails) from 3.5.1 to 3.5.2.
- [Release notes](https://github.com/rails/sprockets-rails/releases)
- [Commits](https://github.com/rails/sprockets-rails/compare/v3.5.1...v3.5.2)

---
updated-dependencies:
- dependency-name: sprockets-rails
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 1a31ccc5502..6ef6034671d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -709,7 +709,7 @@ GEM
     sprockets (4.2.1)
       concurrent-ruby (~> 1.0)
       rack (>= 2.2.4, < 4)
-    sprockets-rails (3.5.1)
+    sprockets-rails (3.5.2)
       actionpack (>= 6.1)
       activesupport (>= 6.1)
       sprockets (>= 3.0.0)
@@ -1179,7 +1179,7 @@ CHECKSUMS
   smart_properties (1.17.0) sha256=f9323f8122e932341756ddec8e0ac9ec6e238408a7661508be99439ca6d6384b
   snaky_hash (2.0.1) sha256=1ac87ec157fcfe7a460e821e0cd48ae1e6f5e3e082ab520f03f31a9259dbdc31
   sprockets (4.2.1) sha256=951b13dd2f2fcae840a7184722689a803e0ff9d2702d902bd844b196da773f97
-  sprockets-rails (3.5.1) sha256=c44626cb3887a1a8b572ca258685db33b4ebd041aa73428a716eac444ee5ef48
+  sprockets-rails (3.5.2) sha256=a9e88e6ce9f8c912d349aa5401509165ec42326baf9e942a85de4b76dbc4119e
   statsd-instrument (3.8.0) sha256=122e294845d9a05a74fa53a859010424b455b44f1605abac3108fbbabb2aa7cd
   stimulus-rails (1.3.3) sha256=4d1f9ab1d64e605f4c9cdd4cc530a9538b510606d32d02249d106256845c562c
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e

From d916a5b00e7a1dcface111ed12fa89028f9b8e13 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 2 Aug 2024 01:55:13 +0000
Subject: [PATCH 117/381] Bump google-protobuf from 4.27.2 to 4.27.3 (#4939)

Bumps [google-protobuf](https://github.com/protocolbuffers/protobuf) from 4.27.2 to 4.27.3.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

---
updated-dependencies:
- dependency-name: google-protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 6ef6034671d..c3623244648 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -274,7 +274,7 @@ GEM
       fugit (>= 1.1)
       railties (>= 6.0.0)
       thor (>= 0.14.1)
-    google-protobuf (4.27.2)
+    google-protobuf (4.27.3)
       bigdecimal
       rake (>= 13)
     gravtastic (3.2.6)
@@ -1010,7 +1010,7 @@ CHECKSUMS
   get_process_mem (0.2.7) sha256=4afd3c3641dd6a817c09806c7d6d509d8a9984512ac38dea8b917426bbf77eba
   globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9
   good_job (3.99.1) sha256=7d3869d8a8ee8ef7048fee5d746f41c21987b7822c20038a2f773036bef0830a
-  google-protobuf (4.27.2) sha256=9f69eb20acde6e3cf3cd197c09f38911cd7eed5fdf1bf4d4bce4c55e9dc9966f
+  google-protobuf (4.27.3) sha256=e780c9e9a70ff13d919dc1284d74d446134150263a44c05126e122cd0737c017
   gravtastic (3.2.6) sha256=ef98abcecf7c402b61cff1ae7c50a2c6d97dd22bac21ea9b421ce05bc03d734f
   groupdate (6.4.0) sha256=65940645bf2a48f9b2d10ab7a1d19bdc78f3c89559d8fce39cea3448a15aec54
   hashdiff (1.1.0) sha256=b5465f0e7375f1ee883f53a766ece4dbc764b7674a7c5ffd76e79b2f5f6fc9c9

From 6eb69d65893a0c81f672675590afa10363c2e79b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 2 Aug 2024 01:56:19 +0000
Subject: [PATCH 118/381] Bump rexml from 3.3.2 to 3.3.3

Bumps [rexml](https://github.com/ruby/rexml) from 3.3.2 to 3.3.3.
- [Release notes](https://github.com/ruby/rexml/releases)
- [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md)
- [Commits](https://github.com/ruby/rexml/compare/v3.3.2...v3.3.3)

---
updated-dependencies:
- dependency-name: rexml
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index c3623244648..9f0a1a0abd8 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -601,7 +601,7 @@ GEM
     regexp_parser (2.9.2)
     reline (0.5.9)
       io-console (~> 0.5)
-    rexml (3.3.2)
+    rexml (3.3.3)
       strscan
     roadie (5.2.1)
       css_parser (~> 1.4)
@@ -1136,7 +1136,7 @@ CHECKSUMS
   redcarpet (3.6.0) sha256=8ad1889c0355ff4c47174af14edd06d62f45a326da1da6e8a121d59bdcd2e9e9
   regexp_parser (2.9.2) sha256=5a27e767ad634f8a4b544520d5cd28a0db7aa1198a5d7c9d7e11d7b3d9066446
   reline (0.5.9) sha256=5d2dd7ed0fd078e79a05e4eaa47dc91b8dacec7358e9e1dd6d9c4636cff7d378
-  rexml (3.3.2) sha256=4513686f858d0ff2e5a412d734c8a192e16cb1df4cb2063f56b72a8ad4c5257f
+  rexml (3.3.3) sha256=48c0cd98219cd8d6320b046c9b416288a043bee46047591721b03137dc660015
   roadie (5.2.1) sha256=e4a4f61ce792bd91b228b6844b4bad6b160cdc1b8df86c81a8b983082a5001d6
   roadie-rails (3.2.0) sha256=90a534857fcfe9fdbe4f9ebfdbc47e5d33462c4f36f478fc80ba6a7b6257433f
   rotp (6.3.0) sha256=75d40087e65ed0d8022c33055a6306c1c400d1c12261932533b5d6cbcd868854

From 6a5fa6b763a85c0d49dcdf9818581210bf1148a1 Mon Sep 17 00:00:00 2001
From: OKURA Masafumi <masafumi.o1988@gmail.com>
Date: Fri, 2 Aug 2024 20:27:50 +0900
Subject: [PATCH 119/381] Fix ja translation for gem_version_age

This is a followup of 19eb5578205ee2e4692c7027ebb4e6ac776a2472
---
 config/locales/ja.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index 53e12fe4203..a2c008f9079 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -629,7 +629,7 @@ ja:
   rubygems:
     aside:
       downloads_for_this_version: このバージョンのみ
-      gem_version_age: 解放された
+      gem_version_age: このバージョンがリリースされたのは
       required_ruby_version: 必要なRubyのバージョン
       required_rubygems_version: 必要なRubyGemsのバージョン
       requires_mfa: 新しいバージョンはMFAを必要とします

From b5662d7e0619a3ce40fca3930c91022d0494eff0 Mon Sep 17 00:00:00 2001
From: Colby Swandale <996377+colby-swandale@users.noreply.github.com>
Date: Fri, 9 Aug 2024 11:28:11 +1000
Subject: [PATCH 120/381] Resolve recovey code tests not working (#4950)

---
 app/javascript/src/multifactor_auths.js |  2 +-
 test/system/settings_test.rb            | 11 +++++------
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/app/javascript/src/multifactor_auths.js b/app/javascript/src/multifactor_auths.js
index 365d2db89e4..3802c978f1d 100644
--- a/app/javascript/src/multifactor_auths.js
+++ b/app/javascript/src/multifactor_auths.js
@@ -16,7 +16,7 @@ function confirmNoRecoveryCopy (e, from) {
   }
 }
 
-if($("#recovery-code-list").length){
+if (document.getElementById("recovery-code-list")) {
   new ClipboardJS(".recovery__copy__icon");
 
   $(".recovery__copy__icon").on("click", function(e){
diff --git a/test/system/settings_test.rb b/test/system/settings_test.rb
index 9a6b948f82c..b194a91a734 100644
--- a/test/system/settings_test.rb
+++ b/test/system/settings_test.rb
@@ -145,18 +145,17 @@ def otp_key
     click_button "Enable"
 
     check "ack"
-    confirm_text = dismiss_confirm do
-      visit root_path
+    dismiss_confirm("Leave without copying recovery codes?") do
+      click_on "Continue"
     end
 
-    assert_equal("", confirm_text)
     assert_equal recovery_multifactor_auth_path, page.current_path
 
-    accept_confirm do
-      visit root_path
+    accept_confirm("Leave without copying recovery codes?") do
+      click_on "Continue"
     end
 
-    assert_equal root_path, page.current_path
+    assert_equal edit_settings_path, page.current_path
   end
 
   test "shows 'ui only' if user's level is ui_only" do

From b2a6caad19c64efbe414080537bdab07d2e27577 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 11 Aug 2024 23:15:19 +0000
Subject: [PATCH 121/381] Bump tailwindcss-rails from 2.6.5 to 2.7.2 (#4952)

---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 88d25bbed39..e2c863eee57 100644
--- a/Gemfile
+++ b/Gemfile
@@ -84,7 +84,7 @@ gem "local_time", "~> 3.0"
 gem "better_html", "~> 2.1"
 
 group :assets, :development do
-  gem "tailwindcss-rails", "~> 2.6"
+  gem "tailwindcss-rails", "~> 2.7"
 end
 
 group :assets do
diff --git a/Gemfile.lock b/Gemfile.lock
index 9f0a1a0abd8..f9471eeeb69 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -725,7 +725,7 @@ GEM
       attr_required (>= 0.0.5)
       faraday (~> 2.0)
       faraday-follow_redirects
-    tailwindcss-rails (2.6.5)
+    tailwindcss-rails (2.7.2)
       railties (>= 7.0.0)
     terser (1.2.3)
       execjs (>= 0.3.0, < 3)
@@ -901,7 +901,7 @@ DEPENDENCIES
   statsd-instrument (~> 3.8)
   stimulus-rails (~> 1.3)
   strong_migrations (~> 2.0)
-  tailwindcss-rails (~> 2.6)
+  tailwindcss-rails (~> 2.7)
   terser (~> 1.2)
   timescaledb (~> 0.2)
   toxiproxy (~> 2.0)
@@ -1186,7 +1186,7 @@ CHECKSUMS
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d
   strscan (3.1.0) sha256=01b8a81d214fbf7b5308c6fb51b5972bbfc4a6aa1f166fd3618ba97e0fcd5555
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
-  tailwindcss-rails (2.6.5) sha256=4548b1c7232ca5fbebac875181354948fa8540e213555b997c55b87ded332f51
+  tailwindcss-rails (2.7.2) sha256=8ec3492fc6a1f5dfb8c1cae89b0f6db0d007c6dd5e6cafead7b6dea7ef738b83
   terser (1.2.3) sha256=c03111b9b01a7e70cd456b5d9aedf0a56fb99314a19311c4278c01ccebe3da9c
   thor (1.3.1) sha256=fa7e3471d4f6a27138e3d9c9b0d4daac9c3d7383927667ae83e9ab42ae7401ef
   tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c

From fdf41af9121200fce3f6e8c6d333c67cedb070ea Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 11 Aug 2024 23:31:23 +0000
Subject: [PATCH 122/381] Bump github/codeql-action from 3.25.15 to 3.26.0
 (#4949)

---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 2da37184725..e9c560332b6 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
+        uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
+        uses: github/codeql-action/autobuild@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
+        uses: github/codeql-action/analyze@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index ed918f9dde5..bc787758567 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
+        uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
         with:
           sarif_file: results.sarif

From 654ea940c9e6a8d6aa843b9b88dd4ed11573b7eb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 11 Aug 2024 23:31:36 +0000
Subject: [PATCH 123/381] Bump aws-sdk-s3 from 1.156.0 to 1.157.0 (#4943)

---
 Gemfile      |  2 +-
 Gemfile.lock | 18 +++++++++---------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/Gemfile b/Gemfile
index e2c863eee57..7520946e78c 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,7 +5,7 @@ ruby file: ".ruby-version"
 gem "rails", "~> 7.1.0", ">= 7.1.3.2"
 gem "rails-i18n", "~> 7.0"
 
-gem "aws-sdk-s3", "~> 1.156"
+gem "aws-sdk-s3", "~> 1.157"
 gem "aws-sdk-sqs", "~> 1.80"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.7"
diff --git a/Gemfile.lock b/Gemfile.lock
index f9471eeeb69..28dccc87dfb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -110,8 +110,8 @@ GEM
       zeitwerk (>= 2.6.2)
     awrence (1.2.1)
     aws-eventstream (1.3.0)
-    aws-partitions (1.950.0)
-    aws-sdk-core (3.201.0)
+    aws-partitions (1.963.0)
+    aws-sdk-core (3.201.4)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.8)
@@ -119,14 +119,14 @@ GEM
     aws-sdk-kms (1.88.0)
       aws-sdk-core (~> 3, >= 3.201.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.156.0)
+    aws-sdk-s3 (1.157.0)
       aws-sdk-core (~> 3, >= 3.201.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
     aws-sdk-sqs (1.80.0)
       aws-sdk-core (~> 3, >= 3.201.0)
       aws-sigv4 (~> 1.5)
-    aws-sigv4 (1.8.0)
+    aws-sigv4 (1.9.1)
       aws-eventstream (~> 1, >= 1.0.2)
     base64 (0.2.0)
     bcrypt (3.1.20)
@@ -803,7 +803,7 @@ DEPENDENCIES
   amazing_print (~> 1.6)
   autoprefixer-rails (~> 10.4)
   avo (~> 2.51)
-  aws-sdk-s3 (~> 1.156)
+  aws-sdk-s3 (~> 1.157)
   aws-sdk-sqs (~> 1.80)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
@@ -939,12 +939,12 @@ CHECKSUMS
   avo (2.51.0) sha256=0d5785cda01b5b0d2575e7419cda4dc7a5d7805068f160d48ecc7458ee74ec03
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
-  aws-partitions (1.950.0) sha256=b980ec8f8b014be08fe0f65182dee16afc06d04a2175177c17fa45eee44147ec
-  aws-sdk-core (3.201.0) sha256=18fda4d14362eea4cb0bff54bc68222bd46b5e705ec84468954aaf7cf9a8360c
+  aws-partitions (1.963.0) sha256=652945df9887bb9185fa36ac29eb63ab4e91622d3ceb79de21fea4bf425356ff
+  aws-sdk-core (3.201.4) sha256=5f1b8dd75abfe0694557471856cfcda97277a423b221fe9c286047e8ee60f82c
   aws-sdk-kms (1.88.0) sha256=13588d90df1eece81f6d79bd304b3857dc3168e7ea75c933b3b835cfe8a0e309
-  aws-sdk-s3 (1.156.0) sha256=9302da1d1a70363308854d5065035f6c72cf8b8af895d8789487cd5c6b076a46
+  aws-sdk-s3 (1.157.0) sha256=e1e0c7a268e710a7ccf4a0f9d2c33e3ca685b06968c3048d907e3a792580e990
   aws-sdk-sqs (1.80.0) sha256=ae0bdced7aa958ddd99d28f709abe244839d58fbf1f2a628bcd9a5629a7444c2
-  aws-sigv4 (1.8.0) sha256=84dd99768b91b93b63d1d8e53ee837cfd06ab402812772a7899a78f9f9117cbc
+  aws-sigv4 (1.9.1) sha256=7753e320c39f80f82f9e0883b30de0e7b99e756adbaedc80c50b6ad59d49c379
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507
   bcrypt (3.1.20) sha256=8410f8c7b3ed54a3c00cd2456bf13917d695117f033218e2483b2e40b0784099
   benchmark-ips (2.12.0) sha256=09dd4d5be05db42470e7e7b01be7310564073a054e35d9d9ec7840c523f3dbcb

From 5931a37b720d86ce1d57120dd4130a3291331f6d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 11 Aug 2024 23:31:50 +0000
Subject: [PATCH 124/381] Bump actions/upload-artifact from 4.3.4 to 4.3.6
 (#4948)

---
 .github/workflows/lint.yml | 2 +-
 .github/workflows/test.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index deb16137cf1..abdc49c3e62 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -60,7 +60,7 @@ jobs:
         env:
           ENVIRONMENT: "${{ matrix.environment }}"
           REVISION: "${{ github.sha }}"
-      - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+      - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           name: "${{ matrix.environment }}.rendered.yaml"
           path: "config/deploy/${{ matrix.environment }}.rendered.yaml"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index cc9fbc38ce6..43a3a1e7151 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -56,7 +56,7 @@ jobs:
 
       - name: Save capybara screenshots
         if: ${{ failure() && steps.test-all.outcome == 'failure' }}
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           name: capybara-screenshots-${{ matrix.tests.name }}-${{ matrix.rubygems.name }}
           path: tmp/capybara

From 28ea103248c2471cff0a998a9647c42ae4686b20 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 11 Aug 2024 23:32:59 +0000
Subject: [PATCH 125/381] Bump bootsnap from 1.18.3 to 1.18.4

Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.18.3 to 1.18.4.
- [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.18.3...v1.18.4)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 28dccc87dfb..6c788a2f3b4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -144,7 +144,7 @@ GEM
     bloomer (1.0.0)
       bitarray
       msgpack
-    bootsnap (1.18.3)
+    bootsnap (1.18.4)
       msgpack (~> 1.2)
     brakeman (6.1.2)
       racc
@@ -953,7 +953,7 @@ CHECKSUMS
   bindata (2.5.0) sha256=29dccb8ba1cc9de148f24bb88930840c62db56715f0f80eccadd624d9f3d2623
   bitarray (1.2.0) sha256=7f9f31fadbd87bf51544cf13058e81cd6ec408ff40f127902cef3d6767b23f11
   bloomer (1.0.0) sha256=57a0d3a78628db9a92c6723f06c67697e420abcdb05aa757c6dfae607251d272
-  bootsnap (1.18.3) sha256=d7b70de761e2fb1d63d21dd941b393c881c5cab5575211369cede788dfc034eb
+  bootsnap (1.18.4) sha256=ac4c42af397f7ee15521820198daeff545e4c360d2772c601fbdc2c07d92af55
   brakeman (6.1.2) sha256=7716769c18f2c4a52d7a74d2cb5a614be0c46d8aad3fbe7ca089dbb7c98bd4d3
   browser (6.0.0) sha256=0399f0f12c925e529aa995b096a3824384e00ea2c7241fbb4b707d2a25e87920
   builder (3.3.0) sha256=497918d2f9dca528fdca4b88d84e4ef4387256d984b8154e9d5d3fe5a9c8835f

From 406a0d09db752576166691f2c7fc914d5da840ac Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Mon, 12 Aug 2024 07:58:11 -0700
Subject: [PATCH 126/381] Fix minor inefficiency in rubygems controller (#4953)

---
 app/controllers/rubygems_controller.rb | 30 +++++++++++---------------
 1 file changed, 12 insertions(+), 18 deletions(-)

diff --git a/app/controllers/rubygems_controller.rb b/app/controllers/rubygems_controller.rb
index 2d0b9eb8709..e5a9ef07d30 100644
--- a/app/controllers/rubygems_controller.rb
+++ b/app/controllers/rubygems_controller.rb
@@ -1,9 +1,9 @@
 class RubygemsController < ApplicationController
   include LatestVersion
-  before_action :set_reserved_gem, only: %i[show security_events], if: :reserved?
-  before_action :find_rubygem, only: %i[show security_events], unless: :reserved?
-  before_action :latest_version, only: %i[show], unless: :reserved?
-  before_action :find_versioned_links, only: %i[show], unless: :reserved?
+  before_action :show_reserved_gem, only: %i[show security_events]
+  before_action :find_rubygem, only: %i[show security_events]
+  before_action :latest_version, only: %i[show]
+  before_action :find_versioned_links, only: %i[show]
   before_action :set_page, only: :index
   before_action :redirect_to_signin, unless: :signed_in?, only: %i[security_events]
 
@@ -21,16 +21,12 @@ def index
   end
 
   def show
-    if @reserved_gem
-      render "reserved"
+    @versions = @rubygem.public_versions.limit(5)
+    @adoption = @rubygem.ownership_call
+    if @versions.to_a.any?
+      render "show"
     else
-      @versions = @rubygem.public_versions.limit(5)
-      @adoption = @rubygem.ownership_call
-      if @versions.to_a.any?
-        render "show"
-      else
-        render "show_yanked"
-      end
+      render "show_yanked"
     end
   end
 
@@ -42,12 +38,10 @@ def security_events
 
   private
 
-  def reserved?
-    GemNameReservation.reserved?(params[:id])
-  end
-
-  def set_reserved_gem
+  def show_reserved_gem
+    return unless GemNameReservation.reserved?(params[:id])
     @reserved_gem = params[:id].downcase
+    render "reserved"
   end
 
   def gem_params

From 32450097c7db6aca74b24f7c0f88a31556ce7b50 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 12 Aug 2024 13:02:46 -0700
Subject: [PATCH 127/381] Bump shoulda-matchers from 6.2.0 to 6.3.0 (#4955)

---
 Gemfile      |  2 +-
 Gemfile.lock | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Gemfile b/Gemfile
index 7520946e78c..13a7670b642 100644
--- a/Gemfile
+++ b/Gemfile
@@ -134,7 +134,7 @@ group :test do
   gem "rails-controller-testing", "~> 1.0"
   gem "mocha", "~> 2.4", require: false
   gem "shoulda-context", "~> 3.0.0.rc1"
-  gem "shoulda-matchers", "~> 6.2"
+  gem "shoulda-matchers", "~> 6.3"
   gem "selenium-webdriver", "~> 4.23"
   gem "webmock", "~> 3.23"
   gem "simplecov", "~> 0.22", require: false
diff --git a/Gemfile.lock b/Gemfile.lock
index 6c788a2f3b4..cdd6d6ea4a1 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -175,7 +175,7 @@ GEM
       railties (>= 5.0)
     coderay (1.1.3)
     compact_index (0.15.0)
-    concurrent-ruby (1.3.3)
+    concurrent-ruby (1.3.4)
     connection_pool (2.4.1)
     cose (1.3.0)
       cbor (~> 0.5.9)
@@ -691,7 +691,7 @@ GEM
       concurrent-ruby
       thor
     shoulda-context (3.0.0.rc1)
-    shoulda-matchers (6.2.0)
+    shoulda-matchers (6.3.0)
       activesupport (>= 5.2.0)
     simplecov (0.22.0)
       docile (~> 1.1)
@@ -894,7 +894,7 @@ DEPENDENCIES
   selenium-webdriver (~> 4.23)
   shoryuken (~> 6.2)
   shoulda-context (~> 3.0.0.rc1)
-  shoulda-matchers (~> 6.2)
+  shoulda-matchers (~> 6.3)
   simplecov (~> 0.22)
   simplecov-cobertura (~> 2.1)
   sprockets-rails (~> 3.5)
@@ -967,7 +967,7 @@ CHECKSUMS
   clearance (2.7.2) sha256=68bb326c1045cf71e608b1a3a90b8144f06018458384769456ed335c6c254822
   coderay (1.1.3) sha256=dc530018a4684512f8f38143cd2a096c9f02a1fc2459edcfe534787a7fc77d4b
   compact_index (0.15.0) sha256=5c6c404afca8928a7d9f4dde9524f6e1610db17e675330803055db282da84a8b
-  concurrent-ruby (1.3.3) sha256=4f9cd28965c4dcf83ffd3ea7304f9323277be8525819cb18a3b61edcb56a7c6a
+  concurrent-ruby (1.3.4) sha256=d4aa926339b0a86b5b5054a0a8c580163e6f5dcbdfd0f4bb916b1a2570731c32
   connection_pool (2.4.1) sha256=0f40cf997091f1f04ff66da67eabd61a9fe0d4928b9a3645228532512fab62f4
   cose (1.3.0) sha256=63247c66a5bc76e53926756574fe3724cc0a88707e358c90532ae2a320e98601
   crack (1.0.0) sha256=c83aefdb428cdc7b66c7f287e488c796f055c0839e6e545fec2c7047743c4a49
@@ -1171,7 +1171,7 @@ CHECKSUMS
   semantic_logger (4.16.0) sha256=ffba0bd0e008ceaf6be26da588f610a61208b9a9f55676b32729e962904023d9
   shoryuken (6.2.1) sha256=95ddc0a717624a54e799d25a0a05100cb5a0c3728a96211935c214faaf16b3b6
   shoulda-context (3.0.0.rc1) sha256=6e0d9d52ab798c13bc2b490c8537d4bf30cfd318a1ea839c39a66d1d293c6a1a
-  shoulda-matchers (6.2.0) sha256=a702c059c5f3bbda2295827231a28654e33063d7c4d409662980ec630207d8dd
+  shoulda-matchers (6.3.0) sha256=b57b890b9c79d47bd209f6746d325d12089d9460707eb70a6cf2226e6fc32951
   simplecov (0.22.0) sha256=fe2622c7834ff23b98066bb0a854284b2729a569ac659f82621fc22ef36213a5
   simplecov-cobertura (2.1.0) sha256=2c6532e34df2e38a379d72cef9a05c3b16c64ce90566beebc6887801c4ad3f02
   simplecov-html (0.12.3) sha256=4b1aad33259ffba8b29c6876c12db70e5750cb9df829486e4c6e5da4fa0aa07b

From a2389da68f28d534be21d0a5092800ed300188e8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 12 Aug 2024 17:09:07 -0700
Subject: [PATCH 128/381] Bump clearance from 2.7.2 to 2.8.0 (#4954)

Bumps [clearance](https://github.com/thoughtbot/clearance) from 2.7.2 to 2.8.0.
- [Release notes](https://github.com/thoughtbot/clearance/releases)
- [Changelog](https://github.com/thoughtbot/clearance/blob/main/CHANGELOG.md)
- [Commits](https://github.com/thoughtbot/clearance/compare/v2.7.2...v2.8.0)

---
updated-dependencies:
- dependency-name: clearance
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 13a7670b642..40d4e1b3119 100644
--- a/Gemfile
+++ b/Gemfile
@@ -8,7 +8,7 @@ gem "rails-i18n", "~> 7.0"
 gem "aws-sdk-s3", "~> 1.157"
 gem "aws-sdk-sqs", "~> 1.80"
 gem "bootsnap", "~> 1.18"
-gem "clearance", "~> 2.7"
+gem "clearance", "~> 2.8"
 gem "dalli", "~> 3.2"
 gem "datadog", "~> 2.2"
 gem "dogstatsd-ruby", "~> 5.5"
diff --git a/Gemfile.lock b/Gemfile.lock
index cdd6d6ea4a1..eec137a74c0 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -165,7 +165,7 @@ GEM
     childprocess (5.0.0)
     choice (0.2.0)
     chunky_png (1.4.0)
-    clearance (2.7.2)
+    clearance (2.8.0)
       actionmailer (>= 5.0)
       activemodel (>= 5.0)
       activerecord (>= 5.0)
@@ -812,7 +812,7 @@ DEPENDENCIES
   browser (~> 6.0)
   capybara (~> 3.40)
   chartkick (~> 5.0)
-  clearance (~> 2.7)
+  clearance (~> 2.8)
   compact_index (~> 0.15.0)
   csv (~> 3.3)
   dalli (~> 3.2)
@@ -964,7 +964,7 @@ CHECKSUMS
   childprocess (5.0.0) sha256=0746b7ab1d6c68156e64a3767631d7124121516192c0492929a7f0af7310d835
   choice (0.2.0) sha256=a19617f7dfd4921b38a85d0616446620de685a113ec6d1ecc85bdb67bf38c974
   chunky_png (1.4.0) sha256=89d5b31b55c0cf4da3cf89a2b4ebc3178d8abe8cbaf116a1dba95668502fdcfe
-  clearance (2.7.2) sha256=68bb326c1045cf71e608b1a3a90b8144f06018458384769456ed335c6c254822
+  clearance (2.8.0) sha256=ec89e99f737a1b115a30624d27daa0501830a991acd93aa0eef7f2414540df52
   coderay (1.1.3) sha256=dc530018a4684512f8f38143cd2a096c9f02a1fc2459edcfe534787a7fc77d4b
   compact_index (0.15.0) sha256=5c6c404afca8928a7d9f4dde9524f6e1610db17e675330803055db282da84a8b
   concurrent-ruby (1.3.4) sha256=d4aa926339b0a86b5b5054a0a8c580163e6f5dcbdfd0f4bb916b1a2570731c32

From b8e806e930dc9636d17c4a986ded4e72abbc5ba7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Aug 2024 21:58:18 +0000
Subject: [PATCH 129/381] Bump shoulda-matchers from 6.3.0 to 6.3.1 (#4956)

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index eec137a74c0..204b9535ab5 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -691,7 +691,7 @@ GEM
       concurrent-ruby
       thor
     shoulda-context (3.0.0.rc1)
-    shoulda-matchers (6.3.0)
+    shoulda-matchers (6.3.1)
       activesupport (>= 5.2.0)
     simplecov (0.22.0)
       docile (~> 1.1)
@@ -1171,7 +1171,7 @@ CHECKSUMS
   semantic_logger (4.16.0) sha256=ffba0bd0e008ceaf6be26da588f610a61208b9a9f55676b32729e962904023d9
   shoryuken (6.2.1) sha256=95ddc0a717624a54e799d25a0a05100cb5a0c3728a96211935c214faaf16b3b6
   shoulda-context (3.0.0.rc1) sha256=6e0d9d52ab798c13bc2b490c8537d4bf30cfd318a1ea839c39a66d1d293c6a1a
-  shoulda-matchers (6.3.0) sha256=b57b890b9c79d47bd209f6746d325d12089d9460707eb70a6cf2226e6fc32951
+  shoulda-matchers (6.3.1) sha256=a939715a222a4b5714e484c7da20311729de69995f75719bb1b1ce351c1a45cf
   simplecov (0.22.0) sha256=fe2622c7834ff23b98066bb0a854284b2729a569ac659f82621fc22ef36213a5
   simplecov-cobertura (2.1.0) sha256=2c6532e34df2e38a379d72cef9a05c3b16c64ce90566beebc6887801c4ad3f02
   simplecov-html (0.12.3) sha256=4b1aad33259ffba8b29c6876c12db70e5750cb9df829486e4c6e5da4fa0aa07b

From ad74eb708e19f5ed98f17fff75a4cbcd0cafb446 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 15 Aug 2024 00:45:56 +0000
Subject: [PATCH 130/381] Bump minitest from 5.24.1 to 5.25.0 (#4958)

---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 40d4e1b3119..8f92a1b45c1 100644
--- a/Gemfile
+++ b/Gemfile
@@ -126,7 +126,7 @@ end
 
 group :test do
   gem "datadog-ci", "~> 1.3"
-  gem "minitest", "~> 5.24", require: false
+  gem "minitest", "~> 5.25", require: false
   gem "minitest-retry", "~> 0.2.2"
   gem "capybara", "~> 3.40"
   gem "launchy", "~> 3.0"
diff --git a/Gemfile.lock b/Gemfile.lock
index 204b9535ab5..6c6e4ab9b5b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -408,7 +408,7 @@ GEM
     mini_histogram (0.3.1)
     mini_mime (1.1.5)
     mini_portile2 (2.8.7)
-    minitest (5.24.1)
+    minitest (5.25.0)
     minitest-gcstats (1.3.1)
       minitest (~> 5.0)
     minitest-reporters (1.7.1)
@@ -847,7 +847,7 @@ DEPENDENCIES
   mail (~> 2.8)
   maintenance_tasks (~> 2.7)
   memory_profiler (~> 1.0)
-  minitest (~> 5.24)
+  minitest (~> 5.25)
   minitest-gcstats (~> 1.3)
   minitest-reporters (~> 1.7)
   minitest-retry (~> 0.2.2)
@@ -1062,7 +1062,7 @@ CHECKSUMS
   mini_histogram (0.3.1) sha256=6a114b504e4618b0e076cc672996036870f7cc6f16b8e5c25c0c637726d2dd94
   mini_mime (1.1.5) sha256=8681b7e2e4215f2a159f9400b5816d85e9d8c6c6b491e96a12797e798f8bccef
   mini_portile2 (2.8.7) sha256=13eef5ab459bbfd33d61e539564ec25a9c2cf593b0a5ea6d4d7ef8c19b162ee0
-  minitest (5.24.1) sha256=31ec31ac9088d9e21fcc5a5487912234de83966f24368241b2bef03d7012464a
+  minitest (5.25.0) sha256=a86e3ad40f23f01532d41a7377f5caaca8015fbefd540d15bac22b857fb62f24
   minitest-gcstats (1.3.1) sha256=cb25490f93aac02e3a5ff307e560d41afcdcafa7952c1c32efdeb9886b1f4711
   minitest-reporters (1.7.1) sha256=5060413a0c95b8c32fe73e0606f3631c173a884d7900e50013e15094eb50562c
   minitest-retry (0.2.2) sha256=ea39f8abc3d67a8145ead04ff3828eb45169655c9e6078f182c0271516c03fb0

From e9ee512b54e9208fda6ae4dc9e488f3e189224e1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 15 Aug 2024 00:46:21 +0000
Subject: [PATCH 131/381] Bump github/codeql-action from 3.26.0 to 3.26.1
 (#4959)

---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index e9c560332b6..c2389c57f9d 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
+        uses: github/codeql-action/init@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
+        uses: github/codeql-action/autobuild@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
+        uses: github/codeql-action/analyze@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index bc787758567..a8c14215066 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
+        uses: github/codeql-action/upload-sarif@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1
         with:
           sarif_file: results.sarif

From 76c6a0407f25884ed787621b1869fa4b60571ebc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 15 Aug 2024 14:32:08 +0000
Subject: [PATCH 132/381] Bump github/codeql-action from 3.26.1 to 3.26.2

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.1 to 3.26.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/29d86d22a34ea372b1bbf3b2dced2e25ca6b3384...429e1977040da7a23b6822b13c129cd1ba93dbb2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index c2389c57f9d..ba5a0db444e 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1
+        uses: github/codeql-action/init@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1
+        uses: github/codeql-action/autobuild@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1
+        uses: github/codeql-action/analyze@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index a8c14215066..42c8fa40f4c 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3.26.1
+        uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
         with:
           sarif_file: results.sarif

From 181b0e9007147ba555daaca0f6d00339a44f28ff Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 15 Aug 2024 14:53:17 +0000
Subject: [PATCH 133/381] Bump tailwindcss-rails from 2.7.2 to 2.7.3

Bumps [tailwindcss-rails](https://github.com/rails/tailwindcss-rails) from 2.7.2 to 2.7.3.
- [Release notes](https://github.com/rails/tailwindcss-rails/releases)
- [Changelog](https://github.com/rails/tailwindcss-rails/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/tailwindcss-rails/compare/v2.7.2...v2.7.3)

---
updated-dependencies:
- dependency-name: tailwindcss-rails
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 6c6e4ab9b5b..0f64ab4706b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -725,7 +725,7 @@ GEM
       attr_required (>= 0.0.5)
       faraday (~> 2.0)
       faraday-follow_redirects
-    tailwindcss-rails (2.7.2)
+    tailwindcss-rails (2.7.3)
       railties (>= 7.0.0)
     terser (1.2.3)
       execjs (>= 0.3.0, < 3)
@@ -1186,7 +1186,7 @@ CHECKSUMS
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d
   strscan (3.1.0) sha256=01b8a81d214fbf7b5308c6fb51b5972bbfc4a6aa1f166fd3618ba97e0fcd5555
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
-  tailwindcss-rails (2.7.2) sha256=8ec3492fc6a1f5dfb8c1cae89b0f6db0d007c6dd5e6cafead7b6dea7ef738b83
+  tailwindcss-rails (2.7.3) sha256=5a4e400dd7463d45099972589402f43325e42ef4634a2f194178d5192794697b
   terser (1.2.3) sha256=c03111b9b01a7e70cd456b5d9aedf0a56fb99314a19311c4278c01ccebe3da9c
   thor (1.3.1) sha256=fa7e3471d4f6a27138e3d9c9b0d4daac9c3d7383927667ae83e9ab42ae7401ef
   tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c

From b481199f9b121ad4ecb3aee28f637bdf5eefaa1e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 16 Aug 2024 14:28:11 +0000
Subject: [PATCH 134/381] Bump aws-sdk-s3 from 1.157.0 to 1.158.0

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.157.0 to 1.158.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 16 ++++++++--------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/Gemfile b/Gemfile
index 8f92a1b45c1..f93f058f88b 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,7 +5,7 @@ ruby file: ".ruby-version"
 gem "rails", "~> 7.1.0", ">= 7.1.3.2"
 gem "rails-i18n", "~> 7.0"
 
-gem "aws-sdk-s3", "~> 1.157"
+gem "aws-sdk-s3", "~> 1.158"
 gem "aws-sdk-sqs", "~> 1.80"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
diff --git a/Gemfile.lock b/Gemfile.lock
index 6c6e4ab9b5b..08f886ee436 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -110,16 +110,16 @@ GEM
       zeitwerk (>= 2.6.2)
     awrence (1.2.1)
     aws-eventstream (1.3.0)
-    aws-partitions (1.963.0)
-    aws-sdk-core (3.201.4)
+    aws-partitions (1.964.0)
+    aws-sdk-core (3.201.5)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
-      aws-sigv4 (~> 1.8)
+      aws-sigv4 (~> 1.9)
       jmespath (~> 1, >= 1.6.1)
     aws-sdk-kms (1.88.0)
       aws-sdk-core (~> 3, >= 3.201.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.157.0)
+    aws-sdk-s3 (1.158.0)
       aws-sdk-core (~> 3, >= 3.201.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
@@ -803,7 +803,7 @@ DEPENDENCIES
   amazing_print (~> 1.6)
   autoprefixer-rails (~> 10.4)
   avo (~> 2.51)
-  aws-sdk-s3 (~> 1.157)
+  aws-sdk-s3 (~> 1.158)
   aws-sdk-sqs (~> 1.80)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
@@ -939,10 +939,10 @@ CHECKSUMS
   avo (2.51.0) sha256=0d5785cda01b5b0d2575e7419cda4dc7a5d7805068f160d48ecc7458ee74ec03
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
-  aws-partitions (1.963.0) sha256=652945df9887bb9185fa36ac29eb63ab4e91622d3ceb79de21fea4bf425356ff
-  aws-sdk-core (3.201.4) sha256=5f1b8dd75abfe0694557471856cfcda97277a423b221fe9c286047e8ee60f82c
+  aws-partitions (1.964.0) sha256=9a2cfc42fd49610703c5643bce75c37ec061eb32d0bf6de2a06f277082efee23
+  aws-sdk-core (3.201.5) sha256=1848c52fa93118cf527f2b2a70196b1fe4586f4d37dca8ffb86365b5df19ac50
   aws-sdk-kms (1.88.0) sha256=13588d90df1eece81f6d79bd304b3857dc3168e7ea75c933b3b835cfe8a0e309
-  aws-sdk-s3 (1.157.0) sha256=e1e0c7a268e710a7ccf4a0f9d2c33e3ca685b06968c3048d907e3a792580e990
+  aws-sdk-s3 (1.158.0) sha256=35d68b49d64523a9bc53245885f15be40b7953cf481132abfef137d02ca6b2a6
   aws-sdk-sqs (1.80.0) sha256=ae0bdced7aa958ddd99d28f709abe244839d58fbf1f2a628bcd9a5629a7444c2
   aws-sigv4 (1.9.1) sha256=7753e320c39f80f82f9e0883b30de0e7b99e756adbaedc80c50b6ad59d49c379
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507

From 2185c4e810caf70a6f02432e923e1f79b5cd8813 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Aug 2024 16:53:23 +0000
Subject: [PATCH 135/381] Bump avo from 2.51.0 to 2.52.0 (#4942)

* Bump avo from 2.51.0 to 2.52.0

Bumps [avo](https://github.com/avo-hq/avo) from 2.51.0 to 2.52.0.
- [Release notes](https://github.com/avo-hq/avo/releases)
- [Changelog](https://github.com/avo-hq/avo/blob/main/RELEASE.MD)
- [Commits](https://github.com/avo-hq/avo/compare/v2.51.0...v2.52.0)

---
updated-dependencies:
- dependency-name: avo
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Pin pagy

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Samuel Giddins <segiddins@segiddins.me>
---
 Gemfile      |  3 ++-
 Gemfile.lock | 21 +++++++++++----------
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/Gemfile b/Gemfile
index f93f058f88b..0a622e0c4f8 100644
--- a/Gemfile
+++ b/Gemfile
@@ -61,7 +61,8 @@ gem "faraday-multipart", "~> 1.0"
 gem "timescaledb", "~> 0.2"
 
 # Admin dashboard
-gem "avo", "~> 2.51"
+gem "avo", "~> 2.52"
+gem "pagy", "~> 8.4"
 gem "view_component", "~> 3.13"
 gem "pundit", "~> 2.3"
 gem "chartkick", "~> 5.0"
diff --git a/Gemfile.lock b/Gemfile.lock
index f2bb4491481..d1a1ff41444 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -93,7 +93,7 @@ GEM
     attr_required (1.0.2)
     autoprefixer-rails (10.4.19.0)
       execjs (~> 2)
-    avo (2.51.0)
+    avo (2.52.0)
       actionview (>= 6.0)
       active_link_to
       activerecord (>= 6.0)
@@ -220,7 +220,7 @@ GEM
     diff-lcs (1.5.1)
     discard (1.3.0)
       activerecord (>= 4.2, < 8)
-    docile (1.4.0)
+    docile (1.4.1)
     dogstatsd-ruby (5.6.1)
     domain_name (0.6.20240107)
     dotenv (3.1.2)
@@ -402,8 +402,8 @@ GEM
     marcel (1.0.4)
     matrix (0.4.2)
     memory_profiler (1.0.2)
-    meta-tags (2.21.0)
-      actionpack (>= 6.0.0, < 7.2)
+    meta-tags (2.22.0)
+      actionpack (>= 6.0.0, < 8.1)
     method_source (1.1.0)
     mini_histogram (0.3.1)
     mini_mime (1.1.5)
@@ -485,7 +485,7 @@ GEM
     openssl-signature_algorithm (1.3.0)
       openssl (> 2.0)
     optimist (3.1.0)
-    pagy (8.4.0)
+    pagy (8.6.3)
     parallel (1.25.1)
     parser (3.3.4.0)
       ast (~> 2.4.1)
@@ -802,7 +802,7 @@ DEPENDENCIES
   aggregate_assertions (~> 0.2.0)
   amazing_print (~> 1.6)
   autoprefixer-rails (~> 10.4)
-  avo (~> 2.51)
+  avo (~> 2.52)
   aws-sdk-s3 (~> 1.158)
   aws-sdk-sqs (~> 1.80)
   bcrypt (~> 3.1)
@@ -859,6 +859,7 @@ DEPENDENCIES
   omniauth-rails_csrf_protection (~> 1.0)
   openid_connect (~> 2.3)
   opensearch-ruby (~> 3.4)
+  pagy (~> 8.4)
   pg (~> 1.5)
   pg_query (~> 5.1)
   pghero (~> 3.6)
@@ -936,7 +937,7 @@ CHECKSUMS
   ast (2.4.2) sha256=1e280232e6a33754cde542bc5ef85520b74db2aac73ec14acef453784447cc12
   attr_required (1.0.2) sha256=f0ebfc56b35e874f4d0ae799066dbc1f81efefe2364ca3803dc9ea6a4de6cb99
   autoprefixer-rails (10.4.19.0) sha256=ccd21f47e5a07a581c7d239025e0d8d06a005825e96e06f72382d818fe665f4e
-  avo (2.51.0) sha256=0d5785cda01b5b0d2575e7419cda4dc7a5d7805068f160d48ecc7458ee74ec03
+  avo (2.52.0) sha256=223948642e7553c6d6cd87408c622b356e2602e60bd0c2ecb4d90a603fcac670
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
   aws-partitions (1.964.0) sha256=9a2cfc42fd49610703c5643bce75c37ec061eb32d0bf6de2a06f277082efee23
@@ -984,7 +985,7 @@ CHECKSUMS
   derailed_benchmarks (2.1.2) sha256=eaadc6206ceeb5538ff8f5e04a0023d54ebdd95d04f33e8960fb95a5f189a14f
   diff-lcs (1.5.1) sha256=273223dfb40685548436d32b4733aa67351769c7dea621da7d9dd4813e63ddfe
   discard (1.3.0) sha256=55218997ca4dc11f0594f1bb2d1196c4a959ceb562f1ab6490130233598dda67
-  docile (1.4.0) sha256=5f1734bde23721245c20c3d723e76c104208e1aa01277a69901ce770f0ebb8d3
+  docile (1.4.1) sha256=96159be799bfa73cdb721b840e9802126e4e03dfc26863db73647204c727f21e
   dogstatsd-ruby (5.6.1) sha256=615dd1328c57ab66fb48cbf83b38ce2060d8353707be0bc3deb0ae960a659982
   domain_name (0.6.20240107) sha256=5f693b2215708476517479bf2b3802e49068ad82167bcd2286f899536a17d933
   dotenv (3.1.2) sha256=08036c2aa1246590034a83df2adc85b72cb4944692c49da24d8e911f97924478
@@ -1057,7 +1058,7 @@ CHECKSUMS
   marcel (1.0.4) sha256=0d5649feb64b8f19f3d3468b96c680bae9746335d02194270287868a661516a4
   matrix (0.4.2) sha256=71083ccbd67a14a43bfa78d3e4dc0f4b503b9cc18e5b4b1d686dc0f9ef7c4cc0
   memory_profiler (1.0.2) sha256=0e7c5c2a1a7bea5b5a05b9df25b2d628afa0db37b9344ba42b42eb8a604762df
-  meta-tags (2.21.0) sha256=cfaa2ccd32b2700c3538c9eae647191295a06f47f0d8558e685a6a7158171cfb
+  meta-tags (2.22.0) sha256=c04df1f39cfbf7d48e2ae955124d89a2429ab508fc936b9a8f9a8ce4d326e6ec
   method_source (1.1.0) sha256=181301c9c45b731b4769bc81e8860e72f9161ad7d66dd99103c9ab84f560f5c5
   mini_histogram (0.3.1) sha256=6a114b504e4618b0e076cc672996036870f7cc6f16b8e5c25c0c637726d2dd94
   mini_mime (1.1.5) sha256=8681b7e2e4215f2a159f9400b5816d85e9d8c6c6b491e96a12797e798f8bccef
@@ -1091,7 +1092,7 @@ CHECKSUMS
   openssl (3.2.0) sha256=3c4bb8760977b4becd2819c6c2569bcf5c6f48b32b9f7a4ce1fd37f996378d14
   openssl-signature_algorithm (1.3.0) sha256=a3b40b5e8276162d4a6e50c7c97cdaf1446f9b2c3946a6fa2c14628e0c957e80
   optimist (3.1.0) sha256=81886f53ee8919f330aa30076d320d88eef9bc85aae2275376b4afb007c69260
-  pagy (8.4.0) sha256=21dd68453d24e752a1bc81aef5b6f1346ff95e1c2e5b53448355f7856f3ef901
+  pagy (8.6.3) sha256=537b2ee3119f237dd6c4a0d0a35c67a77b9d91ebb9d4f85e31407c2686774fb2
   parallel (1.25.1) sha256=12e089b9aa36ea2343f6e93f18cfcebd031798253db8260590d26a7f70b1ab90
   parser (3.3.4.0) sha256=8d247769c3873fe92201d591a7463384022a1a25e214853df5d6806623179e82
   pg (1.5.7) sha256=07a7d86e5aac8b964a0288076a7a7c699c27b25c9b40b001726f6eb03ed13427

From a460a650b0d8f7bac1d66bd1fada2117a99a3a93 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Aug 2024 17:33:30 +0000
Subject: [PATCH 136/381] Bump fugit from 1.11.0 to 1.11.1

Bumps [fugit](https://github.com/floraison/fugit) from 1.11.0 to 1.11.1.
- [Changelog](https://github.com/floraison/fugit/blob/master/CHANGELOG.md)
- [Commits](https://github.com/floraison/fugit/compare/v1.11.0...v1.11.1)

---
updated-dependencies:
- dependency-name: fugit
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index d1a1ff41444..62180043f00 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -258,7 +258,7 @@ GEM
     ffi-compiler (1.3.2)
       ffi (>= 1.15.5)
       rake
-    fugit (1.11.0)
+    fugit (1.11.1)
       et-orbi (~> 1, >= 1.2.11)
       raabro (~> 1.4)
     gem_server_conformance (0.1.4)
@@ -1006,7 +1006,7 @@ CHECKSUMS
   faraday_middleware-aws-sigv4 (1.0.1) sha256=a001ea4f687ca1c60bad8f2a627196905ce3dbf285e461dc153240e92eaabe8f
   ffi (1.17.0) sha256=51630e43425078311c056ca75f961bb3bda1641ab36e44ad4c455e0b0e4a231c
   ffi-compiler (1.3.2) sha256=a94f3d81d12caf5c5d4ecf13980a70d0aeaa72268f3b9cc13358bcc6509184a0
-  fugit (1.11.0) sha256=addc9cd3031611921d1dbac094de3a645bc8858828639fd035c9cedd3b460bb9
+  fugit (1.11.1) sha256=e89485e7be22226d8e9c6da411664d0660284b4b1c08cacb540f505907869868
   gem_server_conformance (0.1.4) sha256=ee404d5405eabcb6f7ab440d2193177375481a77bfa0ec3106165dd6c8e733bb
   get_process_mem (0.2.7) sha256=4afd3c3641dd6a817c09806c7d6d509d8a9984512ac38dea8b917426bbf77eba
   globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9

From 0fa373cc893284537a1f7f009fffd40ecd56ed5d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Aug 2024 16:16:48 -0700
Subject: [PATCH 137/381] Bump shoulda-matchers from 6.3.1 to 6.4.0 (#4964)

Bumps [shoulda-matchers](https://github.com/thoughtbot/shoulda-matchers) from 6.3.1 to 6.4.0.
- [Release notes](https://github.com/thoughtbot/shoulda-matchers/releases)
- [Changelog](https://github.com/thoughtbot/shoulda-matchers/blob/main/CHANGELOG.md)
- [Commits](https://github.com/thoughtbot/shoulda-matchers/compare/v6.3.1...v6.4.0)

---
updated-dependencies:
- dependency-name: shoulda-matchers
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 0a622e0c4f8..a3f15d2fba4 100644
--- a/Gemfile
+++ b/Gemfile
@@ -135,7 +135,7 @@ group :test do
   gem "rails-controller-testing", "~> 1.0"
   gem "mocha", "~> 2.4", require: false
   gem "shoulda-context", "~> 3.0.0.rc1"
-  gem "shoulda-matchers", "~> 6.3"
+  gem "shoulda-matchers", "~> 6.4"
   gem "selenium-webdriver", "~> 4.23"
   gem "webmock", "~> 3.23"
   gem "simplecov", "~> 0.22", require: false
diff --git a/Gemfile.lock b/Gemfile.lock
index d1a1ff41444..5166bf9bbd5 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -691,7 +691,7 @@ GEM
       concurrent-ruby
       thor
     shoulda-context (3.0.0.rc1)
-    shoulda-matchers (6.3.1)
+    shoulda-matchers (6.4.0)
       activesupport (>= 5.2.0)
     simplecov (0.22.0)
       docile (~> 1.1)
@@ -895,7 +895,7 @@ DEPENDENCIES
   selenium-webdriver (~> 4.23)
   shoryuken (~> 6.2)
   shoulda-context (~> 3.0.0.rc1)
-  shoulda-matchers (~> 6.3)
+  shoulda-matchers (~> 6.4)
   simplecov (~> 0.22)
   simplecov-cobertura (~> 2.1)
   sprockets-rails (~> 3.5)
@@ -1172,7 +1172,7 @@ CHECKSUMS
   semantic_logger (4.16.0) sha256=ffba0bd0e008ceaf6be26da588f610a61208b9a9f55676b32729e962904023d9
   shoryuken (6.2.1) sha256=95ddc0a717624a54e799d25a0a05100cb5a0c3728a96211935c214faaf16b3b6
   shoulda-context (3.0.0.rc1) sha256=6e0d9d52ab798c13bc2b490c8537d4bf30cfd318a1ea839c39a66d1d293c6a1a
-  shoulda-matchers (6.3.1) sha256=a939715a222a4b5714e484c7da20311729de69995f75719bb1b1ce351c1a45cf
+  shoulda-matchers (6.4.0) sha256=9055bb7f4bb342125fb860809798855c630e05ef5e75837b3168b8e6ee1608b0
   simplecov (0.22.0) sha256=fe2622c7834ff23b98066bb0a854284b2729a569ac659f82621fc22ef36213a5
   simplecov-cobertura (2.1.0) sha256=2c6532e34df2e38a379d72cef9a05c3b16c64ce90566beebc6887801c4ad3f02
   simplecov-html (0.12.3) sha256=4b1aad33259ffba8b29c6876c12db70e5750cb9df829486e4c6e5da4fa0aa07b

From 0fd4e3b0a20938eecb53e5385737002fcf550cbe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Aug 2024 16:17:04 -0700
Subject: [PATCH 138/381] Bump minitest from 5.25.0 to 5.25.1 (#4966)

Bumps [minitest](https://github.com/minitest/minitest) from 5.25.0 to 5.25.1.
- [Changelog](https://github.com/minitest/minitest/blob/master/History.rdoc)
- [Commits](https://github.com/minitest/minitest/compare/v5.25.0...v5.25.1)

---
updated-dependencies:
- dependency-name: minitest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 5166bf9bbd5..6f15ad3def7 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -408,7 +408,7 @@ GEM
     mini_histogram (0.3.1)
     mini_mime (1.1.5)
     mini_portile2 (2.8.7)
-    minitest (5.25.0)
+    minitest (5.25.1)
     minitest-gcstats (1.3.1)
       minitest (~> 5.0)
     minitest-reporters (1.7.1)
@@ -1063,7 +1063,7 @@ CHECKSUMS
   mini_histogram (0.3.1) sha256=6a114b504e4618b0e076cc672996036870f7cc6f16b8e5c25c0c637726d2dd94
   mini_mime (1.1.5) sha256=8681b7e2e4215f2a159f9400b5816d85e9d8c6c6b491e96a12797e798f8bccef
   mini_portile2 (2.8.7) sha256=13eef5ab459bbfd33d61e539564ec25a9c2cf593b0a5ea6d4d7ef8c19b162ee0
-  minitest (5.25.0) sha256=a86e3ad40f23f01532d41a7377f5caaca8015fbefd540d15bac22b857fb62f24
+  minitest (5.25.1) sha256=3db6795a80634def1cf86fda79d2d83b59b25ce5e186fa675f73c565589d2ad8
   minitest-gcstats (1.3.1) sha256=cb25490f93aac02e3a5ff307e560d41afcdcafa7952c1c32efdeb9886b1f4711
   minitest-reporters (1.7.1) sha256=5060413a0c95b8c32fe73e0606f3631c173a884d7900e50013e15094eb50562c
   minitest-retry (0.2.2) sha256=ea39f8abc3d67a8145ead04ff3828eb45169655c9e6078f182c0271516c03fb0

From 1fc6704102840ae66ea8a2779da7df728d8aafae Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 19 Aug 2024 16:17:32 -0700
Subject: [PATCH 139/381] Bump stimulus-rails from 1.3.3 to 1.3.4 (#4965)

Bumps [stimulus-rails](https://github.com/hotwired/stimulus-rails) from 1.3.3 to 1.3.4.
- [Release notes](https://github.com/hotwired/stimulus-rails/releases)
- [Commits](https://github.com/hotwired/stimulus-rails/compare/v1.3.3...v1.3.4)

---
updated-dependencies:
- dependency-name: stimulus-rails
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 6f15ad3def7..08a0a699de3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -714,7 +714,7 @@ GEM
       activesupport (>= 6.1)
       sprockets (>= 3.0.0)
     statsd-instrument (3.8.0)
-    stimulus-rails (1.3.3)
+    stimulus-rails (1.3.4)
       railties (>= 6.0.0)
     stringio (3.1.1)
     strong_migrations (2.0.0)
@@ -1182,7 +1182,7 @@ CHECKSUMS
   sprockets (4.2.1) sha256=951b13dd2f2fcae840a7184722689a803e0ff9d2702d902bd844b196da773f97
   sprockets-rails (3.5.2) sha256=a9e88e6ce9f8c912d349aa5401509165ec42326baf9e942a85de4b76dbc4119e
   statsd-instrument (3.8.0) sha256=122e294845d9a05a74fa53a859010424b455b44f1605abac3108fbbabb2aa7cd
-  stimulus-rails (1.3.3) sha256=4d1f9ab1d64e605f4c9cdd4cc530a9538b510606d32d02249d106256845c562c
+  stimulus-rails (1.3.4) sha256=765676ffa1f33af64ce026d26b48e8ffb2e0b94e0f50e9119e11d6107d67cb06
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d
   strscan (3.1.0) sha256=01b8a81d214fbf7b5308c6fb51b5972bbfc4a6aa1f166fd3618ba97e0fcd5555

From 9bc908c6a3e0d14c4ef515acb646f5d9ea31c5a2 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Mon, 19 Aug 2024 18:45:55 -0700
Subject: [PATCH 140/381] Ensure AWS secrets never get printed out (#4968)

This is not happening on CI anyways, but be robust against future changes
---
 script/build_docker.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/script/build_docker.sh b/script/build_docker.sh
index 11ed8f8fcc0..52437389d54 100755
--- a/script/build_docker.sh
+++ b/script/build_docker.sh
@@ -66,6 +66,7 @@ fi
 pusher_arn="arn:aws:iam::048268392960:role/rubygems-ecr-pusher"
 caller_arn="$(aws sts get-caller-identity --output text --query Arn || true)"
 
+set +x
 [[ "$caller_arn" == "$pusher_arn" ]] ||
   [[ "$caller_arn" == "arn:aws:sts::048268392960:assumed-role/rubygems-ecr-pusher/GitHubActions" ]] ||
   export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" \
@@ -75,6 +76,7 @@ caller_arn="$(aws sts get-caller-identity --output text --query Arn || true)"
       --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
       --output text)) ||
   true
+set -x
 
 if [[ -z "${AWS_SESSION_TOKEN}" ]]; then
   echo "Skipping push since no AWS session token was found"

From 59e4d09906f6525775d961139ac502fc830f148d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Aug 2024 14:03:53 +0000
Subject: [PATCH 141/381] Bump github/codeql-action from 3.26.2 to 3.26.3

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.2 to 3.26.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/429e1977040da7a23b6822b13c129cd1ba93dbb2...883d8588e56d1753a8a58c1c86e88976f0c23449)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index ba5a0db444e..6ace91ce328 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
+        uses: github/codeql-action/init@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
+        uses: github/codeql-action/autobuild@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
+        uses: github/codeql-action/analyze@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 42c8fa40f4c..40f70137ede 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2
+        uses: github/codeql-action/upload-sarif@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3
         with:
           sarif_file: results.sarif

From 87e54451d5946eb4c968a7db1bfa7613d983a2d8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 20 Aug 2024 14:58:06 +0000
Subject: [PATCH 142/381] Bump statsd-instrument from 3.8.0 to 3.9.0

Bumps [statsd-instrument](https://github.com/Shopify/statsd-instrument) from 3.8.0 to 3.9.0.
- [Changelog](https://github.com/Shopify/statsd-instrument/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Shopify/statsd-instrument/compare/v3.8.0...v3.9.0)

---
updated-dependencies:
- dependency-name: statsd-instrument
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index a3f15d2fba4..b2422d1b0fe 100644
--- a/Gemfile
+++ b/Gemfile
@@ -37,7 +37,7 @@ gem "rdoc", "~> 6.7"
 gem "roadie-rails", "~> 3.2"
 gem "ruby-magic", "~> 0.6"
 gem "shoryuken", "~> 6.2", require: false
-gem "statsd-instrument", "~> 3.8"
+gem "statsd-instrument", "~> 3.9"
 gem "validates_formatting_of", "~> 0.9"
 gem "opensearch-ruby", "~> 3.4"
 gem "searchkick", "~> 5.3"
diff --git a/Gemfile.lock b/Gemfile.lock
index 08a0a699de3..9642e5b00e4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -713,7 +713,7 @@ GEM
       actionpack (>= 6.1)
       activesupport (>= 6.1)
       sprockets (>= 3.0.0)
-    statsd-instrument (3.8.0)
+    statsd-instrument (3.9.0)
     stimulus-rails (1.3.4)
       railties (>= 6.0.0)
     stringio (3.1.1)
@@ -899,7 +899,7 @@ DEPENDENCIES
   simplecov (~> 0.22)
   simplecov-cobertura (~> 2.1)
   sprockets-rails (~> 3.5)
-  statsd-instrument (~> 3.8)
+  statsd-instrument (~> 3.9)
   stimulus-rails (~> 1.3)
   strong_migrations (~> 2.0)
   tailwindcss-rails (~> 2.7)
@@ -1181,7 +1181,7 @@ CHECKSUMS
   snaky_hash (2.0.1) sha256=1ac87ec157fcfe7a460e821e0cd48ae1e6f5e3e082ab520f03f31a9259dbdc31
   sprockets (4.2.1) sha256=951b13dd2f2fcae840a7184722689a803e0ff9d2702d902bd844b196da773f97
   sprockets-rails (3.5.2) sha256=a9e88e6ce9f8c912d349aa5401509165ec42326baf9e942a85de4b76dbc4119e
-  statsd-instrument (3.8.0) sha256=122e294845d9a05a74fa53a859010424b455b44f1605abac3108fbbabb2aa7cd
+  statsd-instrument (3.9.0) sha256=4172a38c4732dd723b8e6f7ee502c3e3344ec391dfa7f58464cb6efb80626eb1
   stimulus-rails (1.3.4) sha256=765676ffa1f33af64ce026d26b48e8ffb2e0b94e0f50e9119e11d6107d67cb06
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d

From 05a1f762e173788ac2c713259c29df5e90125baf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 21 Aug 2024 12:36:41 -0700
Subject: [PATCH 143/381] Bump chartkick from 5.0.7 to 5.1.0 (#4972)

Bumps [chartkick](https://github.com/ankane/chartkick) from 5.0.7 to 5.1.0.
- [Changelog](https://github.com/ankane/chartkick/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/chartkick/compare/v5.0.7...v5.1.0)

---
updated-dependencies:
- dependency-name: chartkick
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index b2422d1b0fe..fb18698535b 100644
--- a/Gemfile
+++ b/Gemfile
@@ -65,7 +65,7 @@ gem "avo", "~> 2.52"
 gem "pagy", "~> 8.4"
 gem "view_component", "~> 3.13"
 gem "pundit", "~> 2.3"
-gem "chartkick", "~> 5.0"
+gem "chartkick", "~> 5.1"
 gem "groupdate", "~> 6.2"
 
 # Logging
diff --git a/Gemfile.lock b/Gemfile.lock
index ef09f4470a6..c072e55ac5d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -161,7 +161,7 @@ GEM
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
     cbor (0.5.9.8)
-    chartkick (5.0.7)
+    chartkick (5.1.0)
     childprocess (5.0.0)
     choice (0.2.0)
     chunky_png (1.4.0)
@@ -811,7 +811,7 @@ DEPENDENCIES
   brakeman (~> 6.1)
   browser (~> 6.0)
   capybara (~> 3.40)
-  chartkick (~> 5.0)
+  chartkick (~> 5.1)
   clearance (~> 2.8)
   compact_index (~> 0.15.0)
   csv (~> 3.3)
@@ -961,7 +961,7 @@ CHECKSUMS
   byebug (11.1.3) sha256=2485944d2bb21283c593d562f9ae1019bf80002143cc3a255aaffd4e9cf4a35b
   capybara (3.40.0) sha256=42dba720578ea1ca65fd7a41d163dd368502c191804558f6e0f71b391054aeef
   cbor (0.5.9.8) sha256=9ee097fc58d9bc5e406d112cd2d4e112c7354ec16f8b6ff34e4732c1e44b4eb7
-  chartkick (5.0.7) sha256=fe52cfd34a51ff0c42dabe26c59a827ffc5c74de56816eddcb74b7c639938893
+  chartkick (5.1.0) sha256=8f04a522ca5c55dea298fbd10b585c62aa3f3a206944bf6f96d6e1f17be60760
   childprocess (5.0.0) sha256=0746b7ab1d6c68156e64a3767631d7124121516192c0492929a7f0af7310d835
   choice (0.2.0) sha256=a19617f7dfd4921b38a85d0616446620de685a113ec6d1ecc85bdb67bf38c974
   chunky_png (1.4.0) sha256=89d5b31b55c0cf4da3cf89a2b4ebc3178d8abe8cbaf116a1dba95668502fdcfe

From 70330abc5fb81291d6de828af3599e1052acc9a2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 21 Aug 2024 19:44:32 +0000
Subject: [PATCH 144/381] Bump aws-sdk-s3 from 1.158.0 to 1.159.0 (#4973)

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.158.0 to 1.159.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Gemfile b/Gemfile
index fb18698535b..549621379ea 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,7 +5,7 @@ ruby file: ".ruby-version"
 gem "rails", "~> 7.1.0", ">= 7.1.3.2"
 gem "rails-i18n", "~> 7.0"
 
-gem "aws-sdk-s3", "~> 1.158"
+gem "aws-sdk-s3", "~> 1.159"
 gem "aws-sdk-sqs", "~> 1.80"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
diff --git a/Gemfile.lock b/Gemfile.lock
index c072e55ac5d..94cc8c2f560 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -110,7 +110,7 @@ GEM
       zeitwerk (>= 2.6.2)
     awrence (1.2.1)
     aws-eventstream (1.3.0)
-    aws-partitions (1.964.0)
+    aws-partitions (1.966.0)
     aws-sdk-core (3.201.5)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
@@ -119,7 +119,7 @@ GEM
     aws-sdk-kms (1.88.0)
       aws-sdk-core (~> 3, >= 3.201.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.158.0)
+    aws-sdk-s3 (1.159.0)
       aws-sdk-core (~> 3, >= 3.201.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
@@ -803,7 +803,7 @@ DEPENDENCIES
   amazing_print (~> 1.6)
   autoprefixer-rails (~> 10.4)
   avo (~> 2.52)
-  aws-sdk-s3 (~> 1.158)
+  aws-sdk-s3 (~> 1.159)
   aws-sdk-sqs (~> 1.80)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
@@ -940,10 +940,10 @@ CHECKSUMS
   avo (2.52.0) sha256=223948642e7553c6d6cd87408c622b356e2602e60bd0c2ecb4d90a603fcac670
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
-  aws-partitions (1.964.0) sha256=9a2cfc42fd49610703c5643bce75c37ec061eb32d0bf6de2a06f277082efee23
+  aws-partitions (1.966.0) sha256=1402324c85cf16c3d53b1122ce961c913d4356d020c1bb1d845893c6fa8c51a2
   aws-sdk-core (3.201.5) sha256=1848c52fa93118cf527f2b2a70196b1fe4586f4d37dca8ffb86365b5df19ac50
   aws-sdk-kms (1.88.0) sha256=13588d90df1eece81f6d79bd304b3857dc3168e7ea75c933b3b835cfe8a0e309
-  aws-sdk-s3 (1.158.0) sha256=35d68b49d64523a9bc53245885f15be40b7953cf481132abfef137d02ca6b2a6
+  aws-sdk-s3 (1.159.0) sha256=406ba75c68890938350aa573df1c3f878dd7781a59ba1ddc0953968a70725e98
   aws-sdk-sqs (1.80.0) sha256=ae0bdced7aa958ddd99d28f709abe244839d58fbf1f2a628bcd9a5629a7444c2
   aws-sigv4 (1.9.1) sha256=7753e320c39f80f82f9e0883b30de0e7b99e756adbaedc80c50b6ad59d49c379
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507

From e26e3d89768084c2ec0e01c07f2fa3bb12d87c98 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 22 Aug 2024 14:38:25 +0000
Subject: [PATCH 145/381] Bump github/codeql-action from 3.26.3 to 3.26.4

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.3 to 3.26.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/883d8588e56d1753a8a58c1c86e88976f0c23449...f0f3afee809481da311ca3a6ff1ff51d81dbeb24)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 6ace91ce328..1f432bd58bc 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3
+        uses: github/codeql-action/init@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3.26.4
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3
+        uses: github/codeql-action/autobuild@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3.26.4
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3
+        uses: github/codeql-action/analyze@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3.26.4
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 40f70137ede..024eeaf9812 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3
+        uses: github/codeql-action/upload-sarif@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3.26.4
         with:
           sarif_file: results.sarif

From a8a24fd837fee631bc67771057fe517ae91d67be Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 22 Aug 2024 15:53:24 -0700
Subject: [PATCH 146/381] Bump rexml from 3.3.3 to 3.3.6 (#4976)

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 94cc8c2f560..895584a391c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -601,7 +601,7 @@ GEM
     regexp_parser (2.9.2)
     reline (0.5.9)
       io-console (~> 0.5)
-    rexml (3.3.3)
+    rexml (3.3.6)
       strscan
     roadie (5.2.1)
       css_parser (~> 1.4)
@@ -1137,7 +1137,7 @@ CHECKSUMS
   redcarpet (3.6.0) sha256=8ad1889c0355ff4c47174af14edd06d62f45a326da1da6e8a121d59bdcd2e9e9
   regexp_parser (2.9.2) sha256=5a27e767ad634f8a4b544520d5cd28a0db7aa1198a5d7c9d7e11d7b3d9066446
   reline (0.5.9) sha256=5d2dd7ed0fd078e79a05e4eaa47dc91b8dacec7358e9e1dd6d9c4636cff7d378
-  rexml (3.3.3) sha256=48c0cd98219cd8d6320b046c9b416288a043bee46047591721b03137dc660015
+  rexml (3.3.6) sha256=7af0459d108dfd6ffa7d38c67c8464e200f5c9d476d4c6a3d1899e92808d63c6
   roadie (5.2.1) sha256=e4a4f61ce792bd91b228b6844b4bad6b160cdc1b8df86c81a8b983082a5001d6
   roadie-rails (3.2.0) sha256=90a534857fcfe9fdbe4f9ebfdbc47e5d33462c4f36f478fc80ba6a7b6257433f
   rotp (6.3.0) sha256=75d40087e65ed0d8022c33055a6306c1c400d1c12261932533b5d6cbcd868854

From 3fa0704c81c9ce06bf9cbe0ff48c0129193b6863 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 23 Aug 2024 09:40:33 -0700
Subject: [PATCH 147/381] Bump brakeman from 6.1.2 to 6.2.1 (#4977)

---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 549621379ea..9e463aafe93 100644
--- a/Gemfile
+++ b/Gemfile
@@ -101,7 +101,7 @@ group :development, :test do
   gem "dotenv-rails", "~> 3.1"
   gem "lookbook", "~> 2.3"
 
-  gem "brakeman", "~> 6.1", require: false
+  gem "brakeman", "~> 6.2", require: false
 
   # used to find n+1 queries
   gem "prosopite", "~> 1.4"
diff --git a/Gemfile.lock b/Gemfile.lock
index 895584a391c..2977636564e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -146,7 +146,7 @@ GEM
       msgpack
     bootsnap (1.18.4)
       msgpack (~> 1.2)
-    brakeman (6.1.2)
+    brakeman (6.2.1)
       racc
     browser (6.0.0)
     builder (3.3.0)
@@ -808,7 +808,7 @@ DEPENDENCIES
   bcrypt (~> 3.1)
   better_html (~> 2.1)
   bootsnap (~> 1.18)
-  brakeman (~> 6.1)
+  brakeman (~> 6.2)
   browser (~> 6.0)
   capybara (~> 3.40)
   chartkick (~> 5.1)
@@ -955,7 +955,7 @@ CHECKSUMS
   bitarray (1.2.0) sha256=7f9f31fadbd87bf51544cf13058e81cd6ec408ff40f127902cef3d6767b23f11
   bloomer (1.0.0) sha256=57a0d3a78628db9a92c6723f06c67697e420abcdb05aa757c6dfae607251d272
   bootsnap (1.18.4) sha256=ac4c42af397f7ee15521820198daeff545e4c360d2772c601fbdc2c07d92af55
-  brakeman (6.1.2) sha256=7716769c18f2c4a52d7a74d2cb5a614be0c46d8aad3fbe7ca089dbb7c98bd4d3
+  brakeman (6.2.1) sha256=862e709caa1abf00dd0c47045682404c349f64876c7be74a8e6a4d6be5f61a1d
   browser (6.0.0) sha256=0399f0f12c925e529aa995b096a3824384e00ea2c7241fbb4b707d2a25e87920
   builder (3.3.0) sha256=497918d2f9dca528fdca4b88d84e4ef4387256d984b8154e9d5d3fe5a9c8835f
   byebug (11.1.3) sha256=2485944d2bb21283c593d562f9ae1019bf80002143cc3a255aaffd4e9cf4a35b

From 5f52e7808911fde1e98db70392b7d1d010cf2894 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 24 Aug 2024 20:53:17 -0400
Subject: [PATCH 148/381] Bump datadog from 2.2.0 to 2.3.0 (#4978)

---
 Gemfile      |  2 +-
 Gemfile.lock | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Gemfile b/Gemfile
index 9e463aafe93..a255aa17e50 100644
--- a/Gemfile
+++ b/Gemfile
@@ -10,7 +10,7 @@ gem "aws-sdk-sqs", "~> 1.80"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
 gem "dalli", "~> 3.2"
-gem "datadog", "~> 2.2"
+gem "datadog", "~> 2.3"
 gem "dogstatsd-ruby", "~> 5.5"
 gem "google-protobuf", "~> 4.27"
 gem "faraday", "~> 2.10"
diff --git a/Gemfile.lock b/Gemfile.lock
index 2977636564e..dc2e1109c29 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -194,9 +194,9 @@ GEM
       sprockets (> 3.0)
       sprockets-rails
       tilt
-    datadog (2.2.0)
+    datadog (2.3.0)
       debase-ruby_core_source (= 3.3.1)
-      libdatadog (~> 10.0.0.1.0)
+      libdatadog (~> 11.0.0.1.0)
       libddwaf (~> 1.14.0.0.0)
       msgpack
     datadog-ci (1.3.0)
@@ -360,7 +360,7 @@ GEM
       letter_opener (~> 1.9)
       railties (>= 6.1)
       rexml
-    libdatadog (10.0.0.1.0)
+    libdatadog (11.0.0.1.0)
     libddwaf (1.14.0.0.0)
       ffi (~> 1.0)
     listen (3.9.0)
@@ -817,7 +817,7 @@ DEPENDENCIES
   csv (~> 3.3)
   dalli (~> 3.2)
   dartsass-sprockets (~> 3.1)
-  datadog (~> 2.2)
+  datadog (~> 2.3)
   datadog-ci (~> 1.3)
   derailed_benchmarks (~> 2.1)
   discard (~> 1.3)
@@ -977,7 +977,7 @@ CHECKSUMS
   csv (3.3.0) sha256=0bbd1defdc31134abefed027a639b3723c2753862150f4c3ee61cab71b20d67d
   dalli (3.2.8) sha256=2e63595084d91fae2655514a02c5d4fc0f16c0799893794abe23bf628bebaaa5
   dartsass-sprockets (3.1.0) sha256=c238ec9f7f496489ac5a7813cd1f83d1e077a1826921acefc7e290a521b7a20a
-  datadog (2.2.0) sha256=fa96d565e055593294706d7767c4d3213b5250f0ddd2b8697b868ae60dbdda4a
+  datadog (2.3.0) sha256=28e28a48dafa4c553ba32b9c4ffe0a9aa40a9795f024279e505b255b84908566
   datadog-ci (1.3.0) sha256=3c1c4721d14a1f7736330a0fdc6c5dc63c14235a53e9f07af10a34feef23eab7
   date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
   dead_end (4.0.0) sha256=695c8438993bb4c5415b1618a1b6e0afcae849ef2812fb8cb3846723904307eb
@@ -1045,7 +1045,7 @@ CHECKSUMS
   ld-eventsource (2.2.2) sha256=5ea087a6f06bbd8e325d2c1aaead50f37f13d025b952985739e9380a78a96beb
   letter_opener (1.10.0) sha256=2ff33f2e3b5c3c26d1959be54b395c086ca6d44826e8bf41a14ff96fdf1bdbb2
   letter_opener_web (3.0.0) sha256=3f391efe0e8b9b24becfab5537dfb17a5cf5eb532038f947daab58cb4b749860
-  libdatadog (10.0.0.1.0) sha256=2e2c2000f1250cd3bb3721bdd0672dcdb584e60eee13d4a4089fbce1cf40dafc
+  libdatadog (11.0.0.1.0) sha256=44779762b21149be5e17ce599dc2e89f6a3c89a99262293dfafd96ddb110f7f1
   libddwaf (1.14.0.0.0) sha256=b91ea9675f7d79d1cd10dd6513e3706760ac442cb8902164fbcef79b7082a8fd
   listen (3.9.0) sha256=db9e4424e0e5834480385197c139cb6b0ae0ef28cc13310cfd1ca78377d59c67
   llhttp-ffi (0.5.0) sha256=496f40ad44bcbf99de02da1f26b1ad64e6593cd487b931508a86228e2a3af0fa

From 4029472922c48b407303d09e80edbfc6a1bab274 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Aug 2024 11:32:13 -0400
Subject: [PATCH 149/381] Bump github/codeql-action from 3.26.4 to 3.26.5
 (#4981)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.4 to 3.26.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/f0f3afee809481da311ca3a6ff1ff51d81dbeb24...2c779ab0d087cd7fe7b826087247c2c81f27bfa6)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 1f432bd58bc..16e70f7097f 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3.26.4
+        uses: github/codeql-action/init@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3.26.4
+        uses: github/codeql-action/autobuild@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3.26.4
+        uses: github/codeql-action/analyze@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 024eeaf9812..15ce980f6eb 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3.26.4
+        uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
         with:
           sarif_file: results.sarif

From 805c051f228eaefa9fe979b46dc2ffc05d40560c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Aug 2024 11:32:20 -0400
Subject: [PATCH 150/381] Bump faraday from 2.10.1 to 2.11.0 (#4985)

Bumps [faraday](https://github.com/lostisland/faraday) from 2.10.1 to 2.11.0.
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lostisland/faraday/compare/v2.10.1...v2.11.0)

---
updated-dependencies:
- dependency-name: faraday
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Gemfile b/Gemfile
index a255aa17e50..284c7bdc609 100644
--- a/Gemfile
+++ b/Gemfile
@@ -13,7 +13,7 @@ gem "dalli", "~> 3.2"
 gem "datadog", "~> 2.3"
 gem "dogstatsd-ruby", "~> 5.5"
 gem "google-protobuf", "~> 4.27"
-gem "faraday", "~> 2.10"
+gem "faraday", "~> 2.11"
 gem "faraday-retry", "~> 2.2"
 gem "good_job", "~> 3.99"
 gem "gravtastic", "~> 3.2"
diff --git a/Gemfile.lock b/Gemfile.lock
index dc2e1109c29..bfc2fbe57f8 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -240,14 +240,14 @@ GEM
     factory_bot_rails (6.4.3)
       factory_bot (~> 6.4)
       railties (>= 5.0.0)
-    faraday (2.10.1)
-      faraday-net_http (>= 2.0, < 3.2)
+    faraday (2.11.0)
+      faraday-net_http (>= 2.0, < 3.4)
       logger
     faraday-follow_redirects (0.3.0)
       faraday (>= 1, < 3)
     faraday-multipart (1.0.4)
       multipart-post (~> 2)
-    faraday-net_http (3.1.1)
+    faraday-net_http (3.3.0)
       net-http
     faraday-retry (2.2.1)
       faraday (~> 2.0)
@@ -824,7 +824,7 @@ DEPENDENCIES
   dogstatsd-ruby (~> 5.5)
   dotenv-rails (~> 3.1)
   factory_bot_rails (~> 6.4)
-  faraday (~> 2.10)
+  faraday (~> 2.11)
   faraday-multipart (~> 1.0)
   faraday-retry (~> 2.2)
   faraday_middleware-aws-sigv4 (~> 1.0)
@@ -998,10 +998,10 @@ CHECKSUMS
   execjs (2.9.1) sha256=e8fd066f6df60c8e8fbebc32c6fb356b5212c77374e8416a9019ca4bb154dcfb
   factory_bot (6.4.5) sha256=d71dd29bc95f0ec2bf27e3dd9b1b4d557bd534caca744663cb7db4bacf3198be
   factory_bot_rails (6.4.3) sha256=ea73ceac1c0ff3dc11fff390bf2ea8a2604066525ed8ecd3b3bc2c267226dcc8
-  faraday (2.10.1) sha256=6bc9fba3f6191684449d94215195b2c43e2a07bd40b321d245881450923d9a80
+  faraday (2.11.0) sha256=e6ead2c9aa1304107d3bb342e9f930cf7e649a71e3ec1e782c3256672f19ed02
   faraday-follow_redirects (0.3.0) sha256=d92d975635e2c7fe525dd494fcd4b9bb7f0a4a0ec0d5f4c15c729530fdb807f9
   faraday-multipart (1.0.4) sha256=9012021ab57790f7d712f590b48d5f948b19b43cfa11ca83e6459f06090b0725
-  faraday-net_http (3.1.1) sha256=da93f0f426f4de2c09af0a9a95887726da7889b76eca2a2aff0ce5e66e768938
+  faraday-net_http (3.3.0) sha256=93e6b0f679b1e8e358bcb4e983a52328dfc47ebbe6a232e4f9e8aba9c924e565
   faraday-retry (2.2.1) sha256=4146fed14549c0580bf14591fca419a40717de0dd24f267a8ec2d9a728677608
   faraday_middleware-aws-sigv4 (1.0.1) sha256=a001ea4f687ca1c60bad8f2a627196905ce3dbf285e461dc153240e92eaabe8f
   ffi (1.17.0) sha256=51630e43425078311c056ca75f961bb3bda1641ab36e44ad4c455e0b0e4a231c

From bd2b5bbe862d42097b4acb21b7a18bc5203b4651 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Aug 2024 11:32:36 -0400
Subject: [PATCH 151/381] Bump datadog-ci from 1.3.0 to 1.4.0 (#4984)

Bumps [datadog-ci](https://github.com/DataDog/datadog-ci-rb) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/DataDog/datadog-ci-rb/releases)
- [Changelog](https://github.com/DataDog/datadog-ci-rb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/DataDog/datadog-ci-rb/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: datadog-ci
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Gemfile b/Gemfile
index 284c7bdc609..050fc2d4d2c 100644
--- a/Gemfile
+++ b/Gemfile
@@ -126,7 +126,7 @@ group :development do
 end
 
 group :test do
-  gem "datadog-ci", "~> 1.3"
+  gem "datadog-ci", "~> 1.4"
   gem "minitest", "~> 5.25", require: false
   gem "minitest-retry", "~> 0.2.2"
   gem "capybara", "~> 3.40"
diff --git a/Gemfile.lock b/Gemfile.lock
index bfc2fbe57f8..38f82bd4b98 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -199,8 +199,8 @@ GEM
       libdatadog (~> 11.0.0.1.0)
       libddwaf (~> 1.14.0.0.0)
       msgpack
-    datadog-ci (1.3.0)
-      datadog (~> 2.2)
+    datadog-ci (1.4.0)
+      datadog (~> 2.3)
       msgpack
     date (3.3.4)
     dead_end (4.0.0)
@@ -818,7 +818,7 @@ DEPENDENCIES
   dalli (~> 3.2)
   dartsass-sprockets (~> 3.1)
   datadog (~> 2.3)
-  datadog-ci (~> 1.3)
+  datadog-ci (~> 1.4)
   derailed_benchmarks (~> 2.1)
   discard (~> 1.3)
   dogstatsd-ruby (~> 5.5)
@@ -978,7 +978,7 @@ CHECKSUMS
   dalli (3.2.8) sha256=2e63595084d91fae2655514a02c5d4fc0f16c0799893794abe23bf628bebaaa5
   dartsass-sprockets (3.1.0) sha256=c238ec9f7f496489ac5a7813cd1f83d1e077a1826921acefc7e290a521b7a20a
   datadog (2.3.0) sha256=28e28a48dafa4c553ba32b9c4ffe0a9aa40a9795f024279e505b255b84908566
-  datadog-ci (1.3.0) sha256=3c1c4721d14a1f7736330a0fdc6c5dc63c14235a53e9f07af10a34feef23eab7
+  datadog-ci (1.4.0) sha256=2f0e9fb22e7af583bf1984954919a8444b43984c72bbd2de6eac42f0464f8bc5
   date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
   dead_end (4.0.0) sha256=695c8438993bb4c5415b1618a1b6e0afcae849ef2812fb8cb3846723904307eb
   debase-ruby_core_source (3.3.1) sha256=ed904cae290edf0cf274ad707f8981bf1cefad8081e78d4bb71be2a483bc2c08

From 523af17ddca2a6aea1671c4245d22fccbad1917a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Aug 2024 11:32:48 -0400
Subject: [PATCH 152/381] Bump pundit from 2.3.2 to 2.4.0 (#4983)

Bumps [pundit](https://github.com/varvet/pundit) from 2.3.2 to 2.4.0.
- [Changelog](https://github.com/varvet/pundit/blob/main/CHANGELOG.md)
- [Commits](https://github.com/varvet/pundit/compare/v2.3.2...v2.4.0)

---
updated-dependencies:
- dependency-name: pundit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 050fc2d4d2c..db632566400 100644
--- a/Gemfile
+++ b/Gemfile
@@ -64,7 +64,7 @@ gem "timescaledb", "~> 0.2"
 gem "avo", "~> 2.52"
 gem "pagy", "~> 8.4"
 gem "view_component", "~> 3.13"
-gem "pundit", "~> 2.3"
+gem "pundit", "~> 2.4"
 gem "chartkick", "~> 5.1"
 gem "groupdate", "~> 6.2"
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 38f82bd4b98..5130eaa33e8 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -514,7 +514,7 @@ GEM
     public_suffix (6.0.1)
     puma (6.4.2)
       nio4r (~> 2.0)
-    pundit (2.3.2)
+    pundit (2.4.0)
       activesupport (>= 3.0.0)
     pwned (2.3.0)
     raabro (1.4.0)
@@ -868,7 +868,7 @@ DEPENDENCIES
   prosopite (~> 1.4)
   pry-byebug (~> 3.10)
   puma (~> 6.4)
-  pundit (~> 2.3)
+  pundit (~> 2.4)
   rack (~> 3.1)
   rack-attack (~> 6.6)
   rack-sanitizer (~> 2.0)
@@ -1108,7 +1108,7 @@ CHECKSUMS
   psych (5.1.2) sha256=337322f58fc2bf24827d2b9bd5ab595f6a72971867d151bb39980060ea40a368
   public_suffix (6.0.1) sha256=61d44e1cab5cbbbe5b31068481cf16976dd0dc1b6b07bd95617ef8c5e3e00c6f
   puma (6.4.2) sha256=3eb41999d00733280be3faeb00d610331b6965a537a8cd3d905f316c38575b44
-  pundit (2.3.2) sha256=7ca09a5801ebaedad1966f7eb0b1c52ecb8c94b3b6ab70122cb22856ac187fa3
+  pundit (2.4.0) sha256=43e6d27a9df082c04f0020999ce4dcf6742ecc5775d102ef2bfe9df041417572
   pwned (2.3.0) sha256=63f5a9576f109203684e9dd053f815649fd5bc0a0348b7190568272641b22353
   raabro (1.4.0) sha256=d4fa9ff5172391edb92b242eed8be802d1934b1464061ae5e70d80962c5da882
   racc (1.8.1) sha256=4a7f6929691dbec8b5209a0b373bc2614882b55fc5d2e447a21aaa691303d62f

From 0eb3e6864da3ed6aa94f442b1cd6c9e78a90f949 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Tue, 27 Aug 2024 08:07:55 -0300
Subject: [PATCH 153/381] Only expire unexpired API keys (#4975)

Avoids looping over already expired keys
---
 app/models/api_key.rb | 2 +-
 app/models/user.rb    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/models/api_key.rb b/app/models/api_key.rb
index d0a4c113ad0..98b6bbacacf 100644
--- a/app/models/api_key.rb
+++ b/app/models/api_key.rb
@@ -40,7 +40,7 @@ class ScopeError < RuntimeError; end
 
   def self.expire_all!
     transaction do
-      find_each.all?(&:expire!)
+      unexpired.find_each.all?(&:expire!)
     end
   end
 
diff --git a/app/models/user.rb b/app/models/user.rb
index 69be1896d66..96007086007 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -310,7 +310,7 @@ def toxic_email_domain
   end
 
   def expire_all_api_keys
-    api_keys.unexpired.expire_all!
+    api_keys.expire_all!
   end
 
   def destroy_associations_for_discard

From c9221e6f9d30644b4d4dc5462175a393d3a0847a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Aug 2024 08:36:11 -0700
Subject: [PATCH 154/381] Bump view_component from 3.13.0 to 3.14.0 (#4986)

Bumps [view_component](https://github.com/viewcomponent/view_component) from 3.13.0 to 3.14.0.
- [Release notes](https://github.com/viewcomponent/view_component/releases)
- [Changelog](https://github.com/ViewComponent/view_component/blob/main/docs/CHANGELOG.md)
- [Commits](https://github.com/viewcomponent/view_component/compare/v3.13.0...v3.14.0)

---
updated-dependencies:
- dependency-name: view_component
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index db632566400..c27e8f0c8d6 100644
--- a/Gemfile
+++ b/Gemfile
@@ -63,7 +63,7 @@ gem "timescaledb", "~> 0.2"
 # Admin dashboard
 gem "avo", "~> 2.52"
 gem "pagy", "~> 8.4"
-gem "view_component", "~> 3.13"
+gem "view_component", "~> 3.14"
 gem "pundit", "~> 2.4"
 gem "chartkick", "~> 5.1"
 gem "groupdate", "~> 6.2"
diff --git a/Gemfile.lock b/Gemfile.lock
index 5130eaa33e8..9a3f5c73933 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -761,7 +761,7 @@ GEM
     validates_formatting_of (0.9.0)
       activemodel
     version_gem (1.1.1)
-    view_component (3.13.0)
+    view_component (3.14.0)
       activesupport (>= 5.2.0, < 8.0)
       concurrent-ruby (~> 1.0)
       method_source (~> 1.0)
@@ -909,7 +909,7 @@ DEPENDENCIES
   unpwn (~> 1.0)
   user_agent_parser (~> 2.18)
   validates_formatting_of (~> 0.9)
-  view_component (~> 3.13)
+  view_component (~> 3.14)
   webauthn (~> 3.1)
   webmock (~> 3.23)
   xml-simple (~> 1.1)
@@ -1205,7 +1205,7 @@ CHECKSUMS
   validate_url (1.0.15) sha256=72fe164c0713d63a9970bd6700bea948babbfbdcec392f2342b6704042f57451
   validates_formatting_of (0.9.0) sha256=139590a4b87596dbfb04d93e897bd2e6d30fb849d04fab0343e71ed2ca856e7e
   version_gem (1.1.1) sha256=3c2da6ded29045ddcc0387e152dc634e1f0c490b7128dce0697ccc1cf0915b6c
-  view_component (3.13.0) sha256=316e6479f51387160e7eb372d33cbb97d586ac2ed9d9fe80495cec48b346187b
+  view_component (3.14.0) sha256=96816de1c40d276d9fac49316ee4d196de90b1ce6eb39373b887c639749e630c
   webauthn (3.1.0) sha256=e545fcf17d8a6b821161a37c1c4bc8c3d2ead0ff6ff3b098f57f417e731790b7
   webfinger (2.1.3) sha256=567a52bde77fb38ca6b67e55db755f988766ec4651c1d24916a65aa70540695c
   webmock (3.23.1) sha256=0fa738c0767d1c4ec8cc57f6b21998f0c238c8a5b32450df1c847f2767140d95

From ce82dddf94958193fb5d312616f963ed371b2232 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 28 Aug 2024 12:46:32 -0300
Subject: [PATCH 155/381] Bump selenium-webdriver from 4.23.0 to 4.24.0 (#4990)

---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index c27e8f0c8d6..159a1f60cce 100644
--- a/Gemfile
+++ b/Gemfile
@@ -136,7 +136,7 @@ group :test do
   gem "mocha", "~> 2.4", require: false
   gem "shoulda-context", "~> 3.0.0.rc1"
   gem "shoulda-matchers", "~> 6.4"
-  gem "selenium-webdriver", "~> 4.23"
+  gem "selenium-webdriver", "~> 4.24"
   gem "webmock", "~> 3.23"
   gem "simplecov", "~> 0.22", require: false
   gem "simplecov-cobertura", "~> 2.1", require: false
diff --git a/Gemfile.lock b/Gemfile.lock
index 9a3f5c73933..62f7f80babc 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -677,7 +677,7 @@ GEM
     searchkick (5.3.1)
       activemodel (>= 6.1)
       hashie
-    selenium-webdriver (4.23.0)
+    selenium-webdriver (4.24.0)
       base64 (~> 0.2)
       logger (~> 1.4)
       rexml (~> 3.2, >= 3.2.5)
@@ -892,7 +892,7 @@ DEPENDENCIES
   rubocop-rails (~> 2.25)
   ruby-magic (~> 0.6)
   searchkick (~> 5.3)
-  selenium-webdriver (~> 4.23)
+  selenium-webdriver (~> 4.24)
   shoryuken (~> 6.2)
   shoulda-context (~> 3.0.0.rc1)
   shoulda-matchers (~> 6.4)
@@ -1167,7 +1167,7 @@ CHECKSUMS
   sassc-embedded (1.70.1) sha256=a95172c9c6725dfc412c702a0e705fb8a5bcb3aac2a32586b18e5432987103d3
   sawyer (0.9.2) sha256=fa3a72d62a4525517b18857ddb78926aab3424de0129be6772a8e2ba240e7aca
   searchkick (5.3.1) sha256=dc1181543f6a68354e380651f235fa7f3df6a09e4cd67fc284dc293fa9860f57
-  selenium-webdriver (4.23.0) sha256=490aeddee879cfea58a4db6628338d60a905bc56cd5e1a60dfbaa9090a19b801
+  selenium-webdriver (4.24.0) sha256=00c878b8a9125a51a585e7ad8fdc9c2ef188b3f346e335c92005d9e0ccc53926
   semantic (1.6.1) sha256=3cdbb48f59198ebb782a3fdfb87b559e0822a311610db153bae22777a7d0c163
   semantic_logger (4.16.0) sha256=ffba0bd0e008ceaf6be26da588f610a61208b9a9f55676b32729e962904023d9
   shoryuken (6.2.1) sha256=95ddc0a717624a54e799d25a0a05100cb5a0c3728a96211935c214faaf16b3b6

From 020e8fac6416b7bff3cd9ddcb22d26e2362514ba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 28 Aug 2024 12:47:11 -0300
Subject: [PATCH 156/381] Bump google-protobuf from 4.27.3 to 4.27.4 (#4989)

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 62f7f80babc..35359a65cb3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -274,7 +274,7 @@ GEM
       fugit (>= 1.1)
       railties (>= 6.0.0)
       thor (>= 0.14.1)
-    google-protobuf (4.27.3)
+    google-protobuf (4.27.4)
       bigdecimal
       rake (>= 13)
     gravtastic (3.2.6)
@@ -1011,7 +1011,7 @@ CHECKSUMS
   get_process_mem (0.2.7) sha256=4afd3c3641dd6a817c09806c7d6d509d8a9984512ac38dea8b917426bbf77eba
   globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9
   good_job (3.99.1) sha256=7d3869d8a8ee8ef7048fee5d746f41c21987b7822c20038a2f773036bef0830a
-  google-protobuf (4.27.3) sha256=e780c9e9a70ff13d919dc1284d74d446134150263a44c05126e122cd0737c017
+  google-protobuf (4.27.4) sha256=a0259defc33493100612a97b69d967a6c647beffdd0723a7c60e0642743fd180
   gravtastic (3.2.6) sha256=ef98abcecf7c402b61cff1ae7c50a2c6d97dd22bac21ea9b421ce05bc03d734f
   groupdate (6.4.0) sha256=65940645bf2a48f9b2d10ab7a1d19bdc78f3c89559d8fce39cea3448a15aec54
   hashdiff (1.1.0) sha256=b5465f0e7375f1ee883f53a766ece4dbc764b7674a7c5ffd76e79b2f5f6fc9c9

From 366cdcdf772b1b0253e81694d41a6730109f66bf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 28 Aug 2024 12:48:35 -0300
Subject: [PATCH 157/381] Bump datadog-ci from 1.4.0 to 1.4.1 (#4988)

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 35359a65cb3..bc007854fa4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -199,7 +199,7 @@ GEM
       libdatadog (~> 11.0.0.1.0)
       libddwaf (~> 1.14.0.0.0)
       msgpack
-    datadog-ci (1.4.0)
+    datadog-ci (1.4.1)
       datadog (~> 2.3)
       msgpack
     date (3.3.4)
@@ -978,7 +978,7 @@ CHECKSUMS
   dalli (3.2.8) sha256=2e63595084d91fae2655514a02c5d4fc0f16c0799893794abe23bf628bebaaa5
   dartsass-sprockets (3.1.0) sha256=c238ec9f7f496489ac5a7813cd1f83d1e077a1826921acefc7e290a521b7a20a
   datadog (2.3.0) sha256=28e28a48dafa4c553ba32b9c4ffe0a9aa40a9795f024279e505b255b84908566
-  datadog-ci (1.4.0) sha256=2f0e9fb22e7af583bf1984954919a8444b43984c72bbd2de6eac42f0464f8bc5
+  datadog-ci (1.4.1) sha256=8ce5ce7b8eaa79e55b11ffc040662879d1fa45606d3ef5a91cd9395f046a23c4
   date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
   dead_end (4.0.0) sha256=695c8438993bb4c5415b1618a1b6e0afcae849ef2812fb8cb3846723904307eb
   debase-ruby_core_source (3.3.1) sha256=ed904cae290edf0cf274ad707f8981bf1cefad8081e78d4bb71be2a483bc2c08

From b3e98dd2ee1bf92dddc21bf9968cac36750d4c06 Mon Sep 17 00:00:00 2001
From: Colby Swandale <996377+colby-swandale@users.noreply.github.com>
Date: Wed, 14 Aug 2024 15:57:21 +1000
Subject: [PATCH 158/381] Rename #search_field to avoid name conflict

---
 app/helpers/application_helper.rb  | 2 +-
 app/views/layouts/_search.html.erb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 62447d8a786..c2dac569d41 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -75,7 +75,7 @@ def flash_message(name, msg)
     msg
   end
 
-  def search_field(home: false)
+  def rubygem_search_field(home: false)
     data = {
       autocomplete_target: "query",
       action: %w[
diff --git a/app/views/layouts/_search.html.erb b/app/views/layouts/_search.html.erb
index d7f395b2818..c711f56a75f 100644
--- a/app/views/layouts/_search.html.erb
+++ b/app/views/layouts/_search.html.erb
@@ -1,7 +1,7 @@
 <% home = current_page?(root_path) || current_page?(advanced_search_path) %>
 <div class="<%= home ? "home__search-wrap" : "header__search-wrap" %>" role="search">
   <%= form_tag search_path, method: :get, data: { controller: "autocomplete", autocomplete_selected_class: "selected", } do %>
-    <%= search_field(home: home) %>
+    <%= rubygem_search_field(home: home) %>
 
     <ul class="suggest-list" role="listbox" data-autocomplete-target="suggestions"></ul>
 

From 793decfac98132bf6a17f1752532f24ce8267ac4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Aug 2024 14:02:00 +0000
Subject: [PATCH 159/381] Bump google-protobuf from 4.27.4 to 4.28.0

Bumps [google-protobuf](https://github.com/protocolbuffers/protobuf) from 4.27.4 to 4.28.0.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

---
updated-dependencies:
- dependency-name: google-protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 159a1f60cce..536159f2d7a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -12,7 +12,7 @@ gem "clearance", "~> 2.8"
 gem "dalli", "~> 3.2"
 gem "datadog", "~> 2.3"
 gem "dogstatsd-ruby", "~> 5.5"
-gem "google-protobuf", "~> 4.27"
+gem "google-protobuf", "~> 4.28"
 gem "faraday", "~> 2.11"
 gem "faraday-retry", "~> 2.2"
 gem "good_job", "~> 3.99"
diff --git a/Gemfile.lock b/Gemfile.lock
index bc007854fa4..50e39f7c5d6 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -274,7 +274,7 @@ GEM
       fugit (>= 1.1)
       railties (>= 6.0.0)
       thor (>= 0.14.1)
-    google-protobuf (4.27.4)
+    google-protobuf (4.28.0)
       bigdecimal
       rake (>= 13)
     gravtastic (3.2.6)
@@ -830,7 +830,7 @@ DEPENDENCIES
   faraday_middleware-aws-sigv4 (~> 1.0)
   gem_server_conformance (~> 0.1.4)
   good_job (~> 3.99)
-  google-protobuf (~> 4.27)
+  google-protobuf (~> 4.28)
   gravtastic (~> 3.2)
   groupdate (~> 6.2)
   honeybadger (~> 5.5.1)
@@ -1011,7 +1011,7 @@ CHECKSUMS
   get_process_mem (0.2.7) sha256=4afd3c3641dd6a817c09806c7d6d509d8a9984512ac38dea8b917426bbf77eba
   globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9
   good_job (3.99.1) sha256=7d3869d8a8ee8ef7048fee5d746f41c21987b7822c20038a2f773036bef0830a
-  google-protobuf (4.27.4) sha256=a0259defc33493100612a97b69d967a6c647beffdd0723a7c60e0642743fd180
+  google-protobuf (4.28.0) sha256=c18ac1adccbcbca2756b6660b39f8e554587fd0234848f7e19183d93679d9612
   gravtastic (3.2.6) sha256=ef98abcecf7c402b61cff1ae7c50a2c6d97dd22bac21ea9b421ce05bc03d734f
   groupdate (6.4.0) sha256=65940645bf2a48f9b2d10ab7a1d19bdc78f3c89559d8fce39cea3448a15aec54
   hashdiff (1.1.0) sha256=b5465f0e7375f1ee883f53a766ece4dbc764b7674a7c5ffd76e79b2f5f6fc9c9

From 82a60d3d47a8d6e76c57506251f76e3add1974ac Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Aug 2024 14:07:16 +0000
Subject: [PATCH 160/381] Bump github/codeql-action from 3.26.5 to 3.26.6

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.5 to 3.26.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/2c779ab0d087cd7fe7b826087247c2c81f27bfa6...4dd16135b69a43b6c8efb853346f8437d92d3c93)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 16e70f7097f..f1a15065086 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
+        uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
+        uses: github/codeql-action/autobuild@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
+        uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 15ce980f6eb..a9f3a38014f 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5
+        uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
         with:
           sarif_file: results.sarif

From 13f9a1440e1f32a2fe1a7001950aa977f86b3cd5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 30 Aug 2024 18:29:37 -0300
Subject: [PATCH 161/381] Bump maintenance_tasks from 2.7.1 to 2.8.0 (#4997)

Bumps [maintenance_tasks](https://github.com/Shopify/maintenance_tasks) from 2.7.1 to 2.8.0.
- [Release notes](https://github.com/Shopify/maintenance_tasks/releases)
- [Commits](https://github.com/Shopify/maintenance_tasks/compare/v2.7.1...v2.8.0)

---
updated-dependencies:
- dependency-name: maintenance_tasks
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Gemfile b/Gemfile
index 536159f2d7a..ace54364387 100644
--- a/Gemfile
+++ b/Gemfile
@@ -51,7 +51,7 @@ gem "unpwn", "~> 1.0"
 gem "webauthn", "~> 3.1"
 gem "browser", "~> 6.0"
 gem "bcrypt", "~> 3.1"
-gem "maintenance_tasks", "~> 2.7"
+gem "maintenance_tasks", "~> 2.8"
 gem "strong_migrations", "~> 2.0"
 gem "phlex-rails", "~> 1.2"
 gem "discard", "~> 1.3"
diff --git a/Gemfile.lock b/Gemfile.lock
index 50e39f7c5d6..e90fc7e859f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -391,7 +391,7 @@ GEM
       net-imap
       net-pop
       net-smtp
-    maintenance_tasks (2.7.1)
+    maintenance_tasks (2.8.0)
       actionpack (>= 6.0)
       activejob (>= 6.0)
       activerecord (>= 6.0)
@@ -729,7 +729,7 @@ GEM
       railties (>= 7.0.0)
     terser (1.2.3)
       execjs (>= 0.3.0, < 3)
-    thor (1.3.1)
+    thor (1.3.2)
     tilt (2.3.0)
     timeout (0.4.1)
     timescaledb (0.2.9)
@@ -845,7 +845,7 @@ DEPENDENCIES
   local_time (~> 3.0)
   lookbook (~> 2.3)
   mail (~> 2.8)
-  maintenance_tasks (~> 2.7)
+  maintenance_tasks (~> 2.8)
   memory_profiler (~> 1.0)
   minitest (~> 5.25)
   minitest-gcstats (~> 1.3)
@@ -1054,7 +1054,7 @@ CHECKSUMS
   loofah (2.22.0) sha256=10d76e070c86b12fec74b6a9515fd1940f4459198b991342d0a7897d86c372fe
   lookbook (2.3.2) sha256=abcdefeb13d9150ab30ab8022a2f459db85cbd02e90a0e8e066b32f9048e160a
   mail (2.8.1) sha256=ec3b9fadcf2b3755c78785cb17bc9a0ca9ee9857108a64b6f5cfc9c0b5bfc9ad
-  maintenance_tasks (2.7.1) sha256=2f1f42239a11f5b30ef34e821f1beb42010d08e81634d8945884aba8bdb982db
+  maintenance_tasks (2.8.0) sha256=7ee8aa37ab39c6c3a5f4637878c1a343cc296596742248112458b922968d4a16
   marcel (1.0.4) sha256=0d5649feb64b8f19f3d3468b96c680bae9746335d02194270287868a661516a4
   matrix (0.4.2) sha256=71083ccbd67a14a43bfa78d3e4dc0f4b503b9cc18e5b4b1d686dc0f9ef7c4cc0
   memory_profiler (1.0.2) sha256=0e7c5c2a1a7bea5b5a05b9df25b2d628afa0db37b9344ba42b42eb8a604762df
@@ -1189,7 +1189,7 @@ CHECKSUMS
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
   tailwindcss-rails (2.7.3) sha256=5a4e400dd7463d45099972589402f43325e42ef4634a2f194178d5192794697b
   terser (1.2.3) sha256=c03111b9b01a7e70cd456b5d9aedf0a56fb99314a19311c4278c01ccebe3da9c
-  thor (1.3.1) sha256=fa7e3471d4f6a27138e3d9c9b0d4daac9c3d7383927667ae83e9ab42ae7401ef
+  thor (1.3.2) sha256=eef0293b9e24158ccad7ab383ae83534b7ad4ed99c09f96f1a6b036550abbeda
   tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c
   timeout (0.4.1) sha256=6f1f4edd4bca28cffa59501733a94215407c6960bd2107331f0280d4abdebb9a
   timescaledb (0.2.9) sha256=1d1382d5b889bf8ec6bcdcbf061c8e28234bc343911c81d48a9dfb22d9d5cfdc

From a858f45931ecafa67a10fc61e2f022957742356a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Thu, 29 Aug 2024 02:04:19 +0200
Subject: [PATCH 162/381] Fix false passing stats test.

---
 test/functional/stats_controller_test.rb | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/test/functional/stats_controller_test.rb b/test/functional/stats_controller_test.rb
index e3de08a451f..0f6b66a5d28 100644
--- a/test/functional/stats_controller_test.rb
+++ b/test/functional/stats_controller_test.rb
@@ -58,12 +58,13 @@ class StatsControllerTest < ActionController::TestCase
     end
 
     should "not have width greater than 100%" do
-      assert_select ".stats__graph__gem__meter" do |element|
-        element.pluck(:style).each do |width|
-          width =~ /width: (\d+[,.]\d+)%/
+      assert page.has_selector?(".stats__graph__gem__meter")
 
-          assert_operator Regexp.last_match(1).to_f, :<=, 100, "#{Regexp.last_match(1)} is greater than 100"
-        end
+      page.find_all(".stats__graph__gem__meter").each do |element|
+        assert element["data-bar-width"]
+        width = element["data-bar-width"].to_f
+
+        assert_operator width, :<=, 100, "#{width} is greater than 100"
       end
     end
   end

From 183f50e993d0e428e0534b16aa030f6a56c9f821 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Thu, 29 Aug 2024 01:24:35 +0200
Subject: [PATCH 163/381] Move to new Rails enum syntax.

---
 app/models/ownership_call.rb    | 2 +-
 app/models/ownership_request.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/models/ownership_call.rb b/app/models/ownership_call.rb
index 2973c67994e..01b836dbf77 100644
--- a/app/models/ownership_call.rb
+++ b/app/models/ownership_call.rb
@@ -10,7 +10,7 @@ class OwnershipCall < ApplicationRecord
   delegate :name, to: :rubygem, prefix: true
   delegate :display_handle, to: :user, prefix: true
 
-  enum status: { opened: true, closed: false }
+  enum :status, { opened: true, closed: false }
 
   def close!
     ownership_requests.each(&:close!)
diff --git a/app/models/ownership_request.rb b/app/models/ownership_request.rb
index da0ca052e47..3aafdd45514 100644
--- a/app/models/ownership_request.rb
+++ b/app/models/ownership_request.rb
@@ -12,7 +12,7 @@ class OwnershipRequest < ApplicationRecord
   delegate :name, to: :user, prefix: true
   delegate :name, to: :rubygem, prefix: true
 
-  enum status: { opened: 0, approved: 1, closed: 2 }
+  enum :status, { opened: 0, approved: 1, closed: 2 }
 
   def approve!(approver)
     return unless Pundit.policy!(approver, self).approve?

From 10a0fac4fc74f98ff48a3fafaed996a09be47b4e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Thu, 29 Aug 2024 01:11:13 +0200
Subject: [PATCH 164/381] Add assertion to refute_authorizes test helper.

---
 test/test_helper.rb | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/test/test_helper.rb b/test/test_helper.rb
index 8e31f8a4bb5..f3cbb1699bc 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -254,12 +254,9 @@ def assert_authorizes(user, record, action)
   end
 
   def refute_authorizes(user, record, action)
-    @authorization_client.authorize(user, record, action, policy_class: policy_class)
-    policy_class ||= policy!(user, record).class
-
-    flunk("Expected #{policy_class} not to authorize #{action} on #{record} for #{user}")
-  rescue Avo::NotAuthorizedError
-    # Expected
+    assert_raise(Avo::NotAuthorizedError) do
+      @authorization_client.authorize(user, record, action, policy_class: policy_class)
+    end
   end
 
   def policy_class

From 83bd55e6ff1828b78ecf1d0f0551dc9c066c7f88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Thu, 29 Aug 2024 00:59:08 +0200
Subject: [PATCH 165/381] Remove empty policy tests.

---
 test/policies/admin/audit_policy_test.rb       | 18 ------------------
 test/policies/admin/dependency_policy_test.rb  | 18 ------------------
 .../admin/events/rubygem_event_policy_test.rb  | 18 ------------------
 .../admin/events/user_event_policy_test.rb     | 18 ------------------
 .../policies/admin/gem_download_policy_test.rb | 18 ------------------
 test/policies/admin/ip_address_policy_test.rb  | 18 ------------------
 test/policies/admin/user_policy_test.rb        | 15 ---------------
 test/policies/admin/version_policy_test.rb     | 18 ------------------
 8 files changed, 141 deletions(-)
 delete mode 100644 test/policies/admin/audit_policy_test.rb
 delete mode 100644 test/policies/admin/dependency_policy_test.rb
 delete mode 100644 test/policies/admin/events/rubygem_event_policy_test.rb
 delete mode 100644 test/policies/admin/events/user_event_policy_test.rb
 delete mode 100644 test/policies/admin/gem_download_policy_test.rb
 delete mode 100644 test/policies/admin/ip_address_policy_test.rb
 delete mode 100644 test/policies/admin/version_policy_test.rb

diff --git a/test/policies/admin/audit_policy_test.rb b/test/policies/admin/audit_policy_test.rb
deleted file mode 100644
index d5e8ca21936..00000000000
--- a/test/policies/admin/audit_policy_test.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-require "test_helper"
-
-class Admin::AuditPolicyTest < AdminPolicyTestCase
-  def test_scope
-  end
-
-  def test_show
-  end
-
-  def test_create
-  end
-
-  def test_update
-  end
-
-  def test_destroy
-  end
-end
diff --git a/test/policies/admin/dependency_policy_test.rb b/test/policies/admin/dependency_policy_test.rb
deleted file mode 100644
index e056ea610a0..00000000000
--- a/test/policies/admin/dependency_policy_test.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-require "test_helper"
-
-class Admin::DependencyPolicyTest < AdminPolicyTestCase
-  def test_scope
-  end
-
-  def test_show
-  end
-
-  def test_create
-  end
-
-  def test_update
-  end
-
-  def test_destroy
-  end
-end
diff --git a/test/policies/admin/events/rubygem_event_policy_test.rb b/test/policies/admin/events/rubygem_event_policy_test.rb
deleted file mode 100644
index 4807bd780a1..00000000000
--- a/test/policies/admin/events/rubygem_event_policy_test.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-require "test_helper"
-
-class Admin::Events::RubygemEventPolicyTest < AdminPolicyTestCase
-  def test_scope
-  end
-
-  def test_show
-  end
-
-  def test_create
-  end
-
-  def test_update
-  end
-
-  def test_destroy
-  end
-end
diff --git a/test/policies/admin/events/user_event_policy_test.rb b/test/policies/admin/events/user_event_policy_test.rb
deleted file mode 100644
index d40fcffe93e..00000000000
--- a/test/policies/admin/events/user_event_policy_test.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-require "test_helper"
-
-class Admin::Events::UserEventPolicyTest < AdminPolicyTestCase
-  def test_scope
-  end
-
-  def test_show
-  end
-
-  def test_create
-  end
-
-  def test_update
-  end
-
-  def test_destroy
-  end
-end
diff --git a/test/policies/admin/gem_download_policy_test.rb b/test/policies/admin/gem_download_policy_test.rb
deleted file mode 100644
index 74598a944f1..00000000000
--- a/test/policies/admin/gem_download_policy_test.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-require "test_helper"
-
-class Admin::GemDownloadPolicyTest < AdminPolicyTestCase
-  def test_scope
-  end
-
-  def test_show
-  end
-
-  def test_create
-  end
-
-  def test_update
-  end
-
-  def test_destroy
-  end
-end
diff --git a/test/policies/admin/ip_address_policy_test.rb b/test/policies/admin/ip_address_policy_test.rb
deleted file mode 100644
index be4485beed2..00000000000
--- a/test/policies/admin/ip_address_policy_test.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-require "test_helper"
-
-class Admin::IpAddressPolicyTest < AdminPolicyTestCase
-  def test_scope
-  end
-
-  def test_show
-  end
-
-  def test_create
-  end
-
-  def test_update
-  end
-
-  def test_destroy
-  end
-end
diff --git a/test/policies/admin/user_policy_test.rb b/test/policies/admin/user_policy_test.rb
index bcd362c4bed..019cfb33313 100644
--- a/test/policies/admin/user_policy_test.rb
+++ b/test/policies/admin/user_policy_test.rb
@@ -7,21 +7,6 @@ class Admin::UserPolicyTest < AdminPolicyTestCase
     @non_admin = FactoryBot.create(:admin_github_user)
   end
 
-  def test_scope
-  end
-
-  def test_show
-  end
-
-  def test_create
-  end
-
-  def test_update
-  end
-
-  def test_destroy
-  end
-
   def test_search
     assert_authorizes @admin, @user, :avo_search?
     refute_authorizes @non_admin, @user, :avo_search?
diff --git a/test/policies/admin/version_policy_test.rb b/test/policies/admin/version_policy_test.rb
deleted file mode 100644
index fa53c031e37..00000000000
--- a/test/policies/admin/version_policy_test.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-require "test_helper"
-
-class Admin::VersionPolicyTest < AdminPolicyTestCase
-  def test_scope
-  end
-
-  def test_show
-  end
-
-  def test_create
-  end
-
-  def test_update
-  end
-
-  def test_destroy
-  end
-end

From 1045450ddfedfb8279fdd93f7c79251db5cb9136 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Sun, 1 Sep 2024 11:00:23 -0300
Subject: [PATCH 166/381] Update to rails 7.1.4

---
 Gemfile.lock | 140 +++++++++++++++++++++++++--------------------------
 1 file changed, 70 insertions(+), 70 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index e90fc7e859f..20cd6f64888 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,35 +1,35 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.1.3.4)
-      actionpack (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
+    actioncable (7.1.4)
+      actionpack (= 7.1.4)
+      activesupport (= 7.1.4)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
       zeitwerk (~> 2.6)
-    actionmailbox (7.1.3.4)
-      actionpack (= 7.1.3.4)
-      activejob (= 7.1.3.4)
-      activerecord (= 7.1.3.4)
-      activestorage (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
+    actionmailbox (7.1.4)
+      actionpack (= 7.1.4)
+      activejob (= 7.1.4)
+      activerecord (= 7.1.4)
+      activestorage (= 7.1.4)
+      activesupport (= 7.1.4)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.1.3.4)
-      actionpack (= 7.1.3.4)
-      actionview (= 7.1.3.4)
-      activejob (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
+    actionmailer (7.1.4)
+      actionpack (= 7.1.4)
+      actionview (= 7.1.4)
+      activejob (= 7.1.4)
+      activesupport (= 7.1.4)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
       rails-dom-testing (~> 2.2)
-    actionpack (7.1.3.4)
-      actionview (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
+    actionpack (7.1.4)
+      actionview (= 7.1.4)
+      activesupport (= 7.1.4)
       nokogiri (>= 1.8.5)
       racc
       rack (>= 2.2.4)
@@ -37,15 +37,15 @@ GEM
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    actiontext (7.1.3.4)
-      actionpack (= 7.1.3.4)
-      activerecord (= 7.1.3.4)
-      activestorage (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
+    actiontext (7.1.4)
+      actionpack (= 7.1.4)
+      activerecord (= 7.1.4)
+      activestorage (= 7.1.4)
+      activesupport (= 7.1.4)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.1.3.4)
-      activesupport (= 7.1.3.4)
+    actionview (7.1.4)
+      activesupport (= 7.1.4)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
@@ -53,22 +53,22 @@ GEM
     active_link_to (1.0.5)
       actionpack
       addressable
-    activejob (7.1.3.4)
-      activesupport (= 7.1.3.4)
+    activejob (7.1.4)
+      activesupport (= 7.1.4)
       globalid (>= 0.3.6)
-    activemodel (7.1.3.4)
-      activesupport (= 7.1.3.4)
-    activerecord (7.1.3.4)
-      activemodel (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
+    activemodel (7.1.4)
+      activesupport (= 7.1.4)
+    activerecord (7.1.4)
+      activemodel (= 7.1.4)
+      activesupport (= 7.1.4)
       timeout (>= 0.4.0)
-    activestorage (7.1.3.4)
-      actionpack (= 7.1.3.4)
-      activejob (= 7.1.3.4)
-      activerecord (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
+    activestorage (7.1.4)
+      actionpack (= 7.1.4)
+      activejob (= 7.1.4)
+      activerecord (= 7.1.4)
+      activesupport (= 7.1.4)
       marcel (~> 1.0)
-    activesupport (7.1.3.4)
+    activesupport (7.1.4)
       base64
       bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
@@ -428,7 +428,7 @@ GEM
     mutex_m (0.2.0)
     net-http (0.4.1)
       uri
-    net-imap (0.4.14)
+    net-imap (0.4.15)
       date
       net-protocol
     net-pop (0.1.2)
@@ -437,7 +437,7 @@ GEM
       timeout
     net-smtp (0.5.0)
       net-protocol
-    nio4r (2.7.0)
+    nio4r (2.7.3)
     nokogiri (1.16.7)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
@@ -541,20 +541,20 @@ GEM
     rackup (2.1.0)
       rack (>= 3)
       webrick (~> 1.8)
-    rails (7.1.3.4)
-      actioncable (= 7.1.3.4)
-      actionmailbox (= 7.1.3.4)
-      actionmailer (= 7.1.3.4)
-      actionpack (= 7.1.3.4)
-      actiontext (= 7.1.3.4)
-      actionview (= 7.1.3.4)
-      activejob (= 7.1.3.4)
-      activemodel (= 7.1.3.4)
-      activerecord (= 7.1.3.4)
-      activestorage (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
+    rails (7.1.4)
+      actioncable (= 7.1.4)
+      actionmailbox (= 7.1.4)
+      actionmailer (= 7.1.4)
+      actionpack (= 7.1.4)
+      actiontext (= 7.1.4)
+      actionview (= 7.1.4)
+      activejob (= 7.1.4)
+      activemodel (= 7.1.4)
+      activerecord (= 7.1.4)
+      activestorage (= 7.1.4)
+      activesupport (= 7.1.4)
       bundler (>= 1.15.0)
-      railties (= 7.1.3.4)
+      railties (= 7.1.4)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
@@ -578,9 +578,9 @@ GEM
       rack
       railties (>= 5.1)
       semantic_logger (~> 4.16)
-    railties (7.1.3.4)
-      actionpack (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
+    railties (7.1.4)
+      actionpack (= 7.1.4)
+      activesupport (= 7.1.4)
       irb
       rackup (>= 1.0.0)
       rake (>= 12.2)
@@ -915,18 +915,18 @@ DEPENDENCIES
   xml-simple (~> 1.1)
 
 CHECKSUMS
-  actioncable (7.1.3.4) sha256=787ba8651caaa93d5c161f0d1110105300974be65e89483071146fc42d4bd310
-  actionmailbox (7.1.3.4) sha256=a3fd3019a44597e49ae18b4ed5c68e0f21c1d1b389bbcc10be357e205a83cad0
-  actionmailer (7.1.3.4) sha256=1f196096740587b08ef935db8a672971f448cadb8299e3d9a7bc24088a2a0351
-  actionpack (7.1.3.4) sha256=dcafc71bec6a975c3984a1ed8e698e2f9afeeb441c838766c16c29633705edd2
-  actiontext (7.1.3.4) sha256=84964dae95a3c99819d42641084f21e28de502fcefa6efb9df3805d6c439b784
-  actionview (7.1.3.4) sha256=41fcf5242dec11e100a0ba3d3717612c6534e8571c8a290a5b2a950aa58b615b
+  actioncable (7.1.4) sha256=8443dfe12129cf6d7c93b16a5f0be83bf0d3f686875d7ff5e1110c884c3e8fbc
+  actionmailbox (7.1.4) sha256=30be3b404290ef19c477aab19ee48cbcb6b409cc3f377f732c7b907998e6f36f
+  actionmailer (7.1.4) sha256=eae396a3f2de43c54f1d267ecc2e4593a0122f20e321dbee5c96ffcbbdfa4b25
+  actionpack (7.1.4) sha256=f5f8879debbf0b1a73dcc60f91c975b7bed7ff87c873b5fa794acaa1f3b7e230
+  actiontext (7.1.4) sha256=5d07bfe0d50cec80f55f71526aa67bbcc401f0ea6dcb611687119294b0da9b92
+  actionview (7.1.4) sha256=c02bf0665edbfaf1616b41aad0ce8919820005226d4e78e56a998b6b32593953
   active_link_to (1.0.5) sha256=4830847b3d14589df1e9fc62038ceec015257fce975ec1c2a77836c461b139ba
-  activejob (7.1.3.4) sha256=3f8aeef0fdfb2dd65f9a663828dbcc8ca187e70ef0c5a773c5fe4dd67e040f62
-  activemodel (7.1.3.4) sha256=f4c838ea76dfca8967e433ac89603342ae20b65dd61366e62f07120a08e1ad72
-  activerecord (7.1.3.4) sha256=784eeca4d6f23391d445552d6675a47c594555361c3b042108d29f0c7b9230f2
-  activestorage (7.1.3.4) sha256=f2020ea0a77e105e480a9a15251c91d615eecb4b28a1a80968d6fb6a5dcb0a2e
-  activesupport (7.1.3.4) sha256=455bbc43d82e5ba20daa25f0888b80c9f7e2d80ca0cc96cea3e6acfec3e40309
+  activejob (7.1.4) sha256=65f65a552aeb33f444fb57b9dc75ecc01693ef13ae410591c7a5f7763c3c0bf6
+  activemodel (7.1.4) sha256=188d055afdd07d2f037d23403c939618ea0d7fa518a7de1b76324c2876d410b6
+  activerecord (7.1.4) sha256=836d6dac137ec5bb71e7ab943f6eca97917c8a2968fa466b38920f4812642cdd
+  activestorage (7.1.4) sha256=23ebbb59fb9563f035ffa18d30b6bbc3a5d3f5cda004d19765f594db24f70b46
+  activesupport (7.1.4) sha256=3a8e1a7ce5541ab2ffefaa390c40c89d7f54273dc671ed429614953cffd8a232
   addressable (2.8.7) sha256=462986537cf3735ab5f3c0f557f14155d778f4b43ea4f485a9deb9c8f7c58232
   aes_key_wrap (1.1.0) sha256=b935f4756b37375895db45669e79dfcdc0f7901e12d4e08974d5540c8e0776a5
   aggregate_assertions (0.2.0) sha256=9bc51a48323a8e7b82f47cc38d48132817247345e5a8713686c9d65b25daca9e
@@ -1074,11 +1074,11 @@ CHECKSUMS
   multipart-post (2.4.1) sha256=9872d03a8e552020ca096adadbf5e3cb1cd1cdd6acd3c161136b8a5737cdb4a8
   mutex_m (0.2.0) sha256=b6ef0c6c842ede846f2ec0ade9e266b1a9dac0bc151682b04835e8ebd54840d5
   net-http (0.4.1) sha256=a96efc5ea18bcb9715e24dda4159d10f67ff0345c8a980d04630028055b2c282
-  net-imap (0.4.14) sha256=a2184b3f09a4f7ca27998d113fd6df8cd0dd56b91e5bf0d6387b8350bb438065
+  net-imap (0.4.15) sha256=e468121d50cfcf82b7bbcee823d352bbb62ba8add963daa0c08d21680d83b53d
   net-pop (0.1.2) sha256=848b4e982013c15b2f0382792268763b748cce91c9e91e36b0f27ed26420dff3
   net-protocol (0.2.2) sha256=aa73e0cba6a125369de9837b8d8ef82a61849360eba0521900e2c3713aa162a8
   net-smtp (0.5.0) sha256=5fc0415e6ea1cc0b3dfea7270438ec22b278ca8d524986a3ae4e5ae8d087b42a
-  nio4r (2.7.0) sha256=9586a685eca8246d6406e712a525e705d15bb88f709d78fc3f141e864df97276
+  nio4r (2.7.3) sha256=54b94cdd4b8f9dc39aaad5f699e97afae13efb44f2b180a6e724df76105ff604
   nokogiri (1.16.7) sha256=f819cbfdfb0a7b19c9c52c6f2ca63df0e58a6125f4f139707b586b9511d7fe95
   oauth2 (2.0.9) sha256=b21f9defcf52dc1610e0dfab4c868342173dcd707fd15c777d9f4f04e153f7fb
   observer (0.1.2) sha256=d8a3107131ba661138d748e7be3dbafc0d82e732fffba9fccb3d7829880950ac
@@ -1120,14 +1120,14 @@ CHECKSUMS
   rack-session (2.0.0) sha256=db04b2063e180369192a9046b4559af311990af38c6a93d4c600cee4eb6d4e81
   rack-test (2.1.0) sha256=0c61fc61904049d691922ea4bb99e28004ed3f43aa5cfd495024cc345f125dfb
   rackup (2.1.0) sha256=6ecb884a581990332e45ee17bdfdc14ccbee46c2f710ae1566019907869a6c4d
-  rails (7.1.3.4) sha256=3a7fca9df74ee641dc1e89b8302ac6d03f22883de771e786a0e9f3094e5aa6ad
+  rails (7.1.4) sha256=dfcf9e78d26db70320b99958e7ee8957db9cee5969279d449b925cdab18cc51e
   rails-controller-testing (1.0.5) sha256=741448db59366073e86fc965ba403f881c636b79a2c39a48d0486f2607182e94
   rails-dom-testing (2.2.0) sha256=e515712e48df1f687a1d7c380fd7b07b8558faa26464474da64183a7426fa93b
   rails-erd (1.7.2) sha256=0b17d0fba25d319d8da8af7a3e5e2149d02d6187cc7351e8be43423f07c48bcd
   rails-html-sanitizer (1.6.0) sha256=86e9f19d2e6748890dcc2633c8945ca45baa08a1df9d8c215ce17b3b0afaa4de
   rails-i18n (7.0.9) sha256=c184db80a7c7bf21c14e0e400fe9e27c4c20312f019aaff5b364a82858dc1369
   rails_semantic_logger (4.17.0) sha256=cc10cca01491736596cd5ab40b52b3bbf98338d9d1f5a7916b2be10231615047
-  railties (7.1.3.4) sha256=6c6049f3a788669d94f95c7bf6378204ae94098567cc25237e3c73dac4a21afc
+  railties (7.1.4) sha256=54395f2753366699e54417aea67d8b3c0eefd994de2f4152d364a400de634a5a
   rainbow (3.1.1) sha256=039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a
   rake (13.2.1) sha256=46cb38dae65d7d74b6020a4ac9d48afed8eb8149c040eccf0523bec91907059d
   rb-fsevent (0.11.2) sha256=43900b972e7301d6570f64b850a5aa67833ee7d87b458ee92805d56b7318aefe

From e0f3df2804758f780b111c6fcb08757293074dba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Sun, 1 Sep 2024 17:47:30 +0200
Subject: [PATCH 167/381] Assert erb tests. (#4998)

---
 test/unit/erb_implementation_test.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/unit/erb_implementation_test.rb b/test/unit/erb_implementation_test.rb
index a937b7dc385..0d6a05d54c7 100644
--- a/test/unit/erb_implementation_test.rb
+++ b/test/unit/erb_implementation_test.rb
@@ -10,7 +10,7 @@ class ErbImplementationTest < ActiveSupport::TestCase
   Dir[ERB_GLOB, base: Rails.root].each do |filename|
     test "html errors in #{filename}" do
       data = Rails.root.join(filename).read
-      BetterHtml::BetterErb::ErubiImplementation.new(data, filename:).validate!
+      assert_nothing_raised { BetterHtml::BetterErb::ErubiImplementation.new(data, filename:).validate! }
     end
   end
 end

From 93e5e10283fe9c15555ed29b39c579ecf3a99dec Mon Sep 17 00:00:00 2001
From: Martin Emde <me@martinemde.com>
Date: Thu, 18 Jul 2024 20:05:14 -0700
Subject: [PATCH 168/381] Replace ownership checks in views with policy checks

---
 app/controllers/adoptions_controller.rb       |  2 +-
 .../ownership_requests_controller.rb          |  4 +--
 app/policies/ownership_call_policy.rb         |  4 +--
 app/policies/rubygem_policy.rb                | 32 +++++++++++--------
 app/views/adoptions/index.html.erb            |  6 ++--
 app/views/ownership_calls/_close.html.erb     |  2 +-
 app/views/ownership_requests/_list.html.erb   |  2 +-
 app/views/rubygems/_aside.html.erb            |  8 ++---
 test/policies/ownership_call_policy_test.rb   |  2 +-
 test/policies/rubygem_policy_test.rb          | 32 ++++++++++++++-----
 10 files changed, 57 insertions(+), 37 deletions(-)

diff --git a/app/controllers/adoptions_controller.rb b/app/controllers/adoptions_controller.rb
index 77f4d09aebf..8ee0d1cbdf1 100644
--- a/app/controllers/adoptions_controller.rb
+++ b/app/controllers/adoptions_controller.rb
@@ -2,7 +2,7 @@ class AdoptionsController < ApplicationController
   include SessionVerifiable
 
   before_action :find_rubygem
-  before_action :redirect_to_verify, if: -> { @rubygem.owned_by?(current_user) && !verified_session_active? }
+  before_action :redirect_to_verify, if: -> { policy(@rubygem).manage_adoption? && !verified_session_active? }
 
   def index
     @ownership_call     = @rubygem.ownership_call
diff --git a/app/controllers/ownership_requests_controller.rb b/app/controllers/ownership_requests_controller.rb
index 71f9c9109d8..48d8f887e05 100644
--- a/app/controllers/ownership_requests_controller.rb
+++ b/app/controllers/ownership_requests_controller.rb
@@ -5,7 +5,7 @@ class OwnershipRequestsController < ApplicationController
   before_action :redirect_to_signin, unless: :signed_in?
   before_action :redirect_to_new_mfa, if: :mfa_required_not_yet_enabled?
   before_action :redirect_to_settings_strong_mfa_required, if: :mfa_required_weak_level_enabled?
-  before_action :redirect_to_verify, only: %i[update close_all], if: -> { @rubygem.owned_by?(current_user) && !verified_session_active? }
+  before_action :redirect_to_verify, only: %i[update close_all], if: -> { policy(@rubygem).manage_adoption? && !verified_session_active? }
 
   rescue_from ActiveRecord::RecordInvalid, with: :redirect_try_again
   rescue_from ActiveRecord::RecordNotSaved, with: :redirect_try_again
@@ -34,7 +34,7 @@ def update
   end
 
   def close_all
-    authorize(@rubygem, :close_ownership_requests?).ownership_requests.each(&:close!)
+    authorize(@rubygem, :manage_adoption?).ownership_requests.each(&:close!)
     redirect_to rubygem_adoptions_path(@rubygem.slug), notice: t("ownership_requests.close.success_notice", gem: @rubygem.name)
   end
 
diff --git a/app/policies/ownership_call_policy.rb b/app/policies/ownership_call_policy.rb
index eae5d07be29..dafeff928cc 100644
--- a/app/policies/ownership_call_policy.rb
+++ b/app/policies/ownership_call_policy.rb
@@ -5,10 +5,10 @@ class Scope < ApplicationPolicy::Scope
   delegate :rubygem, to: :record
 
   def create?
-    rubygem_owned_by?(user) && current_user?(record.user)
+    user_authorized?(rubygem, :manage_adoption?)
   end
 
   def close?
-    rubygem_owned_by?(user)
+    user_authorized?(rubygem, :manage_adoption?)
   end
 end
diff --git a/app/policies/rubygem_policy.rb b/app/policies/rubygem_policy.rb
index 221c6d8d048..56a5c02ec58 100644
--- a/app/policies/rubygem_policy.rb
+++ b/app/policies/rubygem_policy.rb
@@ -23,38 +23,42 @@ def destroy?
     false
   end
 
-  def show_adoption?
-    rubygem_owned_by?(user) || request_ownership?
+  def add_owner?
+    rubygem_owned_by?(user)
   end
 
-  def show_events?
+  def configure_oidc?
     rubygem_owned_by?(user)
   end
 
-  def request_ownership?
-    return allow if rubygem.ownership_calls.any?
-    return false if rubygem.downloads >= ABANDONED_DOWNLOADS_MAX
-    return false if rubygem.latest_version.nil? || rubygem.latest_version.created_at.after?(ABANDONED_RELEASE_AGE.ago)
-    allow
+  def configure_trusted_publishers?
+    rubygem_owned_by?(user)
   end
 
-  def close_ownership_requests?
+  def manage_adoption?
     rubygem_owned_by?(user)
   end
 
-  def configure_trusted_publishers?
+  def remove_owner?
     rubygem_owned_by?(user)
   end
 
-  def show_unconfirmed_ownerships?
-    rubygem_owned_by?(user)
+  def request_ownership?
+    return allow if rubygem.ownership_calls.any?
+    return false if rubygem.downloads >= ABANDONED_DOWNLOADS_MAX
+    return false if rubygem.latest_version.nil? || rubygem.latest_version.created_at.after?(ABANDONED_RELEASE_AGE.ago)
+    allow
   end
 
-  def add_owner?
+  def show_adoption?
+    manage_adoption? || request_ownership?
+  end
+
+  def show_events?
     rubygem_owned_by?(user)
   end
 
-  def remove_owner?
+  def show_unconfirmed_ownerships?
     rubygem_owned_by?(user)
   end
 end
diff --git a/app/views/adoptions/index.html.erb b/app/views/adoptions/index.html.erb
index 48afcc14296..7d6ae93012f 100644
--- a/app/views/adoptions/index.html.erb
+++ b/app/views/adoptions/index.html.erb
@@ -3,7 +3,7 @@
 <% content_for :title do %>
   <h1 class="t-display page__heading page__heading--small">
     <%= t('.title') %>
-    <% if @rubygem.owned_by?(current_user) %>
+    <% if policy(@rubygem).manage_adoption? %>
       <i class="page__subheading page__subheading--block"><%= t(".subtitle_owner_html", gem: @rubygem.name) %></i>
     <% else %>
       <i class="page__subheading page__subheading--block"><%= t(".subtitle_user_html", gem: @rubygem.name) %></i>
@@ -24,12 +24,12 @@
       <strong><%= t("ownership_calls.created_by") %>:</strong>
       <%= link_to @ownership_call.user_display_handle, profile_path(@ownership_call.user), class: "t-text t-link" %>
     </p>
-    <% if @ownership_call.rubygem.owned_by?(current_user) %>
+    <% if policy(@ownership_call).close? %>
       <%= button_to t("ownership_calls.close"), close_rubygem_ownership_calls_path(@ownership_call.rubygem.slug), method: :patch, class: "form__submit form__submit--medium" %>
     <% end %>
   </div>
 
-<% elsif @rubygem.owned_by?(current_user) %>
+<% elsif policy(@rubygem).manage_adoption? %>
   <%= render partial: "ownership_calls/form", locals: { gem: @rubygem.name } %>
 <% else %>
   <div class="t-list__item">
diff --git a/app/views/ownership_calls/_close.html.erb b/app/views/ownership_calls/_close.html.erb
index af7ddc1001f..1d9b5e119a4 100644
--- a/app/views/ownership_calls/_close.html.erb
+++ b/app/views/ownership_calls/_close.html.erb
@@ -1,3 +1,3 @@
-<% if ownership_call.rubygem.owned_by?(current_user) %>
+<% if policy(ownership_call).close? %>
   <div><%= button_to t("ownership_calls.close"), close_rubygem_ownership_calls_path(ownership_call.rubygem.slug), method: :patch, class: "form__submit form__submit--medium" %></div>
 <% end %>
diff --git a/app/views/ownership_requests/_list.html.erb b/app/views/ownership_requests/_list.html.erb
index a0cdd088204..4481cf4ec4a 100644
--- a/app/views/ownership_requests/_list.html.erb
+++ b/app/views/ownership_requests/_list.html.erb
@@ -4,7 +4,7 @@
   </h2>
 </div>
 
-<% if @rubygem.owned_by?(current_user) %>
+<% if policy(@rubygem).manage_adoption? %>
   <div class="t-list__items">
     <%= render(partial: "ownership_requests/owner", layout: "ownership_requests/ownership_request", collection: @ownership_requests, as: :ownership_request, locals: { show_user: true, show_gem: false }) || t("ownership_requests.no_ownership_requests", gem: @rubygem.name) %>
   </div>
diff --git a/app/views/rubygems/_aside.html.erb b/app/views/rubygems/_aside.html.erb
index 9073ea0e1ee..9e011629aaf 100644
--- a/app/views/rubygems/_aside.html.erb
+++ b/app/views/rubygems/_aside.html.erb
@@ -74,11 +74,11 @@
     <%= atom_link(@rubygem) %>
     <%= report_abuse_link(@rubygem) %>
     <%= reverse_dependencies_link(@rubygem) %>
-    <%= ownership_link(@rubygem) if @rubygem.owned_by?(current_user) %>
-    <%= rubygem_trusted_publishers_link(@rubygem) if @rubygem.owned_by?(current_user) %>
-    <%= oidc_api_key_role_links(@rubygem) if @rubygem.owned_by?(current_user) %>
+    <%= ownership_link(@rubygem) if policy(@rubygem).show_unconfirmed_ownerships? %>
+    <%= rubygem_trusted_publishers_link(@rubygem) if policy(@rubygem).configure_trusted_publishers? %>
+    <%= oidc_api_key_role_links(@rubygem) if policy(@rubygem).configure_oidc? %>
     <%= resend_owner_confirmation_link(@rubygem) if @rubygem.unconfirmed_ownership?(current_user) %>
     <%= rubygem_adoptions_link(@rubygem) if policy(@rubygem).show_adoption? %>
-    <%= rubygem_security_events_link(@rubygem) if @rubygem.owned_by?(current_user) %>
+    <%= rubygem_security_events_link(@rubygem) if policy(@rubygem).show_events? %>
   </div>
 </div>
diff --git a/test/policies/ownership_call_policy_test.rb b/test/policies/ownership_call_policy_test.rb
index 33138e98acf..9bd3c3c93a9 100644
--- a/test/policies/ownership_call_policy_test.rb
+++ b/test/policies/ownership_call_policy_test.rb
@@ -18,7 +18,7 @@ def test_create
     refute_authorized @user, :create?
   end
 
-  def test_destroy
+  def test_close
     assert_authorized @owner, :close?
     refute_authorized @user, :close?
   end
diff --git a/test/policies/rubygem_policy_test.rb b/test/policies/rubygem_policy_test.rb
index 25b4d473d55..c5cefe7a214 100644
--- a/test/policies/rubygem_policy_test.rb
+++ b/test/policies/rubygem_policy_test.rb
@@ -11,6 +11,30 @@ def policy!(user)
     Pundit.policy!(user, @rubygem)
   end
 
+  context "#configure_oidc?" do
+    should "only allow the owner" do
+      assert_authorized @owner, :configure_oidc?
+      refute_authorized @user, :configure_oidc?
+      refute_authorized nil, :configure_oidc?
+    end
+  end
+
+  context "#configure_trusted_publishers?" do
+    should "only allow the owner" do
+      assert_authorized @owner, :configure_trusted_publishers?
+      refute_authorized @user, :configure_trusted_publishers?
+      refute_authorized nil, :configure_trusted_publishers?
+    end
+  end
+
+  context "#manage_adoption?" do
+    should "only allow the owner" do
+      assert_authorized @owner, :manage_adoption?
+      refute_authorized @user, :manage_adoption?
+      refute_authorized nil, :manage_adoption?
+    end
+  end
+
   context "#request_ownership?" do
     should "be true if the gem has ownership calls" do
       create(:ownership_call, rubygem: @rubygem, user: @owner)
@@ -64,14 +88,6 @@ def policy!(user)
     end
   end
 
-  context "#configure_trusted_publishers?" do
-    should "only allow the owner" do
-      assert_authorized @owner, :configure_trusted_publishers?
-      refute_authorized @user, :configure_trusted_publishers?
-      refute_authorized nil, :configure_trusted_publishers?
-    end
-  end
-
   context "#show_unconfirmed_ownerships?" do
     should "only allow the owner" do
       assert_authorized @owner, :show_unconfirmed_ownerships?

From 6c9a15b06a5a074ebd048eb7afc21aac2522c885 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 4 Sep 2024 16:49:49 -0400
Subject: [PATCH 169/381] Bump ruby/setup-ruby from 1.190.0 to 1.191.0 (#5004)

---
 .github/workflows/lint.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index abdc49c3e62..3214a795bf6 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
+      - uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # v1.191.0
         with:
           bundler-cache: true
       - name: Rubocop
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
+      - uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # v1.191.0
         with:
           bundler-cache: true
       - name: Brakeman
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
+      - uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # v1.191.0
         with:
           bundler-cache: true
       - name: Importmap Verify
@@ -51,7 +51,7 @@ jobs:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
+      - uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # v1.191.0
         with:
           bundler-cache: true
       - name: krane render

From 92a9d8cc7c15e1e421cd2d166a75115cbcd1a647 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Sep 2024 22:31:40 -0400
Subject: [PATCH 170/381] Bump searchkick from 5.3.1 to 5.4.0 (#5007)

---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index ace54364387..787ec515a84 100644
--- a/Gemfile
+++ b/Gemfile
@@ -40,7 +40,7 @@ gem "shoryuken", "~> 6.2", require: false
 gem "statsd-instrument", "~> 3.9"
 gem "validates_formatting_of", "~> 0.9"
 gem "opensearch-ruby", "~> 3.4"
-gem "searchkick", "~> 5.3"
+gem "searchkick", "~> 5.4"
 gem "faraday_middleware-aws-sigv4", "~> 1.0"
 gem "xml-simple", "~> 1.1"
 gem "compact_index", "~> 0.15.0"
diff --git a/Gemfile.lock b/Gemfile.lock
index 20cd6f64888..471e948cd6f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -674,7 +674,7 @@ GEM
     sawyer (0.9.2)
       addressable (>= 2.3.5)
       faraday (>= 0.17.3, < 3)
-    searchkick (5.3.1)
+    searchkick (5.4.0)
       activemodel (>= 6.1)
       hashie
     selenium-webdriver (4.24.0)
@@ -891,7 +891,7 @@ DEPENDENCIES
   rubocop-performance (~> 1.21)
   rubocop-rails (~> 2.25)
   ruby-magic (~> 0.6)
-  searchkick (~> 5.3)
+  searchkick (~> 5.4)
   selenium-webdriver (~> 4.24)
   shoryuken (~> 6.2)
   shoulda-context (~> 3.0.0.rc1)
@@ -1166,7 +1166,7 @@ CHECKSUMS
   sass-embedded (1.72.0) sha256=05d3e53092022a4b4eef5b76b9597c7f2af4e4efb06812e1a60e3601189a3d2e
   sassc-embedded (1.70.1) sha256=a95172c9c6725dfc412c702a0e705fb8a5bcb3aac2a32586b18e5432987103d3
   sawyer (0.9.2) sha256=fa3a72d62a4525517b18857ddb78926aab3424de0129be6772a8e2ba240e7aca
-  searchkick (5.3.1) sha256=dc1181543f6a68354e380651f235fa7f3df6a09e4cd67fc284dc293fa9860f57
+  searchkick (5.4.0) sha256=75d7256d3ec2af2dc11c2ba8160c86d80451f3f86447aae2ace1f79553de0bf3
   selenium-webdriver (4.24.0) sha256=00c878b8a9125a51a585e7ad8fdc9c2ef188b3f346e335c92005d9e0ccc53926
   semantic (1.6.1) sha256=3cdbb48f59198ebb782a3fdfb87b559e0822a311610db153bae22777a7d0c163
   semantic_logger (4.16.0) sha256=ffba0bd0e008ceaf6be26da588f610a61208b9a9f55676b32729e962904023d9

From f2a8267369967fafa0427353df3c3612dae412ca Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Sep 2024 22:34:25 -0400
Subject: [PATCH 171/381] Bump aws-sdk-s3 from 1.159.0 to 1.160.0 (#5005)

---
 Gemfile      |  2 +-
 Gemfile.lock | 22 +++++++++++-----------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/Gemfile b/Gemfile
index 787ec515a84..100934f496f 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,7 +5,7 @@ ruby file: ".ruby-version"
 gem "rails", "~> 7.1.0", ">= 7.1.3.2"
 gem "rails-i18n", "~> 7.0"
 
-gem "aws-sdk-s3", "~> 1.159"
+gem "aws-sdk-s3", "~> 1.160"
 gem "aws-sdk-sqs", "~> 1.80"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
diff --git a/Gemfile.lock b/Gemfile.lock
index 471e948cd6f..7a886350ef6 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -110,17 +110,17 @@ GEM
       zeitwerk (>= 2.6.2)
     awrence (1.2.1)
     aws-eventstream (1.3.0)
-    aws-partitions (1.966.0)
-    aws-sdk-core (3.201.5)
+    aws-partitions (1.970.0)
+    aws-sdk-core (3.203.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.9)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.88.0)
-      aws-sdk-core (~> 3, >= 3.201.0)
+    aws-sdk-kms (1.89.0)
+      aws-sdk-core (~> 3, >= 3.203.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.159.0)
-      aws-sdk-core (~> 3, >= 3.201.0)
+    aws-sdk-s3 (1.160.0)
+      aws-sdk-core (~> 3, >= 3.203.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
     aws-sdk-sqs (1.80.0)
@@ -803,7 +803,7 @@ DEPENDENCIES
   amazing_print (~> 1.6)
   autoprefixer-rails (~> 10.4)
   avo (~> 2.52)
-  aws-sdk-s3 (~> 1.159)
+  aws-sdk-s3 (~> 1.160)
   aws-sdk-sqs (~> 1.80)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
@@ -940,10 +940,10 @@ CHECKSUMS
   avo (2.52.0) sha256=223948642e7553c6d6cd87408c622b356e2602e60bd0c2ecb4d90a603fcac670
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
-  aws-partitions (1.966.0) sha256=1402324c85cf16c3d53b1122ce961c913d4356d020c1bb1d845893c6fa8c51a2
-  aws-sdk-core (3.201.5) sha256=1848c52fa93118cf527f2b2a70196b1fe4586f4d37dca8ffb86365b5df19ac50
-  aws-sdk-kms (1.88.0) sha256=13588d90df1eece81f6d79bd304b3857dc3168e7ea75c933b3b835cfe8a0e309
-  aws-sdk-s3 (1.159.0) sha256=406ba75c68890938350aa573df1c3f878dd7781a59ba1ddc0953968a70725e98
+  aws-partitions (1.970.0) sha256=88afd3c8627af3828113a3976b302fb4827e74d700b5287de59de83eefe58e0d
+  aws-sdk-core (3.203.0) sha256=8109358fb3eeee476d112a74af9b3a13bba4c294c38045a70210711be3af9af8
+  aws-sdk-kms (1.89.0) sha256=11af39e75279f7025d3c5ae1865dde1247e58754ba0f77cabd3f5ed5229249af
+  aws-sdk-s3 (1.160.0) sha256=da8245479741175d18ccc7488029fa44bad6eaeb4ec98fcbc7e1cabcf9e7eaef
   aws-sdk-sqs (1.80.0) sha256=ae0bdced7aa958ddd99d28f709abe244839d58fbf1f2a628bcd9a5629a7444c2
   aws-sigv4 (1.9.1) sha256=7753e320c39f80f82f9e0883b30de0e7b99e756adbaedc80c50b6ad59d49c379
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507

From b25a4fc2d18ffd131559400e369df4137da3fc1d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Sep 2024 22:35:56 -0400
Subject: [PATCH 172/381] Bump actions/upload-artifact from 4.3.6 to 4.4.0
 (#5003)

---
 .github/workflows/lint.yml | 2 +-
 .github/workflows/test.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 3214a795bf6..e2eb1bf2fba 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -60,7 +60,7 @@ jobs:
         env:
           ENVIRONMENT: "${{ matrix.environment }}"
           REVISION: "${{ github.sha }}"
-      - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+      - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           name: "${{ matrix.environment }}.rendered.yaml"
           path: "config/deploy/${{ matrix.environment }}.rendered.yaml"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 43a3a1e7151..1aa8735dc8e 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -56,7 +56,7 @@ jobs:
 
       - name: Save capybara screenshots
         if: ${{ failure() && steps.test-all.outcome == 'failure' }}
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           name: capybara-screenshots-${{ matrix.tests.name }}-${{ matrix.rubygems.name }}
           path: tmp/capybara

From 2c718b2af85fc06adf07494eb5daf8b6f70cdf26 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Sep 2024 13:17:14 -0700
Subject: [PATCH 173/381] Bump rack-sanitizer from 2.0.2 to 2.0.3 (#5010)

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 7a886350ef6..ece1d2d0f62 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -532,7 +532,7 @@ GEM
     rack-protection (4.0.0)
       base64 (>= 0.1.0)
       rack (>= 3.0.0, < 4)
-    rack-sanitizer (2.0.2)
+    rack-sanitizer (2.0.3)
       rack (>= 1.0, < 4.0)
     rack-session (2.0.0)
       rack (>= 3.0.0)
@@ -1116,7 +1116,7 @@ CHECKSUMS
   rack-attack (6.7.0) sha256=3ca47e8f66cd33b2c96af53ea4754525cd928ed3fa8da10ee6dad0277791d77c
   rack-oauth2 (2.2.1) sha256=c73aa87c508043e2258f02b4fb110cacba9b37d2ccf884e22487d014a120d1a5
   rack-protection (4.0.0) sha256=d0db6185caa46a8c0d134c2c6b4803f4f392a67b2984da311409cb505f67bbf6
-  rack-sanitizer (2.0.2) sha256=a4881a8955d7671c9245c198895afb91114462b190462dc941c9a49a6858d039
+  rack-sanitizer (2.0.3) sha256=3e492e1b56b0005fb1b56d77dff996821059aad4321634883ae3c42c865f9af0
   rack-session (2.0.0) sha256=db04b2063e180369192a9046b4559af311990af38c6a93d4c600cee4eb6d4e81
   rack-test (2.1.0) sha256=0c61fc61904049d691922ea4bb99e28004ed3f43aa5cfd495024cc345f125dfb
   rackup (2.1.0) sha256=6ecb884a581990332e45ee17bdfdc14ccbee46c2f710ae1566019907869a6c4d

From 29ce0240b72fee8b679675ee5a5ef28039633f71 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Sep 2024 13:17:38 -0700
Subject: [PATCH 174/381] Bump pg from 1.5.7 to 1.5.8 (#5009)

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index ece1d2d0f62..5deb9fd9c56 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -490,7 +490,7 @@ GEM
     parser (3.3.4.0)
       ast (~> 2.4.1)
       racc
-    pg (1.5.7)
+    pg (1.5.8)
     pg_query (5.1.0)
       google-protobuf (>= 3.22.3)
     pghero (3.6.0)
@@ -1095,7 +1095,7 @@ CHECKSUMS
   pagy (8.6.3) sha256=537b2ee3119f237dd6c4a0d0a35c67a77b9d91ebb9d4f85e31407c2686774fb2
   parallel (1.25.1) sha256=12e089b9aa36ea2343f6e93f18cfcebd031798253db8260590d26a7f70b1ab90
   parser (3.3.4.0) sha256=8d247769c3873fe92201d591a7463384022a1a25e214853df5d6806623179e82
-  pg (1.5.7) sha256=07a7d86e5aac8b964a0288076a7a7c699c27b25c9b40b001726f6eb03ed13427
+  pg (1.5.8) sha256=efd71939dd1d6d9f0b434dc61dee6ef64f1d2bfcd3c177598a8797c27e654f37
   pg_query (5.1.0) sha256=b7f7f47c864f08ccbed46a8244906fb6ee77ee344fd27250717963928c93145d
   pghero (3.6.0) sha256=cad9cb865f99ff40bb5ba47d3dae20d06be06ac8ea6b01172f6a8ccc85671109
   phlex (1.10.2) sha256=49dca7df081258f937be5e4ee0a81b11743f2b4fea25ac7537912b9c9344b1e6

From 8bca57f538c10cb53fded92f016a85d8d90d0cdc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Sep 2024 14:51:07 +0000
Subject: [PATCH 175/381] Bump timescaledb from 0.2.9 to 0.3.0

Bumps [timescaledb](https://github.com/jonatas/timescaledb) from 0.2.9 to 0.3.0.
- [Commits](https://github.com/jonatas/timescaledb/compare/v0.2.9...v0.3.0)

---
updated-dependencies:
- dependency-name: timescaledb
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 100934f496f..c477bb52d71 100644
--- a/Gemfile
+++ b/Gemfile
@@ -58,7 +58,7 @@ gem "discard", "~> 1.3"
 gem "user_agent_parser", "~> 2.18"
 gem "pghero", "~> 3.6"
 gem "faraday-multipart", "~> 1.0"
-gem "timescaledb", "~> 0.2"
+gem "timescaledb", "~> 0.3"
 
 # Admin dashboard
 gem "avo", "~> 2.52"
diff --git a/Gemfile.lock b/Gemfile.lock
index 5deb9fd9c56..eebc641d310 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -732,7 +732,7 @@ GEM
     thor (1.3.2)
     tilt (2.3.0)
     timeout (0.4.1)
-    timescaledb (0.2.9)
+    timescaledb (0.3.0)
       activerecord
       activesupport
       pg (~> 1.2)
@@ -904,7 +904,7 @@ DEPENDENCIES
   strong_migrations (~> 2.0)
   tailwindcss-rails (~> 2.7)
   terser (~> 1.2)
-  timescaledb (~> 0.2)
+  timescaledb (~> 0.3)
   toxiproxy (~> 2.0)
   unpwn (~> 1.0)
   user_agent_parser (~> 2.18)
@@ -1192,7 +1192,7 @@ CHECKSUMS
   thor (1.3.2) sha256=eef0293b9e24158ccad7ab383ae83534b7ad4ed99c09f96f1a6b036550abbeda
   tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c
   timeout (0.4.1) sha256=6f1f4edd4bca28cffa59501733a94215407c6960bd2107331f0280d4abdebb9a
-  timescaledb (0.2.9) sha256=1d1382d5b889bf8ec6bcdcbf061c8e28234bc343911c81d48a9dfb22d9d5cfdc
+  timescaledb (0.3.0) sha256=9ce2b39417d30544054cb609fbd84e18e304c7b7952a793846b8f4489551a28f
   toxiproxy (2.0.2) sha256=2e3b53604fb921d40da3db8f78a52b3133fcae33e93d440725335b15974e440a
   tpm-key_attestation (0.12.0) sha256=e133d80cf24fef0e7a7dfad00fd6aeff01fc79875fbfc66cd8537bbd622b1e6d
   turbo-rails (1.5.0) sha256=b426cc762fb0940277729b3f1751a9f0bd269f5613c1d62ac73e5f0be7c7a83e

From 287e3eb784a50e8a63a9c71a1fac14901f2e0ae8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Sep 2024 02:38:05 +0000
Subject: [PATCH 176/381] Bump aws-sdk-sqs from 1.80.0 to 1.81.0

Bumps [aws-sdk-sqs](https://github.com/aws/aws-sdk-ruby) from 1.80.0 to 1.81.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-sqs/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-sqs
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Gemfile b/Gemfile
index c477bb52d71..adf9457a466 100644
--- a/Gemfile
+++ b/Gemfile
@@ -6,7 +6,7 @@ gem "rails", "~> 7.1.0", ">= 7.1.3.2"
 gem "rails-i18n", "~> 7.0"
 
 gem "aws-sdk-s3", "~> 1.160"
-gem "aws-sdk-sqs", "~> 1.80"
+gem "aws-sdk-sqs", "~> 1.81"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
 gem "dalli", "~> 3.2"
diff --git a/Gemfile.lock b/Gemfile.lock
index eebc641d310..b6fbe0acafd 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -110,7 +110,7 @@ GEM
       zeitwerk (>= 2.6.2)
     awrence (1.2.1)
     aws-eventstream (1.3.0)
-    aws-partitions (1.970.0)
+    aws-partitions (1.971.0)
     aws-sdk-core (3.203.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
@@ -123,8 +123,8 @@ GEM
       aws-sdk-core (~> 3, >= 3.203.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
-    aws-sdk-sqs (1.80.0)
-      aws-sdk-core (~> 3, >= 3.201.0)
+    aws-sdk-sqs (1.81.0)
+      aws-sdk-core (~> 3, >= 3.203.0)
       aws-sigv4 (~> 1.5)
     aws-sigv4 (1.9.1)
       aws-eventstream (~> 1, >= 1.0.2)
@@ -804,7 +804,7 @@ DEPENDENCIES
   autoprefixer-rails (~> 10.4)
   avo (~> 2.52)
   aws-sdk-s3 (~> 1.160)
-  aws-sdk-sqs (~> 1.80)
+  aws-sdk-sqs (~> 1.81)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
   bootsnap (~> 1.18)
@@ -940,11 +940,11 @@ CHECKSUMS
   avo (2.52.0) sha256=223948642e7553c6d6cd87408c622b356e2602e60bd0c2ecb4d90a603fcac670
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
-  aws-partitions (1.970.0) sha256=88afd3c8627af3828113a3976b302fb4827e74d700b5287de59de83eefe58e0d
+  aws-partitions (1.971.0) sha256=ffb7e8b733f1ff37eb0983a1f0a0475899221980d278c1e6036f9d3b4ada2616
   aws-sdk-core (3.203.0) sha256=8109358fb3eeee476d112a74af9b3a13bba4c294c38045a70210711be3af9af8
   aws-sdk-kms (1.89.0) sha256=11af39e75279f7025d3c5ae1865dde1247e58754ba0f77cabd3f5ed5229249af
   aws-sdk-s3 (1.160.0) sha256=da8245479741175d18ccc7488029fa44bad6eaeb4ec98fcbc7e1cabcf9e7eaef
-  aws-sdk-sqs (1.80.0) sha256=ae0bdced7aa958ddd99d28f709abe244839d58fbf1f2a628bcd9a5629a7444c2
+  aws-sdk-sqs (1.81.0) sha256=ade08f4e1b3c6b9fbceb23081e28f28e3c046ef977455f57f7635f44641bcf58
   aws-sigv4 (1.9.1) sha256=7753e320c39f80f82f9e0883b30de0e7b99e756adbaedc80c50b6ad59d49c379
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507
   bcrypt (3.1.20) sha256=8410f8c7b3ed54a3c00cd2456bf13917d695117f033218e2483b2e40b0784099

From d84a6af9f4d193e9d69e6c64e1e15ab8349c5d3f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Sep 2024 20:09:50 +0200
Subject: [PATCH 177/381] Bump avo from 2.52.0 to 2.53.0 (#5022)

---
 Gemfile      |  2 +-
 Gemfile.lock | 18 +++++++++---------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/Gemfile b/Gemfile
index adf9457a466..bc1dc6f4c19 100644
--- a/Gemfile
+++ b/Gemfile
@@ -61,7 +61,7 @@ gem "faraday-multipart", "~> 1.0"
 gem "timescaledb", "~> 0.3"
 
 # Admin dashboard
-gem "avo", "~> 2.52"
+gem "avo", "~> 2.53"
 gem "pagy", "~> 8.4"
 gem "view_component", "~> 3.14"
 gem "pundit", "~> 2.4"
diff --git a/Gemfile.lock b/Gemfile.lock
index b6fbe0acafd..20ac08b3555 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -93,7 +93,7 @@ GEM
     attr_required (1.0.2)
     autoprefixer-rails (10.4.19.0)
       execjs (~> 2)
-    avo (2.52.0)
+    avo (2.53.0)
       actionview (>= 6.0)
       active_link_to
       activerecord (>= 6.0)
@@ -307,7 +307,7 @@ GEM
       actionpack (>= 6.0.0)
       activesupport (>= 6.0.0)
       railties (>= 6.0.0)
-    inline_svg (1.9.0)
+    inline_svg (1.10.0)
       activesupport (>= 3.0)
       nokogiri (>= 1.6)
     io-console (0.7.2)
@@ -599,7 +599,7 @@ GEM
       psych (>= 4.0.0)
     redcarpet (3.6.0)
     regexp_parser (2.9.2)
-    reline (0.5.9)
+    reline (0.5.10)
       io-console (~> 0.5)
     rexml (3.3.6)
       strscan
@@ -792,7 +792,7 @@ GEM
     xpath (3.2.0)
       nokogiri (~> 1.8)
     yard (0.9.36)
-    zeitwerk (2.6.17)
+    zeitwerk (2.6.18)
     zlib (3.1.1)
 
 PLATFORMS
@@ -802,7 +802,7 @@ DEPENDENCIES
   aggregate_assertions (~> 0.2.0)
   amazing_print (~> 1.6)
   autoprefixer-rails (~> 10.4)
-  avo (~> 2.52)
+  avo (~> 2.53)
   aws-sdk-s3 (~> 1.160)
   aws-sdk-sqs (~> 1.81)
   bcrypt (~> 3.1)
@@ -937,7 +937,7 @@ CHECKSUMS
   ast (2.4.2) sha256=1e280232e6a33754cde542bc5ef85520b74db2aac73ec14acef453784447cc12
   attr_required (1.0.2) sha256=f0ebfc56b35e874f4d0ae799066dbc1f81efefe2364ca3803dc9ea6a4de6cb99
   autoprefixer-rails (10.4.19.0) sha256=ccd21f47e5a07a581c7d239025e0d8d06a005825e96e06f72382d818fe665f4e
-  avo (2.52.0) sha256=223948642e7553c6d6cd87408c622b356e2602e60bd0c2ecb4d90a603fcac670
+  avo (2.53.0) sha256=e8f1fb9abaf6d874d898449d4db863586c16e60634a136d97ae436ded976d1a6
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
   aws-partitions (1.971.0) sha256=ffb7e8b733f1ff37eb0983a1f0a0475899221980d278c1e6036f9d3b4ada2616
@@ -1027,7 +1027,7 @@ CHECKSUMS
   httparty (0.22.0) sha256=78652a5c9471cf0093d3b2083c2295c9c8f12b44c65112f1846af2b71430fa6c
   i18n (1.14.5) sha256=26dcbc05e364b57e27ab430148b3377bc413987d34cc042336271d8f42e9d1b9
   importmap-rails (2.0.1) sha256=e739a6e70c09f797688c6983fa79567ec1edc9becc30d55b3f7cc897b1825586
-  inline_svg (1.9.0) sha256=f44c5e3d2e401fd619ad3047b7c8cee384517d855edb1d1fb1a248d3cae535d6
+  inline_svg (1.10.0) sha256=5b652934236fd9f8adc61f3fd6e208b7ca3282698b19f28659971da84bf9a10f
   io-console (0.7.2) sha256=f0dccff252f877a4f60d04a4dc6b442b185ebffb4b320ab69212a92b48a7a221
   irb (1.14.0) sha256=53d805013bbd194874b8c13a56aca6aebcd11dd79166d88724f8a434fedde615
   jmespath (1.6.2) sha256=238d774a58723d6c090494c8879b5e9918c19485f7e840f2c1c7532cf84ebcb1
@@ -1136,7 +1136,7 @@ CHECKSUMS
   rdoc (6.7.0) sha256=b17d5f0f57b0853d7b880d4360a32c7caf8dbb81f8503a36426df809e617f379
   redcarpet (3.6.0) sha256=8ad1889c0355ff4c47174af14edd06d62f45a326da1da6e8a121d59bdcd2e9e9
   regexp_parser (2.9.2) sha256=5a27e767ad634f8a4b544520d5cd28a0db7aa1198a5d7c9d7e11d7b3d9066446
-  reline (0.5.9) sha256=5d2dd7ed0fd078e79a05e4eaa47dc91b8dacec7358e9e1dd6d9c4636cff7d378
+  reline (0.5.10) sha256=1660c969a792ebd034e6ceee8ca628f3b6698dcdb34f7a282a5edda37b958166
   rexml (3.3.6) sha256=7af0459d108dfd6ffa7d38c67c8464e200f5c9d476d4c6a3d1899e92808d63c6
   roadie (5.2.1) sha256=e4a4f61ce792bd91b228b6844b4bad6b160cdc1b8df86c81a8b983082a5001d6
   roadie-rails (3.2.0) sha256=90a534857fcfe9fdbe4f9ebfdbc47e5d33462c4f36f478fc80ba6a7b6257433f
@@ -1216,7 +1216,7 @@ CHECKSUMS
   xml-simple (1.1.9) sha256=d21131e519c86f1a5bc2b6d2d57d46e6998e47f18ed249b25cad86433dbd695d
   xpath (3.2.0) sha256=6dfda79d91bb3b949b947ecc5919f042ef2f399b904013eb3ef6d20dd3a4082e
   yard (0.9.36) sha256=5505736c1b00c926f71053a606ab75f02070c5960d0778b901fe9d8b0a470be4
-  zeitwerk (2.6.17) sha256=0895160c92ea5ffc88c38556fbbca798b61164daca97461ab5f47b8a07fb2aac
+  zeitwerk (2.6.18) sha256=bd2d213996ff7b3b364cd342a585fbee9797dbc1c0c6d868dc4150cc75739781
   zlib (3.1.1) sha256=f61bb03139bbe256c36ba99ef9fece1fb223e9034ed9e5fa3ddb1588d99abc71
 
 RUBY VERSION

From 435ea65c1830702ef22a113d18a12a853a147dc8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 12 Sep 2024 00:46:51 +0000
Subject: [PATCH 178/381] Bump aws-sdk-sqs from 1.81.0 to 1.82.0 (#5020)

---
 Gemfile      |  2 +-
 Gemfile.lock | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Gemfile b/Gemfile
index bc1dc6f4c19..e4dd5a86502 100644
--- a/Gemfile
+++ b/Gemfile
@@ -6,7 +6,7 @@ gem "rails", "~> 7.1.0", ">= 7.1.3.2"
 gem "rails-i18n", "~> 7.0"
 
 gem "aws-sdk-s3", "~> 1.160"
-gem "aws-sdk-sqs", "~> 1.81"
+gem "aws-sdk-sqs", "~> 1.82"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
 gem "dalli", "~> 3.2"
diff --git a/Gemfile.lock b/Gemfile.lock
index 20ac08b3555..0367fc735bd 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -110,8 +110,8 @@ GEM
       zeitwerk (>= 2.6.2)
     awrence (1.2.1)
     aws-eventstream (1.3.0)
-    aws-partitions (1.971.0)
-    aws-sdk-core (3.203.0)
+    aws-partitions (1.973.0)
+    aws-sdk-core (3.204.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.9)
@@ -123,7 +123,7 @@ GEM
       aws-sdk-core (~> 3, >= 3.203.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
-    aws-sdk-sqs (1.81.0)
+    aws-sdk-sqs (1.82.0)
       aws-sdk-core (~> 3, >= 3.203.0)
       aws-sigv4 (~> 1.5)
     aws-sigv4 (1.9.1)
@@ -804,7 +804,7 @@ DEPENDENCIES
   autoprefixer-rails (~> 10.4)
   avo (~> 2.53)
   aws-sdk-s3 (~> 1.160)
-  aws-sdk-sqs (~> 1.81)
+  aws-sdk-sqs (~> 1.82)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
   bootsnap (~> 1.18)
@@ -940,11 +940,11 @@ CHECKSUMS
   avo (2.53.0) sha256=e8f1fb9abaf6d874d898449d4db863586c16e60634a136d97ae436ded976d1a6
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
-  aws-partitions (1.971.0) sha256=ffb7e8b733f1ff37eb0983a1f0a0475899221980d278c1e6036f9d3b4ada2616
-  aws-sdk-core (3.203.0) sha256=8109358fb3eeee476d112a74af9b3a13bba4c294c38045a70210711be3af9af8
+  aws-partitions (1.973.0) sha256=2985283919242f6a1224022466251a3c4792c0de58e5f3f075f794bd2af65220
+  aws-sdk-core (3.204.0) sha256=d099cc4b3c67c6b8937eb0c0d3a5b25baadf42ec712e60cacfb253172298b819
   aws-sdk-kms (1.89.0) sha256=11af39e75279f7025d3c5ae1865dde1247e58754ba0f77cabd3f5ed5229249af
   aws-sdk-s3 (1.160.0) sha256=da8245479741175d18ccc7488029fa44bad6eaeb4ec98fcbc7e1cabcf9e7eaef
-  aws-sdk-sqs (1.81.0) sha256=ade08f4e1b3c6b9fbceb23081e28f28e3c046ef977455f57f7635f44641bcf58
+  aws-sdk-sqs (1.82.0) sha256=07440b0f78cc878c425319f9d6fe57e73150726a6ac5030d0435b8ca2973c4d7
   aws-sigv4 (1.9.1) sha256=7753e320c39f80f82f9e0883b30de0e7b99e756adbaedc80c50b6ad59d49c379
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507
   bcrypt (3.1.20) sha256=8410f8c7b3ed54a3c00cd2456bf13917d695117f033218e2483b2e40b0784099

From db04d4462593ad26be7bb799bd66b22ad17c9192 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 12 Sep 2024 00:57:20 +0000
Subject: [PATCH 179/381] Bump aws-sdk-s3 from 1.160.0 to 1.162.0 (#5023)

---
 Gemfile      |  2 +-
 Gemfile.lock | 22 +++++++++++-----------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/Gemfile b/Gemfile
index e4dd5a86502..1c899baaed4 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,7 +5,7 @@ ruby file: ".ruby-version"
 gem "rails", "~> 7.1.0", ">= 7.1.3.2"
 gem "rails-i18n", "~> 7.0"
 
-gem "aws-sdk-s3", "~> 1.160"
+gem "aws-sdk-s3", "~> 1.162"
 gem "aws-sdk-sqs", "~> 1.82"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
diff --git a/Gemfile.lock b/Gemfile.lock
index 0367fc735bd..58e0927eea3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -110,17 +110,17 @@ GEM
       zeitwerk (>= 2.6.2)
     awrence (1.2.1)
     aws-eventstream (1.3.0)
-    aws-partitions (1.973.0)
-    aws-sdk-core (3.204.0)
+    aws-partitions (1.974.0)
+    aws-sdk-core (3.205.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.9)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.89.0)
-      aws-sdk-core (~> 3, >= 3.203.0)
+    aws-sdk-kms (1.91.0)
+      aws-sdk-core (~> 3, >= 3.205.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.160.0)
-      aws-sdk-core (~> 3, >= 3.203.0)
+    aws-sdk-s3 (1.162.0)
+      aws-sdk-core (~> 3, >= 3.205.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
     aws-sdk-sqs (1.82.0)
@@ -803,7 +803,7 @@ DEPENDENCIES
   amazing_print (~> 1.6)
   autoprefixer-rails (~> 10.4)
   avo (~> 2.53)
-  aws-sdk-s3 (~> 1.160)
+  aws-sdk-s3 (~> 1.162)
   aws-sdk-sqs (~> 1.82)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
@@ -940,10 +940,10 @@ CHECKSUMS
   avo (2.53.0) sha256=e8f1fb9abaf6d874d898449d4db863586c16e60634a136d97ae436ded976d1a6
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
-  aws-partitions (1.973.0) sha256=2985283919242f6a1224022466251a3c4792c0de58e5f3f075f794bd2af65220
-  aws-sdk-core (3.204.0) sha256=d099cc4b3c67c6b8937eb0c0d3a5b25baadf42ec712e60cacfb253172298b819
-  aws-sdk-kms (1.89.0) sha256=11af39e75279f7025d3c5ae1865dde1247e58754ba0f77cabd3f5ed5229249af
-  aws-sdk-s3 (1.160.0) sha256=da8245479741175d18ccc7488029fa44bad6eaeb4ec98fcbc7e1cabcf9e7eaef
+  aws-partitions (1.974.0) sha256=75b1f91df5fcde9bc4d7e30d0d139eea8b5ac622dbb9fff756d5567550eaa496
+  aws-sdk-core (3.205.0) sha256=a7b4c414070aa28bf4fcf6d7dd876e0ec0e8cda4fb998ca4f0b3231880f0fc2e
+  aws-sdk-kms (1.91.0) sha256=b56d06e737541d71cec59f3c81d6ff35179da8ff63535208533c3ba99ea4d84f
+  aws-sdk-s3 (1.162.0) sha256=7e9728f3d41b6a0628be653be15afcccefb48d24ae08c3b5e0c30b9484f27d23
   aws-sdk-sqs (1.82.0) sha256=07440b0f78cc878c425319f9d6fe57e73150726a6ac5030d0435b8ca2973c4d7
   aws-sigv4 (1.9.1) sha256=7753e320c39f80f82f9e0883b30de0e7b99e756adbaedc80c50b6ad59d49c379
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507

From e7e294bd65b8876c7292e4dd4575e96586228feb Mon Sep 17 00:00:00 2001
From: Colby Swandale <996377+colby-swandale@users.noreply.github.com>
Date: Thu, 12 Sep 2024 23:10:40 +1000
Subject: [PATCH 180/381] Update devcontainer to use rails image (#5024)

---
 .devcontainer/Dockerfile         | 35 +++++---------------------------
 .devcontainer/devcontainer.json  | 17 +++++++++++++---
 .devcontainer/docker-compose.yml | 16 +++++++++------
 test/test_helper.rb              |  3 ++-
 4 files changed, 31 insertions(+), 40 deletions(-)

diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index c59aeef03e5..7e3b5c14d01 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,33 +1,8 @@
 # syntax = docker/dockerfile:1.4
 
-ARG RUBY_VERSION=3.3
+ARG RUBY_VERSION=3.3.4
+FROM ghcr.io/rails/devcontainer/images/ruby:$RUBY_VERSION
 
-FROM ruby:${RUBY_VERSION}-alpine
-
-ENV USERNAME=vscode \
-    UID=1000 \
-    GID=1000
-
-# Install the git-credential-manager package via the dotnet tooling to 
-RUN apk update && apk add --no-cache \
-    github-cli \
-    git \
-    build-base \
-    bash \
-    mandoc \
-    man-pages \
-    tzdata \
-    libpq-dev \
-    libmagic \
-    nodejs \
-    sudo
-
-# create non-root group and user
-RUN addgroup -g $GID $USERNAME \
-    && adduser -s /bin/bash -u $UID -G $USERNAME $USERNAME --disabled-password --gecos ""
-
-# set sudo permissions for vscode user
-RUN echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME
-RUN chmod 0440 /etc/sudoers.d/$USERNAME
-
-USER $USERNAME
+RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get -y install --no-install-recommends pkg-config \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 5053ae30358..d05adf8a1e8 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -5,12 +5,13 @@
     "docker-compose.yml",
     "../docker-compose.yml"
   ],
-  "service": "app",
+  "service": "rails-app",
   "runServices": [
     "db",
     "cache",
     "search",
-    "toxiproxy"
+    "toxiproxy",
+    "selenium"
   ],
   "forwardPorts": [
     3000, // Rails
@@ -23,10 +24,20 @@
   "onCreateCommand": "bin/setup",
   // Use 'updateContentCommand' to run commands when the container is updated.
   "updateContentCommand": "bin/setup",
+  // Features to add to the dev container. More info: https://containers.dev/features.
+  "features": {
+    "ghcr.io/devcontainers/features/github-cli:1": {},
+    // "ghcr.io/rails/devcontainer/features/activestorage": {},
+    "ghcr.io/rails/devcontainer/features/postgres-client": {}
+  },
   // Configure tool-specific properties.
   "containerEnv": {
     "EDITOR": "code --wait",
-    "GIT_EDITOR": "code --wait"
+    "GIT_EDITOR": "code --wait",
+    "CAPYBARA_SERVER_PORT": "45678",
+    "SELENIUM_HOST": "selenium",
+    "ELASTICSEARCH_URL": "http://search:9200",
+    "DATABASE_URL": "postgres://postgres@db:5432"
   },
   "customizations": {
     "codespaces": {
diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
index 26bfabc6840..9607a18c49f 100644
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@@ -1,12 +1,16 @@
-version: "3"
 services:
-  app:
+  rails-app:
     build:
       context: .
       dockerfile: Dockerfile
-    command: /bin/sh -c "while sleep 1000; do :; done"
+    command: sleep infinity
     volumes:
       - ../..:/workspaces:cached
-    environment:
-      - ELASTICSEARCH_URL=http://search:9200
-      - DATABASE_URL=postgres://postgres@db:5432
+    depends_on:
+      - search
+      - db
+      - selenium
+
+  selenium:
+    image: selenium/standalone-chromium
+    restart: unless-stopped
diff --git a/test/test_helper.rb b/test/test_helper.rb
index f3cbb1699bc..a9965a35de9 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -43,7 +43,8 @@
 WebMock.disable_net_connect!(
   allow_localhost: true,
   allow: [
-    "chromedriver.storage.googleapis.com"
+    "chromedriver.storage.googleapis.com",
+    "search" # Devcontainer OpenSearch container
   ]
 )
 WebMock.globally_stub_request(:after_local_stubs) do |request|

From c59be139af80f8f6bd8bec1c6614afab798b2609 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Fri, 13 Sep 2024 03:10:04 +0200
Subject: [PATCH 181/381] Ensure SMTP connections use TLS (#5018)

enable_starttls: true will fail if StartTLS fails, where enable_starttls_auto would fallback to plain text

Fixes TOB-RGM-5
---
 config/initializers/sendgrid.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/initializers/sendgrid.rb b/config/initializers/sendgrid.rb
index 810b664e5a3..51a64f8dce7 100644
--- a/config/initializers/sendgrid.rb
+++ b/config/initializers/sendgrid.rb
@@ -6,7 +6,7 @@
     password:             ENV['SENDGRID_PASSWORD'],
     domain:               'mailer.rubygems.org',
     authentication:       :plain,
-    enable_starttls_auto: true
+    enable_starttls:      true
   }
   ActionMailer::Base.delivery_method = :smtp
 end

From fccb3c8012eef9242453c3179aa2d86db5d09294 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Fri, 13 Sep 2024 03:10:29 +0200
Subject: [PATCH 182/381] Use same_site: :strict for cookies (#5016)

Fixes TOB-RGM-2
---
 config/initializers/session_store.rb | 2 +-
 lib/github_oauthable.rb              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 28c03b11a72..445a076ac0d 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -5,7 +5,7 @@
 
 # Be sure to restart your server when you modify this file.
 
-Rails.application.config.session_store :cookie_store, key: '_rubygems_session'
+Rails.application.config.session_store :cookie_store, key: '_rubygems_session', same_site: :strict
 
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information
diff --git a/lib/github_oauthable.rb b/lib/github_oauthable.rb
index 31d621bf4fb..04047d9d975 100644
--- a/lib/github_oauthable.rb
+++ b/lib/github_oauthable.rb
@@ -73,7 +73,7 @@ def log_in_as(user:, expires: 1.hour)
       cookies.encrypted[admin_cookie_name] = {
         value: user.id,
         expires: expires,
-        same_site: :lax
+        same_site: :strict
       }
     end
 

From 29dd7cfcab4cb326c87c022386cee7fe353efa3e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Sep 2024 04:47:41 +0000
Subject: [PATCH 183/381] Bump google-protobuf from 4.28.0 to 4.28.1 (#5025)

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 58e0927eea3..8519cace8cc 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -274,7 +274,7 @@ GEM
       fugit (>= 1.1)
       railties (>= 6.0.0)
       thor (>= 0.14.1)
-    google-protobuf (4.28.0)
+    google-protobuf (4.28.1)
       bigdecimal
       rake (>= 13)
     gravtastic (3.2.6)
@@ -1011,7 +1011,7 @@ CHECKSUMS
   get_process_mem (0.2.7) sha256=4afd3c3641dd6a817c09806c7d6d509d8a9984512ac38dea8b917426bbf77eba
   globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9
   good_job (3.99.1) sha256=7d3869d8a8ee8ef7048fee5d746f41c21987b7822c20038a2f773036bef0830a
-  google-protobuf (4.28.0) sha256=c18ac1adccbcbca2756b6660b39f8e554587fd0234848f7e19183d93679d9612
+  google-protobuf (4.28.1) sha256=1f9d3f60f407908abe0cf5c828317e45179bf8b82f77aae966b2430536527459
   gravtastic (3.2.6) sha256=ef98abcecf7c402b61cff1ae7c50a2c6d97dd22bac21ea9b421ce05bc03d734f
   groupdate (6.4.0) sha256=65940645bf2a48f9b2d10ab7a1d19bdc78f3c89559d8fce39cea3448a15aec54
   hashdiff (1.1.0) sha256=b5465f0e7375f1ee883f53a766ece4dbc764b7674a7c5ffd76e79b2f5f6fc9c9

From 7bab97a96f8004fa3b25d007558e6c34400b7896 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Sep 2024 04:48:34 +0000
Subject: [PATCH 184/381] Bump aws-sdk-sqs from 1.82.0 to 1.83.0 (#5026)

---
 Gemfile      | 2 +-
 Gemfile.lock | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Gemfile b/Gemfile
index 1c899baaed4..144909121d2 100644
--- a/Gemfile
+++ b/Gemfile
@@ -6,7 +6,7 @@ gem "rails", "~> 7.1.0", ">= 7.1.3.2"
 gem "rails-i18n", "~> 7.0"
 
 gem "aws-sdk-s3", "~> 1.162"
-gem "aws-sdk-sqs", "~> 1.82"
+gem "aws-sdk-sqs", "~> 1.83"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
 gem "dalli", "~> 3.2"
diff --git a/Gemfile.lock b/Gemfile.lock
index 8519cace8cc..432c435a777 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -123,8 +123,8 @@ GEM
       aws-sdk-core (~> 3, >= 3.205.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
-    aws-sdk-sqs (1.82.0)
-      aws-sdk-core (~> 3, >= 3.203.0)
+    aws-sdk-sqs (1.83.0)
+      aws-sdk-core (~> 3, >= 3.205.0)
       aws-sigv4 (~> 1.5)
     aws-sigv4 (1.9.1)
       aws-eventstream (~> 1, >= 1.0.2)
@@ -804,7 +804,7 @@ DEPENDENCIES
   autoprefixer-rails (~> 10.4)
   avo (~> 2.53)
   aws-sdk-s3 (~> 1.162)
-  aws-sdk-sqs (~> 1.82)
+  aws-sdk-sqs (~> 1.83)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
   bootsnap (~> 1.18)
@@ -944,7 +944,7 @@ CHECKSUMS
   aws-sdk-core (3.205.0) sha256=a7b4c414070aa28bf4fcf6d7dd876e0ec0e8cda4fb998ca4f0b3231880f0fc2e
   aws-sdk-kms (1.91.0) sha256=b56d06e737541d71cec59f3c81d6ff35179da8ff63535208533c3ba99ea4d84f
   aws-sdk-s3 (1.162.0) sha256=7e9728f3d41b6a0628be653be15afcccefb48d24ae08c3b5e0c30b9484f27d23
-  aws-sdk-sqs (1.82.0) sha256=07440b0f78cc878c425319f9d6fe57e73150726a6ac5030d0435b8ca2973c4d7
+  aws-sdk-sqs (1.83.0) sha256=03c7bbe3385eab469c7b06dd86ad800521b4e922f745fdd46135764801c57775
   aws-sigv4 (1.9.1) sha256=7753e320c39f80f82f9e0883b30de0e7b99e756adbaedc80c50b6ad59d49c379
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507
   bcrypt (3.1.20) sha256=8410f8c7b3ed54a3c00cd2456bf13917d695117f033218e2483b2e40b0784099

From b678655818ba3020131631084772300963a26e2a Mon Sep 17 00:00:00 2001
From: Colby Swandale <996377+colby-swandale@users.noreply.github.com>
Date: Fri, 13 Sep 2024 18:11:16 +1000
Subject: [PATCH 185/381] Update Ruby to 3.3.5 (#5028)

---
 .devcontainer/Dockerfile                      | 2 +-
 .github/actions/setup-rubygems.org/action.yml | 2 +-
 .github/workflows/docker.yml                  | 2 +-
 .github/workflows/test.yml                    | 2 +-
 .ruby-version                                 | 2 +-
 Dockerfile                                    | 2 +-
 Gemfile.lock                                  | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index 7e3b5c14d01..8106685b3e7 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,6 +1,6 @@
 # syntax = docker/dockerfile:1.4
 
-ARG RUBY_VERSION=3.3.4
+ARG RUBY_VERSION=3.3.5
 FROM ghcr.io/rails/devcontainer/images/ruby:$RUBY_VERSION
 
 RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
diff --git a/.github/actions/setup-rubygems.org/action.yml b/.github/actions/setup-rubygems.org/action.yml
index 298a01efb6f..e8c11d1da90 100644
--- a/.github/actions/setup-rubygems.org/action.yml
+++ b/.github/actions/setup-rubygems.org/action.yml
@@ -14,7 +14,7 @@ runs:
       shell: bash
       run: |
         docker compose up -d --wait
-    - uses: ruby/setup-ruby@161cd54b698f1fb3ea539faab2e036d409550e3c # v1.187.0
+    - uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # v1.191.0
       with:
         ruby-version: ${{ inputs.ruby-version }}
         bundler-cache: true
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 3c1a1bf61c1..79ab3aa8073 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-24.04
     env:
       RUBYGEMS_VERSION: 3.5.14
-      RUBY_VERSION: 3.3.4
+      RUBY_VERSION: 3.3.5
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up Docker Buildx
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 1aa8735dc8e..e9252afdd8c 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -29,7 +29,7 @@ jobs:
             version: "3.5.14"
           - name: latest
             version: latest
-        ruby_version: ["3.3.4"]
+        ruby_version: ["3.3.5"]
         tests:
           - name: general
             command: test
diff --git a/.ruby-version b/.ruby-version
index a0891f563f3..fa7adc7ac72 100644
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-3.3.4
+3.3.5
diff --git a/Dockerfile b/Dockerfile
index 0649c9227df..6e1085d6e9d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,7 @@
 # syntax = docker/dockerfile:1.4
 
 # Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
-ARG RUBY_VERSION=3.3.4
+ARG RUBY_VERSION=3.3.5
 ARG ALPINE_VERSION=3.20
 FROM ruby:$RUBY_VERSION-alpine${ALPINE_VERSION} as base
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 432c435a777..3f7cfab4c88 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1220,7 +1220,7 @@ CHECKSUMS
   zlib (3.1.1) sha256=f61bb03139bbe256c36ba99ef9fece1fb223e9034ed9e5fa3ddb1588d99abc71
 
 RUBY VERSION
-   ruby 3.3.4p94
+   ruby 3.3.5p100
 
 BUNDLED WITH
    2.5.14

From 84c2f36bc4efd532f544357a4019fdb2ef17000a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Sep 2024 22:27:16 +0200
Subject: [PATCH 186/381] Bump ruby/setup-ruby from 1.191.0 to 1.192.0 (#5034)

---
 .github/workflows/lint.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index e2eb1bf2fba..0a77fee7ccf 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # v1.191.0
+      - uses: ruby/setup-ruby@a6b46b8a08edb18935835849f2a17072d5cc8c73 # v1.192.0
         with:
           bundler-cache: true
       - name: Rubocop
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # v1.191.0
+      - uses: ruby/setup-ruby@a6b46b8a08edb18935835849f2a17072d5cc8c73 # v1.192.0
         with:
           bundler-cache: true
       - name: Brakeman
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # v1.191.0
+      - uses: ruby/setup-ruby@a6b46b8a08edb18935835849f2a17072d5cc8c73 # v1.192.0
         with:
           bundler-cache: true
       - name: Importmap Verify
@@ -51,7 +51,7 @@ jobs:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # v1.191.0
+      - uses: ruby/setup-ruby@a6b46b8a08edb18935835849f2a17072d5cc8c73 # v1.192.0
         with:
           bundler-cache: true
       - name: krane render

From 4cf0ab7e259fcb363f8278e069c53ebd44330b30 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 17 Sep 2024 03:50:06 +0000
Subject: [PATCH 187/381] Bump tailwindcss-rails from 2.7.3 to 2.7.4 (#5033)

---
 Gemfile.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 3f7cfab4c88..9bbe3d86440 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -301,7 +301,7 @@ GEM
       csv
       mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
-    i18n (1.14.5)
+    i18n (1.14.6)
       concurrent-ruby (~> 1.0)
     importmap-rails (2.0.1)
       actionpack (>= 6.0.0)
@@ -725,7 +725,7 @@ GEM
       attr_required (>= 0.0.5)
       faraday (~> 2.0)
       faraday-follow_redirects
-    tailwindcss-rails (2.7.3)
+    tailwindcss-rails (2.7.4)
       railties (>= 7.0.0)
     terser (1.2.3)
       execjs (>= 0.3.0, < 3)
@@ -1025,7 +1025,7 @@ CHECKSUMS
   http-form_data (2.3.0) sha256=cc4eeb1361d9876821e31d7b1cf0b68f1cf874b201d27903480479d86448a5f3
   http_accept_language (2.1.1) sha256=0043f0d55a148cf45b604dbdd197cb36437133e990016c68c892d49dbea31634
   httparty (0.22.0) sha256=78652a5c9471cf0093d3b2083c2295c9c8f12b44c65112f1846af2b71430fa6c
-  i18n (1.14.5) sha256=26dcbc05e364b57e27ab430148b3377bc413987d34cc042336271d8f42e9d1b9
+  i18n (1.14.6) sha256=dc229a74f5d181f09942dd60ab5d6e667f7392c4ee826f35096db36d1fe3614c
   importmap-rails (2.0.1) sha256=e739a6e70c09f797688c6983fa79567ec1edc9becc30d55b3f7cc897b1825586
   inline_svg (1.10.0) sha256=5b652934236fd9f8adc61f3fd6e208b7ca3282698b19f28659971da84bf9a10f
   io-console (0.7.2) sha256=f0dccff252f877a4f60d04a4dc6b442b185ebffb4b320ab69212a92b48a7a221
@@ -1187,7 +1187,7 @@ CHECKSUMS
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d
   strscan (3.1.0) sha256=01b8a81d214fbf7b5308c6fb51b5972bbfc4a6aa1f166fd3618ba97e0fcd5555
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
-  tailwindcss-rails (2.7.3) sha256=5a4e400dd7463d45099972589402f43325e42ef4634a2f194178d5192794697b
+  tailwindcss-rails (2.7.4) sha256=46731748bba06b4629f594ee3e103509fcb90ba8df672c7f791ece1a4761460d
   terser (1.2.3) sha256=c03111b9b01a7e70cd456b5d9aedf0a56fb99314a19311c4278c01ccebe3da9c
   thor (1.3.2) sha256=eef0293b9e24158ccad7ab383ae83534b7ad4ed99c09f96f1a6b036550abbeda
   tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c

From e0bdb9819bedabfcf9c3d78af9a243fb95a63611 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 17 Sep 2024 03:50:17 +0000
Subject: [PATCH 188/381] Bump minitest-retry from 0.2.2 to 0.2.3 (#5032)

---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 144909121d2..2804d7331ee 100644
--- a/Gemfile
+++ b/Gemfile
@@ -128,7 +128,7 @@ end
 group :test do
   gem "datadog-ci", "~> 1.4"
   gem "minitest", "~> 5.25", require: false
-  gem "minitest-retry", "~> 0.2.2"
+  gem "minitest-retry", "~> 0.2.3"
   gem "capybara", "~> 3.40"
   gem "launchy", "~> 3.0"
   gem "rack-test", "~> 2.1", require: "rack/test"
diff --git a/Gemfile.lock b/Gemfile.lock
index 9bbe3d86440..0ca6933da12 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -416,7 +416,7 @@ GEM
       builder
       minitest (>= 5.0)
       ruby-progressbar
-    minitest-retry (0.2.2)
+    minitest-retry (0.2.3)
       minitest (>= 5.0)
     mocha (2.4.5)
       ruby2_keywords (>= 0.0.5)
@@ -850,7 +850,7 @@ DEPENDENCIES
   minitest (~> 5.25)
   minitest-gcstats (~> 1.3)
   minitest-reporters (~> 1.7)
-  minitest-retry (~> 0.2.2)
+  minitest-retry (~> 0.2.3)
   mocha (~> 2.4)
   observer (~> 0.1.2)
   octokit (~> 9.1)
@@ -1066,7 +1066,7 @@ CHECKSUMS
   minitest (5.25.1) sha256=3db6795a80634def1cf86fda79d2d83b59b25ce5e186fa675f73c565589d2ad8
   minitest-gcstats (1.3.1) sha256=cb25490f93aac02e3a5ff307e560d41afcdcafa7952c1c32efdeb9886b1f4711
   minitest-reporters (1.7.1) sha256=5060413a0c95b8c32fe73e0606f3631c173a884d7900e50013e15094eb50562c
-  minitest-retry (0.2.2) sha256=ea39f8abc3d67a8145ead04ff3828eb45169655c9e6078f182c0271516c03fb0
+  minitest-retry (0.2.3) sha256=7b7f4896efb9b931a1acb442a40e5273c441f44946cf4c6a8eb8895838e7bf29
   mocha (2.4.5) sha256=b4c17e103a9b20ec9e21374f4e9be41006dbd20c5e7cb1c215f8ec56599a6112
   msgpack (1.7.2) sha256=59ab62fd8a4d0dfbde45009f87eb6f158ab2628a7c48886b0256f175166baaa8
   multi_json (1.15.0) sha256=1fd04138b6e4a90017e8d1b804c039031399866ff3fbabb7822aea367c78615d

From 52008b7a3e9d777003ef1aa12e3715e94c268dfe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 17 Sep 2024 03:50:29 +0000
Subject: [PATCH 189/381] Bump statsd-instrument from 3.9.0 to 3.9.1 (#5031)

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 0ca6933da12..413e8d9de7f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -713,7 +713,7 @@ GEM
       actionpack (>= 6.1)
       activesupport (>= 6.1)
       sprockets (>= 3.0.0)
-    statsd-instrument (3.9.0)
+    statsd-instrument (3.9.1)
     stimulus-rails (1.3.4)
       railties (>= 6.0.0)
     stringio (3.1.1)
@@ -1181,7 +1181,7 @@ CHECKSUMS
   snaky_hash (2.0.1) sha256=1ac87ec157fcfe7a460e821e0cd48ae1e6f5e3e082ab520f03f31a9259dbdc31
   sprockets (4.2.1) sha256=951b13dd2f2fcae840a7184722689a803e0ff9d2702d902bd844b196da773f97
   sprockets-rails (3.5.2) sha256=a9e88e6ce9f8c912d349aa5401509165ec42326baf9e942a85de4b76dbc4119e
-  statsd-instrument (3.9.0) sha256=4172a38c4732dd723b8e6f7ee502c3e3344ec391dfa7f58464cb6efb80626eb1
+  statsd-instrument (3.9.1) sha256=8fe65a4a68753e1152f3d3e1b215fb426fb63d5a56c16c2ee9da36fd27580057
   stimulus-rails (1.3.4) sha256=765676ffa1f33af64ce026d26b48e8ffb2e0b94e0f50e9119e11d6107d67cb06
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d

From 144f518628f6bdcc6a5928f9e222d5e32e6ca0ec Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 17 Sep 2024 03:50:46 +0000
Subject: [PATCH 190/381] Bump github/codeql-action from 3.26.6 to 3.26.7
 (#5030)

---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index f1a15065086..d4df0f29b74 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
+        uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
+        uses: github/codeql-action/autobuild@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
+        uses: github/codeql-action/analyze@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index a9f3a38014f..0c9d5c6532f 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
+        uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
         with:
           sarif_file: results.sarif

From 030ea3e5f4dc382289b389e0bfa6de20d765ae19 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Tue, 17 Sep 2024 10:13:59 +0200
Subject: [PATCH 191/381] Update to rubygems 3.5.18 / bundler 2.5.18 (#5036)

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 .github/workflows/docker.yml | 2 +-
 .github/workflows/test.yml   | 2 +-
 Gemfile.lock                 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 79ab3aa8073..b354a44f7b0 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -14,7 +14,7 @@ jobs:
     name: Docker build (and optional push)
     runs-on: ubuntu-24.04
     env:
-      RUBYGEMS_VERSION: 3.5.14
+      RUBYGEMS_VERSION: 3.5.18
       RUBY_VERSION: 3.3.5
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index e9252afdd8c..c2515508ed2 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -26,7 +26,7 @@ jobs:
       matrix:
         rubygems:
           - name: locked
-            version: "3.5.14"
+            version: "3.5.18"
           - name: latest
             version: latest
         ruby_version: ["3.3.5"]
diff --git a/Gemfile.lock b/Gemfile.lock
index 413e8d9de7f..e01ca65c85c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1223,4 +1223,4 @@ RUBY VERSION
    ruby 3.3.5p100
 
 BUNDLED WITH
-   2.5.14
+   2.5.18

From c37b462246456cb204d3a65547b72feedb4c37ab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 17 Sep 2024 19:46:21 +0200
Subject: [PATCH 192/381] Bump memory_profiler from 1.0.2 to 1.1.0 (#5038)

---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 2804d7331ee..9391c224f1b 100644
--- a/Gemfile
+++ b/Gemfile
@@ -122,7 +122,7 @@ group :development do
   gem "letter_opener", "~> 1.10"
   gem "letter_opener_web", "~> 3.0"
   gem "derailed_benchmarks", "~> 2.1"
-  gem "memory_profiler", "~> 1.0"
+  gem "memory_profiler", "~> 1.1"
 end
 
 group :test do
diff --git a/Gemfile.lock b/Gemfile.lock
index e01ca65c85c..ae9b3d73219 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -401,7 +401,7 @@ GEM
       zeitwerk (>= 2.6.2)
     marcel (1.0.4)
     matrix (0.4.2)
-    memory_profiler (1.0.2)
+    memory_profiler (1.1.0)
     meta-tags (2.22.0)
       actionpack (>= 6.0.0, < 8.1)
     method_source (1.1.0)
@@ -846,7 +846,7 @@ DEPENDENCIES
   lookbook (~> 2.3)
   mail (~> 2.8)
   maintenance_tasks (~> 2.8)
-  memory_profiler (~> 1.0)
+  memory_profiler (~> 1.1)
   minitest (~> 5.25)
   minitest-gcstats (~> 1.3)
   minitest-reporters (~> 1.7)
@@ -1057,7 +1057,7 @@ CHECKSUMS
   maintenance_tasks (2.8.0) sha256=7ee8aa37ab39c6c3a5f4637878c1a343cc296596742248112458b922968d4a16
   marcel (1.0.4) sha256=0d5649feb64b8f19f3d3468b96c680bae9746335d02194270287868a661516a4
   matrix (0.4.2) sha256=71083ccbd67a14a43bfa78d3e4dc0f4b503b9cc18e5b4b1d686dc0f9ef7c4cc0
-  memory_profiler (1.0.2) sha256=0e7c5c2a1a7bea5b5a05b9df25b2d628afa0db37b9344ba42b42eb8a604762df
+  memory_profiler (1.1.0) sha256=79a17df7980a140c83c469785905409d3027ca614c42c086089d128b805aa8f8
   meta-tags (2.22.0) sha256=c04df1f39cfbf7d48e2ae955124d89a2429ab508fc936b9a8f9a8ce4d326e6ec
   method_source (1.1.0) sha256=181301c9c45b731b4769bc81e8860e72f9161ad7d66dd99103c9ab84f560f5c5
   mini_histogram (0.3.1) sha256=6a114b504e4618b0e076cc672996036870f7cc6f16b8e5c25c0c637726d2dd94

From 5fe5e189b481a1c1e0a1fadd88626ac73ff38b1a Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Tue, 17 Sep 2024 23:10:39 +0200
Subject: [PATCH 193/381] Avoid displaying arbitrary exception messages to
 users (#5015)

* Avoid displaying arbitrary exception messages to users

Fixes TOB-RGM-15

* Update pusher.rb
---
 app/models/pusher.rb       | 12 ++++++++++--
 test/models/pusher_test.rb |  9 ---------
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/app/models/pusher.rb b/app/models/pusher.rb
index 6b256ce230a..3da8c835c35 100644
--- a/app/models/pusher.rb
+++ b/app/models/pusher.rb
@@ -73,7 +73,9 @@ def save
   end
 
   def pull_spec
-    package = Gem::Package.new(body, gem_security_policy)
+    # ensure the body can't be treated as a file path
+    package_source = Gem::Package::IOSource.new(body)
+    package = Gem::Package.new(package_source, gem_security_policy)
     @spec = package.spec
     @files = package.files
     validate_spec && serialize_spec
@@ -84,13 +86,19 @@ def pull_spec
       Ensure you are using a recent version of RubyGems to build the gem by running
       `gem update --system` and then try pushing again.
     MSG
-  rescue StandardError => e
+  rescue Gem::Exception, Psych::DisallowedClass, ArgumentError => e
     notify <<~MSG, 422
       RubyGems.org cannot process this gem.
       Please try rebuilding it and installing it locally to make sure it's valid.
       Error:
       #{e.message}
     MSG
+  rescue StandardError
+    # Ensure arbitrary exceptions are not leaked to the client
+    notify <<~MSG, 422
+      RubyGems.org cannot process this gem.
+      Please try rebuilding it and installing it locally to make sure it's valid.
+    MSG
   end
 
   def find # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
diff --git a/test/models/pusher_test.rb b/test/models/pusher_test.rb
index ae382a07e38..7d1fd1a28b8 100644
--- a/test/models/pusher_test.rb
+++ b/test/models/pusher_test.rb
@@ -123,15 +123,6 @@ class PusherTest < ActiveSupport::TestCase
       end
     end
 
-    should "not be able to pull spec from a bad path" do
-      @cutter.stubs(:body).stubs(:stub!).stubs(:read)
-      @cutter.pull_spec
-
-      assert_nil @cutter.spec
-      assert_match(/RubyGems\.org cannot process this gem/, @cutter.message)
-      assert_equal 422, @cutter.code
-    end
-
     should "not be able to pull spec with metadata containing bad ruby objects" do
       @gem = gem_file("exploit.gem")
       @cutter = Pusher.new(@api_key, @gem)

From 1e79dfa36fefdae0a701cb5c10d944f002610d11 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Tue, 17 Sep 2024 23:13:14 +0200
Subject: [PATCH 194/381] Ensure github actions & docker images are pinned by
 sha (#5019)

* Ensure github actions & docker images are pinned by sha

Uses github.com/stacklok/frizbee to check

Fixes TOB-RGM-19

* Pin actions & docker images

* Do not try to open a PR

* Try using my fork

* Pin frizbee-action
---
 .github/workflows/lint.yml | 17 ++++++++++++++++-
 docker-compose.yml         | 12 ++++++------
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 0a77fee7ccf..4cc415c022c 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -65,7 +65,22 @@ jobs:
           name: "${{ matrix.environment }}.rendered.yaml"
           path: "config/deploy/${{ matrix.environment }}.rendered.yaml"
       - name: kubeconform
-        uses: docker://ghcr.io/yannh/kubeconform:v0.6.3
+        uses: docker://ghcr.io/yannh/kubeconform@sha256:03f6b236ef64f20b4bc950209d6254b109e23b4b05e7811649f59eae5659fa58 # v0.6.3
         with:
           entrypoint: "/kubeconform"
           args: "-strict -summary -output json --kubernetes-version ${{ matrix.kubernetes_version }} config/deploy/${{ matrix.environment }}.rendered.yaml"
+  frizbee:
+    name: Frizbee
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: segiddins/frizbee-action@807363500e09f186d33b4805d25971aabaff6c1d # segiddins/run-in-place
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        with:
+          actions: '[".github/workflows", ".github/actions"]'
+          dockerfiles: '["./Dockerfile", ".devcontainer/Dockerfile"]'
+          docker_compose: '["./docker-compose.yml", ".devcontainer/docker-compose.yml"]'
+          fail_on_unpinned: true
+          open_pr: false
+          in_place: true
diff --git a/docker-compose.yml b/docker-compose.yml
index db1c99600d7..f2c7e57bb24 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,22 +1,22 @@
 services:
   db:
-    image: postgres:13.14
+    image: index.docker.io/library/postgres@sha256:e0892b968fb80d181a96f18bfef0a8a1693c2430fb2bc7392e65a53057eaa303 # 13.14
     ports:
       - "5432:5432"
     environment:
       - POSTGRES_HOST_AUTH_METHOD=trust
   downloads-db:
-    image: timescale/timescaledb:2.15.1-pg16
+    image: index.docker.io/timescale/timescaledb@sha256:2e3a19fa4624addcb2bb8d37dfe2fee9e12597537b057a742c68aa226ed77da5 # 2.15.1-pg16
     ports:
       - "5434:5432"
     environment:
       - POSTGRES_HOST_AUTH_METHOD=trust
   cache:
-    image: memcached:1.4.39
+    image: index.docker.io/library/memcached@sha256:f4504742a8fb03c3ac0cd172e1c1d2277117629f8d21d52f78307121ddc3de5f # 1.4.39
     ports:
       - "11211:11211"
   search:
-    image: opensearchproject/opensearch:2.13.0
+    image: index.docker.io/opensearchproject/opensearch@sha256:2e954ff0e8c9d0f4868b4818150b3aecc92fbb0cc4a24d00dace38ada227291d # 2.13.0
     environment:
       - discovery.type=single-node
       - DISABLE_SECURITY_PLUGIN=true
@@ -36,7 +36,7 @@ services:
       timeout: 5s
       retries: 6
   search-console:
-    image: opensearchproject/opensearch-dashboards:2.13.0
+    image: index.docker.io/opensearchproject/opensearch-dashboards@sha256:d8f4442da4d0cb44865a5eab01c9eb9f00769e2d5f053d21e3ff3c64a50fc6ec # 2.13.0
     ports:
       - "5601:5601"
     environment:
@@ -55,5 +55,5 @@ services:
       search:
         condition: service_healthy
   toxiproxy:
-    image: ghcr.io/shopify/toxiproxy:2.5.0
+    image: ghcr.io/shopify/toxiproxy@sha256:927c797a2115a193ae3a527e5a36782b938419904ac6706ca0efa029ebea58cb # 2.5.0
     network_mode: "host"

From 5f8262bf431d72c75e2cfc1305ad59c1bb954523 Mon Sep 17 00:00:00 2001
From: Colby Swandale <996377+colby-swandale@users.noreply.github.com>
Date: Wed, 18 Sep 2024 07:26:59 +1000
Subject: [PATCH 195/381] Unblock User Avo Action (#5029)

---
 app/avo/actions/unblock_user.rb            | 18 ++++++++
 app/models/user.rb                         | 13 ++++++
 test/factories/user.rb                     |  5 +++
 test/models/user_test.rb                   | 43 ++++++++++++++++++
 test/unit/avo/actions/unblock_user_test.rb | 52 ++++++++++++++++++++++
 5 files changed, 131 insertions(+)
 create mode 100644 app/avo/actions/unblock_user.rb
 create mode 100644 test/unit/avo/actions/unblock_user_test.rb

diff --git a/app/avo/actions/unblock_user.rb b/app/avo/actions/unblock_user.rb
new file mode 100644
index 00000000000..69643f42433
--- /dev/null
+++ b/app/avo/actions/unblock_user.rb
@@ -0,0 +1,18 @@
+class UnblockUser < BaseAction
+  self.name = "Unblock User"
+  self.visible = lambda {
+    current_user.team_member?("rubygems-org") && view == :show && record.blocked?
+  }
+
+  self.message = lambda {
+    "Are you sure you would like to unblock user #{record.handle} with #{record.blocked_email}?"
+  }
+
+  self.confirm_button_label = "Unblock User"
+
+  class ActionHandler < ActionHandler
+    def handle_model(user)
+      user.unblock!
+    end
+  end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
index 96007086007..dbf55be8aa2 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -264,6 +264,19 @@ def block!
     end
   end
 
+  def unblock!
+    raise ArgumentError, "User is not blocked" unless blocked?
+
+    update!(
+      email: blocked_email,
+      blocked_email: nil
+    )
+  end
+
+  def blocked?
+    blocked_email.present?
+  end
+
   def owns_gem?(rubygem)
     rubygem.owned_by?(self)
   end
diff --git a/test/factories/user.rb b/test/factories/user.rb
index 8e7460601b5..29bd04cb235 100644
--- a/test/factories/user.rb
+++ b/test/factories/user.rb
@@ -47,5 +47,10 @@
       mfa_level { User.mfa_levels["ui_and_gem_signin"] }
       mfa_recovery_codes { %w[aaa bbb ccc] }
     end
+
+    trait :blocked do
+      email { "security+locked-#{SecureRandom.hex(4)}@rubygems.org" }
+      blocked_email { "test@example.com" }
+    end
   end
 end
diff --git a/test/models/user_test.rb b/test/models/user_test.rb
index 6d05c1fd070..0baaab92185 100644
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@@ -924,6 +924,49 @@ class UserTest < ActiveSupport::TestCase
     end
   end
 
+  context "#unblock!" do
+    setup do
+      @user = create(:user, :blocked)
+      @original_email = @user.blocked_email
+      @user.unblock!
+    end
+
+    should "restore the email field" do
+      assert_equal @original_email, @user.email
+    end
+
+    should "make the blocked email field nil" do
+      assert_nil @user.blocked_email
+    end
+
+    context "when the user is not currently blocked" do
+      setup do
+        @user = create(:user)
+      end
+
+      should "raise an error" do
+        assert_raises(ArgumentError) do
+          @user.unblock!
+        end
+      end
+    end
+  end
+
+  context "#blocked?" do
+    setup do
+      @blocked_user = build(:user, :blocked)
+      @unblocked_user = build(:user)
+    end
+
+    should "be true when the user has a blocked email" do
+      assert_predicate @blocked_user, :blocked?
+    end
+
+    should "be false when the user does not have a blocked email" do
+      refute_predicate @unblocked_user, :blocked?
+    end
+  end
+
   context ".normalize_email" do
     should "return the normalized email" do
       assert_equal "UsEr@example.COM", User.normalize_email(:"UsEr@\texample . COM")
diff --git a/test/unit/avo/actions/unblock_user_test.rb b/test/unit/avo/actions/unblock_user_test.rb
new file mode 100644
index 00000000000..1d59f31b487
--- /dev/null
+++ b/test/unit/avo/actions/unblock_user_test.rb
@@ -0,0 +1,52 @@
+require "test_helper"
+
+class UnblockUserTest < ActiveSupport::TestCase
+  setup do
+    @user = create(:user, :blocked)
+    @current_user = create(:admin_github_user, :is_admin)
+    @resource = UserResource.new.hydrate(model: @user)
+    @action = UnblockUser.new(model: @user, resource: @resource, user: @current_user, view: :edit)
+  end
+
+  should "unblock user" do
+    args = {
+      current_user: @current_user,
+      resource: @resource,
+      models: [@user],
+      fields: {
+        comment: "Unblocking incorrectly flagged user"
+      }
+    }
+
+    @action.handle(**args)
+
+    refute_predicate @user.reload, :blocked?
+  end
+
+  # Avo does not have an easy and direct way to test the message & visible class attributes.
+  # calling the lambda directly will raise an error because Avo requires the entire app to be loaded.
+
+  should "ask for confirmation" do
+    action_mock = Data.define(:record).new(record: @user)
+
+    assert_not_nil action_mock.instance_exec(&UnblockUser.message)
+  end
+
+  should "be visible" do
+    action_mock = Data.define(:current_user, :view, :record).new(current_user: @current_user, view: :show, record: @user)
+
+    assert action_mock.instance_exec(&UnblockUser.visible)
+  end
+
+  context "when the user is not blocked" do
+    setup do
+      @user = create(:user)
+    end
+
+    should "not be visible" do
+      action_mock = Data.define(:current_user, :view, :record).new(current_user: @current_user, view: :show, record: @user)
+
+      refute action_mock.instance_exec(&UnblockUser.visible)
+    end
+  end
+end

From 43ca903ab045fe38583b5f2b9466c6a42fd19b73 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Tue, 17 Sep 2024 23:51:13 +0200
Subject: [PATCH 196/381] Ensure OIDC jwks refresh cannot be used for SSRF
 (#5012)

Fixes TOB-RGM-12
---
 app/jobs/refresh_oidc_provider_job.rb       |  5 +++++
 test/jobs/refresh_oidc_provider_job_test.rb | 11 +++++++++++
 2 files changed, 16 insertions(+)

diff --git a/app/jobs/refresh_oidc_provider_job.rb b/app/jobs/refresh_oidc_provider_job.rb
index 166a5319b8b..e7edcb433cd 100644
--- a/app/jobs/refresh_oidc_provider_job.rb
+++ b/app/jobs/refresh_oidc_provider_job.rb
@@ -4,6 +4,8 @@ class RefreshOIDCProviderJob < ApplicationJob
   ERRORS = (HTTP_ERRORS + [Faraday::Error, SocketError, SystemCallError, OpenSSL::SSL::SSLError]).freeze
   retry_on(*ERRORS)
 
+  class JWKSURIMismatchError < StandardError; end
+
   def perform(provider:)
     connection = Faraday.new(provider.issuer, request: { timeout: 2 }, headers: { "Accept" => "application/json" }) do |f|
       f.request :json
@@ -15,6 +17,9 @@ def perform(provider:)
 
     provider.configuration = resp.body
     provider.configuration.validate!
+    if provider.configuration.jwks_uri.blank? || URI.parse(provider.configuration.jwks_uri).host != URI.parse(provider.issuer).host
+      raise JWKSURIMismatchError, "Invalid JWKS URI in OpenID Connect configuration #{provider.configuration.jwks_uri.inspect}"
+    end
     provider.jwks = connection.get(provider.configuration.jwks_uri).body
 
     provider.save!
diff --git a/test/jobs/refresh_oidc_provider_job_test.rb b/test/jobs/refresh_oidc_provider_job_test.rb
index d11f87bf398..d90a7d2be12 100644
--- a/test/jobs/refresh_oidc_provider_job_test.rb
+++ b/test/jobs/refresh_oidc_provider_job_test.rb
@@ -142,4 +142,15 @@ def stub_requests(config_status: 200, jwks_status: 200, config_body: {}, jwks_bo
       assert_nil @provider.reload.configuration
     end
   end
+
+  context "when the config endpoint returns a different URI for jwks" do
+    setup do
+      stub_requests(config_body: { jwks_uri: "https://example.com/jwks" })
+    end
+
+    should "raise an error" do
+      assert_kind_of RefreshOIDCProviderJob::JWKSURIMismatchError, RefreshOIDCProviderJob.perform_now(provider: @provider)
+      assert_nil @provider.reload.configuration
+    end
+  end
 end

From 49b49d165068d3277fea26d41215fdefafbc98dd Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Tue, 17 Sep 2024 23:51:42 +0200
Subject: [PATCH 197/381] Validate format of JWT claims before using them
 (#5013)

* Validate format of JWT claims before using them

Fixes TOB-RGM-11

* Update app/controllers/api/v1/oidc/trusted_publisher_controller.rb
---
 .../api/v1/oidc/trusted_publisher_controller.rb  | 13 +++++++++++++
 .../v1/oidc/trusted_publisher_controller_test.rb | 16 ++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/app/controllers/api/v1/oidc/trusted_publisher_controller.rb b/app/controllers/api/v1/oidc/trusted_publisher_controller.rb
index febafa6ce39..8e7967e25e7 100644
--- a/app/controllers/api/v1/oidc/trusted_publisher_controller.rb
+++ b/app/controllers/api/v1/oidc/trusted_publisher_controller.rb
@@ -2,6 +2,7 @@ class Api::V1::OIDC::TrustedPublisherController < Api::BaseController
   include ApiKeyable
 
   before_action :decode_jwt
+  before_action :validate_jwt_format
   before_action :find_provider
   before_action :verify_signature
   before_action :find_trusted_publisher
@@ -9,6 +10,9 @@ class Api::V1::OIDC::TrustedPublisherController < Api::BaseController
 
   class UnsupportedIssuer < StandardError; end
   class UnverifiedJWT < StandardError; end
+  class InvalidJWT < StandardError; end
+
+  rescue_from InvalidJWT, with: :render_bad_request
 
   rescue_from(
     UnsupportedIssuer, UnverifiedJWT,
@@ -45,6 +49,15 @@ def decode_jwt
     render_bad_request
   end
 
+  def validate_jwt_format
+    %w[nbf iat exp].each do |claim|
+      raise InvalidJWT, "Missing/invalid #{claim}" unless @jwt[claim].is_a?(Integer)
+    end
+    %w[iss jti].each do |claim|
+      raise InvalidJWT, "Missing/invalid #{claim}" unless @jwt[claim].is_a?(String)
+    end
+  end
+
   def find_provider
     @provider = OIDC::Provider.find_by!(issuer: @jwt[:iss])
   end
diff --git a/test/integration/api/v1/oidc/trusted_publisher_controller_test.rb b/test/integration/api/v1/oidc/trusted_publisher_controller_test.rb
index 5ce5bcd204a..453bd934a47 100644
--- a/test/integration/api/v1/oidc/trusted_publisher_controller_test.rb
+++ b/test/integration/api/v1/oidc/trusted_publisher_controller_test.rb
@@ -108,6 +108,22 @@ def jwt(claims = @claims, key: @pkey)
       assert_response :bad_request
     end
 
+    %w[nbf exp iat iss jti].each do |claim|
+      should "return bad request with missing/invalid #{claim}" do
+        @claims[claim] = ["a"]
+        post api_v1_oidc_trusted_publisher_exchange_token_path,
+          params: { jwt: jwt.to_s }
+
+        assert_response :bad_request
+
+        @claims.delete claim
+        post api_v1_oidc_trusted_publisher_exchange_token_path,
+          params: { jwt: jwt.to_s }
+
+        assert_response :bad_request
+      end
+    end
+
     should "return not found when time is before nbf" do
       @claims["nbf"] += 1_000_000
       trusted_publisher = build(:oidc_trusted_publisher_github_action,

From 677372b2d12be8b61baf4b71b003a90a2d7a33a3 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Wed, 18 Sep 2024 14:44:22 +0200
Subject: [PATCH 198/381] Add a script to automate updating ruby/rubygems
 versions (#5037)

---
 .github/workflows/docker.yml |  4 +-
 script/update-rubygems       | 77 ++++++++++++++++++++++++++++++++++++
 2 files changed, 79 insertions(+), 2 deletions(-)
 create mode 100755 script/update-rubygems

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index b354a44f7b0..c0c371b87ac 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -14,8 +14,8 @@ jobs:
     name: Docker build (and optional push)
     runs-on: ubuntu-24.04
     env:
-      RUBYGEMS_VERSION: 3.5.18
-      RUBY_VERSION: 3.3.5
+      RUBYGEMS_VERSION: "3.5.18"
+      RUBY_VERSION: "3.3.5"
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up Docker Buildx
diff --git a/script/update-rubygems b/script/update-rubygems
new file mode 100755
index 00000000000..b71245fc401
--- /dev/null
+++ b/script/update-rubygems
@@ -0,0 +1,77 @@
+#!/usr/bin/env ruby
+
+unless ARGV.empty?
+  puts "Usage: #{$PROGRAM_NAME}"
+  exit 1
+end
+
+require "bundler"
+require "yaml"
+
+return unless (bundler_version = Bundler.self_manager.send(:resolve_update_version_from, ">= 0")&.version)
+rubygems_version = Gem::Version.new(bundler_version.segments.tap { |s| s[0] += 1 }.join("."))
+
+def order_nodes(nodes)
+  methods = %i[start_line start_column end_line end_column]
+  nodes.sort_by { |node| methods.map { |k| node.send(k) } }.reverse
+end
+
+def find_nodes(node, path) # rubocop:disable Metrics
+  return [node] if path.empty?
+  head, *tail = path
+
+  raise "Expected to index #{path}, got #{node}" if node.scalar?
+
+  if head == "*"
+    if node.sequence?
+      return node.children.flat_map { |child| find_nodes(child, tail) }.compact
+    elsif node.mapping?
+      return node.children.each_slice(2).flat_map { |_, v| find_nodes(v, tail) }.compact
+    else
+      raise "Expected to index #{path}, got #{node}"
+    end
+  end
+
+  if node.document?
+    find_nodes(node.root, path)
+  elsif node.sequence?
+    head, expected_value = head.split("=", 2)
+    if expected_value
+      node.to_ruby.each_with_index.select { |h, _| h[head] == expected_value }.map(&:last).flat_map { |i| find_nodes(node.children[i], tail) }
+    else
+      find_nodes(node.children[head.to_i], tail)
+    end
+  elsif node.mapping?
+    node.children.each_slice(2).flat_map { |k, v| find_nodes(v, tail) if k.value == head && (!expected_value || expected_value == k.value) }.compact
+  else
+    raise "Expected to index #{path}, got #{node}"
+  end
+end
+
+def sub_yaml(file, path, value)
+  nodes = find_nodes YAML.parse_file(file), path
+  contents = File.read(file)
+  lines = contents.lines
+  order_nodes(nodes).each do |node|
+    raise "Expected single line node, got #{node}" if node.start_line != node.end_line
+    line = lines[node.start_line]
+    range = node.start_column..node.end_column.pred
+    raise "Expected range to be #{node.value.inspect}, is #{line[range].inspect}" unless YAML.load(line[range]) == node.value
+    line[range] = value
+  end
+  File.write(file, lines.join)
+end
+
+sub_yaml ".github/workflows/docker.yml", %w[jobs * env RUBYGEMS_VERSION], rubygems_version.to_s.inspect
+sub_yaml ".github/workflows/test.yml", %w[jobs * strategy matrix rubygems 0 version], rubygems_version.to_s.inspect
+
+ruby_version = File.read(".ruby-version").strip
+
+%w[Dockerfile .devcontainer/Dockerfile].each do |f|
+  File.write(f, File.read(f).sub(/(RUBY_VERSION=)[\d.]+/, "\\1#{ruby_version}"))
+end
+
+sub_yaml ".github/workflows/docker.yml", %w[jobs * env RUBY_VERSION], ruby_version.inspect
+sub_yaml ".github/workflows/test.yml", %w[jobs * strategy matrix ruby_version 0], ruby_version.inspect
+
+system("bundle", "update", "--bundler=#{bundler_version}", exception: true)

From de7d23d770a0f02cf2d8598f5eedf57a42977610 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Sep 2024 14:15:31 +0000
Subject: [PATCH 199/381] Bump faraday from 2.11.0 to 2.12.0

Bumps [faraday](https://github.com/lostisland/faraday) from 2.11.0 to 2.12.0.
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lostisland/faraday/compare/v2.11.0...v2.12.0)

---
updated-dependencies:
- dependency-name: faraday
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 15 ++++++++-------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/Gemfile b/Gemfile
index 9391c224f1b..f6f08a6c92e 100644
--- a/Gemfile
+++ b/Gemfile
@@ -13,7 +13,7 @@ gem "dalli", "~> 3.2"
 gem "datadog", "~> 2.3"
 gem "dogstatsd-ruby", "~> 5.5"
 gem "google-protobuf", "~> 4.28"
-gem "faraday", "~> 2.11"
+gem "faraday", "~> 2.12"
 gem "faraday-retry", "~> 2.2"
 gem "good_job", "~> 3.99"
 gem "gravtastic", "~> 3.2"
diff --git a/Gemfile.lock b/Gemfile.lock
index ae9b3d73219..b1d3d2ac414 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -240,8 +240,9 @@ GEM
     factory_bot_rails (6.4.3)
       factory_bot (~> 6.4)
       railties (>= 5.0.0)
-    faraday (2.11.0)
+    faraday (2.12.0)
       faraday-net_http (>= 2.0, < 3.4)
+      json
       logger
     faraday-follow_redirects (0.3.0)
       faraday (>= 1, < 3)
@@ -370,7 +371,7 @@ GEM
       ffi-compiler (~> 1.0)
       rake (~> 13.0)
     local_time (3.0.2)
-    logger (1.6.0)
+    logger (1.6.1)
     loofah (2.22.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
@@ -753,7 +754,7 @@ GEM
     unpwn (1.0.0)
       bloomer (~> 1.0)
       pwned (~> 2.0)
-    uri (0.13.0)
+    uri (0.13.1)
     user_agent_parser (2.18.0)
     validate_url (1.0.15)
       activemodel (>= 3.0.0)
@@ -824,7 +825,7 @@ DEPENDENCIES
   dogstatsd-ruby (~> 5.5)
   dotenv-rails (~> 3.1)
   factory_bot_rails (~> 6.4)
-  faraday (~> 2.11)
+  faraday (~> 2.12)
   faraday-multipart (~> 1.0)
   faraday-retry (~> 2.2)
   faraday_middleware-aws-sigv4 (~> 1.0)
@@ -998,7 +999,7 @@ CHECKSUMS
   execjs (2.9.1) sha256=e8fd066f6df60c8e8fbebc32c6fb356b5212c77374e8416a9019ca4bb154dcfb
   factory_bot (6.4.5) sha256=d71dd29bc95f0ec2bf27e3dd9b1b4d557bd534caca744663cb7db4bacf3198be
   factory_bot_rails (6.4.3) sha256=ea73ceac1c0ff3dc11fff390bf2ea8a2604066525ed8ecd3b3bc2c267226dcc8
-  faraday (2.11.0) sha256=e6ead2c9aa1304107d3bb342e9f930cf7e649a71e3ec1e782c3256672f19ed02
+  faraday (2.12.0) sha256=d106d0b1bc2548a8c0c34619a657a5e4aeae2780f951b0e095c8f803bbbf4517
   faraday-follow_redirects (0.3.0) sha256=d92d975635e2c7fe525dd494fcd4b9bb7f0a4a0ec0d5f4c15c729530fdb807f9
   faraday-multipart (1.0.4) sha256=9012021ab57790f7d712f590b48d5f948b19b43cfa11ca83e6459f06090b0725
   faraday-net_http (3.3.0) sha256=93e6b0f679b1e8e358bcb4e983a52328dfc47ebbe6a232e4f9e8aba9c924e565
@@ -1050,7 +1051,7 @@ CHECKSUMS
   listen (3.9.0) sha256=db9e4424e0e5834480385197c139cb6b0ae0ef28cc13310cfd1ca78377d59c67
   llhttp-ffi (0.5.0) sha256=496f40ad44bcbf99de02da1f26b1ad64e6593cd487b931508a86228e2a3af0fa
   local_time (3.0.2) sha256=cb8abb2d56726ae285d00b0bd7f4c34bafc38c0c1cbc70ddc28f3a5661168d9d
-  logger (1.6.0) sha256=0ab7c120262dd8de2a18cb8d377f1f318cbe98535160a508af9e7710ff43ef3e
+  logger (1.6.1) sha256=3ad9587ed3940bf7897ea64a673971415523f4f7d6b22c5e3af5219705669653
   loofah (2.22.0) sha256=10d76e070c86b12fec74b6a9515fd1940f4459198b991342d0a7897d86c372fe
   lookbook (2.3.2) sha256=abcdefeb13d9150ab30ab8022a2f459db85cbd02e90a0e8e066b32f9048e160a
   mail (2.8.1) sha256=ec3b9fadcf2b3755c78785cb17bc9a0ca9ee9857108a64b6f5cfc9c0b5bfc9ad
@@ -1200,7 +1201,7 @@ CHECKSUMS
   tzinfo (2.0.6) sha256=8daf828cc77bcf7d63b0e3bdb6caa47e2272dcfaf4fbfe46f8c3a9df087a829b
   unicode-display_width (2.5.0) sha256=7e7681dcade1add70cb9fda20dd77f300b8587c81ebbd165d14fd93144ff0ab4
   unpwn (1.0.0) sha256=6239d17d46a882b3719b24fb79c78a34caff89d57ab0f5e546be5b5c882bc7d3
-  uri (0.13.0) sha256=26553c2a9399762e1e8bebd4444b4361c4b21298cf1c864b22eeabc9c4998f24
+  uri (0.13.1) sha256=df2d8b13e3e8c8a43432637e2ace4f9de7b42674361b4dd26302b40f7d7fcd1e
   user_agent_parser (2.18.0) sha256=aa943b91da8906cace7d3fe16b450c9d77b68f571485c11e577af97aecb25584
   validate_url (1.0.15) sha256=72fe164c0713d63a9970bd6700bea948babbfbdcec392f2342b6704042f57451
   validates_formatting_of (0.9.0) sha256=139590a4b87596dbfb04d93e897bd2e6d30fb849d04fab0343e71ed2ca856e7e

From 5002e8426d0d4a18cba061da155d914de7413e12 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Sep 2024 14:16:02 +0000
Subject: [PATCH 200/381] Bump dotenv-rails from 3.1.2 to 3.1.4

Bumps [dotenv-rails](https://github.com/bkeepers/dotenv) from 3.1.2 to 3.1.4.
- [Release notes](https://github.com/bkeepers/dotenv/releases)
- [Changelog](https://github.com/bkeepers/dotenv/blob/main/Changelog.md)
- [Commits](https://github.com/bkeepers/dotenv/compare/v3.1.2...v3.1.4)

---
updated-dependencies:
- dependency-name: dotenv-rails
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index ae9b3d73219..564bfc885fe 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -223,9 +223,9 @@ GEM
     docile (1.4.1)
     dogstatsd-ruby (5.6.1)
     domain_name (0.6.20240107)
-    dotenv (3.1.2)
-    dotenv-rails (3.1.2)
-      dotenv (= 3.1.2)
+    dotenv (3.1.4)
+    dotenv-rails (3.1.4)
+      dotenv (= 3.1.4)
       railties (>= 6.1)
     drb (2.2.1)
     dry-initializer (3.1.1)
@@ -988,8 +988,8 @@ CHECKSUMS
   docile (1.4.1) sha256=96159be799bfa73cdb721b840e9802126e4e03dfc26863db73647204c727f21e
   dogstatsd-ruby (5.6.1) sha256=615dd1328c57ab66fb48cbf83b38ce2060d8353707be0bc3deb0ae960a659982
   domain_name (0.6.20240107) sha256=5f693b2215708476517479bf2b3802e49068ad82167bcd2286f899536a17d933
-  dotenv (3.1.2) sha256=08036c2aa1246590034a83df2adc85b72cb4944692c49da24d8e911f97924478
-  dotenv-rails (3.1.2) sha256=66d2ad1a5aca1de742dd8ec2ceed2148675c73617a3b8d7703ef86ed47ca5d6a
+  dotenv (3.1.4) sha256=6dc502e718ea0d3542673345da05c7a69039840898e251757adb3405d2b35629
+  dotenv-rails (3.1.4) sha256=a7d75f6ab3cc7f1b28e7deb0462efb155878e4e87ce3cc6e42ce35bea61c6fe4
   drb (2.2.1) sha256=e9d472bf785f558b96b25358bae115646da0dbfd45107ad858b0bc0d935cb340
   dry-initializer (3.1.1) sha256=4d267dea367ccabe498b259c62b909b99d577d6db547d9510561999403546dec
   email_validator (2.2.4) sha256=5ab238095bec7aef9389f230e9e0c64c5081cdf91f19d6c5cecee0a93af20604

From 18375f0313f3cfc8495cd411ea236ea24164e8fa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Sep 2024 14:50:06 +0000
Subject: [PATCH 201/381] Bump ruby/setup-ruby from 1.192.0 to 1.193.0

Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.192.0 to 1.193.0.
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/a6b46b8a08edb18935835849f2a17072d5cc8c73...f321cf5a4d1533575411f8752cf25b86478b0442)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 4cc415c022c..ddb7bf0a561 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@a6b46b8a08edb18935835849f2a17072d5cc8c73 # v1.192.0
+      - uses: ruby/setup-ruby@f321cf5a4d1533575411f8752cf25b86478b0442 # v1.193.0
         with:
           bundler-cache: true
       - name: Rubocop
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@a6b46b8a08edb18935835849f2a17072d5cc8c73 # v1.192.0
+      - uses: ruby/setup-ruby@f321cf5a4d1533575411f8752cf25b86478b0442 # v1.193.0
         with:
           bundler-cache: true
       - name: Brakeman
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@a6b46b8a08edb18935835849f2a17072d5cc8c73 # v1.192.0
+      - uses: ruby/setup-ruby@f321cf5a4d1533575411f8752cf25b86478b0442 # v1.193.0
         with:
           bundler-cache: true
       - name: Importmap Verify
@@ -51,7 +51,7 @@ jobs:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@a6b46b8a08edb18935835849f2a17072d5cc8c73 # v1.192.0
+      - uses: ruby/setup-ruby@f321cf5a4d1533575411f8752cf25b86478b0442 # v1.193.0
         with:
           bundler-cache: true
       - name: krane render

From f95a021bc43e42580e34b508ca75e60735ee649f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Sep 2024 18:51:14 +0200
Subject: [PATCH 202/381] Bump segiddins/frizbee-action (#5043)

---
 .github/workflows/lint.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 4cc415c022c..7af589d097e 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -74,7 +74,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: segiddins/frizbee-action@807363500e09f186d33b4805d25971aabaff6c1d # segiddins/run-in-place
+      - uses: segiddins/frizbee-action@850cb44d2b091a22d542a608191f477a243a647d # segiddins/run-in-place
         env:
           GITHUB_TOKEN: ${{ github.token }}
         with:

From d9d845614b5c50849a112e2ca65e1de901cbbcdc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Sep 2024 18:52:13 +0200
Subject: [PATCH 203/381] Bump datadog-ci from 1.4.1 to 1.5.0 (#5041)

---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 9391c224f1b..3b3ee90a5a5 100644
--- a/Gemfile
+++ b/Gemfile
@@ -126,7 +126,7 @@ group :development do
 end
 
 group :test do
-  gem "datadog-ci", "~> 1.4"
+  gem "datadog-ci", "~> 1.5"
   gem "minitest", "~> 5.25", require: false
   gem "minitest-retry", "~> 0.2.3"
   gem "capybara", "~> 3.40"
diff --git a/Gemfile.lock b/Gemfile.lock
index ae9b3d73219..5f8924c2828 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -199,7 +199,7 @@ GEM
       libdatadog (~> 11.0.0.1.0)
       libddwaf (~> 1.14.0.0.0)
       msgpack
-    datadog-ci (1.4.1)
+    datadog-ci (1.5.0)
       datadog (~> 2.3)
       msgpack
     date (3.3.4)
@@ -818,7 +818,7 @@ DEPENDENCIES
   dalli (~> 3.2)
   dartsass-sprockets (~> 3.1)
   datadog (~> 2.3)
-  datadog-ci (~> 1.4)
+  datadog-ci (~> 1.5)
   derailed_benchmarks (~> 2.1)
   discard (~> 1.3)
   dogstatsd-ruby (~> 5.5)
@@ -978,7 +978,7 @@ CHECKSUMS
   dalli (3.2.8) sha256=2e63595084d91fae2655514a02c5d4fc0f16c0799893794abe23bf628bebaaa5
   dartsass-sprockets (3.1.0) sha256=c238ec9f7f496489ac5a7813cd1f83d1e077a1826921acefc7e290a521b7a20a
   datadog (2.3.0) sha256=28e28a48dafa4c553ba32b9c4ffe0a9aa40a9795f024279e505b255b84908566
-  datadog-ci (1.4.1) sha256=8ce5ce7b8eaa79e55b11ffc040662879d1fa45606d3ef5a91cd9395f046a23c4
+  datadog-ci (1.5.0) sha256=e5fabfb624714a45916d5fec096ddd906bc07d45193e8f96a8b8355e46d15e2f
   date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
   dead_end (4.0.0) sha256=695c8438993bb4c5415b1618a1b6e0afcae849ef2812fb8cb3846723904307eb
   debase-ruby_core_source (3.3.1) sha256=ed904cae290edf0cf274ad707f8981bf1cefad8081e78d4bb71be2a483bc2c08

From e945ea86be44d394fc660d06757bc71b0428df16 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Thu, 19 Sep 2024 00:25:42 +0200
Subject: [PATCH 204/381] Update to rubygems 3.5.19 / bundler 2.5.19 (#5044)

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 .github/workflows/docker.yml | 2 +-
 .github/workflows/test.yml   | 2 +-
 Gemfile.lock                 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index c0c371b87ac..ae11028ad63 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -14,7 +14,7 @@ jobs:
     name: Docker build (and optional push)
     runs-on: ubuntu-24.04
     env:
-      RUBYGEMS_VERSION: "3.5.18"
+      RUBYGEMS_VERSION: "3.5.19"
       RUBY_VERSION: "3.3.5"
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c2515508ed2..e4fcf7cb3b3 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -26,7 +26,7 @@ jobs:
       matrix:
         rubygems:
           - name: locked
-            version: "3.5.18"
+            version: "3.5.19"
           - name: latest
             version: latest
         ruby_version: ["3.3.5"]
diff --git a/Gemfile.lock b/Gemfile.lock
index 5f8924c2828..abd0fcac797 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1223,4 +1223,4 @@ RUBY VERSION
    ruby 3.3.5p100
 
 BUNDLED WITH
-   2.5.18
+   2.5.19

From 1fdabac1896695e614fc8e9a239464ac3282b164 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 19 Sep 2024 14:12:09 +0000
Subject: [PATCH 205/381] Bump aws-sdk-s3 from 1.162.0 to 1.163.0

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.162.0 to 1.163.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 18 +++++++++---------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/Gemfile b/Gemfile
index 1b09eb8a9e0..76ffb8d2a4a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,7 +5,7 @@ ruby file: ".ruby-version"
 gem "rails", "~> 7.1.0", ">= 7.1.3.2"
 gem "rails-i18n", "~> 7.0"
 
-gem "aws-sdk-s3", "~> 1.162"
+gem "aws-sdk-s3", "~> 1.163"
 gem "aws-sdk-sqs", "~> 1.83"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
diff --git a/Gemfile.lock b/Gemfile.lock
index 83e15c36f31..62865a9077f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -110,8 +110,8 @@ GEM
       zeitwerk (>= 2.6.2)
     awrence (1.2.1)
     aws-eventstream (1.3.0)
-    aws-partitions (1.974.0)
-    aws-sdk-core (3.205.0)
+    aws-partitions (1.977.0)
+    aws-sdk-core (3.206.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.9)
@@ -119,14 +119,14 @@ GEM
     aws-sdk-kms (1.91.0)
       aws-sdk-core (~> 3, >= 3.205.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.162.0)
+    aws-sdk-s3 (1.163.0)
       aws-sdk-core (~> 3, >= 3.205.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
     aws-sdk-sqs (1.83.0)
       aws-sdk-core (~> 3, >= 3.205.0)
       aws-sigv4 (~> 1.5)
-    aws-sigv4 (1.9.1)
+    aws-sigv4 (1.10.0)
       aws-eventstream (~> 1, >= 1.0.2)
     base64 (0.2.0)
     bcrypt (3.1.20)
@@ -804,7 +804,7 @@ DEPENDENCIES
   amazing_print (~> 1.6)
   autoprefixer-rails (~> 10.4)
   avo (~> 2.53)
-  aws-sdk-s3 (~> 1.162)
+  aws-sdk-s3 (~> 1.163)
   aws-sdk-sqs (~> 1.83)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
@@ -941,12 +941,12 @@ CHECKSUMS
   avo (2.53.0) sha256=e8f1fb9abaf6d874d898449d4db863586c16e60634a136d97ae436ded976d1a6
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
-  aws-partitions (1.974.0) sha256=75b1f91df5fcde9bc4d7e30d0d139eea8b5ac622dbb9fff756d5567550eaa496
-  aws-sdk-core (3.205.0) sha256=a7b4c414070aa28bf4fcf6d7dd876e0ec0e8cda4fb998ca4f0b3231880f0fc2e
+  aws-partitions (1.977.0) sha256=fd9c6b7301b4f54bb810c1c511479700aa39167f7d9faa01bb22d1fd4b434042
+  aws-sdk-core (3.206.0) sha256=90fdf40de8ca483b533635fca64aa718bcd98ae407489dca3881b054a0c62cf0
   aws-sdk-kms (1.91.0) sha256=b56d06e737541d71cec59f3c81d6ff35179da8ff63535208533c3ba99ea4d84f
-  aws-sdk-s3 (1.162.0) sha256=7e9728f3d41b6a0628be653be15afcccefb48d24ae08c3b5e0c30b9484f27d23
+  aws-sdk-s3 (1.163.0) sha256=d46a3d67c69a73748a2e21a7d4ae7d2a6995920ae28c4ecf8b09c6829dbbcb1e
   aws-sdk-sqs (1.83.0) sha256=03c7bbe3385eab469c7b06dd86ad800521b4e922f745fdd46135764801c57775
-  aws-sigv4 (1.9.1) sha256=7753e320c39f80f82f9e0883b30de0e7b99e756adbaedc80c50b6ad59d49c379
+  aws-sigv4 (1.10.0) sha256=159b113dc93f9fa5a13603a8bd09eab54a9a0e8f98e606b47f1cee504780df9c
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507
   bcrypt (3.1.20) sha256=8410f8c7b3ed54a3c00cd2456bf13917d695117f033218e2483b2e40b0784099
   benchmark-ips (2.12.0) sha256=09dd4d5be05db42470e7e7b01be7310564073a054e35d9d9ec7840c523f3dbcb

From e5162f7e7ab6fc4d87b6bd53d7a0d12695507917 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 19 Sep 2024 14:13:26 +0000
Subject: [PATCH 206/381] Bump google-protobuf from 4.28.1 to 4.28.2

Bumps [google-protobuf](https://github.com/protocolbuffers/protobuf) from 4.28.1 to 4.28.2.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

---
updated-dependencies:
- dependency-name: google-protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 83e15c36f31..a4e30a32967 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -275,7 +275,7 @@ GEM
       fugit (>= 1.1)
       railties (>= 6.0.0)
       thor (>= 0.14.1)
-    google-protobuf (4.28.1)
+    google-protobuf (4.28.2)
       bigdecimal
       rake (>= 13)
     gravtastic (3.2.6)
@@ -1012,7 +1012,7 @@ CHECKSUMS
   get_process_mem (0.2.7) sha256=4afd3c3641dd6a817c09806c7d6d509d8a9984512ac38dea8b917426bbf77eba
   globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9
   good_job (3.99.1) sha256=7d3869d8a8ee8ef7048fee5d746f41c21987b7822c20038a2f773036bef0830a
-  google-protobuf (4.28.1) sha256=1f9d3f60f407908abe0cf5c828317e45179bf8b82f77aae966b2430536527459
+  google-protobuf (4.28.2) sha256=6841bb4566bc33fc2d59b4dd28bfd9308fc528545f21722e9f6e6fa566289c29
   gravtastic (3.2.6) sha256=ef98abcecf7c402b61cff1ae7c50a2c6d97dd22bac21ea9b421ce05bc03d734f
   groupdate (6.4.0) sha256=65940645bf2a48f9b2d10ab7a1d19bdc78f3c89559d8fce39cea3448a15aec54
   hashdiff (1.1.0) sha256=b5465f0e7375f1ee883f53a766ece4dbc764b7674a7c5ffd76e79b2f5f6fc9c9

From 3177a13c0a5f2fb3140fce3ed2f09881acb13463 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 19 Sep 2024 14:14:07 +0000
Subject: [PATCH 207/381] Bump puma from 6.4.2 to 6.4.3

Bumps [puma](https://github.com/puma/puma) from 6.4.2 to 6.4.3.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v6.4.2...v6.4.3)

---
updated-dependencies:
- dependency-name: puma
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 83e15c36f31..38c22c640fb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -513,7 +513,7 @@ GEM
     psych (5.1.2)
       stringio
     public_suffix (6.0.1)
-    puma (6.4.2)
+    puma (6.4.3)
       nio4r (~> 2.0)
     pundit (2.4.0)
       activesupport (>= 3.0.0)
@@ -1108,7 +1108,7 @@ CHECKSUMS
   pry-byebug (3.10.1) sha256=c8f975c32255bfdb29e151f5532130be64ff3d0042dc858d0907e849125581f8
   psych (5.1.2) sha256=337322f58fc2bf24827d2b9bd5ab595f6a72971867d151bb39980060ea40a368
   public_suffix (6.0.1) sha256=61d44e1cab5cbbbe5b31068481cf16976dd0dc1b6b07bd95617ef8c5e3e00c6f
-  puma (6.4.2) sha256=3eb41999d00733280be3faeb00d610331b6965a537a8cd3d905f316c38575b44
+  puma (6.4.3) sha256=24a4645c006811d83f2480057d1f54a96e7627b6b90e1c99b260b9dc630eb43e
   pundit (2.4.0) sha256=43e6d27a9df082c04f0020999ce4dcf6742ecc5775d102ef2bfe9df041417572
   pwned (2.3.0) sha256=63f5a9576f109203684e9dd053f815649fd5bc0a0348b7190568272641b22353
   raabro (1.4.0) sha256=d4fa9ff5172391edb92b242eed8be802d1934b1464061ae5e70d80962c5da882

From 4c6db310d5110b963249df4c35a9af7b5a73542c Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Thu, 19 Sep 2024 16:32:51 -0700
Subject: [PATCH 208/381] Swap tailwind to new design, hardcode old
 tailwind.css (#5027)

---
 .../stylesheets/application.tailwind.css      |  13 ++-
 .../stylesheets/tailwind.deprecated.css       |   6 +
 app/views/layouts/application.html.erb        |   1 -
 config/tailwind.config.js                     | 108 ++++++++++++++++--
 4 files changed, 115 insertions(+), 13 deletions(-)
 create mode 100644 app/assets/stylesheets/tailwind.deprecated.css

diff --git a/app/assets/stylesheets/application.tailwind.css b/app/assets/stylesheets/application.tailwind.css
index 3bbac920f0d..f575b6d8902 100644
--- a/app/assets/stylesheets/application.tailwind.css
+++ b/app/assets/stylesheets/application.tailwind.css
@@ -1,3 +1,14 @@
-/* @tailwind base; */ /* base disabled because the resets break the current site */ 
+@config "../../../config/tailwind.config.js";
+@tailwind base;
 @tailwind components;
 @tailwind utilities;
+
+@layer base {
+  @font-face {
+    font-family: "Titillium Web";
+    font-style: normal;
+    font-weight: 400;
+    font-display: swap;
+    src: url(/fonts/Roboto.woff2) format('woff2');
+  }
+}
diff --git a/app/assets/stylesheets/tailwind.deprecated.css b/app/assets/stylesheets/tailwind.deprecated.css
new file mode 100644
index 00000000000..cbb0ee2e997
--- /dev/null
+++ b/app/assets/stylesheets/tailwind.deprecated.css
@@ -0,0 +1,6 @@
+/*
+ * This is the old tailwind build that used `tw-` prefixes.
+ * We no longer compute this build and the tailwind config for this is gone.
+ * It's only here until the prefixed `tw-` classes are replaced by the new design.
+ */
+.tw-mx-auto{margin-left:auto;margin-right:auto}.tw-my-4{margin-bottom:1rem;margin-top:1rem}.\!tw-mb-0{margin-bottom:0!important}.tw-mt-2{margin-top:.5rem}.tw-mt-4{margin-top:1rem}.tw-flex{display:flex}.tw-flex-col{flex-direction:column}.tw-items-baseline{align-items:baseline}.tw-gap-2{gap:.5rem}.tw-gap-4{gap:1rem}.tw-space-y-2>:not([hidden])~:not([hidden]){--tw-space-y-reverse:0;margin-bottom:calc(.5rem*var(--tw-space-y-reverse));margin-top:calc(.5rem*(1 - var(--tw-space-y-reverse)))}.tw-space-y-4>:not([hidden])~:not([hidden]){--tw-space-y-reverse:0;margin-bottom:calc(1rem*var(--tw-space-y-reverse));margin-top:calc(1rem*(1 - var(--tw-space-y-reverse)))}.tw-divide-y>:not([hidden])~:not([hidden]){--tw-divide-y-reverse:0;border-bottom-width:calc(1px*var(--tw-divide-y-reverse));border-top-width:calc(1px*(1 - var(--tw-divide-y-reverse)))}.tw-break-all{word-break:break-all}.tw-border{border-width:1px}.tw-border-solid{border-style:solid}.tw-border-red-500{--tw-border-opacity:1;border-color:rgb(239 68 68/var(--tw-border-opacity))}.\!tw-bg-white{--tw-bg-opacity:1!important;background-color:rgb(255 255 255/var(--tw-bg-opacity))!important}.tw-p-5{padding:1.25rem}.\!tw-py-0{padding-bottom:0!important;padding-top:0!important}.\!tw-text-start{text-align:start!important}@media (min-width:640px){.sm\:tw-flex{display:flex}.sm\:tw-grid{display:grid}.sm\:tw-grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.sm\:tw-flex-row{flex-direction:row}.sm\:tw-items-baseline{align-items:baseline}}
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 4c75e93fe66..59fd44a0de8 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -15,7 +15,6 @@
     <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
 
     <%= stylesheet_link_tag("application") %>
-    <%= stylesheet_link_tag("tailwind", "data-turbo-track": "reload") %>
     <link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
     <link href='https://fonts.googleapis.com/css?family=Roboto:100&amp;subset=greek,latin,cyrillic,latin-ext' rel='stylesheet' type='text/css'>
     <%= render "layouts/feeds" %>
diff --git a/config/tailwind.config.js b/config/tailwind.config.js
index 7366febac45..664dbdb8c31 100644
--- a/config/tailwind.config.js
+++ b/config/tailwind.config.js
@@ -3,7 +3,6 @@ const defaultTheme = require("tailwindcss/defaultTheme");
 /** @type {import('tailwindcss').Config} */
 module.exports = {
   mode: "jit",
-  prefix: "tw-", // While we still have non-tailwind classes
   content: [
     "./app/views/**/*.rb",
     "./app/components/**/*rb",
@@ -15,17 +14,105 @@ module.exports = {
   theme: {
     extend: {
       fontFamily: {
-        sans: [
-          "Helvetica Neue",
-          "Helvetica",
-          "Arial",
-          ...defaultTheme.fontFamily.sans,
-        ],
+        sans: ['"Titillium Web"', ...defaultTheme.fontFamily.sans],
+        mono: ['"Fira Code"', ...defaultTheme.fontFamily.mono],
+      },
+      fontSize: {
+        lg:   ['1.4375rem', '2.156rem'], /* Base/01 23px, 34.5px */
+        base: ['1.1875rem', '1.781rem'], /* Base/02 19px, 28.5px */
+        sm:   ['1.0000rem', '1.500rem'], /* Base/03 16px, 24px */
+        xs:   ['0.8750rem', '1.313rem'], /* Base/04 14px, 21px */
+
+        d1: ['3.1875rem', '3.825rem'], /* Display/01 51px, 61.2px */
+        d2: ['2.9375rem', '3.525rem'], /* Display/02 47px, 56.4px */
+        d3: ['2.6875rem', '3.225rem'], /* Display/03 43px, 51.6px */
+        h1: ['2.4375rem', '2.925rem'], /* Header/01 39px, 46.8px */
+        h2: ['2.1875rem', '2.625rem'], /* Header/02 35px, 42px */
+        h3: ['1.9375rem', '2.325rem'], /* Header/03 31px, 37.2px */
+        h4: ['1.6875rem', '2.025rem'], /* Header/04 27px, 32.4px */
+        b1: ['1.4375rem', '2.156rem'], /* Base/01 23px, 34.5px */
+        b2: ['1.1875rem', '1.781rem'], /* Base/02 19px, 28.5px */
+        b3: ['1.0000rem', '1.500rem'], /* Base/03 16px, 24px */
+        b4: ['0.8750rem', '1.313rem'], /* Base/04 14px, 21px */
+        c1: ['1.6875rem', '2.025rem'], /* Code/01 27px, 32.4px */
+        c2: ['1.4375rem', '1.725rem'], /* Code/02 23px, 27.6px */
+        c3: ['1.1250rem', '1.350rem'], /* Code/03 18px, 21.6px */
+        c4: ['1.0000rem', '1.200rem'], /* Code/04 16px, 19.2px */
       },
       colors: {
-        "rubygems-red": "#e74c3c",
-        blackish: "#141c22",
-        grayish: "#c1c4ca",
+        transparent: 'transparent',
+        current: 'currentColor',
+        'white': '#ffffff',
+        'red': {
+          100: '#FFEEF1',
+          200: '#FFC4CD',
+          300: '#FF9CB0',
+          400: '#FF0E3B',
+          500: '#E4002B',
+          600: '#BA0023',
+          700: '#970019',
+          800: '#730012',
+          900: '#58000A',
+        },
+        'orange': {
+          100: '#FFF0EC',
+          200: '#FFD0C5',
+          300: '#FFA983',
+          400: '#FF7539',
+          500: '#F74C27',
+          600: '#E54523',
+          700: '#AD2F14',
+          800: '#761A05',
+          900: '#631200',
+        },
+        'yellow': {
+          100: '#FFFBF7',
+          200: '#FFF4EA',
+          300: '#FFE4BB',
+          400: '#FFC772',
+          500: '#FFAB2D',
+          600: '#D38C22',
+          700: '#A66D17',
+          800: '#7A4E0C',
+          900: '#4D2E00',
+        },
+        'green': {
+          100: '#F1FFFE',
+          200: '#E1FFFC',
+          300: '#C9FFF9',
+          400: '#06B8B9',
+          500: '#05A3A7',
+          600: '#03858B',
+          700: '#006770',
+          800: '#004F56',
+          900: '#00373B',
+        },
+        'blue': {
+          100: '#F3F9FF',
+          200: '#E1F1FF',
+          300: '#92C0F4',
+          400: '#76ADEC',
+          500: '#6999D2',
+          600: '#5B86B8',
+          700: '#3F699A',
+          800: '#234C7D',
+          900: '#113765',
+        },
+        'neutral': {
+          '000': '#FFFFFF',
+          '050': '#FBFBFB',
+          '100': '#F6F6F6',
+          '200': '#EEEEEE',
+          '300': '#E2E2E2',
+          '400': '#D5D5D5',
+          '500': '#C3C5C7',
+          '600': '#969CA7',
+          '700': '#636B79',
+          '800': '#454C59',
+          '850': '#2F3643',
+          '900': '#13181F',
+          '950': '#191E26',
+        },
       },
     },
   },
@@ -36,6 +123,5 @@ module.exports = {
     require("@tailwindcss/container-queries"),
   ],
   corePlugins: {
-    preflight: false,
   },
 };

From 4f0d4593a3b818a775f2845ab75ca76502f5a727 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 20 Sep 2024 01:06:49 +0000
Subject: [PATCH 209/381] Bump github/codeql-action from 3.26.7 to 3.26.8

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.7 to 3.26.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/8214744c546c1e5c8f03dde8fab3a7353211988d...294a9d92911152fe08befb9ec03e240add280cb3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index d4df0f29b74..7ca4be0b4a0 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
+        uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
+        uses: github/codeql-action/autobuild@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
+        uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 0c9d5c6532f..0307b814148 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
+        uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
         with:
           sarif_file: results.sarif

From 7772233b8a312fdaba6194c88523c7ae8c185482 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Thu, 19 Sep 2024 23:44:48 -0700
Subject: [PATCH 210/381] Remove unused backfill rake tasks (#5051)

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 .rubocop.yml                                |   3 -
 lib/tasks/extraneous_dependencies.rake      | 111 --------------------
 lib/tasks/gemcutter.rake                    |  80 --------------
 lib/tasks/helpers/gemcutter_tasks_helper.rb |  42 --------
 4 files changed, 236 deletions(-)
 delete mode 100644 lib/tasks/extraneous_dependencies.rake
 delete mode 100644 lib/tasks/helpers/gemcutter_tasks_helper.rb

diff --git a/.rubocop.yml b/.rubocop.yml
index b9f77f71b2e..f7a301544aa 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -148,9 +148,6 @@ Style/StringLiterals:
 Style/FrozenStringLiteralComment:
   Enabled: false
 
-Security/MarshalLoad:
-  Enabled: false
-
 Style/EmptyMethod:
   EnforcedStyle: expanded
 
diff --git a/lib/tasks/extraneous_dependencies.rake b/lib/tasks/extraneous_dependencies.rake
deleted file mode 100644
index 7ce9f834373..00000000000
--- a/lib/tasks/extraneous_dependencies.rake
+++ /dev/null
@@ -1,111 +0,0 @@
-require "tasks/helpers/compact_index_tasks_helper"
-
-namespace :extraneous_dependencies do
-  def fetch_spec_deps(full_name)
-    spec_uri = URI("https://rubygems.org/quick/Marshal.4.8/#{full_name}.gemspec.rz")
-    http = Net::HTTP.new(spec_uri.host, spec_uri.port)
-    http.use_ssl = true
-
-    request = Net::HTTP::Get.new(spec_uri.request_uri)
-    res = http.request(request)
-
-    raise StandardError, "fetch deps request for #{full_name} failed #{res.inspect}" unless res.code == "200"
-
-    spec_obj = Marshal.load(Gem::Util.inflate(res.body))
-
-    spec_run_deps = spec_obj.dependencies.filter_map do |s|
-      s.name.to_s.downcase if s.type == :runtime && Rubygem.where(name: s.name.to_s).present?
-    end.sort
-
-    spec_dev_deps = spec_obj.dependencies.filter_map do |s|
-      s.name.to_s.downcase if s.type == :development && Rubygem.where(name: s.name.to_s).present?
-    end.sort
-
-    [spec_run_deps, spec_dev_deps]
-  end
-
-  desc "Remove dependencies from DB where it doesn't match the gemspec"
-  task clean: :environment do |task|
-    ActiveRecord::Base.logger.level = 1 if Rails.env.development?
-
-    versions = Version.joins("inner join dependencies on versions.id = dependencies.version_id")
-      .where("date_trunc('day', dependencies.created_at) = '2009-09-02 00:00:00'::timestamp")
-      .where("versions.indexed = 'true'")
-      .distinct("versions.id")
-
-    total              = versions.count
-    processed          = 0
-    errored            = 0
-    dev_mis_match      = 0
-    run_mis_match      = 0
-    mis_match_versions = 0
-    total_deleted_deps = 0
-
-    Rails.logger.info "[extraneous_dependencies:clean] found #{total} versions for clean up"
-    versions.each do |version|
-      print format("\r%.2f%% (%d/%d) complete", processed.to_f / total * 100.0, processed, total)
-
-      spec_run_deps, spec_dev_deps = fetch_spec_deps(version.full_name)
-
-      db_run_deps = {}
-      db_dev_deps = {}
-      db_deps = version.dependencies.to_a
-      db_deps.each do |d|
-        db_run_deps[d.id.to_s] = d.rubygem.name.downcase if d.scope == "runtime" && d.rubygem.present?
-        db_dev_deps[d.id.to_s] = d.rubygem.name.downcase if d.scope == "development" && d.rubygem.present?
-      end
-
-      deps_to_delete = []
-      if spec_run_deps != db_run_deps.values.sort
-        unique_run_devs = []
-        db_run_deps.each do |id, name|
-          deps_to_delete << id unless spec_run_deps.include?(name)
-
-          if unique_run_devs.include?(name)
-            deps_to_delete << id
-          else
-            unique_run_devs << name
-          end
-        end
-
-        run_mis_match += 1
-        Rails.logger.info("[extraneous_dependencies:clean] spec and db run deps don't match " \
-                          "for: #{version.full_name} spec: #{spec_run_deps} db: #{db_run_deps}")
-      end
-
-      if spec_dev_deps != db_dev_deps.values.sort
-        unique_dev_deps = []
-        db_dev_deps.sort.to_h.each do |id, name|
-          if unique_dev_deps.include?(name)
-            deps_to_delete << id
-          else
-            unique_dev_deps << name
-          end
-        end
-
-        dev_mis_match += 1
-        Rails.logger.info("[extraneous_dependencies:clean] spec and db dev deps don't match " \
-                          "for: #{version.full_name} spec: #{spec_dev_deps} db: #{db_dev_deps}")
-      end
-
-      if deps_to_delete.present?
-        mis_match_versions += 1
-        total_deleted_deps += deps_to_delete.count
-        Rails.logger.info("[extraneous_dependencies:clean] deleting dependencies with ids: #{deps_to_delete}")
-        Dependency.destroy(deps_to_delete)
-
-        CompactIndexTasksHelper.update_last_checksum(version.rubygem, task)
-      end
-    rescue StandardError => e
-      errored += 1
-      Rails.logger.error("[extraneous_dependencies:clean] skipping #{version.inspect} - #{e.message}")
-    ensure
-      processed += 1
-    end
-
-    Rails.logger.info("[extraneous_dependencies:clean] #{total_deleted_deps} dependencies deleted")
-    Rails.logger.info("[extraneous_dependencies:clean] #{errored}/#{processed} errors")
-    Rails.logger.info("[extraneous_dependencies:clean] #{mis_match_versions}/#{processed} version mismatches " \
-                      "(run_deps: #{run_mis_match}, dev_deps: #{dev_mis_match})")
-  end
-end
diff --git a/lib/tasks/gemcutter.rake b/lib/tasks/gemcutter.rake
index 51987a3623c..c2e0c61935c 100644
--- a/lib/tasks/gemcutter.rake
+++ b/lib/tasks/gemcutter.rake
@@ -1,5 +1,3 @@
-require "tasks/helpers/gemcutter_tasks_helper"
-
 namespace :gemcutter do
   namespace :index do
     desc "Update the index"
@@ -26,84 +24,6 @@ namespace :gemcutter do
     end
   end
 
-  namespace :checksums do
-    desc "Initialize missing checksums."
-    task init: :environment do
-      without_sha256 = Version.where(sha256: nil)
-      mod = ENV["shard"]
-      without_sha256.where("id % 4 = ?", mod.to_i) if mod
-
-      total = without_sha256.count
-      i = 0
-      without_sha256.find_each do |version|
-        GemcutterTaskshelper.recalculate_sha256!(version)
-        i += 1
-        print format("\r%.2f%% (%d/%d) complete", i.to_f / total * 100.0, i, total)
-      end
-      puts
-      puts "Done."
-    end
-
-    desc "Check existing checksums."
-    task check: :environment do
-      failed = false
-      i = 0
-      total = Version.count
-      Version.find_each do |version|
-        actual_sha256 = GemcutterTaskshelper.recalculate_sha256(version.full_name)
-        if actual_sha256 && version.sha256 != actual_sha256
-          puts "#{version.full_name}.gem has sha256 '#{actual_sha256}', " \
-               "but '#{version.sha256}' was expected."
-          failed = true
-        end
-        i += 1
-        print format("\r%.2f%% (%d/%d) complete", i.to_f / total * 100.0, i, total)
-      end
-    end
-  end
-
-  namespace :metadata do
-    desc "Backfill old gem versions with metadata."
-    task backfill: :environment do
-      without_metadata = Version.where("metadata = ''")
-      mod = ENV["shard"]
-      without_metadata = without_metadata.where("id % 4 = ?", mod.to_i) if mod
-
-      total = without_metadata.count
-      i = 0
-      puts "Total: #{total}"
-      without_metadata.find_each do |version|
-        GemcutterTaskshelper.recalculate_metadata!(version)
-        i += 1
-        print format("\r%.2f%% (%d/%d) complete", i.to_f / total * 100.0, i, total)
-      end
-      puts
-      puts "Done."
-    end
-  end
-
-  namespace :required_ruby_version do
-    desc "Backfill gem versions with rubygems_version."
-    task backfill: :environment do
-      ActiveRecord::Base.logger.level = 1 if Rails.env.development?
-
-      without_required_ruby_version = Version.where("created_at < '2014-03-21' and required_ruby_version is null and indexed = true")
-      mod = ENV["shard"]
-      without_required_ruby_version = without_required_ruby_version.where("id % 4 = ?", mod.to_i) if mod
-
-      total = without_required_ruby_version.count
-      i = 0
-      puts "Total: #{total}"
-      without_required_ruby_version.find_each do |version|
-        GemcutterTaskshelper.assign_required_ruby_version!(version)
-        i += 1
-        print format("\r%.2f%% (%d/%d) complete", i.to_f / total * 100.0, i, total)
-      end
-      puts
-      puts "Done."
-    end
-  end
-
   namespace :typo do
     desc "Add names to gem typo exception list\nUsage: rake gemcutter:typo:exception[<gem_name>,<info>]"
     task :exception, %i[name info] => %i[environment] do |_task, args|
diff --git a/lib/tasks/helpers/gemcutter_tasks_helper.rb b/lib/tasks/helpers/gemcutter_tasks_helper.rb
deleted file mode 100644
index 77477f5dc69..00000000000
--- a/lib/tasks/helpers/gemcutter_tasks_helper.rb
+++ /dev/null
@@ -1,42 +0,0 @@
-module GemcutterTaskshelper
-  module_function
-
-  def recalculate_sha256(version_full_name)
-    key = "gems/#{version_full_name}.gem"
-    file = RubygemFs.instance.get(key)
-    Digest::SHA2.base64digest(file) if file
-  end
-
-  def recalculate_sha256!(version)
-    sha256 = recalculate_sha256(version.full_name)
-    version.update(sha256: sha256)
-  end
-
-  def recalculate_metadata!(version)
-    metadata = get_spec_attribute(version.full_name, "metadata")
-    version.update(metadata: metadata || {})
-  end
-
-  def assign_required_ruby_version!(version)
-    required_ruby_version = get_spec_attribute(version.full_name, "required_ruby_version")
-
-    return if required_ruby_version.nil? || required_ruby_version.to_s == ">= 0"
-    Rails.logger.info("[gemcutter:required_ruby_version:backfill] updating version: #{version.full_name} " \
-                      "with required_ruby_version: #{required_ruby_version}")
-
-    version.update_column(:required_ruby_version, required_ruby_version.to_s)
-    CompactIndexTasksHelper.update_last_checksum(version.rubygem, "gemcutter:required_ruby_version:backfill")
-  end
-
-  def get_spec_attribute(version_full_name, attribute_name)
-    key = "quick/Marshal.4.8/#{version_full_name}.gemspec.rz"
-    file = RubygemFs.instance.get(key)
-    return nil unless file
-    spec = Marshal.load(Gem::Util.inflate(file))
-    spec.send(attribute_name)
-  rescue StandardError => e
-    Rails.logger.info("[gemcutter:required_ruby_version:backfill] could not get required_ruby_version for version: #{version_full_name} " \
-                      "error: #{e.inspect}")
-    nil
-  end
-end

From 20f6e06980477a7de2ad76996dd665643b42c226 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Fri, 20 Sep 2024 15:30:22 -0700
Subject: [PATCH 211/381] Fix handling of missing jwt param (#5014)

* Fix handling of missing jwt param

Fixes TOB-RGM-10

* Validate correct error is returned

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

---------

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 .../api/v1/oidc/trusted_publisher_controller.rb    |  8 ++------
 .../v1/oidc/trusted_publisher_controller_test.rb   | 14 ++++++++++++++
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/app/controllers/api/v1/oidc/trusted_publisher_controller.rb b/app/controllers/api/v1/oidc/trusted_publisher_controller.rb
index 8e7967e25e7..3da6fe8d22e 100644
--- a/app/controllers/api/v1/oidc/trusted_publisher_controller.rb
+++ b/app/controllers/api/v1/oidc/trusted_publisher_controller.rb
@@ -44,9 +44,9 @@ def exchange_token
 
   def decode_jwt
     @jwt = JSON::JWT.decode_compact_serialized(params.permit(:jwt).require(:jwt), :skip_verification)
-  rescue JSON::JWT::InvalidFormat, JSON::ParserError, ArgumentError
+  rescue JSON::JWT::InvalidFormat, JSON::ParserError, ArgumentError => e
     # invalid base64 raises ArgumentError
-    render_bad_request
+    render_bad_request(e)
   end
 
   def validate_jwt_format
@@ -78,8 +78,4 @@ def find_trusted_publisher
   def validate_claims
     @trusted_publisher.to_access_policy(@jwt).verify_access!(@jwt)
   end
-
-  def render_bad_request
-    render json: { error: "Bad Request" }, status: :bad_request
-  end
 end
diff --git a/test/integration/api/v1/oidc/trusted_publisher_controller_test.rb b/test/integration/api/v1/oidc/trusted_publisher_controller_test.rb
index 453bd934a47..fa930577713 100644
--- a/test/integration/api/v1/oidc/trusted_publisher_controller_test.rb
+++ b/test/integration/api/v1/oidc/trusted_publisher_controller_test.rb
@@ -45,6 +45,20 @@ def jwt(claims = @claims, key: @pkey)
   end
 
   context "POST exchange_token" do
+    should "return invalid request with no JWT" do
+      post api_v1_oidc_trusted_publisher_exchange_token_path
+
+      assert_response :bad_request
+      assert_equal({ "error" => "Request is missing param 'jwt'" }, response.parsed_body)
+    end
+
+    should "return invalid request with integer JWT" do
+      post api_v1_oidc_trusted_publisher_exchange_token_path,
+        params: { jwt: 1 }
+
+      assert_response :bad_request
+    end
+
     should "return not found with no matching trusted publisher" do
       post api_v1_oidc_trusted_publisher_exchange_token_path,
         params: { jwt: jwt.to_s }

From 39ece2e5efae72ea0a62fbdcde0defa5ca6ed921 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 20 Sep 2024 17:15:45 -0700
Subject: [PATCH 212/381] Bump tailwindcss-rails from 2.7.4 to 2.7.5 (#5047)

Bumps [tailwindcss-rails](https://github.com/rails/tailwindcss-rails) from 2.7.4 to 2.7.5.
- [Release notes](https://github.com/rails/tailwindcss-rails/releases)
- [Changelog](https://github.com/rails/tailwindcss-rails/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/tailwindcss-rails/compare/v2.7.4...v2.7.5)

---
updated-dependencies:
- dependency-name: tailwindcss-rails
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 87cc7105f10..4ffd20cc125 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -726,7 +726,7 @@ GEM
       attr_required (>= 0.0.5)
       faraday (~> 2.0)
       faraday-follow_redirects
-    tailwindcss-rails (2.7.4)
+    tailwindcss-rails (2.7.5)
       railties (>= 7.0.0)
     terser (1.2.3)
       execjs (>= 0.3.0, < 3)
@@ -1188,7 +1188,7 @@ CHECKSUMS
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d
   strscan (3.1.0) sha256=01b8a81d214fbf7b5308c6fb51b5972bbfc4a6aa1f166fd3618ba97e0fcd5555
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
-  tailwindcss-rails (2.7.4) sha256=46731748bba06b4629f594ee3e103509fcb90ba8df672c7f791ece1a4761460d
+  tailwindcss-rails (2.7.5) sha256=eb005b80cfd3bd750381b9d449ae4cf9cfabaf53e59f9aad61ef0b0bbbd955e1
   terser (1.2.3) sha256=c03111b9b01a7e70cd456b5d9aedf0a56fb99314a19311c4278c01ccebe3da9c
   thor (1.3.2) sha256=eef0293b9e24158ccad7ab383ae83534b7ad4ed99c09f96f1a6b036550abbeda
   tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c

From 078120bc3a6ef72178670f4985f52e0c796e2595 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20V=C3=A1squez?= <juan@ombulabs.com>
Date: Fri, 20 Sep 2024 18:16:28 -0600
Subject: [PATCH 213/381] Add avo_sign_as helper (#5045)

Solves #4791
---
 test/application_system_test_case.rb       |  1 +
 test/helpers/avo_helpers.rb                | 24 ++++++++++++++
 test/system/avo/events_test.rb             | 25 ++-------------
 test/system/avo/manual_changes_test.rb     | 23 +-------------
 test/system/avo/oidc_api_key_roles_test.rb | 23 +-------------
 test/system/avo/oidc_providers_test.rb     | 23 +-------------
 test/system/avo/rubygems_test.rb           | 37 ++++------------------
 test/system/avo/sendgrid_events_test.rb    | 22 +------------
 test/system/avo/users_test.rb              | 35 ++++----------------
 test/system/avo/versions_test.rb           | 26 ++-------------
 test/system/avo/web_hooks_test.rb          | 22 +------------
 test/system/maintenance_tasks_test.rb      | 23 +-------------
 test/test_helper.rb                        |  1 +
 13 files changed, 50 insertions(+), 235 deletions(-)
 create mode 100644 test/helpers/avo_helpers.rb

diff --git a/test/application_system_test_case.rb b/test/application_system_test_case.rb
index ff04317430c..f0eb3df30d6 100644
--- a/test/application_system_test_case.rb
+++ b/test/application_system_test_case.rb
@@ -2,5 +2,6 @@
 
 class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
   include OauthHelpers
+  include AvoHelpers
   driven_by :selenium, using: :headless_chrome, screen_size: [1400, 1400]
 end
diff --git a/test/helpers/avo_helpers.rb b/test/helpers/avo_helpers.rb
new file mode 100644
index 00000000000..1927d7b4bf1
--- /dev/null
+++ b/test/helpers/avo_helpers.rb
@@ -0,0 +1,24 @@
+module AvoHelpers
+  def avo_sign_in_as(user)
+    OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new(
+      provider: "github",
+      uid: "1",
+      credentials: {
+        token: user.oauth_token,
+        expires: false
+      },
+      info: {
+        name: user.login
+      }
+    )
+
+    @ip_address = create(:ip_address, ip_address: "127.0.0.1")
+
+    stub_github_info_request(user.info_data)
+
+    visit avo.root_path
+    click_button "Log in with GitHub"
+
+    page.assert_text user.login
+  end
+end
diff --git a/test/system/avo/events_test.rb b/test/system/avo/events_test.rb
index 31ecf3e9565..1e493143415 100644
--- a/test/system/avo/events_test.rb
+++ b/test/system/avo/events_test.rb
@@ -5,29 +5,8 @@ class Avo::EventsSystemTest < ApplicationSystemTestCase
 
   include ActiveJob::TestHelper
 
-  def sign_in_as(user)
-    OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new(
-      provider: "github",
-      uid: "1",
-      credentials: {
-        token: user.oauth_token,
-        expires: false
-      },
-      info: {
-        name: user.login
-      }
-    )
-    @ip_address = create(:ip_address, ip_address: "127.0.0.1")
-    stub_github_info_request(user.info_data)
-
-    visit avo.root_path
-    click_button "Log in with GitHub"
-
-    page.assert_text user.login
-  end
-
   test "user events" do
-    sign_in_as(create(:admin_github_user, :is_admin))
+    avo_sign_in_as(create(:admin_github_user, :is_admin))
 
     visit avo.root_path
     click_link "Events user events"
@@ -46,7 +25,7 @@ def sign_in_as(user)
   end
 
   test "rubygem events" do
-    sign_in_as(create(:admin_github_user, :is_admin))
+    avo_sign_in_as(create(:admin_github_user, :is_admin))
 
     visit avo.root_path
     click_link "Events rubygem events"
diff --git a/test/system/avo/manual_changes_test.rb b/test/system/avo/manual_changes_test.rb
index ad990b0bf1a..9db82895c35 100644
--- a/test/system/avo/manual_changes_test.rb
+++ b/test/system/avo/manual_changes_test.rb
@@ -3,30 +3,9 @@
 class Avo::ManualChangesSystemTest < ApplicationSystemTestCase
   make_my_diffs_pretty!
 
-  def sign_in_as(user)
-    OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new(
-      provider: "github",
-      uid: "1",
-      credentials: {
-        token: user.oauth_token,
-        expires: false
-      },
-      info: {
-        name: user.login
-      }
-    )
-
-    stub_github_info_request(user.info_data)
-
-    visit avo.root_path
-    click_button "Log in with GitHub"
-
-    page.assert_text user.login
-  end
-
   test "auditing changes" do
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
 
     Admin::LogTicketPolicy.any_instance.stubs(:avo_create?).returns(true)
     Admin::LogTicketPolicy.any_instance.stubs(:avo_update?).returns(true)
diff --git a/test/system/avo/oidc_api_key_roles_test.rb b/test/system/avo/oidc_api_key_roles_test.rb
index 26ddc401784..23f14311153 100644
--- a/test/system/avo/oidc_api_key_roles_test.rb
+++ b/test/system/avo/oidc_api_key_roles_test.rb
@@ -3,30 +3,9 @@
 class Avo::OIDCApiKeyRolesSystemTest < ApplicationSystemTestCase
   make_my_diffs_pretty!
 
-  def sign_in_as(user)
-    OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new(
-      provider: "github",
-      uid: "1",
-      credentials: {
-        token: user.oauth_token,
-        expires: false
-      },
-      info: {
-        name: user.login
-      }
-    )
-
-    stub_github_info_request(user.info_data)
-
-    visit avo.root_path
-    click_button "Log in with GitHub"
-
-    page.assert_text user.login
-  end
-
   test "manually changing roles" do
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
 
     provider = create(:oidc_provider)
     user = create(:user)
diff --git a/test/system/avo/oidc_providers_test.rb b/test/system/avo/oidc_providers_test.rb
index 8b91d0ecaf0..a3d56d9462a 100644
--- a/test/system/avo/oidc_providers_test.rb
+++ b/test/system/avo/oidc_providers_test.rb
@@ -3,30 +3,9 @@
 class Avo::OIDCProvidersSystemTest < ApplicationSystemTestCase
   make_my_diffs_pretty!
 
-  def sign_in_as(user)
-    OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new(
-      provider: "github",
-      uid: "1",
-      credentials: {
-        token: user.oauth_token,
-        expires: false
-      },
-      info: {
-        name: user.login
-      }
-    )
-
-    stub_github_info_request(user.info_data)
-
-    visit avo.root_path
-    click_button "Log in with GitHub"
-
-    page.assert_text user.login
-  end
-
   test "refreshing provider" do
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
 
     provider = create(:oidc_provider, issuer: "https://token.actions.githubusercontent.com", configuration: nil, jwks: nil)
 
diff --git a/test/system/avo/rubygems_test.rb b/test/system/avo/rubygems_test.rb
index b79ccc0ee3f..2356068849a 100644
--- a/test/system/avo/rubygems_test.rb
+++ b/test/system/avo/rubygems_test.rb
@@ -5,32 +5,9 @@ class Avo::RubygemsSystemTest < ApplicationSystemTestCase
 
   include ActiveJob::TestHelper
 
-  def sign_in_as(user)
-    OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new(
-      provider: "github",
-      uid: "1",
-      credentials: {
-        token: user.oauth_token,
-        expires: false
-      },
-      info: {
-        name: user.login
-      }
-    )
-
-    create(:ip_address, ip_address: "127.0.0.1")
-
-    stub_github_info_request(user.info_data)
-
-    visit avo.root_path
-    click_button "Log in with GitHub"
-
-    page.assert_text user.login
-  end
-
   test "release reserved namespace" do
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
 
     rubygem = create(:rubygem, created_at: 40.days.ago)
     rubygem_attributes = rubygem.attributes.with_indifferent_access
@@ -88,7 +65,7 @@ def sign_in_as(user)
   test "Yank a rubygem" do
     Minitest::Test.make_my_diffs_pretty!
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
 
     security_user = create(:user, email: "security@rubygems.org")
     rubygem = create(:rubygem)
@@ -163,7 +140,7 @@ def sign_in_as(user)
 
   test "Yank all version of rubygem" do
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
 
     security_user = create(:user, email: "security@rubygems.org")
     rubygem = create(:rubygem)
@@ -252,7 +229,7 @@ def sign_in_as(user)
 
   test "add owner" do
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
 
     security_user = create(:user, email: "security@rubygems.org")
     rubygem = create(:rubygem)
@@ -332,7 +309,7 @@ def sign_in_as(user)
 
   test "upload versions file" do
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
 
     visit avo.resources_rubygems_path
 
@@ -353,7 +330,7 @@ def sign_in_as(user)
 
   test "upload names file" do
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
 
     visit avo.resources_rubygems_path
 
@@ -374,7 +351,7 @@ def sign_in_as(user)
 
   test "upload info file" do
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
 
     version = create(:version)
     visit avo.resources_rubygem_path(version.rubygem)
diff --git a/test/system/avo/sendgrid_events_test.rb b/test/system/avo/sendgrid_events_test.rb
index 01d309c0e25..363742cb49c 100644
--- a/test/system/avo/sendgrid_events_test.rb
+++ b/test/system/avo/sendgrid_events_test.rb
@@ -3,29 +3,9 @@
 class Avo::SendgridEventsSystemTest < ApplicationSystemTestCase
   include ActiveJob::TestHelper
 
-  def sign_in_as(user)
-    OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new(
-      provider: "github",
-      uid: "1",
-      credentials: {
-        token: user.oauth_token,
-        expires: false
-      },
-      info: {
-        name: user.login
-      }
-    )
-    stub_github_info_request(user.info_data)
-
-    visit avo.root_path
-    click_button "Log in with GitHub"
-
-    page.assert_text user.login
-  end
-
   test "search for event" do
     user = FactoryBot.create(:admin_github_user, :is_admin)
-    sign_in_as(user)
+    avo_sign_in_as(user)
 
     visit avo.resources_sendgrid_events_path
 
diff --git a/test/system/avo/users_test.rb b/test/system/avo/users_test.rb
index 3c04bc1a8a8..0c8d6b6a015 100644
--- a/test/system/avo/users_test.rb
+++ b/test/system/avo/users_test.rb
@@ -5,31 +5,10 @@ class Avo::UsersSystemTest < ApplicationSystemTestCase
 
   include ActiveJob::TestHelper
 
-  def sign_in_as(user)
-    OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new(
-      provider: "github",
-      uid: "1",
-      credentials: {
-        token: user.oauth_token,
-        expires: false
-      },
-      info: {
-        name: user.login
-      }
-    )
-    @ip_address = create(:ip_address, ip_address: "127.0.0.1")
-    stub_github_info_request(user.info_data)
-
-    visit avo.root_path
-    click_button "Log in with GitHub"
-
-    page.assert_text user.login
-  end
-
   test "reset mfa" do
     Minitest::Test.make_my_diffs_pretty!
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
 
     user = create(:user)
     user.enable_totp!(ROTP::Base32.random_base32, :ui_and_api)
@@ -102,7 +81,7 @@ def sign_in_as(user)
   test "block user" do
     Minitest::Test.make_my_diffs_pretty!
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
 
     user = create(:user)
     user.enable_totp!(ROTP::Base32.random_base32, :ui_and_api)
@@ -200,7 +179,7 @@ def sign_in_as(user)
   test "reset api key" do
     perform_enqueued_jobs do
       admin_user = create(:admin_github_user, :is_admin)
-      sign_in_as admin_user
+      avo_sign_in_as admin_user
 
       user = create(:user)
       user_attributes = user.attributes.with_indifferent_access
@@ -267,7 +246,7 @@ def sign_in_as(user)
 
   test "Yank rubygems" do
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
     security_user = create(:user, email: "security@rubygems.org")
 
     ownership = create(:ownership)
@@ -366,7 +345,7 @@ def sign_in_as(user)
 
   test "yank user" do
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
     security_user = create(:user, email: "security@rubygems.org")
 
     user = create(:user)
@@ -510,7 +489,7 @@ def sign_in_as(user)
   test "change user email" do
     perform_enqueued_jobs do
       admin_user = create(:admin_github_user, :is_admin)
-      sign_in_as admin_user
+      avo_sign_in_as admin_user
 
       user = create(:user)
       user_attributes = user.attributes.with_indifferent_access
@@ -588,7 +567,7 @@ def sign_in_as(user)
 
   test "create user" do
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
 
     visit avo.resources_users_path
 
diff --git a/test/system/avo/versions_test.rb b/test/system/avo/versions_test.rb
index 69a9d8c0934..1e7842843a9 100644
--- a/test/system/avo/versions_test.rb
+++ b/test/system/avo/versions_test.rb
@@ -5,31 +5,9 @@ class Avo::VersionsSystemTest < ApplicationSystemTestCase
 
   include ActiveJob::TestHelper
 
-  def sign_in_as(user)
-    OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new(
-      provider: "github",
-      uid: "1",
-      credentials: {
-        token: user.oauth_token,
-        expires: false
-      },
-      info: {
-        name: user.login
-      }
-    )
-
-    @ip_address = create(:ip_address, ip_address: "127.0.0.1")
-    stub_github_info_request(user.info_data)
-
-    visit avo.root_path
-    click_button "Log in with GitHub"
-
-    page.assert_text user.login
-  end
-
   test "restore a rubygem version" do
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
 
     rubygem = create(:rubygem)
     version = create(:version, rubygem: rubygem)
@@ -139,7 +117,7 @@ def sign_in_as(user)
 
   test "run afer version write job" do
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
 
     rubygem = create(:rubygem, owners: [create(:user)])
     version = create(:version, rubygem: rubygem)
diff --git a/test/system/avo/web_hooks_test.rb b/test/system/avo/web_hooks_test.rb
index 58a3ad99824..bbc2c22ca7b 100644
--- a/test/system/avo/web_hooks_test.rb
+++ b/test/system/avo/web_hooks_test.rb
@@ -3,30 +3,10 @@
 class Avo::WebHooksSystemTest < ApplicationSystemTestCase
   include ActiveJob::TestHelper
 
-  def sign_in_as(user)
-    OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new(
-      provider: "github",
-      uid: "1",
-      credentials: {
-        token: user.oauth_token,
-        expires: false
-      },
-      info: {
-        name: user.login
-      }
-    )
-    stub_github_info_request(user.info_data)
-
-    visit avo.root_path
-    click_button "Log in with GitHub"
-
-    page.assert_text user.login
-  end
-
   test "delete webhook" do
     Minitest::Test.make_my_diffs_pretty!
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
 
     web_hook = create(:global_web_hook)
 
diff --git a/test/system/maintenance_tasks_test.rb b/test/system/maintenance_tasks_test.rb
index 5a07054de2f..207ea25cb7c 100644
--- a/test/system/maintenance_tasks_test.rb
+++ b/test/system/maintenance_tasks_test.rb
@@ -5,30 +5,9 @@ class MaintenanceTasksTest < ApplicationSystemTestCase
 
   include ActiveJob::TestHelper
 
-  def sign_in_as(user)
-    OmniAuth.config.mock_auth[:github] = OmniAuth::AuthHash.new(
-      provider: "github",
-      uid: "1",
-      credentials: {
-        token: user.oauth_token,
-        expires: false
-      },
-      info: {
-        name: user.login
-      }
-    )
-
-    stub_github_info_request(user.info_data)
-
-    visit admin_maintenance_tasks.root_path
-    click_button "Log in with GitHub"
-
-    page.assert_text "Maintenance Tasks"
-  end
-
   test "auditing create run" do
     admin_user = create(:admin_github_user, :is_admin)
-    sign_in_as admin_user
+    avo_sign_in_as admin_user
 
     visit admin_maintenance_tasks.root_path
     click_on "Maintenance::UserTotpSeedEmptyToNilTask"
diff --git a/test/test_helper.rb b/test/test_helper.rb
index a9965a35de9..db501610808 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -33,6 +33,7 @@
 require "helpers/policy_helpers"
 require "helpers/webauthn_helpers"
 require "helpers/oauth_helpers"
+require "helpers/avo_helpers"
 require "webmock/minitest"
 require "phlex/testing/rails/view_helper"
 

From 631b9bb95a55ab1508bf6e66de99268f15be739f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Sep 2024 09:34:47 -0700
Subject: [PATCH 214/381] Bump aws-sdk-sqs from 1.83.0 to 1.84.0 (#5059)

Bumps [aws-sdk-sqs](https://github.com/aws/aws-sdk-ruby) from 1.83.0 to 1.84.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-sqs/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-sqs
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Gemfile b/Gemfile
index 76ffb8d2a4a..8b052277e30 100644
--- a/Gemfile
+++ b/Gemfile
@@ -6,7 +6,7 @@ gem "rails", "~> 7.1.0", ">= 7.1.3.2"
 gem "rails-i18n", "~> 7.0"
 
 gem "aws-sdk-s3", "~> 1.163"
-gem "aws-sdk-sqs", "~> 1.83"
+gem "aws-sdk-sqs", "~> 1.84"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
 gem "dalli", "~> 3.2"
diff --git a/Gemfile.lock b/Gemfile.lock
index 4ffd20cc125..73681fa626b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -111,7 +111,7 @@ GEM
     awrence (1.2.1)
     aws-eventstream (1.3.0)
     aws-partitions (1.977.0)
-    aws-sdk-core (3.206.0)
+    aws-sdk-core (3.207.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.9)
@@ -123,8 +123,8 @@ GEM
       aws-sdk-core (~> 3, >= 3.205.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
-    aws-sdk-sqs (1.83.0)
-      aws-sdk-core (~> 3, >= 3.205.0)
+    aws-sdk-sqs (1.84.0)
+      aws-sdk-core (~> 3, >= 3.207.0)
       aws-sigv4 (~> 1.5)
     aws-sigv4 (1.10.0)
       aws-eventstream (~> 1, >= 1.0.2)
@@ -805,7 +805,7 @@ DEPENDENCIES
   autoprefixer-rails (~> 10.4)
   avo (~> 2.53)
   aws-sdk-s3 (~> 1.163)
-  aws-sdk-sqs (~> 1.83)
+  aws-sdk-sqs (~> 1.84)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
   bootsnap (~> 1.18)
@@ -942,10 +942,10 @@ CHECKSUMS
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
   aws-partitions (1.977.0) sha256=fd9c6b7301b4f54bb810c1c511479700aa39167f7d9faa01bb22d1fd4b434042
-  aws-sdk-core (3.206.0) sha256=90fdf40de8ca483b533635fca64aa718bcd98ae407489dca3881b054a0c62cf0
+  aws-sdk-core (3.207.0) sha256=45d378d8396f5c5ea25b55c5230a43acf39c619f40afdf76734638fb237406b4
   aws-sdk-kms (1.91.0) sha256=b56d06e737541d71cec59f3c81d6ff35179da8ff63535208533c3ba99ea4d84f
   aws-sdk-s3 (1.163.0) sha256=d46a3d67c69a73748a2e21a7d4ae7d2a6995920ae28c4ecf8b09c6829dbbcb1e
-  aws-sdk-sqs (1.83.0) sha256=03c7bbe3385eab469c7b06dd86ad800521b4e922f745fdd46135764801c57775
+  aws-sdk-sqs (1.84.0) sha256=dd12f9254a493089f516b75fc2dcce9aac625123ffc370ed6efdcb276fb26e67
   aws-sigv4 (1.10.0) sha256=159b113dc93f9fa5a13603a8bd09eab54a9a0e8f98e606b47f1cee504780df9c
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507
   bcrypt (3.1.20) sha256=8410f8c7b3ed54a3c00cd2456bf13917d695117f033218e2483b2e40b0784099

From e19e7d6266807da09a0cbcc52120f04b8536fcb1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Sep 2024 09:34:56 -0700
Subject: [PATCH 215/381] Bump selenium-webdriver from 4.24.0 to 4.25.0 (#5060)

Bumps [selenium-webdriver](https://github.com/SeleniumHQ/selenium) from 4.24.0 to 4.25.0.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.24.0...selenium-4.25.0)

---
updated-dependencies:
- dependency-name: selenium-webdriver
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 13 +++++--------
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/Gemfile b/Gemfile
index 8b052277e30..2b57a3f7176 100644
--- a/Gemfile
+++ b/Gemfile
@@ -136,7 +136,7 @@ group :test do
   gem "mocha", "~> 2.4", require: false
   gem "shoulda-context", "~> 3.0.0.rc1"
   gem "shoulda-matchers", "~> 6.4"
-  gem "selenium-webdriver", "~> 4.24"
+  gem "selenium-webdriver", "~> 4.25"
   gem "webmock", "~> 3.23"
   gem "simplecov", "~> 0.22", require: false
   gem "simplecov-cobertura", "~> 2.1", require: false
diff --git a/Gemfile.lock b/Gemfile.lock
index 73681fa626b..20f38993975 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -602,8 +602,7 @@ GEM
     regexp_parser (2.9.2)
     reline (0.5.10)
       io-console (~> 0.5)
-    rexml (3.3.6)
-      strscan
+    rexml (3.3.7)
     roadie (5.2.1)
       css_parser (~> 1.4)
       nokogiri (~> 1.15)
@@ -678,7 +677,7 @@ GEM
     searchkick (5.4.0)
       activemodel (>= 6.1)
       hashie
-    selenium-webdriver (4.24.0)
+    selenium-webdriver (4.25.0)
       base64 (~> 0.2)
       logger (~> 1.4)
       rexml (~> 3.2, >= 3.2.5)
@@ -720,7 +719,6 @@ GEM
     stringio (3.1.1)
     strong_migrations (2.0.0)
       activerecord (>= 6.1)
-    strscan (3.1.0)
     swd (2.0.3)
       activesupport (>= 3)
       attr_required (>= 0.0.5)
@@ -893,7 +891,7 @@ DEPENDENCIES
   rubocop-rails (~> 2.25)
   ruby-magic (~> 0.6)
   searchkick (~> 5.4)
-  selenium-webdriver (~> 4.24)
+  selenium-webdriver (~> 4.25)
   shoryuken (~> 6.2)
   shoulda-context (~> 3.0.0.rc1)
   shoulda-matchers (~> 6.4)
@@ -1138,7 +1136,7 @@ CHECKSUMS
   redcarpet (3.6.0) sha256=8ad1889c0355ff4c47174af14edd06d62f45a326da1da6e8a121d59bdcd2e9e9
   regexp_parser (2.9.2) sha256=5a27e767ad634f8a4b544520d5cd28a0db7aa1198a5d7c9d7e11d7b3d9066446
   reline (0.5.10) sha256=1660c969a792ebd034e6ceee8ca628f3b6698dcdb34f7a282a5edda37b958166
-  rexml (3.3.6) sha256=7af0459d108dfd6ffa7d38c67c8464e200f5c9d476d4c6a3d1899e92808d63c6
+  rexml (3.3.7) sha256=62a3a4d288ace18830ad6ca8aba845037d231c4f8cb481ba270ca1b75b605027
   roadie (5.2.1) sha256=e4a4f61ce792bd91b228b6844b4bad6b160cdc1b8df86c81a8b983082a5001d6
   roadie-rails (3.2.0) sha256=90a534857fcfe9fdbe4f9ebfdbc47e5d33462c4f36f478fc80ba6a7b6257433f
   rotp (6.3.0) sha256=75d40087e65ed0d8022c33055a6306c1c400d1c12261932533b5d6cbcd868854
@@ -1168,7 +1166,7 @@ CHECKSUMS
   sassc-embedded (1.70.1) sha256=a95172c9c6725dfc412c702a0e705fb8a5bcb3aac2a32586b18e5432987103d3
   sawyer (0.9.2) sha256=fa3a72d62a4525517b18857ddb78926aab3424de0129be6772a8e2ba240e7aca
   searchkick (5.4.0) sha256=75d7256d3ec2af2dc11c2ba8160c86d80451f3f86447aae2ace1f79553de0bf3
-  selenium-webdriver (4.24.0) sha256=00c878b8a9125a51a585e7ad8fdc9c2ef188b3f346e335c92005d9e0ccc53926
+  selenium-webdriver (4.25.0) sha256=7e11abf2b0fd56df61d98b6d59d621781cf103261d941df3510837547bd4a0d5
   semantic (1.6.1) sha256=3cdbb48f59198ebb782a3fdfb87b559e0822a311610db153bae22777a7d0c163
   semantic_logger (4.16.0) sha256=ffba0bd0e008ceaf6be26da588f610a61208b9a9f55676b32729e962904023d9
   shoryuken (6.2.1) sha256=95ddc0a717624a54e799d25a0a05100cb5a0c3728a96211935c214faaf16b3b6
@@ -1186,7 +1184,6 @@ CHECKSUMS
   stimulus-rails (1.3.4) sha256=765676ffa1f33af64ce026d26b48e8ffb2e0b94e0f50e9119e11d6107d67cb06
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d
-  strscan (3.1.0) sha256=01b8a81d214fbf7b5308c6fb51b5972bbfc4a6aa1f166fd3618ba97e0fcd5555
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
   tailwindcss-rails (2.7.5) sha256=eb005b80cfd3bd750381b9d449ae4cf9cfabaf53e59f9aad61ef0b0bbbd955e1
   terser (1.2.3) sha256=c03111b9b01a7e70cd456b5d9aedf0a56fb99314a19311c4278c01ccebe3da9c

From 9d65a5d7a4f8bbb3a4ddfc658d02c10cc4607ef4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Sep 2024 09:35:13 -0700
Subject: [PATCH 216/381] Bump dogstatsd-ruby from 5.6.1 to 5.6.2 (#5062)

Bumps [dogstatsd-ruby](https://github.com/DataDog/dogstatsd-ruby) from 5.6.1 to 5.6.2.
- [Release notes](https://github.com/DataDog/dogstatsd-ruby/releases)
- [Changelog](https://github.com/DataDog/dogstatsd-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/DataDog/dogstatsd-ruby/compare/v5.6.1...v5.6.2)

---
updated-dependencies:
- dependency-name: dogstatsd-ruby
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 2b57a3f7176..08d7e358579 100644
--- a/Gemfile
+++ b/Gemfile
@@ -11,7 +11,7 @@ gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
 gem "dalli", "~> 3.2"
 gem "datadog", "~> 2.3"
-gem "dogstatsd-ruby", "~> 5.5"
+gem "dogstatsd-ruby", "~> 5.6"
 gem "google-protobuf", "~> 4.28"
 gem "faraday", "~> 2.12"
 gem "faraday-retry", "~> 2.2"
diff --git a/Gemfile.lock b/Gemfile.lock
index 20f38993975..cd67685dc8e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -221,7 +221,7 @@ GEM
     discard (1.3.0)
       activerecord (>= 4.2, < 8)
     docile (1.4.1)
-    dogstatsd-ruby (5.6.1)
+    dogstatsd-ruby (5.6.2)
     domain_name (0.6.20240107)
     dotenv (3.1.4)
     dotenv-rails (3.1.4)
@@ -820,7 +820,7 @@ DEPENDENCIES
   datadog-ci (~> 1.5)
   derailed_benchmarks (~> 2.1)
   discard (~> 1.3)
-  dogstatsd-ruby (~> 5.5)
+  dogstatsd-ruby (~> 5.6)
   dotenv-rails (~> 3.1)
   factory_bot_rails (~> 6.4)
   faraday (~> 2.12)
@@ -985,7 +985,7 @@ CHECKSUMS
   diff-lcs (1.5.1) sha256=273223dfb40685548436d32b4733aa67351769c7dea621da7d9dd4813e63ddfe
   discard (1.3.0) sha256=55218997ca4dc11f0594f1bb2d1196c4a959ceb562f1ab6490130233598dda67
   docile (1.4.1) sha256=96159be799bfa73cdb721b840e9802126e4e03dfc26863db73647204c727f21e
-  dogstatsd-ruby (5.6.1) sha256=615dd1328c57ab66fb48cbf83b38ce2060d8353707be0bc3deb0ae960a659982
+  dogstatsd-ruby (5.6.2) sha256=3d952a2415e382fd91059f1c9c6a1fc5dde354fa39266ae47a38c2b518424db1
   domain_name (0.6.20240107) sha256=5f693b2215708476517479bf2b3802e49068ad82167bcd2286f899536a17d933
   dotenv (3.1.4) sha256=6dc502e718ea0d3542673345da05c7a69039840898e251757adb3405d2b35629
   dotenv-rails (3.1.4) sha256=a7d75f6ab3cc7f1b28e7deb0462efb155878e4e87ce3cc6e42ce35bea61c6fe4

From b0aae353f9952ff28ae73a1f0aea3eaefdc2d0ef Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Sep 2024 10:22:20 -0700
Subject: [PATCH 217/381] Bump datadog-ci from 1.5.0 to 1.6.0 (#5063)

Bumps [datadog-ci](https://github.com/DataDog/datadog-ci-rb) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/DataDog/datadog-ci-rb/releases)
- [Changelog](https://github.com/DataDog/datadog-ci-rb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/DataDog/datadog-ci-rb/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: datadog-ci
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 08d7e358579..1400ce39f14 100644
--- a/Gemfile
+++ b/Gemfile
@@ -126,7 +126,7 @@ group :development do
 end
 
 group :test do
-  gem "datadog-ci", "~> 1.5"
+  gem "datadog-ci", "~> 1.6"
   gem "minitest", "~> 5.25", require: false
   gem "minitest-retry", "~> 0.2.3"
   gem "capybara", "~> 3.40"
diff --git a/Gemfile.lock b/Gemfile.lock
index cd67685dc8e..b05d6ae7f72 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -199,7 +199,7 @@ GEM
       libdatadog (~> 11.0.0.1.0)
       libddwaf (~> 1.14.0.0.0)
       msgpack
-    datadog-ci (1.5.0)
+    datadog-ci (1.6.0)
       datadog (~> 2.3)
       msgpack
     date (3.3.4)
@@ -817,7 +817,7 @@ DEPENDENCIES
   dalli (~> 3.2)
   dartsass-sprockets (~> 3.1)
   datadog (~> 2.3)
-  datadog-ci (~> 1.5)
+  datadog-ci (~> 1.6)
   derailed_benchmarks (~> 2.1)
   discard (~> 1.3)
   dogstatsd-ruby (~> 5.6)
@@ -977,7 +977,7 @@ CHECKSUMS
   dalli (3.2.8) sha256=2e63595084d91fae2655514a02c5d4fc0f16c0799893794abe23bf628bebaaa5
   dartsass-sprockets (3.1.0) sha256=c238ec9f7f496489ac5a7813cd1f83d1e077a1826921acefc7e290a521b7a20a
   datadog (2.3.0) sha256=28e28a48dafa4c553ba32b9c4ffe0a9aa40a9795f024279e505b255b84908566
-  datadog-ci (1.5.0) sha256=e5fabfb624714a45916d5fec096ddd906bc07d45193e8f96a8b8355e46d15e2f
+  datadog-ci (1.6.0) sha256=f0e5f3800ee2ece32841feaea6e94af46022a8667d708c217a259dc17066de18
   date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
   dead_end (4.0.0) sha256=695c8438993bb4c5415b1618a1b6e0afcae849ef2812fb8cb3846723904307eb
   debase-ruby_core_source (3.3.1) sha256=ed904cae290edf0cf274ad707f8981bf1cefad8081e78d4bb71be2a483bc2c08

From a76189cd9f02eec717393dfa2a1a65605a4fef8e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Sep 2024 10:22:28 -0700
Subject: [PATCH 218/381] Bump aws-sdk-s3 from 1.163.0 to 1.164.0 (#5061)

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.163.0 to 1.164.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Gemfile b/Gemfile
index 1400ce39f14..1b30c5ab600 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,7 +5,7 @@ ruby file: ".ruby-version"
 gem "rails", "~> 7.1.0", ">= 7.1.3.2"
 gem "rails-i18n", "~> 7.0"
 
-gem "aws-sdk-s3", "~> 1.163"
+gem "aws-sdk-s3", "~> 1.164"
 gem "aws-sdk-sqs", "~> 1.84"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
diff --git a/Gemfile.lock b/Gemfile.lock
index b05d6ae7f72..cf7e7d425f1 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -116,11 +116,11 @@ GEM
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.9)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.91.0)
-      aws-sdk-core (~> 3, >= 3.205.0)
+    aws-sdk-kms (1.92.0)
+      aws-sdk-core (~> 3, >= 3.207.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.163.0)
-      aws-sdk-core (~> 3, >= 3.205.0)
+    aws-sdk-s3 (1.164.0)
+      aws-sdk-core (~> 3, >= 3.207.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
     aws-sdk-sqs (1.84.0)
@@ -802,7 +802,7 @@ DEPENDENCIES
   amazing_print (~> 1.6)
   autoprefixer-rails (~> 10.4)
   avo (~> 2.53)
-  aws-sdk-s3 (~> 1.163)
+  aws-sdk-s3 (~> 1.164)
   aws-sdk-sqs (~> 1.84)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
@@ -941,8 +941,8 @@ CHECKSUMS
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
   aws-partitions (1.977.0) sha256=fd9c6b7301b4f54bb810c1c511479700aa39167f7d9faa01bb22d1fd4b434042
   aws-sdk-core (3.207.0) sha256=45d378d8396f5c5ea25b55c5230a43acf39c619f40afdf76734638fb237406b4
-  aws-sdk-kms (1.91.0) sha256=b56d06e737541d71cec59f3c81d6ff35179da8ff63535208533c3ba99ea4d84f
-  aws-sdk-s3 (1.163.0) sha256=d46a3d67c69a73748a2e21a7d4ae7d2a6995920ae28c4ecf8b09c6829dbbcb1e
+  aws-sdk-kms (1.92.0) sha256=0819e57d70ead902ddea9ac1cbc1f114f6636f0f38454c1a9377380afe19aa5e
+  aws-sdk-s3 (1.164.0) sha256=31d578e28bc51675652db4d9dfc1b1a28745a86690ec74cd2266e48146dacdce
   aws-sdk-sqs (1.84.0) sha256=dd12f9254a493089f516b75fc2dcce9aac625123ffc370ed6efdcb276fb26e67
   aws-sigv4 (1.10.0) sha256=159b113dc93f9fa5a13603a8bd09eab54a9a0e8f98e606b47f1cee504780df9c
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507

From 1e45f0dc0ea23df28d1435a2679a144dfcbe15ca Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Mon, 23 Sep 2024 17:11:39 -0700
Subject: [PATCH 219/381] Update frizbee action (#5065)

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 .github/workflows/lint.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index eae9bc63c4d..ff671393216 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -74,13 +74,13 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: segiddins/frizbee-action@850cb44d2b091a22d542a608191f477a243a647d # segiddins/run-in-place
+      - uses: segiddins/frizbee-action@c162fdaa6c73525a577d2d6eb193683dfc9ba2be # segiddins/run-in-place
         env:
           GITHUB_TOKEN: ${{ github.token }}
         with:
-          actions: '[".github/workflows", ".github/actions"]'
+          action_paths: '[".github/workflows", ".github/actions"]'
           dockerfiles: '["./Dockerfile", ".devcontainer/Dockerfile"]'
           docker_compose: '["./docker-compose.yml", ".devcontainer/docker-compose.yml"]'
           fail_on_unpinned: true
           open_pr: false
-          in_place: true
+          repo_root: "."

From 04f76b103e2cc335cb77216d437c5071853a38dd Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Tue, 24 Sep 2024 06:48:23 -0700
Subject: [PATCH 220/381] Remove unused pattern constant (#5054)

---
 lib/patterns.rb            | 1 -
 test/unit/patterns_test.rb | 4 ----
 2 files changed, 5 deletions(-)

diff --git a/lib/patterns.rb b/lib/patterns.rb
index edde659b41f..4b3a2674340 100644
--- a/lib/patterns.rb
+++ b/lib/patterns.rb
@@ -1,7 +1,6 @@
 module Patterns
   extend ActiveSupport::Concern
 
-  JAVA_HTTP_USER_AGENT  = /^java/i
   SPECIAL_CHARACTERS    = ".-_".freeze
   ALLOWED_CHARACTERS    = "[A-Za-z0-9#{Regexp.escape(SPECIAL_CHARACTERS)}]+".freeze
   ROUTE_PATTERN         = /#{ALLOWED_CHARACTERS}(?<!\.gem)/
diff --git a/test/unit/patterns_test.rb b/test/unit/patterns_test.rb
index 1d51fef7228..b8cbf99782d 100644
--- a/test/unit/patterns_test.rb
+++ b/test/unit/patterns_test.rb
@@ -3,10 +3,6 @@
 require "test_helper"
 
 class PatternsTest < ActiveSupport::TestCase
-  test "JAVA_HTTP_USER_AGENT is linear" do
-    assert Regexp.linear_time?(Patterns::JAVA_HTTP_USER_AGENT)
-  end
-
   test "ROUTE_PATTERN is linear" do
     assert Regexp.linear_time?(Patterns::ROUTE_PATTERN)
   end

From 49db490c82480baa9642861c4319762b1c3589c6 Mon Sep 17 00:00:00 2001
From: Colby Swandale <996377+colby-swandale@users.noreply.github.com>
Date: Wed, 25 Sep 2024 01:04:35 +1000
Subject: [PATCH 221/381] Disable Honeybadger & Datadog in local environments
 (#5035)

* Disable Honeybadger & Datadog in local envs

* Fixup typo
---
 config/initializers/datadog.rb     | 4 +++-
 config/initializers/honeybadger.rb | 7 ++-----
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/config/initializers/datadog.rb b/config/initializers/datadog.rb
index 054e801cb57..9681e9c18aa 100644
--- a/config/initializers/datadog.rb
+++ b/config/initializers/datadog.rb
@@ -1,5 +1,7 @@
 require "app_revision"
 
+return if Rails.env.local? # Don't enable Datadog in local Development & Test environments
+
 Datadog.configure do |c|
   # unified service tagging
 
@@ -9,7 +11,7 @@
 
   # Enabling datadog functionality
 
-  enabled = !Rails.env.local? && ENV["DD_AGENT_HOST"].present? && !defined?(Rails::Console)
+  enabled = ENV["DD_AGENT_HOST"].present? && !defined?(Rails::Console)
   c.runtime_metrics.enabled = enabled
   c.profiling.enabled = enabled
   c.tracing.enabled = enabled
diff --git a/config/initializers/honeybadger.rb b/config/initializers/honeybadger.rb
index 4e3657d1707..cf96d851c43 100644
--- a/config/initializers/honeybadger.rb
+++ b/config/initializers/honeybadger.rb
@@ -1,3 +1,5 @@
+return if Rails.env.local? # Don't enable Honeybadger in local Development & Test environments
+
 Rails.logger.silence(:error) do
   require "honeybadger"
 
@@ -7,10 +9,5 @@
     end
 
     config.logger = SemanticLogger[Honeybadger]
-
-    if Rails.env.development?
-      config.report_data = false
-      config.logger.level = :error
-    end
   end
 end

From 65275d1b91ac315f40cc7a7d1d03a3b4a9748ace Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 24 Sep 2024 08:15:51 -0700
Subject: [PATCH 222/381] Bump aws-sdk-s3 from 1.164.0 to 1.165.0 (#5066)

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.164.0 to 1.165.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Gemfile b/Gemfile
index 1b30c5ab600..383e9dcda99 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,7 +5,7 @@ ruby file: ".ruby-version"
 gem "rails", "~> 7.1.0", ">= 7.1.3.2"
 gem "rails-i18n", "~> 7.0"
 
-gem "aws-sdk-s3", "~> 1.164"
+gem "aws-sdk-s3", "~> 1.165"
 gem "aws-sdk-sqs", "~> 1.84"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
diff --git a/Gemfile.lock b/Gemfile.lock
index cf7e7d425f1..a330c5557bb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -111,15 +111,15 @@ GEM
     awrence (1.2.1)
     aws-eventstream (1.3.0)
     aws-partitions (1.977.0)
-    aws-sdk-core (3.207.0)
+    aws-sdk-core (3.208.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.9)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.92.0)
+    aws-sdk-kms (1.93.0)
       aws-sdk-core (~> 3, >= 3.207.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.164.0)
+    aws-sdk-s3 (1.165.0)
       aws-sdk-core (~> 3, >= 3.207.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
@@ -802,7 +802,7 @@ DEPENDENCIES
   amazing_print (~> 1.6)
   autoprefixer-rails (~> 10.4)
   avo (~> 2.53)
-  aws-sdk-s3 (~> 1.164)
+  aws-sdk-s3 (~> 1.165)
   aws-sdk-sqs (~> 1.84)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
@@ -940,9 +940,9 @@ CHECKSUMS
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
   aws-partitions (1.977.0) sha256=fd9c6b7301b4f54bb810c1c511479700aa39167f7d9faa01bb22d1fd4b434042
-  aws-sdk-core (3.207.0) sha256=45d378d8396f5c5ea25b55c5230a43acf39c619f40afdf76734638fb237406b4
-  aws-sdk-kms (1.92.0) sha256=0819e57d70ead902ddea9ac1cbc1f114f6636f0f38454c1a9377380afe19aa5e
-  aws-sdk-s3 (1.164.0) sha256=31d578e28bc51675652db4d9dfc1b1a28745a86690ec74cd2266e48146dacdce
+  aws-sdk-core (3.208.0) sha256=0201a7aa0725a556213f61feca5e00b519f24c86bad3a48618cccc06717611a0
+  aws-sdk-kms (1.93.0) sha256=1e54f086dbbf7dcb7b9cb5b86455cbb477a73e5e876309f11d67f2e4be158073
+  aws-sdk-s3 (1.165.0) sha256=f736531abaa68b048b58da84b4f1c7d6019075b629d7516a7cb4b56a7319bd2e
   aws-sdk-sqs (1.84.0) sha256=dd12f9254a493089f516b75fc2dcce9aac625123ffc370ed6efdcb276fb26e67
   aws-sigv4 (1.10.0) sha256=159b113dc93f9fa5a13603a8bd09eab54a9a0e8f98e606b47f1cee504780df9c
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507

From f520010c59e6c13e9863793228f11e9e39af2cee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 24 Sep 2024 08:15:59 -0700
Subject: [PATCH 223/381] Bump tailwindcss-rails from 2.7.5 to 2.7.6 (#5067)

Bumps [tailwindcss-rails](https://github.com/rails/tailwindcss-rails) from 2.7.5 to 2.7.6.
- [Release notes](https://github.com/rails/tailwindcss-rails/releases)
- [Changelog](https://github.com/rails/tailwindcss-rails/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/tailwindcss-rails/compare/v2.7.5...v2.7.6)

---
updated-dependencies:
- dependency-name: tailwindcss-rails
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index a330c5557bb..a9e11116c1d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -724,7 +724,7 @@ GEM
       attr_required (>= 0.0.5)
       faraday (~> 2.0)
       faraday-follow_redirects
-    tailwindcss-rails (2.7.5)
+    tailwindcss-rails (2.7.6)
       railties (>= 7.0.0)
     terser (1.2.3)
       execjs (>= 0.3.0, < 3)
@@ -781,7 +781,7 @@ GEM
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    webrick (1.8.1)
+    webrick (1.8.2)
     websocket (1.2.11)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
@@ -1185,7 +1185,7 @@ CHECKSUMS
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
-  tailwindcss-rails (2.7.5) sha256=eb005b80cfd3bd750381b9d449ae4cf9cfabaf53e59f9aad61ef0b0bbbd955e1
+  tailwindcss-rails (2.7.6) sha256=f2c7521ca178bc0218ed21679fccb6f2e59e81d634ddd22212a753215fc392ab
   terser (1.2.3) sha256=c03111b9b01a7e70cd456b5d9aedf0a56fb99314a19311c4278c01ccebe3da9c
   thor (1.3.2) sha256=eef0293b9e24158ccad7ab383ae83534b7ad4ed99c09f96f1a6b036550abbeda
   tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c
@@ -1207,7 +1207,7 @@ CHECKSUMS
   webauthn (3.1.0) sha256=e545fcf17d8a6b821161a37c1c4bc8c3d2ead0ff6ff3b098f57f417e731790b7
   webfinger (2.1.3) sha256=567a52bde77fb38ca6b67e55db755f988766ec4651c1d24916a65aa70540695c
   webmock (3.23.1) sha256=0fa738c0767d1c4ec8cc57f6b21998f0c238c8a5b32450df1c847f2767140d95
-  webrick (1.8.1) sha256=19411ec6912911fd3df13559110127ea2badd0c035f7762873f58afc803e158f
+  webrick (1.8.2) sha256=431746a349199546ff9dd272cae10849c865f938216e41c402a6489248f12f21
   websocket (1.2.11) sha256=b7e7a74e2410b5e85c25858b26b3322f29161e300935f70a0e0d3c35e0462737
   websocket-driver (0.7.6) sha256=f69400be7bc197879726ad8e6f5869a61823147372fd8928836a53c2c741d0db
   websocket-extensions (0.1.5) sha256=1c6ba63092cda343eb53fc657110c71c754c56484aad42578495227d717a8241

From 98394c7585e0eed3efe19ef91d078c314bb08234 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 24 Sep 2024 15:25:31 +0000
Subject: [PATCH 224/381] Bump aws-sdk-sqs from 1.84.0 to 1.85.0 (#5068)

Bumps [aws-sdk-sqs](https://github.com/aws/aws-sdk-ruby) from 1.84.0 to 1.85.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-sqs/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-sqs
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 383e9dcda99..ec15b916257 100644
--- a/Gemfile
+++ b/Gemfile
@@ -6,7 +6,7 @@ gem "rails", "~> 7.1.0", ">= 7.1.3.2"
 gem "rails-i18n", "~> 7.0"
 
 gem "aws-sdk-s3", "~> 1.165"
-gem "aws-sdk-sqs", "~> 1.84"
+gem "aws-sdk-sqs", "~> 1.85"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
 gem "dalli", "~> 3.2"
diff --git a/Gemfile.lock b/Gemfile.lock
index a9e11116c1d..e1b74033bce 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -123,7 +123,7 @@ GEM
       aws-sdk-core (~> 3, >= 3.207.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
-    aws-sdk-sqs (1.84.0)
+    aws-sdk-sqs (1.85.0)
       aws-sdk-core (~> 3, >= 3.207.0)
       aws-sigv4 (~> 1.5)
     aws-sigv4 (1.10.0)
@@ -803,7 +803,7 @@ DEPENDENCIES
   autoprefixer-rails (~> 10.4)
   avo (~> 2.53)
   aws-sdk-s3 (~> 1.165)
-  aws-sdk-sqs (~> 1.84)
+  aws-sdk-sqs (~> 1.85)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
   bootsnap (~> 1.18)
@@ -943,7 +943,7 @@ CHECKSUMS
   aws-sdk-core (3.208.0) sha256=0201a7aa0725a556213f61feca5e00b519f24c86bad3a48618cccc06717611a0
   aws-sdk-kms (1.93.0) sha256=1e54f086dbbf7dcb7b9cb5b86455cbb477a73e5e876309f11d67f2e4be158073
   aws-sdk-s3 (1.165.0) sha256=f736531abaa68b048b58da84b4f1c7d6019075b629d7516a7cb4b56a7319bd2e
-  aws-sdk-sqs (1.84.0) sha256=dd12f9254a493089f516b75fc2dcce9aac625123ffc370ed6efdcb276fb26e67
+  aws-sdk-sqs (1.85.0) sha256=801de06d68b10c591a4786a7220509e26a9d0840ad7026847e424af1a6797006
   aws-sigv4 (1.10.0) sha256=159b113dc93f9fa5a13603a8bd09eab54a9a0e8f98e606b47f1cee504780df9c
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507
   bcrypt (3.1.20) sha256=8410f8c7b3ed54a3c00cd2456bf13917d695117f033218e2483b2e40b0784099

From bf3fa63287a89c5f797b7e12d0cf6c667ccfb875 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Tue, 24 Sep 2024 10:30:24 -0700
Subject: [PATCH 225/381] Update rubocop gems

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 Gemfile.lock                                  | 37 +++++++++----------
 .../concerns/user_multifactor_methods.rb      |  2 +-
 app/models/log_ticket.rb                      |  4 +-
 app/models/rubygem_contents/entry.rb          |  2 +-
 config/initializers/semantic_logger.rb        |  2 +-
 5 files changed, 23 insertions(+), 24 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index e1b74033bce..492ba6607d9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -487,8 +487,8 @@ GEM
       openssl (> 2.0)
     optimist (3.1.0)
     pagy (8.6.3)
-    parallel (1.25.1)
-    parser (3.3.4.0)
+    parallel (1.26.3)
+    parser (3.3.5.0)
       ast (~> 2.4.1)
       racc
     pg (1.5.8)
@@ -628,33 +628,32 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-support (3.13.1)
-    rubocop (1.65.0)
+    rubocop (1.66.1)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.4, < 3.0)
-      rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.31.1, < 2.0)
+      rubocop-ast (>= 1.32.2, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.31.3)
+    rubocop-ast (1.32.3)
       parser (>= 3.3.1.0)
     rubocop-capybara (2.21.0)
       rubocop (~> 1.41)
     rubocop-factory_bot (2.26.1)
       rubocop (~> 1.61)
-    rubocop-minitest (0.35.1)
+    rubocop-minitest (0.36.0)
       rubocop (>= 1.61, < 2.0)
       rubocop-ast (>= 1.31.1, < 2.0)
-    rubocop-performance (1.21.1)
+    rubocop-performance (1.22.1)
       rubocop (>= 1.48.1, < 2.0)
       rubocop-ast (>= 1.31.1, < 2.0)
-    rubocop-rails (2.25.1)
+    rubocop-rails (2.26.2)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
-      rubocop (>= 1.33.0, < 2.0)
+      rubocop (>= 1.52.0, < 2.0)
       rubocop-ast (>= 1.31.1, < 2.0)
     ruby-graphviz (1.2.5)
       rexml
@@ -748,7 +747,7 @@ GEM
       turbo-rails (~> 1.3)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (2.5.0)
+    unicode-display_width (2.6.0)
     unpwn (1.0.0)
       bloomer (~> 1.0)
       pwned (~> 2.0)
@@ -1092,8 +1091,8 @@ CHECKSUMS
   openssl-signature_algorithm (1.3.0) sha256=a3b40b5e8276162d4a6e50c7c97cdaf1446f9b2c3946a6fa2c14628e0c957e80
   optimist (3.1.0) sha256=81886f53ee8919f330aa30076d320d88eef9bc85aae2275376b4afb007c69260
   pagy (8.6.3) sha256=537b2ee3119f237dd6c4a0d0a35c67a77b9d91ebb9d4f85e31407c2686774fb2
-  parallel (1.25.1) sha256=12e089b9aa36ea2343f6e93f18cfcebd031798253db8260590d26a7f70b1ab90
-  parser (3.3.4.0) sha256=8d247769c3873fe92201d591a7463384022a1a25e214853df5d6806623179e82
+  parallel (1.26.3) sha256=d86babb7a2b814be9f4b81587bf0b6ce2da7d45969fab24d8ae4bf2bb4d4c7ef
+  parser (3.3.5.0) sha256=f30ebb71b7830c2e7cdc4b2b0e0ec2234900e3fca3fe2fba47f78be759181ab3
   pg (1.5.8) sha256=efd71939dd1d6d9f0b434dc61dee6ef64f1d2bfcd3c177598a8797c27e654f37
   pg_query (5.1.0) sha256=b7f7f47c864f08ccbed46a8244906fb6ee77ee344fd27250717963928c93145d
   pghero (3.6.0) sha256=cad9cb865f99ff40bb5ba47d3dae20d06be06ac8ea6b01172f6a8ccc85671109
@@ -1148,13 +1147,13 @@ CHECKSUMS
   rspec-expectations (3.13.1) sha256=814cf8dadc797b00be55a84d7bc390c082735e5c914e62cbe8d0e19774b74200
   rspec-mocks (3.13.1) sha256=087189899c337937bcf1d66a50dc3fc999ac88335bbeba4d385c2a38c87d7b38
   rspec-support (3.13.1) sha256=48877d4f15b772b7538f3693c22225f2eda490ba65a0515c4e7cf6f2f17de70f
-  rubocop (1.65.0) sha256=624316407a3f8e3999c6f75c528471ed3d4513ca39cec3bede1964c69630e4a1
-  rubocop-ast (1.31.3) sha256=1b07d618d8776993ec6053a706d1c09f0bf15139fd69415924656cbff07e7818
+  rubocop (1.66.1) sha256=0679c263b1164fd003b8590ae83b3e9e9bf72282d411755f227f1d6268ee5ee7
+  rubocop-ast (1.32.3) sha256=40201e861c73a3c2d59428c7627828ef81fb2f8a306bc4a1c1801452afe3fe0f
   rubocop-capybara (2.21.0) sha256=5d264efdd8b6c7081a3d4889decf1451a1cfaaec204d81534e236bc825b280ab
   rubocop-factory_bot (2.26.1) sha256=8de13cd4edcee5ca800f255188167ecef8dbfc3d1fae9f15734e9d2e755392aa
-  rubocop-minitest (0.35.1) sha256=afd0a630a6212e46d855fc1eca09caf62f4abbdb6bf9c2afe89dc4a2fe536a12
-  rubocop-performance (1.21.1) sha256=5cf20002a544275ad6aa99abca4b945d2a2ed71be925c38fe83700360ed8734e
-  rubocop-rails (2.25.1) sha256=4988933ee02fdb213d22d0f61dc57d6c582317b43867d5106ea1c7a628aae6a5
+  rubocop-minitest (0.36.0) sha256=1d15850849c685ff4b6d64dd801ec2d13eb2fe56b6f7ce9aab93d1b0508e7b9f
+  rubocop-performance (1.22.1) sha256=9ed9737af1ee90655654b483e0eac4e64702139e85d33335bf744b57a309a679
+  rubocop-rails (2.26.2) sha256=f5561a09d6afd2f54316f3f0f6057338ca55b6c24a25ba6a938d3ed0fded84ad
   ruby-graphviz (1.2.5) sha256=1c2bb44e3f6da9e2b829f5e7fd8d75a521485fb6b4d1fc66ff0f93f906121504
   ruby-magic (0.6.0) sha256=7b2138877b7d23aff812c95564eba6473b74b815ef85beb0eb792e729a2b6101
   ruby-progressbar (1.13.0) sha256=80fc9c47a9b640d6834e0dc7b3c94c9df37f08cb072b7761e4a71e22cff29b33
@@ -1196,7 +1195,7 @@ CHECKSUMS
   turbo-rails (1.5.0) sha256=b426cc762fb0940277729b3f1751a9f0bd269f5613c1d62ac73e5f0be7c7a83e
   turbo_power (0.5.0) sha256=869726c3a4308b038d6244f7a80eb1331bdd3171fa320dddcff71899fcae24fb
   tzinfo (2.0.6) sha256=8daf828cc77bcf7d63b0e3bdb6caa47e2272dcfaf4fbfe46f8c3a9df087a829b
-  unicode-display_width (2.5.0) sha256=7e7681dcade1add70cb9fda20dd77f300b8587c81ebbd165d14fd93144ff0ab4
+  unicode-display_width (2.6.0) sha256=12279874bba6d5e4d2728cef814b19197dbb10d7a7837a869bab65da943b7f5a
   unpwn (1.0.0) sha256=6239d17d46a882b3719b24fb79c78a34caff89d57ab0f5e546be5b5c882bc7d3
   uri (0.13.1) sha256=df2d8b13e3e8c8a43432637e2ace4f9de7b42674361b4dd26302b40f7d7fcd1e
   user_agent_parser (2.18.0) sha256=aa943b91da8906cace7d3fe16b450c9d77b68f571485c11e577af97aecb25584
diff --git a/app/models/concerns/user_multifactor_methods.rb b/app/models/concerns/user_multifactor_methods.rb
index 2d181787f3e..07a687e532e 100644
--- a/app/models/concerns/user_multifactor_methods.rb
+++ b/app/models/concerns/user_multifactor_methods.rb
@@ -7,7 +7,7 @@ module UserMultifactorMethods
 
     attr_accessor :new_mfa_recovery_codes
 
-    enum mfa_level: { disabled: 0, ui_only: 1, ui_and_api: 2, ui_and_gem_signin: 3 }, _prefix: :mfa
+    enum :mfa_level, { disabled: 0, ui_only: 1, ui_and_api: 2, ui_and_gem_signin: 3 }, prefix: :mfa
 
     validate :mfa_level_for_enabled_devices
   end
diff --git a/app/models/log_ticket.rb b/app/models/log_ticket.rb
index 2d6c8c7c85e..51b3ac47ba9 100644
--- a/app/models/log_ticket.rb
+++ b/app/models/log_ticket.rb
@@ -1,6 +1,6 @@
 class LogTicket < ApplicationRecord
-  enum backend: { s3: 0, local: 1 }
-  enum status: %i[pending processing failed processed].index_with(&:to_s)
+  enum :backend, { s3: 0, local: 1 }
+  enum :status, %i[pending processing failed processed].index_with(&:to_s)
 
   def self.pop(key: nil, directory: nil)
     scope = pending.limit(1).lock(true).order("id ASC")
diff --git a/app/models/rubygem_contents/entry.rb b/app/models/rubygem_contents/entry.rb
index e6a218f27a3..396d205030a 100644
--- a/app/models/rubygem_contents/entry.rb
+++ b/app/models/rubygem_contents/entry.rb
@@ -3,7 +3,7 @@
 class RubygemContents::Entry
   class InvalidMetadata < RuntimeError; end
 
-  SIZE_LIMIT = 500.megabyte
+  SIZE_LIMIT = 500.megabytes
   MIME_TEXTUAL_SUBTYPES = %w[json ld+json x-csh x-sh x-httpd-php xhtml+xml xml].freeze
 
   class << self
diff --git a/config/initializers/semantic_logger.rb b/config/initializers/semantic_logger.rb
index 44ddc2ab5c4..52e3cf17a36 100644
--- a/config/initializers/semantic_logger.rb
+++ b/config/initializers/semantic_logger.rb
@@ -29,7 +29,7 @@ def append_info_to_payload(payload)
       url: request.url
     }
 
-    method_and_path = [request.method, request.path].select(&:present?)
+    method_and_path = [request.method, request.path].compact_blank
     method_and_path_string = method_and_path.empty? ? ' ' : " #{method_and_path.join(' ')} "
 
     payload[:message] ||= "[#{response.status}]#{method_and_path_string}(#{payload.fetch(:controller)}##{payload.fetch(:action)})"

From 2c9a57396fe83886b7681db82c3753c9832c7dee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Tue, 24 Sep 2024 23:25:29 +0200
Subject: [PATCH 226/381] Use long for downloads count in OpenSearch index.
 (#5052)

* Use long for downloads count in OpenSearch index.

* Scale the suggestion weight using log

---------

Co-authored-by: Colby Swandale <996377+colby-swandale@users.noreply.github.com>
---
 app/models/concerns/rubygem_searchable.rb     |  8 +++-
 .../concerns/rubygem_searchable_test.rb       | 42 +++++++++++++++++++
 2 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/app/models/concerns/rubygem_searchable.rb b/app/models/concerns/rubygem_searchable.rb
index d0d5c4737c4..27eee6ad34f 100644
--- a/app/models/concerns/rubygem_searchable.rb
+++ b/app/models/concerns/rubygem_searchable.rb
@@ -24,7 +24,7 @@ module RubygemSearchable
           description: { type: "text", analyzer: "english", fields: { raw: { analyzer: "simple", type: "text" } } },
           suggest: { type: "completion", contexts: { name: "yanked", type: "category" } },
           yanked: { type: "boolean" },
-          downloads: { type: "integer" },
+          downloads: { type: "long" },
           updated: { type: "date" }
         }
       }
@@ -88,12 +88,16 @@ def suggest_json
       {
         suggest: {
           input: name,
-          weight: downloads,
+          weight: suggest_weight_scale(downloads),
           contexts: {
             yanked: versions.none?(&:indexed?)
           }
         }
       }
     end
+
+    def suggest_weight_scale(downloads)
+      Math.log10(downloads + 1).to_i
+    end
   end
 end
diff --git a/test/models/concerns/rubygem_searchable_test.rb b/test/models/concerns/rubygem_searchable_test.rb
index c72eeaf79de..d7089196e78 100644
--- a/test/models/concerns/rubygem_searchable_test.rb
+++ b/test/models/concerns/rubygem_searchable_test.rb
@@ -79,6 +79,48 @@ class RubygemSearchableTest < ActiveSupport::TestCase
         assert_equal v, json[k], "value doesn't match for key: #{k}"
       end
     end
+
+    should "set the suggest json" do
+      json = @rubygem.search_data
+
+      assert_equal "example_gem", json[:suggest][:input]
+    end
+
+    should "calculate the suggestion weight based on the number of downloads" do
+      weights = [
+        [0, 0],
+        [10, 1],
+        [100, 2],
+        [1_000, 3],
+        [10_000, 4],
+        [100_000, 5],
+        [1_000_000, 6],
+        [10_000_000, 7],
+        [100_000_000, 8],
+        [1_000_000_000, 9]
+      ]
+
+      weights.each do |downloads, weight|
+        @rubygem.gem_download.update(count: downloads)
+        json = @rubygem.search_data
+
+        assert_equal weight, json[:suggest][:weight]
+      end
+    end
+
+    context "when the number of downloads exceeds a 32 bit integer" do
+      setup do
+        @rubygem = create(:rubygem, name: "large_downloads_example_gem", downloads: 10_000_000_000) # 10 Billion downloads
+        @version = create(:version, number: "1.0.0", rubygem: @rubygem)
+        import_and_refresh
+      end
+
+      should "allow the number of downloads to be stored as a 64 bit integer" do
+        json = @rubygem.search_data
+
+        assert_equal 10_000_000_000, json[:downloads]
+      end
+    end
   end
 
   context "rubygems analyzer" do

From e24acda75bd226bb8466354ef9f64c243f34a33b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 25 Sep 2024 09:23:14 -0700
Subject: [PATCH 227/381] Bump datadog-ci from 1.6.0 to 1.7.0 (#5071)

---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index ec15b916257..e72c18bb749 100644
--- a/Gemfile
+++ b/Gemfile
@@ -126,7 +126,7 @@ group :development do
 end
 
 group :test do
-  gem "datadog-ci", "~> 1.6"
+  gem "datadog-ci", "~> 1.7"
   gem "minitest", "~> 5.25", require: false
   gem "minitest-retry", "~> 0.2.3"
   gem "capybara", "~> 3.40"
diff --git a/Gemfile.lock b/Gemfile.lock
index 492ba6607d9..48fd284f0a7 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -199,7 +199,7 @@ GEM
       libdatadog (~> 11.0.0.1.0)
       libddwaf (~> 1.14.0.0.0)
       msgpack
-    datadog-ci (1.6.0)
+    datadog-ci (1.7.0)
       datadog (~> 2.3)
       msgpack
     date (3.3.4)
@@ -816,7 +816,7 @@ DEPENDENCIES
   dalli (~> 3.2)
   dartsass-sprockets (~> 3.1)
   datadog (~> 2.3)
-  datadog-ci (~> 1.6)
+  datadog-ci (~> 1.7)
   derailed_benchmarks (~> 2.1)
   discard (~> 1.3)
   dogstatsd-ruby (~> 5.6)
@@ -976,7 +976,7 @@ CHECKSUMS
   dalli (3.2.8) sha256=2e63595084d91fae2655514a02c5d4fc0f16c0799893794abe23bf628bebaaa5
   dartsass-sprockets (3.1.0) sha256=c238ec9f7f496489ac5a7813cd1f83d1e077a1826921acefc7e290a521b7a20a
   datadog (2.3.0) sha256=28e28a48dafa4c553ba32b9c4ffe0a9aa40a9795f024279e505b255b84908566
-  datadog-ci (1.6.0) sha256=f0e5f3800ee2ece32841feaea6e94af46022a8667d708c217a259dc17066de18
+  datadog-ci (1.7.0) sha256=41c064e2c26cfc63fb6767522e5a99fa43ec017be4b2fddfce1ff9073bb6c385
   date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
   dead_end (4.0.0) sha256=695c8438993bb4c5415b1618a1b6e0afcae849ef2812fb8cb3846723904307eb
   debase-ruby_core_source (3.3.1) sha256=ed904cae290edf0cf274ad707f8981bf1cefad8081e78d4bb71be2a483bc2c08

From c3c31f2ad0054ef15709cbe211e13137f48cdd03 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 25 Sep 2024 09:23:25 -0700
Subject: [PATCH 228/381] Bump aws-sdk-s3 from 1.165.0 to 1.166.0 (#5072)

---
 Gemfile      |  2 +-
 Gemfile.lock | 18 +++++++++---------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/Gemfile b/Gemfile
index e72c18bb749..73d86e069cb 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,7 +5,7 @@ ruby file: ".ruby-version"
 gem "rails", "~> 7.1.0", ">= 7.1.3.2"
 gem "rails-i18n", "~> 7.0"
 
-gem "aws-sdk-s3", "~> 1.165"
+gem "aws-sdk-s3", "~> 1.166"
 gem "aws-sdk-sqs", "~> 1.85"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
diff --git a/Gemfile.lock b/Gemfile.lock
index 48fd284f0a7..df92357cbb3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -110,16 +110,16 @@ GEM
       zeitwerk (>= 2.6.2)
     awrence (1.2.1)
     aws-eventstream (1.3.0)
-    aws-partitions (1.977.0)
-    aws-sdk-core (3.208.0)
+    aws-partitions (1.978.0)
+    aws-sdk-core (3.209.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.9)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.93.0)
+    aws-sdk-kms (1.94.0)
       aws-sdk-core (~> 3, >= 3.207.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.165.0)
+    aws-sdk-s3 (1.166.0)
       aws-sdk-core (~> 3, >= 3.207.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
@@ -801,7 +801,7 @@ DEPENDENCIES
   amazing_print (~> 1.6)
   autoprefixer-rails (~> 10.4)
   avo (~> 2.53)
-  aws-sdk-s3 (~> 1.165)
+  aws-sdk-s3 (~> 1.166)
   aws-sdk-sqs (~> 1.85)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
@@ -938,10 +938,10 @@ CHECKSUMS
   avo (2.53.0) sha256=e8f1fb9abaf6d874d898449d4db863586c16e60634a136d97ae436ded976d1a6
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
-  aws-partitions (1.977.0) sha256=fd9c6b7301b4f54bb810c1c511479700aa39167f7d9faa01bb22d1fd4b434042
-  aws-sdk-core (3.208.0) sha256=0201a7aa0725a556213f61feca5e00b519f24c86bad3a48618cccc06717611a0
-  aws-sdk-kms (1.93.0) sha256=1e54f086dbbf7dcb7b9cb5b86455cbb477a73e5e876309f11d67f2e4be158073
-  aws-sdk-s3 (1.165.0) sha256=f736531abaa68b048b58da84b4f1c7d6019075b629d7516a7cb4b56a7319bd2e
+  aws-partitions (1.978.0) sha256=01721682d23749e3c226cbbb3f22a333830fbb6a7d9d16a39ec5053e7e6fa4de
+  aws-sdk-core (3.209.0) sha256=7b70aa85e7eb451cf7c9d4ad3797b6118d4e0a8327f8b28c3db106784b3ea842
+  aws-sdk-kms (1.94.0) sha256=b0c623199f1f46bd82c1d1fa0feef105ab8cfc6bd2f643d71cd1c289e11a9da9
+  aws-sdk-s3 (1.166.0) sha256=57c99cb32919cf7cb9ec946ab5a8fbd3de0c4b5f567cfb6bd5e8c9dbe9e0fc7e
   aws-sdk-sqs (1.85.0) sha256=801de06d68b10c591a4786a7220509e26a9d0840ad7026847e424af1a6797006
   aws-sigv4 (1.10.0) sha256=159b113dc93f9fa5a13603a8bd09eab54a9a0e8f98e606b47f1cee504780df9c
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507

From e91f83b0a47aadb4a5f9bac28a3b8e2d837fd72f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 25 Sep 2024 09:57:18 -0700
Subject: [PATCH 229/381] Bump aws-sdk-sqs from 1.85.0 to 1.86.0 (#5073)

Bumps [aws-sdk-sqs](https://github.com/aws/aws-sdk-ruby) from 1.85.0 to 1.86.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-sqs/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-sqs
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 73d86e069cb..55e96403100 100644
--- a/Gemfile
+++ b/Gemfile
@@ -6,7 +6,7 @@ gem "rails", "~> 7.1.0", ">= 7.1.3.2"
 gem "rails-i18n", "~> 7.0"
 
 gem "aws-sdk-s3", "~> 1.166"
-gem "aws-sdk-sqs", "~> 1.85"
+gem "aws-sdk-sqs", "~> 1.86"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
 gem "dalli", "~> 3.2"
diff --git a/Gemfile.lock b/Gemfile.lock
index df92357cbb3..5343fd3a400 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -123,7 +123,7 @@ GEM
       aws-sdk-core (~> 3, >= 3.207.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
-    aws-sdk-sqs (1.85.0)
+    aws-sdk-sqs (1.86.0)
       aws-sdk-core (~> 3, >= 3.207.0)
       aws-sigv4 (~> 1.5)
     aws-sigv4 (1.10.0)
@@ -802,7 +802,7 @@ DEPENDENCIES
   autoprefixer-rails (~> 10.4)
   avo (~> 2.53)
   aws-sdk-s3 (~> 1.166)
-  aws-sdk-sqs (~> 1.85)
+  aws-sdk-sqs (~> 1.86)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
   bootsnap (~> 1.18)
@@ -942,7 +942,7 @@ CHECKSUMS
   aws-sdk-core (3.209.0) sha256=7b70aa85e7eb451cf7c9d4ad3797b6118d4e0a8327f8b28c3db106784b3ea842
   aws-sdk-kms (1.94.0) sha256=b0c623199f1f46bd82c1d1fa0feef105ab8cfc6bd2f643d71cd1c289e11a9da9
   aws-sdk-s3 (1.166.0) sha256=57c99cb32919cf7cb9ec946ab5a8fbd3de0c4b5f567cfb6bd5e8c9dbe9e0fc7e
-  aws-sdk-sqs (1.85.0) sha256=801de06d68b10c591a4786a7220509e26a9d0840ad7026847e424af1a6797006
+  aws-sdk-sqs (1.86.0) sha256=defa5bd65679c8877c335cb5f46462620fa10c42115cdcc58333f1ddee9a0715
   aws-sigv4 (1.10.0) sha256=159b113dc93f9fa5a13603a8bd09eab54a9a0e8f98e606b47f1cee504780df9c
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507
   bcrypt (3.1.20) sha256=8410f8c7b3ed54a3c00cd2456bf13917d695117f033218e2483b2e40b0784099

From a3e3407bb5c916e07e7568fd7652e4afe5ee9e56 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 25 Sep 2024 09:58:01 -0700
Subject: [PATCH 230/381] Bump github/codeql-action from 3.26.8 to 3.26.9
 (#5070)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.8 to 3.26.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/294a9d92911152fe08befb9ec03e240add280cb3...461ef6c76dfe95d5c364de2f431ddbd31a417628)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 7ca4be0b4a0..fab805f51ad 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+        uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+        uses: github/codeql-action/autobuild@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+        uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 0307b814148..9999cd1941a 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+        uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
         with:
           sarif_file: results.sarif

From 6b0c32d540e851b93885d687cafd7d2b552c6ab8 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Wed, 25 Sep 2024 13:09:22 -0700
Subject: [PATCH 231/381] Use hook relay for web_hooks/fire action (#5011)

---
 app/avo/resources/web_hook_resource.rb        |  2 +-
 .../api/v1/web_hooks_controller.rb            | 27 ++++++--
 app/jobs/notify_web_hook_job.rb               | 69 +++++++++++--------
 app/models/web_hook.rb                        |  4 +-
 script/dev                                    |  3 +-
 .../api/v1/web_hooks_controller_test.rb       | 54 +++++++++++++--
 test/jobs/notify_web_hook_job_test.rb         | 40 +----------
 test/models/web_hook_test.rb                  | 54 +++++----------
 8 files changed, 139 insertions(+), 114 deletions(-)

diff --git a/app/avo/resources/web_hook_resource.rb b/app/avo/resources/web_hook_resource.rb
index ee2c22d59f9..93c9e703a45 100644
--- a/app/avo/resources/web_hook_resource.rb
+++ b/app/avo/resources/web_hook_resource.rb
@@ -19,7 +19,7 @@ class GlobalFilter < ScopeBooleanFilter; end
 
   field :hook_relay_stream, as: :text do
     stream_name = "webhook_id-#{model.id}"
-    link_to stream_name, "https://app.hookrelay.dev/hooks/#{ENV['HOOK_RELAY_STREAM_ID']}?started_at=P1W&stream=#{stream_name}"
+    link_to stream_name, "https://app.hookrelay.dev/hooks/#{ENV['HOOK_RELAY_HOOK_ID']}?started_at=P1W&stream=#{stream_name}"
   end
 
   field :disabled_reason, as: :text
diff --git a/app/controllers/api/v1/web_hooks_controller.rb b/app/controllers/api/v1/web_hooks_controller.rb
index 16dd6040d60..77a66eb1fd6 100644
--- a/app/controllers/api/v1/web_hooks_controller.rb
+++ b/app/controllers/api/v1/web_hooks_controller.rb
@@ -35,11 +35,13 @@ def fire
 
     authorize webhook
 
-    if webhook.fire(request.protocol.delete("://"), request.host_with_port,
-                    @rubygem.most_recent_version, delayed: false)
-      render plain: webhook.deployed_message(@rubygem)
+    response = webhook.fire(request.protocol.delete("://"), request.host_with_port,
+                            @rubygem.most_recent_version, delayed: false)
+
+    if response.fetch("status") == "success"
+      render plain: webhook.deployed_message(@rubygem) + hook_relay_message(response)
     else
-      render_bad_request webhook.failed_message(@rubygem)
+      render_bad_request webhook.failed_message(@rubygem) + hook_relay_message(response)
     end
   end
 
@@ -55,4 +57,21 @@ def set_url
     render_bad_request "URL was not provided" unless params[:url]
     @url = params[:url]
   end
+
+  def hook_relay_message(response)
+    status = response.fetch("status")
+    msg = +""
+    msg << "\nFailed with status #{status.inspect}: #{response['failure_reason']}" if status != "success"
+    if response.key?("responses") && response["responses"].any?
+      r = response.dig("responses", -1)
+      msg << "\nError: #{r['error']}" if r["error"]
+      msg << "\n\nResponse: #{r['code']}"
+      r.fetch("headers", []).each do |k, v|
+        msg << "\n#{k}: #{v}"
+      end
+      msg << "\n\n#{r['body']}"
+    end
+
+    msg
+  end
 end
diff --git a/app/jobs/notify_web_hook_job.rb b/app/jobs/notify_web_hook_job.rb
index 30543a30147..1f1de9abac0 100644
--- a/app/jobs/notify_web_hook_job.rb
+++ b/app/jobs/notify_web_hook_job.rb
@@ -13,6 +13,15 @@ class NotifyWebHookJob < ApplicationJob
   before_perform { @host_with_port = @kwargs.fetch(:host_with_port) }
   before_perform { @version = @kwargs.fetch(:version) }
   before_perform { @rubygem = @version.rubygem }
+  before_perform { @poll_delivery = @kwargs.fetch(:poll_delivery, false) }
+  before_perform do
+    @http = Faraday.new("https://api.hookrelay.dev", request: { timeout: TIMEOUT_SEC }) do |f|
+      f.request :json
+      f.response :logger, logger, headers: false, errors: true
+      f.response :json
+      f.response :raise_error
+    end
+  end
 
   attr_reader :webhook, :protocol, :host_with_port, :version, :rubygem
 
@@ -21,7 +30,6 @@ class NotifyWebHookJob < ApplicationJob
 
   # has to come after the retry on
   discard_on(Faraday::UnprocessableEntityError) do |j, e|
-    raise unless j.use_hook_relay?
     logger.info({ webhook_id: j.webhook.id, url: j.webhook.url, response: JSON.parse(e.response_body) })
     j.webhook.increment! :failure_count
   end
@@ -31,11 +39,7 @@ def perform(*)
     set_tag "gemcutter.notifier.url", url
     set_tag "gemcutter.notifier.webhook_id", webhook.id
 
-    if use_hook_relay?
-      post_hook_relay
-    else
-      post_directly
-    end
+    post_hook_relay
   end
   statsd_count_success :perform, "Webhook.perform"
 
@@ -48,44 +52,53 @@ def authorization
   end
 
   def hook_relay_url
-    "https://api.hookrelay.dev/hooks/#{ENV['HOOK_RELAY_ACCOUNT_ID']}/#{ENV['HOOK_RELAY_HOOK_ID']}/webhook_id-#{webhook.id}"
-  end
-
-  def use_hook_relay?
-    # can't use hook relay for `perform_now` (aka an unenqueued job)
-    # because then we won't actually hit the webhook URL synchronously
-    enqueued_at.present? && ENV["HOOK_RELAY_ACCOUNT_ID"].present? && ENV["HOOK_RELAY_HOOK_ID"].present?
+    "https://api.hookrelay.dev/hooks/#{account_id}/#{hook_id}/webhook_id-#{webhook.id || 'fire'}"
   end
 
   def post_hook_relay
     response = post(hook_relay_url)
-    delivery_id = JSON.parse(response.body).fetch("id")
+    delivery_id = response.body.fetch("id")
     Rails.logger.info do
       { webhook_id: webhook.id, url: webhook.url, delivery_id:, full_name: version.full_name, message: "Sent webhook to HookRelay" }
     end
+    return poll_delivery(delivery_id) if @poll_delivery
     true
   end
 
-  def post_directly
-    post(webhook.url)
-    true
-  rescue *ERRORS
-    webhook.increment! :failure_count
-    false
-  end
-
   def post(url)
-    Faraday.new(nil, request: { timeout: TIMEOUT_SEC }) do |f|
-      f.request :json
-      f.response :logger, logger, headers: false, errors: true
-      f.response :raise_error
-    end.post(
+    @http.post(
       url, payload,
       {
         "Authorization"   => authorization,
         "HR_TARGET_URL"   => webhook.url,
-        "HR_MAX_ATTEMPTS" => "3"
+        "HR_MAX_ATTEMPTS" => @poll_delivery ? "1" : "3"
       }
     )
   end
+
+  def poll_delivery(delivery_id)
+    deadline = (Rails.env.test? ? 0.01 : 10).seconds.from_now
+    response = nil
+    until Time.zone.now > deadline
+      sleep 0.5
+      response = @http.get("https://app.hookrelay.dev/api/v1/accounts/#{account_id}/hooks/#{hook_id}/deliveries/#{delivery_id}", nil, {
+                             "Authorization" => "Bearer #{ENV['HOOK_RELAY_API_KEY']}"
+                           })
+      status = response.body.fetch("status")
+
+      break if status == "success"
+    end
+
+    response.body || raise("Failed to get delivery status after 10 seconds")
+  end
+
+  private
+
+  def account_id
+    ENV["HOOK_RELAY_ACCOUNT_ID"]
+  end
+
+  def hook_id
+    ENV["HOOK_RELAY_HOOK_ID"]
+  end
 end
diff --git a/app/models/web_hook.rb b/app/models/web_hook.rb
index 21723d0d17d..4dca75e5368 100644
--- a/app/models/web_hook.rb
+++ b/app/models/web_hook.rb
@@ -21,12 +21,12 @@ class WebHook < ApplicationRecord
   scope :disabled, -> { where.not(disabled_at: nil) }
 
   def fire(protocol, host_with_port, version, delayed: true)
-    job = NotifyWebHookJob.new(webhook: self, protocol:, host_with_port:, version:)
+    job = NotifyWebHookJob.new(webhook: self, protocol:, host_with_port:, version:, poll_delivery: !delayed)
 
     if delayed
       job.enqueue
     else
-      job.perform_now
+      job.send(:_perform_job)
     end
   end
 
diff --git a/script/dev b/script/dev
index a58371a0a8f..73576e5911e 100755
--- a/script/dev
+++ b/script/dev
@@ -6,6 +6,7 @@ export AVO_LICENSE_KEY="op://bq25xfqpafelzdxwqu3mdq6rza/netp2leghd7zqdxlkp5asy67
 export DATADOG_CSP_API_KEY="op://bq25xfqpafelzdxwqu3mdq6rza/eisktguwm3pcfkwm7avqamdnxq/credential"
 export HOOK_RELAY_ACCOUNT_ID="op://bq25xfqpafelzdxwqu3mdq6rza/s3fs2zznjssijxouugddmwnuma/username"
 export HOOK_RELAY_HOOK_ID="op://bq25xfqpafelzdxwqu3mdq6rza/s3fs2zznjssijxouugddmwnuma/credential"
+export HOOK_RELAY_API_KEY="op://bq25xfqpafelzdxwqu3mdq6rza/s3fs2zznjssijxouugddmwnuma/API Key"
 export LAUNCH_DARKLY_SDK_KEY="op://bq25xfqpafelzdxwqu3mdq6rza/3o73k6fcenzrbspwcm4g4j5z2a/credential"
 
-exec op run --account 5MS5DHTO5NH7BAHTSIGT5NOAIE -- "${@}"
+exec op run --no-masking --account 5MS5DHTO5NH7BAHTSIGT5NOAIE -- "${@}"
diff --git a/test/functional/api/v1/web_hooks_controller_test.rb b/test/functional/api/v1/web_hooks_controller_test.rb
index 583c16a3b08..306aed704b3 100644
--- a/test/functional/api/v1/web_hooks_controller_test.rb
+++ b/test/functional/api/v1/web_hooks_controller_test.rb
@@ -9,6 +9,10 @@ def self.should_not_find_it
     end
   end
 
+  setup do
+    NotifyWebHookJob.any_instance.stubs(:sleep)
+  end
+
   context "with incorrect api key" do
     context "no api key" do
       should "forbid access when creating a web hook" do
@@ -83,7 +87,18 @@ def self.should_respond_to(format)
 
       context "On POST to fire for all gems" do
         setup do
-          stub_request(:post, @url)
+          stub_request(:post, "https://api.hookrelay.dev/hooks///webhook_id-fire")
+            .with(headers: {
+                    "Content-Type" => "application/json",
+                "HR_TARGET_URL" => @url,
+                "HR_MAX_ATTEMPTS" => "1"
+                  }).to_return(status: 200, body: '{"id":"delivery-id"}', headers: { "Content-Type" => "application/json" })
+
+          stub_request(:get, "https://app.hookrelay.dev/api/v1/accounts//hooks//deliveries/delivery-id")
+            .to_return(status: 200, body: { "status" => "success", "responses" => [
+              { "code" => 200, "body" => "OK", "headers" => { "Content-Type" => "text/plain" } }
+            ] }.to_json, headers: { "Content-Type" => "application/json" })
+
           post :fire, params: { gem_name: WebHook::GLOBAL_PATTERN,
                                 url: @url }
         end
@@ -98,7 +113,17 @@ def self.should_respond_to(format)
 
       context "On POST to fire for all gems that fails" do
         setup do
-          stub_request(:post, @url).to_timeout
+          stub_request(:post, "https://api.hookrelay.dev/hooks///webhook_id-fire")
+            .with(headers: {
+                    "Content-Type" => "application/json",
+                "HR_TARGET_URL" => @url,
+                "HR_MAX_ATTEMPTS" => "1"
+                  }).to_return(status: 200, body: '{"id":"delivery-id"}', headers: { "Content-Type" => "application/json" })
+
+          stub_request(:get, "https://app.hookrelay.dev/api/v1/accounts//hooks//deliveries/delivery-id")
+            .to_return(status: 200, body: { "status" => "failure",
+"failure_reason" => "timed out" }.to_json, headers: { "Content-Type" => "application/json" })
+
           post :fire, params: { gem_name: WebHook::GLOBAL_PATTERN,
                                 url: @url }
         end
@@ -132,7 +157,18 @@ def self.should_respond_to(format)
 
       context "On POST to fire for a specific gem" do
         setup do
-          stub_request(:post, @url)
+          stub_request(:post, "https://api.hookrelay.dev/hooks///webhook_id-fire")
+            .with(headers: {
+                    "Content-Type" => "application/json",
+                "HR_TARGET_URL" => @url,
+                "HR_MAX_ATTEMPTS" => "1"
+                  }).to_return(status: 200, body: '{"id":"delivery-id"}', headers: { "Content-Type" => "application/json" })
+
+          stub_request(:get, "https://app.hookrelay.dev/api/v1/accounts//hooks//deliveries/delivery-id")
+            .to_return(status: 200, body: { "status" => "success", "responses" => [
+              { "code" => 200, "body" => "OK", "headers" => { "Content-Type" => "text/plain" } }
+            ] }.to_json, headers: { "Content-Type" => "application/json" })
+
           post :fire, params: { gem_name: @rubygem.name,
                                 url: @url }
         end
@@ -145,7 +181,17 @@ def self.should_respond_to(format)
 
       context "On POST to fire for a specific gem that fails" do
         setup do
-          stub_request(:post, @url).to_return(status: 404)
+          stub_request(:post, "https://api.hookrelay.dev/hooks///webhook_id-fire")
+            .with(headers: {
+                    "Content-Type" => "application/json",
+                "HR_TARGET_URL" => @url,
+                "HR_MAX_ATTEMPTS" => "1"
+                  }).to_return(status: 200, body: '{"id":"delivery-id"}', headers: { "Content-Type" => "application/json" })
+
+          stub_request(:get, "https://app.hookrelay.dev/api/v1/accounts//hooks//deliveries/delivery-id")
+            .to_return(status: 200, body: { "status" => "failure",
+"failure_reason" => "exceeded", "responses" => [{ "code" => 404 }] }.to_json, headers: { "Content-Type" => "application/json" })
+
           post :fire, params: { gem_name: @rubygem.name,
                                 url: @url }
         end
diff --git a/test/jobs/notify_web_hook_job_test.rb b/test/jobs/notify_web_hook_job_test.rb
index 7ab3aaa48c6..88425ca8012 100644
--- a/test/jobs/notify_web_hook_job_test.rb
+++ b/test/jobs/notify_web_hook_job_test.rb
@@ -46,30 +46,12 @@ class NotifyWebHookJobTest < ActiveJob::TestCase
     end
 
     should "succeed with hook relay" do
-      NotifyWebHookJob.any_instance.expects(:use_hook_relay?).once.returns(true)
       stub_request(:post, "https://api.hookrelay.dev/hooks///webhook_id-#{@hook.id}")
         .with(headers: {
                 "Content-Type" => "application/json",
                 "HR_TARGET_URL" => @hook.url,
                 "HR_MAX_ATTEMPTS" => "3"
-              }).to_return(status: 200, body: { id: 12_345 }.to_json)
-
-      perform_enqueued_jobs do
-        @job.enqueue
-      end
-
-      assert_performed_jobs 1, only: NotifyWebHookJob
-      assert_enqueued_jobs 0, only: NotifyWebHookJob
-    end
-
-    should "succeed without hook relay" do
-      NotifyWebHookJob.any_instance.expects(:use_hook_relay?).once.returns(false)
-      stub_request(:post, @hook.url)
-        .with(headers: {
-                "Content-Type" => "application/json",
-                "HR_TARGET_URL" => @hook.url,
-                "HR_MAX_ATTEMPTS" => "3"
-              }).to_return(status: 200, body: "")
+              }).to_return_json(status: 200, body: { id: 12_345 })
 
       perform_enqueued_jobs do
         @job.enqueue
@@ -87,30 +69,12 @@ class NotifyWebHookJobTest < ActiveJob::TestCase
     end
 
     should "discard the job on a 422 with hook relay" do
-      NotifyWebHookJob.any_instance.expects(:use_hook_relay?).twice.returns(true)
       stub_request(:post, "https://api.hookrelay.dev/hooks///webhook_id-#{@hook.id}")
         .with(headers: {
                 "Content-Type" => "application/json",
                 "HR_TARGET_URL" => @hook.url,
                 "HR_MAX_ATTEMPTS" => "3"
-              }).to_return(status: 422, body: { error: "Invalid url" }.to_json)
-
-      perform_enqueued_jobs do
-        @job.enqueue
-      end
-
-      assert_performed_jobs 1, only: NotifyWebHookJob
-      assert_enqueued_jobs 0, only: NotifyWebHookJob
-    end
-
-    should "finish the job on a 422 without hook relay" do
-      NotifyWebHookJob.any_instance.expects(:use_hook_relay?).once.returns(false)
-      stub_request(:post, @hook.url)
-        .with(headers: {
-                "Content-Type" => "application/json",
-                "HR_TARGET_URL" => @hook.url,
-                "HR_MAX_ATTEMPTS" => "3"
-              }).to_return(status: 422, body: "")
+              }).to_return_json(status: 422, body: { error: "Invalid url" })
 
       perform_enqueued_jobs do
         @job.enqueue
diff --git a/test/models/web_hook_test.rb b/test/models/web_hook_test.rb
index 87468c90ddf..048eced3c6b 100644
--- a/test/models/web_hook_test.rb
+++ b/test/models/web_hook_test.rb
@@ -6,6 +6,19 @@ class WebHookTest < ActiveSupport::TestCase
   should belong_to :user
   should belong_to(:rubygem).optional(true)
 
+  def stub_hook_relay_request(url, webhook_id, authorization, max_attempts = 3)
+    stub_request(:post, "https://api.hookrelay.dev/hooks///webhook_id-#{webhook_id}")
+      .with(
+        headers: {
+          "Accept" => "*/*",
+          "Authorization" => authorization,
+          "Content-Type" => "application/json",
+          "Hr-Max-Attempts" => max_attempts,
+          "Hr-Target-Url" => url
+        }.compact
+      )
+  end
+
   should "be valid for normal hook" do
     hook = create(:web_hook)
 
@@ -162,7 +175,7 @@ class WebHookTest < ActiveSupport::TestCase
 
     should "include an Authorization header" do
       authorization = Digest::SHA2.hexdigest(@rubygem.name + @version.number + @hook.user.api_key)
-      stub_request(:post, @url).with(headers: { "Authorization" => authorization })
+      stub_hook_relay_request(@url, @hook.id, authorization).to_return_json(status: 200, body: { id: 1 })
 
       perform_enqueued_jobs only: NotifyWebHookJob do
         @hook.fire("https", "rubygems.org", @version)
@@ -172,7 +185,7 @@ class WebHookTest < ActiveSupport::TestCase
     should "include an Authorization header for a user with no API key" do
       @hook.user.update(api_key: nil)
       authorization = Digest::SHA2.hexdigest(@rubygem.name + @version.number)
-      stub_request(:post, @url).with(headers: { "Authorization" => authorization })
+      stub_hook_relay_request(@url, @hook.id, authorization).to_return_json(status: 200, body: { id: 1 })
 
       perform_enqueued_jobs only: NotifyWebHookJob do
         @hook.fire("https", "rubygems.org", @version)
@@ -183,7 +196,8 @@ class WebHookTest < ActiveSupport::TestCase
       @hook.user.update(api_key: nil)
       create(:api_key, owner: @hook.user)
       authorization = Digest::SHA2.hexdigest(@rubygem.name + @version.number + @hook.user.api_keys.first.hashed_key)
-      stub_request(:post, @url).with(headers: { "Authorization" => authorization })
+      stub_hook_relay_request(@url, @hook.id, authorization).to_return(status: 200, body: { id: 1 }.to_json,
+                              headers: { "Content-Type" => "application/json" })
 
       perform_enqueued_jobs only: NotifyWebHookJob do
         @hook.fire("https", "rubygems.org", @version)
@@ -191,7 +205,7 @@ class WebHookTest < ActiveSupport::TestCase
     end
 
     should "not increment failure count for hook" do
-      stub_request(:post, @url).to_return(status: 200, body: "", headers: {})
+      stub_hook_relay_request(@url, @hook.id, nil).to_return_json(status: 200, body: { id: 1 })
 
       perform_enqueued_jobs only: NotifyWebHookJob do
         @hook.fire("https", "rubygems.org", @version)
@@ -201,38 +215,6 @@ class WebHookTest < ActiveSupport::TestCase
     end
   end
 
-  context "with invalid URL" do
-    setup do
-      @url     = "http://someinvaliddomain.com"
-      @user    = create(:user)
-      @rubygem = create(:rubygem)
-      @version = create(:version, rubygem: @rubygem)
-      @hook    = create(:global_web_hook, url: @url, user: @user)
-    end
-
-    should "increment failure count for hook on errors" do
-      [
-        SocketError,
-        Timeout::Error,
-        Errno::EINVAL,
-        Errno::ECONNRESET,
-        EOFError,
-        Net::HTTPBadResponse,
-        Net::HTTPHeaderSyntaxError,
-        Net::ProtocolError
-      ].each_with_index do |exception, index|
-        stub_request(:post, @url).to_raise(exception)
-
-        perform_enqueued_jobs only: NotifyWebHookJob do
-          @hook.fire("https", "rubygems.org", @version)
-        end
-
-        assert_equal index + 1, @hook.reload.failure_count
-        assert_predicate @hook, :global?
-      end
-    end
-  end
-
   context "yaml" do
     setup do
       @webhook = create(:web_hook)

From 668a27a2dc31daf15bf7036c5d5a2f6a3aa7be37 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Wed, 25 Sep 2024 21:27:24 -0700
Subject: [PATCH 232/381] Update to rubygems 3.5.20 / bundler 2.5.20 (#5074)

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 .github/workflows/docker.yml | 2 +-
 .github/workflows/test.yml   | 2 +-
 Gemfile.lock                 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index ae11028ad63..b034dc8e40c 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -14,7 +14,7 @@ jobs:
     name: Docker build (and optional push)
     runs-on: ubuntu-24.04
     env:
-      RUBYGEMS_VERSION: "3.5.19"
+      RUBYGEMS_VERSION: "3.5.20"
       RUBY_VERSION: "3.3.5"
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index e4fcf7cb3b3..a8b1805742f 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -26,7 +26,7 @@ jobs:
       matrix:
         rubygems:
           - name: locked
-            version: "3.5.19"
+            version: "3.5.20"
           - name: latest
             version: latest
         ruby_version: ["3.3.5"]
diff --git a/Gemfile.lock b/Gemfile.lock
index 5343fd3a400..605b758e7ac 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1220,4 +1220,4 @@ RUBY VERSION
    ruby 3.3.5p100
 
 BUNDLED WITH
-   2.5.19
+   2.5.20

From 86d1b04345b3745820f82fb03dfab8b33df43b0d Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Thu, 26 Sep 2024 07:51:08 -0700
Subject: [PATCH 233/381] Add platforms to lockfile to lock platform-specific
 gems (#5075)

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 Gemfile.lock | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/Gemfile.lock b/Gemfile.lock
index 605b758e7ac..9f610f900fc 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -256,6 +256,10 @@ GEM
       aws-sigv4 (~> 1.0)
       faraday (>= 2.0, < 3)
     ffi (1.17.0)
+    ffi (1.17.0-arm64-darwin)
+    ffi (1.17.0-x86_64-darwin)
+    ffi (1.17.0-x86_64-linux-gnu)
+    ffi (1.17.0-x86_64-linux-musl)
     ffi-compiler (1.3.2)
       ffi (>= 1.15.5)
       rake
@@ -278,6 +282,15 @@ GEM
     google-protobuf (4.28.2)
       bigdecimal
       rake (>= 13)
+    google-protobuf (4.28.2-arm64-darwin)
+      bigdecimal
+      rake (>= 13)
+    google-protobuf (4.28.2-x86_64-darwin)
+      bigdecimal
+      rake (>= 13)
+    google-protobuf (4.28.2-x86_64-linux)
+      bigdecimal
+      rake (>= 13)
     gravtastic (3.2.6)
     groupdate (6.4.0)
       activesupport (>= 6.1)
@@ -362,8 +375,15 @@ GEM
       railties (>= 6.1)
       rexml
     libdatadog (11.0.0.1.0)
+    libdatadog (11.0.0.1.0-x86_64-linux)
     libddwaf (1.14.0.0.0)
       ffi (~> 1.0)
+    libddwaf (1.14.0.0.0-arm64-darwin)
+      ffi (~> 1.0)
+    libddwaf (1.14.0.0.0-x86_64-darwin)
+      ffi (~> 1.0)
+    libddwaf (1.14.0.0.0-x86_64-linux)
+      ffi (~> 1.0)
     listen (3.9.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
@@ -442,6 +462,12 @@ GEM
     nokogiri (1.16.7)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
+    nokogiri (1.16.7-arm64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.16.7-x86_64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.16.7-x86_64-linux)
+      racc (~> 1.4)
     oauth2 (2.0.9)
       faraday (>= 0.17.3, < 3.0)
       jwt (>= 1.0, < 3.0)
@@ -668,6 +694,14 @@ GEM
     sass-embedded (1.72.0)
       google-protobuf (>= 3.25, < 5.0)
       rake (>= 13.0.0)
+    sass-embedded (1.72.0-arm64-darwin)
+      google-protobuf (>= 3.25, < 5.0)
+    sass-embedded (1.72.0-x86_64-darwin)
+      google-protobuf (>= 3.25, < 5.0)
+    sass-embedded (1.72.0-x86_64-linux-gnu)
+      google-protobuf (>= 3.25, < 5.0)
+    sass-embedded (1.72.0-x86_64-linux-musl)
+      google-protobuf (>= 3.25, < 5.0)
     sassc-embedded (1.70.1)
       sass-embedded (~> 1.70)
     sawyer (0.9.2)
@@ -725,6 +759,12 @@ GEM
       faraday-follow_redirects
     tailwindcss-rails (2.7.6)
       railties (>= 7.0.0)
+    tailwindcss-rails (2.7.6-arm64-darwin)
+      railties (>= 7.0.0)
+    tailwindcss-rails (2.7.6-x86_64-darwin)
+      railties (>= 7.0.0)
+    tailwindcss-rails (2.7.6-x86_64-linux)
+      railties (>= 7.0.0)
     terser (1.2.3)
       execjs (>= 0.3.0, < 3)
     thor (1.3.2)
@@ -794,7 +834,12 @@ GEM
     zlib (3.1.1)
 
 PLATFORMS
+  arm64-darwin
+  arm64-linux
   ruby
+  x86_64-darwin
+  x86_64-linux
+  x86_64-linux-musl
 
 DEPENDENCIES
   aggregate_assertions (~> 0.2.0)
@@ -1003,6 +1048,10 @@ CHECKSUMS
   faraday-retry (2.2.1) sha256=4146fed14549c0580bf14591fca419a40717de0dd24f267a8ec2d9a728677608
   faraday_middleware-aws-sigv4 (1.0.1) sha256=a001ea4f687ca1c60bad8f2a627196905ce3dbf285e461dc153240e92eaabe8f
   ffi (1.17.0) sha256=51630e43425078311c056ca75f961bb3bda1641ab36e44ad4c455e0b0e4a231c
+  ffi (1.17.0-arm64-darwin) sha256=609c874e76614542c6d485b0576e42a7a38ffcdf086612f9a300c4ec3fcd0d12
+  ffi (1.17.0-x86_64-darwin) sha256=fdcd48c69db3303ef95aec5c64d6275fcf9878a02c0bec0afddc506ceca0f56b
+  ffi (1.17.0-x86_64-linux-gnu) sha256=1015e59d5919dd6bbcb0704325b0bd639be664a79b1e2189943ceb18faa34198
+  ffi (1.17.0-x86_64-linux-musl) sha256=6573299eedf8dd16668f8a435b72c4236b61bca0279bb73c811e3cbdb395e877
   ffi-compiler (1.3.2) sha256=a94f3d81d12caf5c5d4ecf13980a70d0aeaa72268f3b9cc13358bcc6509184a0
   fugit (1.11.1) sha256=e89485e7be22226d8e9c6da411664d0660284b4b1c08cacb540f505907869868
   gem_server_conformance (0.1.4) sha256=ee404d5405eabcb6f7ab440d2193177375481a77bfa0ec3106165dd6c8e733bb
@@ -1010,6 +1059,9 @@ CHECKSUMS
   globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9
   good_job (3.99.1) sha256=7d3869d8a8ee8ef7048fee5d746f41c21987b7822c20038a2f773036bef0830a
   google-protobuf (4.28.2) sha256=6841bb4566bc33fc2d59b4dd28bfd9308fc528545f21722e9f6e6fa566289c29
+  google-protobuf (4.28.2-arm64-darwin) sha256=fe43de80f4818900c734dfb9076251ef582d200d4a21985675fc6e1500364602
+  google-protobuf (4.28.2-x86_64-darwin) sha256=e1247c97fd2fb882abc2b6aa2c25211dcf91769665d123358bff8177e9277f8e
+  google-protobuf (4.28.2-x86_64-linux) sha256=c7bb3952d150cb1a0544cef3e3a01ac87fdd190dbf7c26b2ff9e58629bab08ea
   gravtastic (3.2.6) sha256=ef98abcecf7c402b61cff1ae7c50a2c6d97dd22bac21ea9b421ce05bc03d734f
   groupdate (6.4.0) sha256=65940645bf2a48f9b2d10ab7a1d19bdc78f3c89559d8fce39cea3448a15aec54
   hashdiff (1.1.0) sha256=b5465f0e7375f1ee883f53a766ece4dbc764b7674a7c5ffd76e79b2f5f6fc9c9
@@ -1044,7 +1096,11 @@ CHECKSUMS
   letter_opener (1.10.0) sha256=2ff33f2e3b5c3c26d1959be54b395c086ca6d44826e8bf41a14ff96fdf1bdbb2
   letter_opener_web (3.0.0) sha256=3f391efe0e8b9b24becfab5537dfb17a5cf5eb532038f947daab58cb4b749860
   libdatadog (11.0.0.1.0) sha256=44779762b21149be5e17ce599dc2e89f6a3c89a99262293dfafd96ddb110f7f1
+  libdatadog (11.0.0.1.0-x86_64-linux) sha256=f03b510d5b4f85febf640139282b9c3aeb88eb876dcccebc15f704c91c3e73ad
   libddwaf (1.14.0.0.0) sha256=b91ea9675f7d79d1cd10dd6513e3706760ac442cb8902164fbcef79b7082a8fd
+  libddwaf (1.14.0.0.0-arm64-darwin) sha256=cd3c84d58b8f77f93ebb17e6ceb1cfd257c8d3a3a1ea558a7fc14d92f697cc2b
+  libddwaf (1.14.0.0.0-x86_64-darwin) sha256=33017c057fd6b4948ef4577c4a13bc89d878541961b205309fac1e71516433ff
+  libddwaf (1.14.0.0.0-x86_64-linux) sha256=030640a4158ae05f9276cc1e09bfe9d19dda5af26703235cf17cf3752f1985b1
   listen (3.9.0) sha256=db9e4424e0e5834480385197c139cb6b0ae0ef28cc13310cfd1ca78377d59c67
   llhttp-ffi (0.5.0) sha256=496f40ad44bcbf99de02da1f26b1ad64e6593cd487b931508a86228e2a3af0fa
   local_time (3.0.2) sha256=cb8abb2d56726ae285d00b0bd7f4c34bafc38c0c1cbc70ddc28f3a5661168d9d
@@ -1078,6 +1134,9 @@ CHECKSUMS
   net-smtp (0.5.0) sha256=5fc0415e6ea1cc0b3dfea7270438ec22b278ca8d524986a3ae4e5ae8d087b42a
   nio4r (2.7.3) sha256=54b94cdd4b8f9dc39aaad5f699e97afae13efb44f2b180a6e724df76105ff604
   nokogiri (1.16.7) sha256=f819cbfdfb0a7b19c9c52c6f2ca63df0e58a6125f4f139707b586b9511d7fe95
+  nokogiri (1.16.7-arm64-darwin) sha256=276dcea1b988a5b22b5acc1ba901d24b8e908c40b71dccd5d54a2ae279480dad
+  nokogiri (1.16.7-x86_64-darwin) sha256=630732b80fc572690eab50c73a1f18988f3ac401ed0b67ca9956ba2b1e2c3faa
+  nokogiri (1.16.7-x86_64-linux) sha256=9e1e428641d5942af877c60b418c71163560e9feb4a5c4015f3230a8b86a40f6
   oauth2 (2.0.9) sha256=b21f9defcf52dc1610e0dfab4c868342173dcd707fd15c777d9f4f04e153f7fb
   observer (0.1.2) sha256=d8a3107131ba661138d748e7be3dbafc0d82e732fffba9fccb3d7829880950ac
   octokit (9.1.0) sha256=7849a659d2722c629181f48d1d7e567c9539f1a85c9676144dbdbfc6ce288253
@@ -1162,6 +1221,10 @@ CHECKSUMS
   rubyzip (2.3.2) sha256=3f57e3935dc2255c414484fbf8d673b4909d8a6a57007ed754dde39342d2373f
   safety_net_attestation (0.4.0) sha256=96be2d74e7ed26453a51894913449bea0e072f44490021545ac2d1c38b0718ce
   sass-embedded (1.72.0) sha256=05d3e53092022a4b4eef5b76b9597c7f2af4e4efb06812e1a60e3601189a3d2e
+  sass-embedded (1.72.0-arm64-darwin) sha256=24bbb0fe3cb255070c0bd7d44ee330b1226bd02647a4390d6f50e706a3819a4a
+  sass-embedded (1.72.0-x86_64-darwin) sha256=f8b4940847cda523b418b8d1354dfb22464ca1f108d05be3e0d2bab7643d8757
+  sass-embedded (1.72.0-x86_64-linux-gnu) sha256=33ecf2737eb685dc61853652312b0395c645b30578fc0d853d4b15f67cab1f3c
+  sass-embedded (1.72.0-x86_64-linux-musl) sha256=52161ecf9927251a463f8f9d34364940cfe881b47c10b57fdcb6f8e813c91995
   sassc-embedded (1.70.1) sha256=a95172c9c6725dfc412c702a0e705fb8a5bcb3aac2a32586b18e5432987103d3
   sawyer (0.9.2) sha256=fa3a72d62a4525517b18857ddb78926aab3424de0129be6772a8e2ba240e7aca
   searchkick (5.4.0) sha256=75d7256d3ec2af2dc11c2ba8160c86d80451f3f86447aae2ace1f79553de0bf3
@@ -1185,6 +1248,9 @@ CHECKSUMS
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
   tailwindcss-rails (2.7.6) sha256=f2c7521ca178bc0218ed21679fccb6f2e59e81d634ddd22212a753215fc392ab
+  tailwindcss-rails (2.7.6-arm64-darwin) sha256=d30a57f7a7eb68087821878427c4dadb480553590ab324f4973089d817f24fb4
+  tailwindcss-rails (2.7.6-x86_64-darwin) sha256=cffd79d7f1da311caccdcf479521d622fda301895e02489aa8e1a54e01e2fcec
+  tailwindcss-rails (2.7.6-x86_64-linux) sha256=f679dd3b9f6eb4d32caae26b3aaa29076c7437599ccfd810dbf8ce405fd4277b
   terser (1.2.3) sha256=c03111b9b01a7e70cd456b5d9aedf0a56fb99314a19311c4278c01ccebe3da9c
   thor (1.3.2) sha256=eef0293b9e24158ccad7ab383ae83534b7ad4ed99c09f96f1a6b036550abbeda
   tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c

From ebb07646524d1a1bc28e4cae6542d9179b7f6822 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 26 Sep 2024 07:51:19 -0700
Subject: [PATCH 234/381] Bump ruby/setup-ruby from 1.193.0 to 1.194.0 (#5077)

Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.193.0 to 1.194.0.
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/f321cf5a4d1533575411f8752cf25b86478b0442...c04af2bb7258bb6a03df1d3c1865998ac9390972)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/lint.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index ff671393216..4ef791c2090 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@f321cf5a4d1533575411f8752cf25b86478b0442 # v1.193.0
+      - uses: ruby/setup-ruby@c04af2bb7258bb6a03df1d3c1865998ac9390972 # v1.194.0
         with:
           bundler-cache: true
       - name: Rubocop
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@f321cf5a4d1533575411f8752cf25b86478b0442 # v1.193.0
+      - uses: ruby/setup-ruby@c04af2bb7258bb6a03df1d3c1865998ac9390972 # v1.194.0
         with:
           bundler-cache: true
       - name: Brakeman
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@f321cf5a4d1533575411f8752cf25b86478b0442 # v1.193.0
+      - uses: ruby/setup-ruby@c04af2bb7258bb6a03df1d3c1865998ac9390972 # v1.194.0
         with:
           bundler-cache: true
       - name: Importmap Verify
@@ -51,7 +51,7 @@ jobs:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - uses: ruby/setup-ruby@f321cf5a4d1533575411f8752cf25b86478b0442 # v1.193.0
+      - uses: ruby/setup-ruby@c04af2bb7258bb6a03df1d3c1865998ac9390972 # v1.194.0
         with:
           bundler-cache: true
       - name: krane render

From 46716f0e600569652f42774d0230271a9c021ec5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 26 Sep 2024 14:59:22 +0000
Subject: [PATCH 235/381] Bump actions/checkout from 4.1.7 to 4.2.0 (#5078)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/692973e3d937129bcbf40652eb9f2f61becf3332...d632683dd7b4114ad314bca15554477dd762a938)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/codeql.yml     |  2 +-
 .github/workflows/docker.yml     |  2 +-
 .github/workflows/lint.yml       | 10 +++++-----
 .github/workflows/scorecards.yml |  2 +-
 .github/workflows/test.yml       |  2 +-
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index fab805f51ad..f238e1fc71c 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -41,7 +41,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index b034dc8e40c..bcc87047271 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -17,7 +17,7 @@ jobs:
       RUBYGEMS_VERSION: "3.5.20"
       RUBY_VERSION: "3.3.5"
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # master
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 4ef791c2090..bd92544722c 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -12,7 +12,7 @@ jobs:
     name: Rubocop
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - uses: ruby/setup-ruby@c04af2bb7258bb6a03df1d3c1865998ac9390972 # v1.194.0
         with:
           bundler-cache: true
@@ -22,7 +22,7 @@ jobs:
     name: Brakeman
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - uses: ruby/setup-ruby@c04af2bb7258bb6a03df1d3c1865998ac9390972 # v1.194.0
         with:
           bundler-cache: true
@@ -32,7 +32,7 @@ jobs:
     name: Importmap Verify
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - uses: ruby/setup-ruby@c04af2bb7258bb6a03df1d3c1865998ac9390972 # v1.194.0
         with:
           bundler-cache: true
@@ -50,7 +50,7 @@ jobs:
     steps:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - uses: ruby/setup-ruby@c04af2bb7258bb6a03df1d3c1865998ac9390972 # v1.194.0
         with:
           bundler-cache: true
@@ -73,7 +73,7 @@ jobs:
     name: Frizbee
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - uses: segiddins/frizbee-action@c162fdaa6c73525a577d2d6eb193683dfc9ba2be # segiddins/run-in-place
         env:
           GITHUB_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 9999cd1941a..8c0929bb5b4 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3.1.0
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v3.1.0
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index a8b1805742f..bb590c06e46 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -42,7 +42,7 @@ jobs:
       # Fail hard when Toxiproxy is not running to ensure all tests (even Toxiproxy optional ones) are passing
       REQUIRE_TOXIPROXY: true
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Setup rubygems.org
         uses: ./.github/actions/setup-rubygems.org

From a59fb3db9b1663416f65f8a5ec2d103ce2e96e79 Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Sat, 28 Sep 2024 15:12:44 -0700
Subject: [PATCH 236/381] Convert data dumps page to stimulus.js (#5080)

* Convert data dumps to stimulus.js
* Remove very old Redis backups
---
 app/javascript/controllers/dump_controller.js | 62 +++++++++++++++++++
 app/javascript/src/pages.js                   | 61 ------------------
 app/views/pages/data.html.erb                 | 10 +--
 3 files changed, 68 insertions(+), 65 deletions(-)
 create mode 100644 app/javascript/controllers/dump_controller.js

diff --git a/app/javascript/controllers/dump_controller.js b/app/javascript/controllers/dump_controller.js
new file mode 100644
index 00000000000..aecd608354e
--- /dev/null
+++ b/app/javascript/controllers/dump_controller.js
@@ -0,0 +1,62 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static targets = ["list", "template"]
+
+  connect() {
+    this.getDumpData();
+  }
+
+  getDumpData() {
+    fetch('https://s3-us-west-2.amazonaws.com/rubygems-dumps/?prefix=production/public_postgresql')
+      .then(response => response.text())
+      .then(data => {
+        const parser = new DOMParser();
+        const xml = parser.parseFromString(data, "application/xml");
+        const files = this.parseS3Listing(xml);
+        this.render(files);
+      })
+      .catch(error => {
+        console.error(error);
+      });
+  }
+
+  parseS3Listing(xml) {
+    const contents = Array.from(xml.getElementsByTagName('Contents'));
+    return contents.map(item => {
+      return {
+        Key: item.getElementsByTagName('Key')[0].textContent,
+        LastModified: item.getElementsByTagName('LastModified')[0].textContent,
+        Size: item.getElementsByTagName('Size')[0].textContent,
+        StorageClass: item.getElementsByTagName('StorageClass')[0].textContent
+      };
+    });
+  }
+
+  render(files) {
+    files
+      .filter(item => 'STANDARD' === item.StorageClass)
+      .sort((a, b) => Date.parse(b.LastModified) - Date.parse(a.LastModified))
+      .forEach(item => {
+        let text = `${item.LastModified.replace('.000Z', '')} (${this.bytesToSize(item.Size)})`;
+        let uri = `https://s3-us-west-2.amazonaws.com/rubygems-dumps/${item.Key}`;
+        this.appendItem(text, uri);
+      });
+  }
+
+  appendItem(text, uri) {
+    const clone = this.templateTarget.content.cloneNode(true);
+    const a = clone.querySelector('a')
+    a.textContent = text;
+    a.href = uri;
+    this.element.appendChild(clone)
+  }
+
+  bytesToSize(bytes) {
+    if (bytes === 0) { return '0 Bytes' }
+    const k = 1024;
+    const sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'];
+    const i = Math.floor(Math.log(bytes) / Math.log(k));
+    return (bytes / Math.pow(k, i)).toPrecision(3) + " " + sizes[i];
+  }
+}
diff --git a/app/javascript/src/pages.js b/app/javascript/src/pages.js
index f7fe0aa7289..6e0e0a753e1 100644
--- a/app/javascript/src/pages.js
+++ b/app/javascript/src/pages.js
@@ -1,66 +1,5 @@
 import $ from "jquery";
 
-//data page
-$(function() {
-  var getDumpData = function(target, type) {
-    return $.get('https://s3-us-west-2.amazonaws.com/rubygems-dumps/?prefix=production/public_' + type).done(function(data) {
-      var files, xml;
-      xml = $(data);
-      files = parseS3Listing(xml);
-      files = sortByLastModified(files);
-      $(target).html(renderDumpList(files));
-    }).fail(function(error) {
-      console.error(error);
-    });
-  };
-
-  var parseS3Listing = function(xml) {
-    var files;
-    files = $.map(xml.find('Contents'), function(item) {
-      item = $(item);
-      return {
-        Key: item.find('Key').text(),
-        LastModified: item.find('LastModified').text(),
-        Size: item.find('Size').text(),
-        StorageClass: item.find('StorageClass').text()
-      };
-    });
-    return files;
-  };
-
-  var sortByLastModified = function(files) {
-    return files.sort(function(a, b) {return Date.parse(b.LastModified) - Date.parse(a.LastModified)});
-  };
-
-  var bytesToSize = function(bytes) {
-    var i, k, sizes;
-    if (bytes === 0) {
-      return '0 Byte';
-    }
-    k = 1024;
-    sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'];
-    i = Math.floor(Math.log(bytes) / Math.log(k));
-    return (bytes / Math.pow(k, i)).toPrecision(3) + " " + sizes[i];
-  };
-
-  var renderDumpList = function(files) {
-    var content;
-    content = [];
-    $.each(files, function(idx, item) {
-      if ('STANDARD' === item.StorageClass) {
-        return content.push("<li><a href='https://s3-us-west-2.amazonaws.com/rubygems-dumps/" + item.Key + "'>" + (item.LastModified.replace('.000Z', '')) + " (" + (bytesToSize(item.Size)) + ")</a></li>");
-      }
-    });
-    return content.join("\n");
-  };
-
-  if($("#data-dump").length) {
-    getDumpData('ul.rubygems-dump-listing-postgresql', 'postgresql');
-    getDumpData('ul.rubygems-dump-listing-redis', 'redis');
-  }
-
-});
-
 //stats page
 $(function() {
   $('.stats__graph__gem__meter').each(function() {
diff --git a/app/views/pages/data.html.erb b/app/views/pages/data.html.erb
index b3d820b82ba..87e7d71e94e 100644
--- a/app/views/pages/data.html.erb
+++ b/app/views/pages/data.html.erb
@@ -3,8 +3,10 @@
 <div class="t-body" id="data-dump">
   <p>We provide weekly dumps of the RubyGems.org PostgreSQL data. This dump is sanitized, removing all user information.</p>
   <p>The <a href="https://github.com/rubygems/rubygems.org/tree/master/script/load-pg-dump">load-pg-dump</a> script is
-     available as an example of how to to download and load the most recent weekly dump.</p>
-  <ul class="rubygems-dump-listing-postgresql"></ul>
-  <p>We also provide weekly dumps of the historial RubyGems.org Redis data. (We do not use redis anymore but these are here for historical purposes.)</p>
-  <ul class="rubygems-dump-listing-redis"></ul>
+    available as an example of how to to download and load the most recent weekly dump.</p>
+  <ul data-controller="dump">
+    <template data-dump-target="template">
+      <li><a href="#"></a></li>
+    </template>
+  </ul>
 </div>

From 07001c3139ba179bcc86393cca3cc588583e7277 Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Sat, 28 Sep 2024 17:59:21 -0700
Subject: [PATCH 237/381] Stimulus.js stats controller (#5081)

---
 app/javascript/controllers/stats_controller.js | 10 ++++++++++
 app/javascript/src/pages.js                    |  7 -------
 app/views/stats/index.html.erb                 |  2 +-
 test/functional/stats_controller_test.rb       |  4 ++--
 4 files changed, 13 insertions(+), 10 deletions(-)
 create mode 100644 app/javascript/controllers/stats_controller.js

diff --git a/app/javascript/controllers/stats_controller.js b/app/javascript/controllers/stats_controller.js
new file mode 100644
index 00000000000..0f17d3f2d66
--- /dev/null
+++ b/app/javascript/controllers/stats_controller.js
@@ -0,0 +1,10 @@
+import { Controller } from "@hotwired/stimulus"
+import $ from 'jquery'
+
+export default class extends Controller {
+  static values = { width: String }
+
+  connect() {
+    $(this.element).animate({ width: this.widthValue + '%' }, 700).removeClass('t-item--hidden').css("display", "block");
+  }
+}
diff --git a/app/javascript/src/pages.js b/app/javascript/src/pages.js
index 6e0e0a753e1..301e599cbba 100644
--- a/app/javascript/src/pages.js
+++ b/app/javascript/src/pages.js
@@ -1,12 +1,5 @@
 import $ from "jquery";
 
-//stats page
-$(function() {
-  $('.stats__graph__gem__meter').each(function() {
-    $(this).animate({ width: $(this).data("bar-width") + '%' }, 700).removeClass('t-item--hidden').css("display", "block");
-  });
-});
-
 //gem page
 $(function() {
   $('.gem__users__mfa-text.mfa-warn').on('click', function() {
diff --git a/app/views/stats/index.html.erb b/app/views/stats/index.html.erb
index 69555fc487f..bcac07047d8 100644
--- a/app/views/stats/index.html.erb
+++ b/app/views/stats/index.html.erb
@@ -27,7 +27,7 @@
   <div class="stats__graph__gem">
     <h3 class="stats__graph__gem__name"><%= link_to gem.name, rubygem_path(gem.slug) %></h3>
     <div class="stats__graph__gem__meter-wrap">
-      <div class="stats__graph__gem__meter t-item--hidden" data-bar-width="<%= stats_graph_meter(gem, @most_downloaded_count) %>">
+      <div class="stats__graph__gem__meter t-item--hidden" data-controller="stats" data-stats-width-value="<%= stats_graph_meter(gem, @most_downloaded_count) %>">
         <span class="stats__graph__gem__count"><%= number_to_delimited gem.downloads %></span>
       </div>
     </div>
diff --git a/test/functional/stats_controller_test.rb b/test/functional/stats_controller_test.rb
index 0f6b66a5d28..84768c6adf8 100644
--- a/test/functional/stats_controller_test.rb
+++ b/test/functional/stats_controller_test.rb
@@ -61,8 +61,8 @@ class StatsControllerTest < ActionController::TestCase
       assert page.has_selector?(".stats__graph__gem__meter")
 
       page.find_all(".stats__graph__gem__meter").each do |element|
-        assert element["data-bar-width"]
-        width = element["data-bar-width"].to_f
+        assert element["data-stats-width-value"]
+        width = element["data-stats-width-value"].to_f
 
         assert_operator width, :<=, 100, "#{width} is greater than 100"
       end

From eaa181b641a499df8d90a0f4488dcd7785d5579b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Sep 2024 15:01:36 +0000
Subject: [PATCH 238/381] Bump github/codeql-action from 3.26.9 to 3.26.10

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.9 to 3.26.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/461ef6c76dfe95d5c364de2f431ddbd31a417628...e2b3eafc8d227b0241d48be5f425d47c2d750a13)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index f238e1fc71c..424aef48e9f 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
+        uses: github/codeql-action/init@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
+        uses: github/codeql-action/autobuild@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
+        uses: github/codeql-action/analyze@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 8c0929bb5b4..e7fe719c06a 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
+        uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10
         with:
           sarif_file: results.sarif

From bd5a7f3393e838dfcd4f5f25954bd341f41d7fb1 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Fri, 20 Sep 2024 15:18:58 -0700
Subject: [PATCH 239/381] Add length validations for user-supplied string
 attributes

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 app/models/gem_name_reservation.rb            |  2 +-
 app/models/gem_typo_exception.rb              |  2 +-
 app/models/linkset.rb                         |  2 ++
 app/models/oidc/api_key_role.rb               |  2 +-
 .../oidc/trusted_publisher/github_action.rb   |  8 +++-----
 app/models/user.rb                            |  5 ++---
 app/models/webauthn_credential.rb             |  6 +++---
 app/models/webauthn_verification.rb           |  2 +-
 test/models/gem_name_reservation_test.rb      |  1 +
 test/models/gem_typo_exception_test.rb        |  1 +
 test/models/linkset_test.rb                   |  7 +++++++
 test/models/oidc/api_key_role_test.rb         |  2 ++
 .../trusted_publisher/github_action_test.rb   | 20 +++++++++++++++----
 test/models/user_test.rb                      |  3 ++-
 test/models/webauthn_credential_test.rb       |  4 ++++
 test/unit/webauthn_verification_test.rb       |  2 ++
 16 files changed, 49 insertions(+), 20 deletions(-)

diff --git a/app/models/gem_name_reservation.rb b/app/models/gem_name_reservation.rb
index 4e3e69eb566..cb4e685a20a 100644
--- a/app/models/gem_name_reservation.rb
+++ b/app/models/gem_name_reservation.rb
@@ -1,5 +1,5 @@
 class GemNameReservation < ApplicationRecord
-  validates :name, uniqueness: { case_sensitive: false }, presence: true
+  validates :name, uniqueness: { case_sensitive: false }, presence: true, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }
   validate :downcase_name_check
 
   def self.reserved?(name)
diff --git a/app/models/gem_typo_exception.rb b/app/models/gem_typo_exception.rb
index 98db3b92cde..668c5e3830b 100644
--- a/app/models/gem_typo_exception.rb
+++ b/app/models/gem_typo_exception.rb
@@ -1,5 +1,5 @@
 class GemTypoException < ApplicationRecord
-  validates :name, presence: true, uniqueness: { case_sensitive: false }
+  validates :name, presence: true, uniqueness: { case_sensitive: false }, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }
   validate :rubygems_name
 
   private
diff --git a/app/models/linkset.rb b/app/models/linkset.rb
index dc0be7a6d3d..ccea8016728 100644
--- a/app/models/linkset.rb
+++ b/app/models/linkset.rb
@@ -11,6 +11,8 @@ class Linkset < ApplicationRecord
       allow_nil: true,
       allow_blank: true,
       message: "does not appear to be a valid URL"
+
+    validates url, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }
   end
 
   def empty?
diff --git a/app/models/oidc/api_key_role.rb b/app/models/oidc/api_key_role.rb
index 1f7edf17a85..9111cc723e6 100644
--- a/app/models/oidc/api_key_role.rb
+++ b/app/models/oidc/api_key_role.rb
@@ -22,7 +22,7 @@ class OIDC::ApiKeyRole < ApplicationRecord
   scope :deleted, -> { where.not(deleted_at: nil) }
   scope :active, -> { where(deleted_at: nil) }
 
-  validates :name, presence: true, length: { maximum: 255 }, uniqueness: { scope: :user_id }
+  validates :name, presence: true, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }, uniqueness: { scope: :user_id }
 
   attribute :api_key_permissions, Types::JsonDeserializable.new(OIDC::ApiKeyPermissions)
   validates :api_key_permissions, presence: true, nested: true
diff --git a/app/models/oidc/trusted_publisher/github_action.rb b/app/models/oidc/trusted_publisher/github_action.rb
index dd68c8132ec..11f02a61ff1 100644
--- a/app/models/oidc/trusted_publisher/github_action.rb
+++ b/app/models/oidc/trusted_publisher/github_action.rb
@@ -8,11 +8,9 @@ class OIDC::TrustedPublisher::GitHubAction < ApplicationRecord
 
   before_validation :find_github_repository_owner_id
 
-  validates :repository_owner, presence: true
-  validates :repository_name, presence: true
-  validates :workflow_filename, presence: true
-  validates :environment, presence: true, allow_nil: true
-  validates :repository_owner_id, presence: true
+  validates :repository_owner, :repository_name, :workflow_filename, :repository_owner_id,
+    presence: true, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }
+  validates :environment, presence: true, allow_nil: true, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }
 
   validate :unique_publisher
   validate :workflow_filename_format
diff --git a/app/models/user.rb b/app/models/user.rb
index dbf55be8aa2..a740033e4a3 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -68,7 +68,7 @@ class User < ApplicationRecord
   has_many :organizations, through: :memberships
 
   validates :email, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }, format: { with: URI::MailTo::EMAIL_REGEXP }, presence: true,
-uniqueness: { case_sensitive: false }
+    uniqueness: { case_sensitive: false }
   validates :unconfirmed_email, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }, format: { with: URI::MailTo::EMAIL_REGEXP }, allow_blank: true
 
   validates :handle, uniqueness: { case_sensitive: false }, allow_nil: true, if: :handle_changed?
@@ -78,9 +78,8 @@ class User < ApplicationRecord
   validates :twitter_username, format: {
     with: /\A[a-zA-Z0-9_]*\z/,
     message: "can only contain letters, numbers, and underscores"
-  }, allow_nil: true
+  }, allow_nil: true, length: { within: 0..20 }
 
-  validates :twitter_username, length: { within: 0..20 }, allow_nil: true
   validates :password,
     length: { within: 10..200 },
     unpwn: true,
diff --git a/app/models/webauthn_credential.rb b/app/models/webauthn_credential.rb
index 0d948384839..99ca6b3ce34 100644
--- a/app/models/webauthn_credential.rb
+++ b/app/models/webauthn_credential.rb
@@ -1,9 +1,9 @@
 class WebauthnCredential < ApplicationRecord
   belongs_to :user
 
-  validates :external_id, uniqueness: true, presence: true
-  validates :public_key, presence: true
-  validates :nickname, presence: true, uniqueness: { scope: :user_id }
+  validates :external_id, uniqueness: true, presence: true, length: { maximum: 512 }
+  validates :public_key, presence: true, length: { maximum: 512 }
+  validates :nickname, presence: true, uniqueness: { scope: :user_id }, length: { maximum: 64 }
   validates :sign_count, presence: true, numericality: { greater_than_or_equal_to: 0 }
 
   after_create :send_creation_email
diff --git a/app/models/webauthn_verification.rb b/app/models/webauthn_verification.rb
index 052d8b97925..95b19ae1485 100644
--- a/app/models/webauthn_verification.rb
+++ b/app/models/webauthn_verification.rb
@@ -2,7 +2,7 @@ class WebauthnVerification < ApplicationRecord
   belongs_to :user
 
   validates :user_id, uniqueness: true
-  validates :path_token, presence: true, uniqueness: true
+  validates :path_token, presence: true, uniqueness: true, length: { maximum: 128 }
   validates :path_token_expires_at, presence: true
 
   def expire_path_token
diff --git a/test/models/gem_name_reservation_test.rb b/test/models/gem_name_reservation_test.rb
index 2a46647f449..aab29c8a16f 100644
--- a/test/models/gem_name_reservation_test.rb
+++ b/test/models/gem_name_reservation_test.rb
@@ -13,6 +13,7 @@ class GemNameReservationTest < ActiveSupport::TestCase
     should_not allow_value("Abc").for(:name)
     should allow_value("abc").for(:name)
     should validate_uniqueness_of(:name).case_insensitive
+    should validate_length_of(:name).is_at_most(Gemcutter::MAX_FIELD_LENGTH)
   end
 
   context "#reserved?" do
diff --git a/test/models/gem_typo_exception_test.rb b/test/models/gem_typo_exception_test.rb
index f9d4acef3ac..1dc77b7fe9a 100644
--- a/test/models/gem_typo_exception_test.rb
+++ b/test/models/gem_typo_exception_test.rb
@@ -3,6 +3,7 @@
 class GemTypoExceptionTest < ActiveSupport::TestCase
   context "name validations" do
     should validate_uniqueness_of(:name).case_insensitive
+    should validate_length_of(:name).is_at_most(Gemcutter::MAX_FIELD_LENGTH)
 
     should "be a valid factory" do
       assert_predicate build(:gem_typo_exception), :valid?
diff --git a/test/models/linkset_test.rb b/test/models/linkset_test.rb
index 261890a1bcc..a57d2c58db9 100644
--- a/test/models/linkset_test.rb
+++ b/test/models/linkset_test.rb
@@ -36,4 +36,11 @@ class LinksetTest < ActiveSupport::TestCase
       assert_equal @spec.homepage, @linkset.home
     end
   end
+
+  context "validations" do
+    %w[home code docs wiki mail bugs].each do |link|
+      should allow_value("http://example.com").for(link.to_sym)
+      should validate_length_of(link).is_at_most(Gemcutter::MAX_FIELD_LENGTH)
+    end
+  end
 end
diff --git a/test/models/oidc/api_key_role_test.rb b/test/models/oidc/api_key_role_test.rb
index 790f6a1ee16..bce620fd32b 100644
--- a/test/models/oidc/api_key_role_test.rb
+++ b/test/models/oidc/api_key_role_test.rb
@@ -8,6 +8,8 @@ class OIDC::ApiKeyRoleTest < ActiveSupport::TestCase
   should have_many :id_tokens
   should validate_presence_of :api_key_permissions
   should validate_presence_of :access_policy
+  should validate_presence_of :name
+  should validate_length_of(:name).is_at_most(Gemcutter::MAX_FIELD_LENGTH)
 
   setup do
     @role = build(:oidc_api_key_role)
diff --git a/test/models/oidc/trusted_publisher/github_action_test.rb b/test/models/oidc/trusted_publisher/github_action_test.rb
index b87e8e63e8f..bae69432ff9 100644
--- a/test/models/oidc/trusted_publisher/github_action_test.rb
+++ b/test/models/oidc/trusted_publisher/github_action_test.rb
@@ -7,10 +7,22 @@ class OIDC::TrustedPublisher::GitHubActionTest < ActiveSupport::TestCase
   should have_many(:rubygem_trusted_publishers)
   should have_many(:api_keys).inverse_of(:owner)
 
-  should validate_presence_of(:repository_owner)
-  should validate_presence_of(:repository_name)
-  should validate_presence_of(:workflow_filename)
-  should validate_presence_of(:repository_owner_id)
+  context "validations" do
+    setup do
+      stub_request(:get, Addressable::Template.new("https://api.github.com/users/{user}"))
+        .to_return(status: 404, body: "", headers: {})
+    end
+    should validate_presence_of(:repository_owner)
+    should validate_length_of(:repository_owner).is_at_most(Gemcutter::MAX_FIELD_LENGTH)
+    should validate_presence_of(:repository_name)
+    should validate_length_of(:repository_name).is_at_most(Gemcutter::MAX_FIELD_LENGTH)
+    should validate_presence_of(:workflow_filename)
+    should validate_length_of(:workflow_filename).is_at_most(Gemcutter::MAX_FIELD_LENGTH)
+    should validate_presence_of(:repository_owner_id)
+    should validate_length_of(:repository_owner_id).is_at_most(Gemcutter::MAX_FIELD_LENGTH)
+
+    should validate_length_of(:environment).is_at_most(Gemcutter::MAX_FIELD_LENGTH)
+  end
 
   test "validates publisher uniqueness" do
     publisher = create(:oidc_trusted_publisher_github_action)
diff --git a/test/models/user_test.rb b/test/models/user_test.rb
index 0baaab92185..67662129d1d 100644
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@@ -17,6 +17,7 @@ class UserTest < ActiveSupport::TestCase
       should_not allow_value("1abcde").for(:handle)
       should_not allow_value("abc^%def").for(:handle)
       should_not allow_value("abc\n<script>bad").for(:handle)
+      should validate_length_of(:handle).is_at_least(2).is_at_most(40)
 
       should "be between 2 and 40 characters" do
         user = build(:user, handle: "a")
@@ -162,7 +163,7 @@ class UserTest < ActiveSupport::TestCase
     end
 
     context "twitter_username" do
-      should validate_length_of(:twitter_username)
+      should validate_length_of(:twitter_username).is_at_most(20)
       should allow_value("user123_32").for(:twitter_username)
       should_not allow_value("@user").for(:twitter_username)
       should_not allow_value("user 1").for(:twitter_username)
diff --git a/test/models/webauthn_credential_test.rb b/test/models/webauthn_credential_test.rb
index a470cbaa7d6..78458a31c32 100644
--- a/test/models/webauthn_credential_test.rb
+++ b/test/models/webauthn_credential_test.rb
@@ -6,8 +6,12 @@ class WebauthnCredentialTest < ActiveSupport::TestCase
   should belong_to :user
   should validate_presence_of(:external_id)
   should validate_uniqueness_of(:external_id)
+  should validate_length_of(:external_id).is_at_most(512)
   should validate_presence_of(:public_key)
+  should validate_length_of(:public_key).is_at_most(512)
   should validate_presence_of(:nickname)
+  should validate_uniqueness_of(:nickname).scoped_to(:user_id)
+  should validate_length_of(:nickname).is_at_most(64)
   should validate_presence_of(:sign_count)
   should validate_numericality_of(:sign_count).is_greater_than_or_equal_to(0)
 
diff --git a/test/unit/webauthn_verification_test.rb b/test/unit/webauthn_verification_test.rb
index 4a7e100dc4b..5d0eb01db2b 100644
--- a/test/unit/webauthn_verification_test.rb
+++ b/test/unit/webauthn_verification_test.rb
@@ -8,6 +8,8 @@ class WebauthnVerificationTest < ActiveSupport::TestCase
   should validate_uniqueness_of(:user_id)
   should validate_presence_of(:path_token)
   should validate_uniqueness_of(:path_token)
+  should validate_presence_of(:path_token)
+  should validate_length_of(:path_token).is_at_most(128)
   should validate_presence_of(:path_token_expires_at)
 
   context "#expire_path_token" do

From 4ae91b534c05e808b23eb1ba9f60fef47caa4e4c Mon Sep 17 00:00:00 2001
From: Martin Emde <me@martinemde.com>
Date: Sun, 29 Sep 2024 18:27:04 -0700
Subject: [PATCH 240/381] Refactor recovery codes to switch everything to
 stimulus clipboard

---
 app/assets/stylesheets/modules/gem.css        |  29 ---
 app/assets/stylesheets/modules/shared.css     |  14 ++
 app/helpers/rubygems_helper.rb                |  30 +++
 app/javascript/application.js                 |   2 -
 app/javascript/controllers/application.js     |   4 +
 .../controllers/recovery_controller.js        |  39 ++++
 app/javascript/src/clipboard_buttons.js       |  38 ----
 app/javascript/src/multifactor_auths.js       |  43 ----
 app/views/multifactor_auths/recovery.html.erb |  33 ++--
 .../github_actions_workflow_view.rb           |  12 +-
 app/views/rubygems/_gem_members.html.erb      |   7 +-
 app/views/rubygems/show.html.erb              |  12 +-
 config/importmap.rb                           |   2 +-
 config/locales/de.yml                         |   5 +-
 config/locales/en.yml                         |   5 +-
 config/locales/es.yml                         |   5 +-
 config/locales/fr.yml                         |   5 +-
 config/locales/ja.yml                         |   5 +-
 config/locales/nl.yml                         |   9 +-
 config/locales/pt-BR.yml                      |   9 +-
 config/locales/zh-CN.yml                      |   5 +-
 config/locales/zh-TW.yml                      |   5 +-
 test/system/multifactor_auths_test.rb         |   4 +-
 test/system/settings_test.rb                  |   6 +-
 test/system/webauthn_credentials_test.rb      |   2 +-
 test/test_helper.rb                           |   5 +-
 .../@stimulus-components--clipboard.js        |   2 +
 vendor/javascript/clipboard.js                | 186 ------------------
 28 files changed, 142 insertions(+), 381 deletions(-)
 create mode 100644 app/javascript/controllers/recovery_controller.js
 delete mode 100644 app/javascript/src/clipboard_buttons.js
 delete mode 100644 app/javascript/src/multifactor_auths.js
 create mode 100644 vendor/javascript/@stimulus-components--clipboard.js
 delete mode 100644 vendor/javascript/clipboard.js

diff --git a/app/assets/stylesheets/modules/gem.css b/app/assets/stylesheets/modules/gem.css
index f04b793d00e..cf8c3d54c7a 100644
--- a/app/assets/stylesheets/modules/gem.css
+++ b/app/assets/stylesheets/modules/gem.css
@@ -187,35 +187,6 @@
 .gem__code__icon.static {
   position: static; }
 
-.gem__code__tooltip--copy,
-.gem__code__tooltip--copied {
-  display: none; }
-
-.clipboard-is-hover,
-.clipboard-is-active {
-  display: block;
-  position: absolute;
-  top: 45px;
-  right: 0;
-  width: auto;
-  padding-left: 10px;
-  padding-right: 10px;
-  z-index: 1;
-  border-radius: 6px;
-  background-color: #141c22;
-  text-transform: none;
-  line-height: 30px;
-  text-align: center;
-  color: #ffffff; }
-  .clipboard-is-hover:before,
-  .clipboard-is-active:before {
-    content: "";
-    position: absolute;
-    top: -15px;
-    right: 8px;
-    border: 8px solid transparent;
-    border-bottom: 8px solid #141c22; }
-
 .gem__link:before {
   margin-right: 16px; }
 
diff --git a/app/assets/stylesheets/modules/shared.css b/app/assets/stylesheets/modules/shared.css
index 08ece7df3a0..499adb14719 100644
--- a/app/assets/stylesheets/modules/shared.css
+++ b/app/assets/stylesheets/modules/shared.css
@@ -183,6 +183,20 @@ span.github-btn {
   margin-top: 5px;
 }
 
+.recovery-code-list {
+  border: none;
+  padding: 10px 20px;
+  font-size: 1.2em;
+  font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;
+  resize: none;
+  background: none;
+}
+
+.recovery-code-list:focus {
+  background: none;
+  outline: none;
+}
+
 .recovery-code-list__item {
   font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;
 }
diff --git a/app/helpers/rubygems_helper.rb b/app/helpers/rubygems_helper.rb
index 7898a9e9475..a6f2db4279c 100644
--- a/app/helpers/rubygems_helper.rb
+++ b/app/helpers/rubygems_helper.rb
@@ -188,4 +188,34 @@ def github_params(rubygem)
       size: "large"
     }
   end
+
+  def copy_field_tag(name, value)
+    field = text_field_tag(
+      name,
+      value,
+      id: name,
+      class: "gem__code",
+      readonly: "readonly",
+      data: { clipboard_target: "source" }
+    )
+
+    button = tag.span(
+      "=",
+      class: "gem__code__icon",
+      title: t("copy_to_clipboard"),
+      data: {
+        action: "click->clipboard#copy",
+        clipboard_target: "button"
+      }
+    )
+
+    tag.div(
+      field + button,
+      class: "gem__code-wrap",
+      data: {
+        controller: "clipboard",
+        clipboard_success_content_value: "✔"
+      }
+    )
+  end
 end
diff --git a/app/javascript/application.js b/app/javascript/application.js
index 338c6f33691..10a27b831c7 100644
--- a/app/javascript/application.js
+++ b/app/javascript/application.js
@@ -7,8 +7,6 @@ LocalTime.start()
 
 import "controllers"
 
-import "src/clipboard_buttons";
-import "src/multifactor_auths";
 import "src/oidc_api_key_role_form";
 import "src/pages";
 import "src/search";
diff --git a/app/javascript/controllers/application.js b/app/javascript/controllers/application.js
index 1213e85c7ac..c3847f16889 100644
--- a/app/javascript/controllers/application.js
+++ b/app/javascript/controllers/application.js
@@ -1,7 +1,11 @@
 import { Application } from "@hotwired/stimulus"
+import Clipboard from '@stimulus-components/clipboard'
 
 const application = Application.start()
 
+// Add vendored controllers
+application.register('clipboard', Clipboard)
+
 // Configure Stimulus development experience
 application.debug = false
 window.Stimulus   = application
diff --git a/app/javascript/controllers/recovery_controller.js b/app/javascript/controllers/recovery_controller.js
new file mode 100644
index 00000000000..832bd691bf1
--- /dev/null
+++ b/app/javascript/controllers/recovery_controller.js
@@ -0,0 +1,39 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static values = {
+    confirm: { type: String, default: "Leave without copying recovery codes?" }
+  }
+
+  connect() {
+    this.copied = false;
+    window.addEventListener("beforeunload", this.popUp);
+  }
+
+  popUp(e) {
+    e.preventDefault();
+    e.returnValue = "";
+  }
+
+  copy() {
+    if (!this.copied) {
+      this.copied = true;
+      window.removeEventListener("beforeunload", this.popUp);
+    }
+  }
+
+  submit(e) {
+    e.preventDefault();
+
+    if (!this.element.checkValidity()) {
+      this.element.reportValidity();
+      return;
+    }
+
+    if (this.copied || confirm(this.confirmValue)) {
+      window.removeEventListener("beforeunload", this.popUp);
+      // Don't include the form data in the URL.
+      window.location.href = this.element.action;
+    }
+  }
+}
diff --git a/app/javascript/src/clipboard_buttons.js b/app/javascript/src/clipboard_buttons.js
deleted file mode 100644
index 23dcd50b1fe..00000000000
--- a/app/javascript/src/clipboard_buttons.js
+++ /dev/null
@@ -1,38 +0,0 @@
-import $ from "jquery";
-import ClipboardJS from "clipboard";
-
-$(function() {
-  var clipboard = new ClipboardJS('.gem__code__icon');
-  var copyTooltip = $('.gem__code__tooltip--copy');
-  var copiedTooltip = $('.gem__code__tooltip--copied');
-  var copyButtons = $('.gem__code__icon');
-
-  function hideCopyShowCopiedTooltips(e) {
-    copyTooltip.removeClass("clipboard-is-hover");
-    copiedTooltip.insertAfter(e.trigger);
-    copiedTooltip.addClass("clipboard-is-active");
-  };
-
-  clipboard.on('success', function(e) {
-    hideCopyShowCopiedTooltips(e);
-    e.clearSelection();
-  });
-
-  clipboard.on('error', function(e) {
-    hideCopyShowCopiedTooltips(e);
-    copiedTooltip.text("Ctrl-C to Copy");
-  });
-
-  copyButtons.hover(function() {
-    copyTooltip.insertAfter(this);
-    copyTooltip.addClass("clipboard-is-hover");
-  });
-
-  copyButtons.mouseout(function() {
-    copyTooltip.removeClass("clipboard-is-hover");
-  });
-
-  copyButtons.mouseout(function() {
-    copiedTooltip.removeClass("clipboard-is-active");
-  });
-});
diff --git a/app/javascript/src/multifactor_auths.js b/app/javascript/src/multifactor_auths.js
deleted file mode 100644
index 3802c978f1d..00000000000
--- a/app/javascript/src/multifactor_auths.js
+++ /dev/null
@@ -1,43 +0,0 @@
-import $ from "jquery";
-import ClipboardJS from "clipboard";
-
-function popUp (e) {
-  e.preventDefault();
-  e.returnValue = "";
-};
-
-function confirmNoRecoveryCopy (e, from) {
-  if (from == null){
-    e.preventDefault();
-    if (confirm("Leave without copying recovery codes?")) {
-      window.removeEventListener("beforeunload", popUp);
-      $(this).trigger('click', ["non-null"]);
-    }
-  }
-}
-
-if (document.getElementById("recovery-code-list")) {
-  new ClipboardJS(".recovery__copy__icon");
-
-  $(".recovery__copy__icon").on("click", function(e){
-    $(this).text("[ copied ]");
-
-    if( !$(this).is(".clicked") ) {
-      e.preventDefault();
-      $(this).addClass("clicked");
-      window.removeEventListener("beforeunload", popUp);
-      $(".form__submit").unbind("click", confirmNoRecoveryCopy);
-    }
-  });
-
-  window.addEventListener("beforeunload", popUp);
-  $(".form__submit").on("click", confirmNoRecoveryCopy);
-
-  $(".form__checkbox__input").change(function() {
-    if(this.checked) {
-      $(".form__submit").prop('disabled', false);
-    } else {
-      $(".form__submit").prop('disabled', true);
-    }
-  });
-}
diff --git a/app/views/multifactor_auths/recovery.html.erb b/app/views/multifactor_auths/recovery.html.erb
index f1e46bec240..9a5fa4cbe06 100644
--- a/app/views/multifactor_auths/recovery.html.erb
+++ b/app/views/multifactor_auths/recovery.html.erb
@@ -1,18 +1,25 @@
 <% @title = t(".title") %>
 
-<div class="t-body">
+<%= tag.div(
+  class: "t-body",
+  data: {
+    controller: "clipboard",
+    clipboard_success_content_value: t('copied')
+  }
+) do %>
   <p><%= t ".note_html" %></p>
 
-  <ul id="recovery-code-list">
-    <% @mfa_recovery_codes.each do |code| %>
-      <li class="recovery-code-list__item"><%= code %></li>
-    <% end %>
-  </ul>
+  <%# This tag contains the recovery codes and should not be a part of the form %>
+  <%= text_area_tag "source", "#{@mfa_recovery_codes.join("\n")}\n", class: "recovery-code-list", rows: @mfa_recovery_codes.size + 1, cols: @mfa_recovery_codes.first.length + 1, readonly: true, data: { clipboard_target: "source" } %>
 
-  <p><%= link_to t(".copy"), "#/", class: "t-link--bold recovery__copy__icon", data: { "clipboard-target": "#recovery-code-list" } %></p>
-  <div class = "form__checkbox__item">
-    <%= check_box_tag "checked", "ack", false, class: "form__checkbox__input" %>
-    <%= label_tag "checked", t(".saved"), class: "form__checkbox__label" %>
-  </div>
-  <%= button_to t(".continue"), @continue_path, method: "get", class: "form__submit form__submit--no-hover", disabled: true %>
-</div>
+  <%= form_tag(@continue_path, method: "get", class: "form", data: { controller: "recovery", recovery_confirm_value: t(".confirm_dialog"), action: "recovery#submit" }) do %>
+    <p><%= link_to t("copy_to_clipboard"), "#/", class: "t-link--bold recovery__copy__icon", data: { action: "clipboard#copy recovery#copy", clipboard_target: "button" } %></p>
+
+    <div class = "form__checkbox__item">
+      <%= check_box_tag "checked", "ack", false, required: true, class: "form__checkbox__input" %>
+      <%= label_tag "checked", t(".saved"), class: "form__checkbox__label" %>
+    </div>
+
+    <%= button_tag t(".continue"), class: "form__submit form__submit--no-hover" %>
+  <% end %>
+<% end %>
diff --git a/app/views/oidc/api_key_roles/github_actions_workflow_view.rb b/app/views/oidc/api_key_roles/github_actions_workflow_view.rb
index a7032b28e00..c250501599c 100644
--- a/app/views/oidc/api_key_roles/github_actions_workflow_view.rb
+++ b/app/views/oidc/api_key_roles/github_actions_workflow_view.rb
@@ -15,7 +15,7 @@ def view_template
 
     return if not_configured
 
-    div(class: "t-body") do
+    div(class: "t-body", data: { controller: "clipboard", clipboard_success_content_value: "✔" }) do
       p do
         t(".configured_for_html", link_html:
           single_gem_role? ? helpers.link_to(gem_name, rubygem_path(gem_name)) : t(".a_gem"))
@@ -30,12 +30,14 @@ def view_template
 
       header(class: "gem__code__header") do
         h3(class: "t-list__heading l-mb-0") { code { ".github/workflows/push_gem.yml" } }
-        button(class: "gem__code__icon", data: { "clipboard-target": "#workflow_yaml" }) { "=" }
-        span(class: "gem__code__tooltip--copy") { t("copy_to_clipboard") }
-        span(class: "gem__code__tooltip--copied") { t("copied") }
+        button(
+          class: "gem__code__icon",
+          title: t("copy_to_clipboard"),
+          data: { action: "click->clipboard#copy", clipboard_target: "button" }
+        ) { "=" }
       end
       pre(class: "gem__code multiline") do
-        code(class: "multiline", id: "workflow_yaml") do
+        code(class: "multiline", id: "workflow_yaml", data: { clipboard_target: "source" }) do
           plain workflow_yaml
         end
       end
diff --git a/app/views/rubygems/_gem_members.html.erb b/app/views/rubygems/_gem_members.html.erb
index fc15a017930..3b4461ac44f 100644
--- a/app/views/rubygems/_gem_members.html.erb
+++ b/app/views/rubygems/_gem_members.html.erb
@@ -57,12 +57,7 @@
 
   <% if latest_version.sha256.present? %>
     <h3 class="t-list__heading"><%= t '.sha_256_checksum' %>:</h3>
-    <div class="gem__code-wrap">
-      <input type="text" class="gem__code" id="gem_sha_256_checksum" value="<%= latest_version.sha256_hex %>" readonly="readonly">
-      <span class="gem__code__icon" id="js-gem__code--gemfile" data-clipboard-target="#gem_sha_256_checksum">=</span>
-      <span class="gem__code__tooltip--copy"><%= t('copy_to_clipboard') %></span>
-      <span class="gem__code__tooltip--copied"><%= t('copied') %></span>
-    </div>
+    <%= copy_field_tag("gem_sha_256_checksum", latest_version.sha256_hex) %>
   <% end %>
 
   <% if latest_version.cert_chain.present? %>
diff --git a/app/views/rubygems/show.html.erb b/app/views/rubygems/show.html.erb
index 617e95ac320..a1703a598b0 100644
--- a/app/views/rubygems/show.html.erb
+++ b/app/views/rubygems/show.html.erb
@@ -31,19 +31,11 @@
       <div class="gem__install">
         <h2 class="gem__ruby-version__heading t-list__heading">
           <%= t '.bundler_header' %>:
-          <div class="gem__code-wrap">
-            <input type="text" class="gem__code" id="gemfile_text" value="<%= @latest_version.to_bundler(locked_version: @on_version_page) %>" readonly="readonly">
-            <span class="gem__code__icon" id="js-gem__code--gemfile" data-clipboard-target="#gemfile_text">=</span>
-            <span class="gem__code__tooltip--copy"><%= t('copy_to_clipboard') %></span>
-            <span class="gem__code__tooltip--copied"><%= t('copied') %></span>
-          </div>
+          <%= copy_field_tag("gemfile_text", @latest_version.to_bundler(locked_version: @on_version_page)) %>
         </h2>
         <h2 class="gem__ruby-version__heading t-list__heading">
           <%= t '.install' %>:
-          <div class="gem__code-wrap">
-            <input type="text" class="gem__code" id="install_text" value="<%= @latest_version.to_install %>" readonly="readonly">
-            <span class="gem__code__icon" id="js-gem__code--install" data-clipboard-target="#install_text">=</span>
-          </div>
+          <%= copy_field_tag("install_text", @latest_version.to_install) %>
         </h2>
       </div>
     <% else %>
diff --git a/config/importmap.rb b/config/importmap.rb
index d25a50aee3e..4897472eefb 100644
--- a/config/importmap.rb
+++ b/config/importmap.rb
@@ -5,12 +5,12 @@
 pin "application"
 pin_all_from "app/javascript/src", under: "src"
 
-pin "clipboard" # @2.0.11
 # stimulus.min.js is a compiled asset from stimulus-rails gem
 pin "@hotwired/stimulus", to: "stimulus.min.js"
 # stimulus-loading.js is a compiled asset only available from stimulus-rails gem
 pin "@hotwired/stimulus-loading", to: "stimulus-loading.js"
 pin_all_from "app/javascript/controllers", under: "controllers"
+pin "@stimulus-components/clipboard", to: "@stimulus-components--clipboard.js" # @5.0.0
 
 # vendored and adapted from https://github.com/mdo/github-buttons/blob/master/src/js.js
 pin "github-buttons"
diff --git a/config/locales/de.yml b/config/locales/de.yml
index fdbace32003..975b1593aa1 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -537,11 +537,10 @@ de:
       mfa_recommended_not_yet_enabled:
       mfa_recommended_weak_level_enabled:
     recovery:
-      copied: "[ kopiert ]"
       continue: Weiter
       title: Wiederherstellungscodes
-      copy: "[ kopieren ]"
       saved: Ich bestätige, dass ich meine Wiederherstellungscodes gespeichert habe.
+      confirm_dialog:
       note_html: Bitte <strong class='recovery__bold'>kopieren und speichern</strong>
         Sie diese Wiederherstellungscodes. Sie können diese Codes verwenden, um sich
         anzumelden und Ihre MFA zurückzusetzen, wenn Sie Ihr Authentifizierungsgerät
@@ -896,8 +895,6 @@ de:
       continue:
       title:
       notice_html:
-      copied:
-      copy:
       saved:
     webauthn_credential:
       confirm_delete:
diff --git a/config/locales/en.yml b/config/locales/en.yml
index b3c9b6c60fd..3a05781c196 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -463,11 +463,10 @@ en:
         [WARNING] For protection of your account and gems, we encourage you to change your multi-factor authentication level to 'UI and gem signin' or 'UI and API' at https://rubygems.org/settings/edit.
         Your account will be required to have MFA enabled on one of these levels in the future.
     recovery:
-      copied: "[ copied ]"
       continue: Continue
       title: Recovery codes
-      copy: "[ copy ]"
       saved: I acknowledge that I have saved my recovery codes.
+      confirm_dialog: Leave without copying recovery codes?
       note_html: "Please <strong class='recovery__bold'>copy and save</strong> these recovery codes. You can use these codes to login and reset your MFA if your lose your authentication device. Each code can be used once."
       already_generated: You should have already saved your recovery codes.
     update:
@@ -809,8 +808,6 @@ en:
       continue: Continue
       title: You have successfully added a security device
       notice_html: 'Please <strong class="recovery__bold">copy and paste</strong> these recovery codes. You can use these codes to login if you lose your security device. Each code can be used once.'
-      copied: "[ copied ]"
-      copy: "[ copy ]"
       saved: I acknowledge that I have saved my recovery codes.
     webauthn_credential:
       confirm_delete: "Credential deleted"
diff --git a/config/locales/es.yml b/config/locales/es.yml
index 4c4f5d65958..4efa807b479 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -522,11 +522,10 @@ es:
       mfa_recommended_not_yet_enabled:
       mfa_recommended_weak_level_enabled:
     recovery:
-      copied: "[ copiado ]"
       continue: Continuar
       title: Códigos de recuperación
-      copy: "[ copiar ]"
       saved: Declaro haber guardado mis códigos de recuperación.
+      confirm_dialog:
       note_html: Por favor <strong class='recovery__bold'>copia y guarda</strong>
         estos códigos de recuperación. Puedes usar estos códigos para acceder y restablecer
         tu autenticación de múltiples factores si pierdes tu dispositivo. Cada código
@@ -939,8 +938,6 @@ es:
         estos códigos de recuperación. Puedes utilizar estos códigos para acceder
         si pierdes tu dispositivo de seguridad. Cada código solo se puede usar una
         vez.
-      copied: "[ copiado ]"
-      copy: "[ copiar ]"
       saved: Declaro haber guardado mis códigos de recuperación.
     webauthn_credential:
       confirm_delete: Credencial borrada
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index 84a029f80e7..fcd1c729046 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -473,11 +473,10 @@ fr:
       mfa_recommended_not_yet_enabled:
       mfa_recommended_weak_level_enabled:
     recovery:
-      copied:
       continue: Continuer
       title: Codes de récupération
-      copy:
       saved:
+      confirm_dialog:
       note_html:
       already_generated:
     update:
@@ -846,8 +845,6 @@ fr:
       continue:
       title:
       notice_html:
-      copied:
-      copy:
       saved:
     webauthn_credential:
       confirm_delete:
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index a2c008f9079..1ea681dfbf4 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -454,11 +454,10 @@ ja:
       mfa_recommended_not_yet_enabled:
       mfa_recommended_weak_level_enabled:
     recovery:
-      copied: "[ コピーしました ]"
       continue: 続ける
       title: 復旧コード
-      copy: "[ コピーする ]"
       saved: 復旧コードを保存したことを確認しました。
+      confirm_dialog:
       note_html: これらの復旧コードを<strong class='recovery__bold'>コピー及び保存</strong>してください。認証機器を紛失した場合にこれらのコードを使ってログインしMFAをリセットできます。各コードは1回使えます。
       already_generated: 既に復旧コードを保存したはずです。
     update:
@@ -808,8 +807,6 @@ ja:
       continue: 続ける
       title: セキュリティ機器を正常に追加しました。
       notice_html: これらの復旧コードを<strong class="recovery__bold">コピー&amp;ペースト</strong>してください。セキュリティ機器を紛失した場合にこれらのコードを使ってログインできます。各コードは1度使えます。
-      copied: "[ コピーしました ]"
-      copy: "[ コピーする ]"
       saved: 復旧コードを保存したことを確認しました。
     webauthn_credential:
       confirm_delete: 認証情報が削除されました
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index 2c41e12c4f2..cf043b2b4a4 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -1,8 +1,8 @@
 ---
 nl:
   credentials_required:
-  copied:
-  copy_to_clipboard:
+  copied: Gekopieerd
+  copy_to_clipboard: Kopieer naar klembord
   edit: Wijzig
   verification_expired:
   feed_latest: RubyGems.org | Nieuwste Gems
@@ -458,11 +458,10 @@ nl:
       mfa_recommended_not_yet_enabled:
       mfa_recommended_weak_level_enabled:
     recovery:
-      copied:
       continue:
       title:
-      copy:
       saved:
+      confirm_dialog:
       note_html:
       already_generated:
     update:
@@ -801,8 +800,6 @@ nl:
       continue:
       title:
       notice_html:
-      copied:
-      copy:
       saved:
     webauthn_credential:
       confirm_delete:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index 34a5748e8d5..0918fae12c5 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -1,8 +1,8 @@
 ---
 pt-BR:
   credentials_required:
-  copied:
-  copy_to_clipboard:
+  copied: Copiado
+  copy_to_clipboard: Copiar
   edit: Editar
   verification_expired:
   feed_latest: RubyGems.org | Últimas Gems
@@ -469,11 +469,10 @@ pt-BR:
       mfa_recommended_not_yet_enabled:
       mfa_recommended_weak_level_enabled:
     recovery:
-      copied:
       continue:
       title:
-      copy:
       saved:
+      confirm_dialog:
       note_html:
       already_generated:
     update:
@@ -824,8 +823,6 @@ pt-BR:
       continue:
       title:
       notice_html:
-      copied:
-      copy:
       saved:
     webauthn_credential:
       confirm_delete:
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index 7bac93b6af7..6421206df98 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -462,11 +462,10 @@ zh-CN:
       mfa_recommended_not_yet_enabled:
       mfa_recommended_weak_level_enabled:
     recovery:
-      copied: "[ 已复制 ]"
       continue: 继续
       title: 恢复码
-      copy: "[ 复制 ]"
       saved: 我声明我已经保存了我的恢复码。
+      confirm_dialog:
       note_html: 请 <strong class='recovery__bold'>复制并保存</strong> 这些恢复码。如果您丢失了身份验证设备，您可以使用这些恢复码登录并重置您的多因素验证配置。每个恢复码只能使用一次。
       already_generated: 您应该已经保存了您的恢复码。
     update:
@@ -815,8 +814,6 @@ zh-CN:
       continue: 继续
       title: 您已成功添加一个安全设备
       notice_html: 请 <strong class="recovery__bold">复制并粘贴</strong>这些恢复码。如果您丢失了安全设备，您可以使用这些恢复码登录。每个恢复码码只能使用一次。
-      copied: "[ 已复制 ]"
-      copy: "[ 复制 ]"
       saved: 我确认我已经保存了我的恢复码。
     webauthn_credential:
       confirm_delete: 凭证已删除
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index 3dca89fcae8..a2f84c0ded2 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -457,11 +457,10 @@ zh-TW:
       mfa_recommended_not_yet_enabled:
       mfa_recommended_weak_level_enabled:
     recovery:
-      copied: "[ 已複製 ]"
       continue: 繼續
       title: 復原碼
-      copy: "[ 複製 ]"
       saved:
+      confirm_dialog:
       note_html:
       already_generated:
     update:
@@ -806,8 +805,6 @@ zh-TW:
       continue: 繼續
       title: 您已成功新增安全裝置
       notice_html:
-      copied: "[ 已複製 ]"
-      copy: "[ 複製 ]"
       saved:
     webauthn_credential:
       confirm_delete: 已刪除認證
diff --git a/test/system/multifactor_auths_test.rb b/test/system/multifactor_auths_test.rb
index 37d82e5a15f..69a06758f53 100644
--- a/test/system/multifactor_auths_test.rb
+++ b/test/system/multifactor_auths_test.rb
@@ -35,7 +35,7 @@ class MultifactorAuthsTest < ApplicationSystemTestCase
       register_otp_device
 
       assert page.has_content? "Recovery codes"
-      click_link "[ copy ]"
+      click_link "Copy to clipboard"
       check "ack"
       click_button "Continue"
 
@@ -174,7 +174,7 @@ def redirect_test_mfa_disabled(path)
     register_otp_device
 
     assert page.has_content? "Recovery codes"
-    click_link "[ copy ]"
+    click_link "Copy to clipboard"
     check "ack"
     click_button "Continue"
     yield if block_given?
diff --git a/test/system/settings_test.rb b/test/system/settings_test.rb
index b194a91a734..aa67f60cd68 100644
--- a/test/system/settings_test.rb
+++ b/test/system/settings_test.rb
@@ -40,7 +40,7 @@ def otp_key
 
     assert page.has_content? "Recovery codes"
 
-    click_link "[ copy ]"
+    click_link "Copy to clipboard"
     check "ack"
     click_button "Continue"
 
@@ -101,9 +101,9 @@ def otp_key
 
     assert page.has_content? "Recovery codes"
 
-    recoveries = page.find_by_id("recovery-code-list").text.split
+    recoveries = page.find(:css, ".recovery-code-list").value.split
 
-    click_link "[ copy ]"
+    click_link "Copy to clipboard"
     check "ack"
     click_button "Continue"
     page.fill_in "otp", with: recoveries.sample
diff --git a/test/system/webauthn_credentials_test.rb b/test/system/webauthn_credentials_test.rb
index 62a80bf6c60..6930ec829ee 100644
--- a/test/system/webauthn_credentials_test.rb
+++ b/test/system/webauthn_credentials_test.rb
@@ -108,7 +108,7 @@ def sign_in
     end
 
     assert_equal recovery_multifactor_auth_path, current_path
-    click_on "[ copy ]"
+    click_on "Copy to clipboard"
     check "ack"
     click_on "Continue"
 
diff --git a/test/test_helper.rb b/test/test_helper.rb
index db501610808..bce18a0017b 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -182,8 +182,9 @@ def create_webauthn_credential_while_signed_in
     fill_in "Nickname", with: credential_nickname
     click_on "Register device"
 
-    click_on "[ copy ]"
-    @mfa_recovery_codes = find_all(:css, ".recovery-code-list__item").map(&:text)
+    click_on "Copy to clipboard"
+    @mfa_recovery_codes = find(:css, ".recovery-code-list").value.split
+
     check "ack"
     click_on "Continue"
 
diff --git a/vendor/javascript/@stimulus-components--clipboard.js b/vendor/javascript/@stimulus-components--clipboard.js
new file mode 100644
index 00000000000..ffcd8134e42
--- /dev/null
+++ b/vendor/javascript/@stimulus-components--clipboard.js
@@ -0,0 +1,2 @@
+import{Controller as t}from"@hotwired/stimulus";const e=class _Clipboard extends t{connect(){this.hasButtonTarget&&(this.originalContent=this.buttonTarget.innerHTML)}copy(t){t.preventDefault();const e=this.sourceTarget.innerHTML||this.sourceTarget.value;navigator.clipboard.writeText(e).then((()=>this.copied()))}copied(){this.hasButtonTarget&&(this.timeout&&clearTimeout(this.timeout),this.buttonTarget.innerHTML=this.successContentValue,this.timeout=setTimeout((()=>{this.buttonTarget.innerHTML=this.originalContent}),this.successDurationValue))}};e.targets=["button","source"],e.values={successContent:String,successDuration:{type:Number,default:2e3}};let s=e;export{s as default};
+
diff --git a/vendor/javascript/clipboard.js b/vendor/javascript/clipboard.js
deleted file mode 100644
index 6f86b6ef044..00000000000
--- a/vendor/javascript/clipboard.js
+++ /dev/null
@@ -1,186 +0,0 @@
-var t="undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:global;var e={};(function webpackUniversalModuleDefinition(t,n){e=n()})(0,(function(){return function(){var e={686:function(e,n,r){r.d(n,{default:function(){return h}});var o=r(279);var i=r.n(o);var a=r(370);var u=r.n(a);var c=r(817);var l=r.n(c);
-/**
-           * Executes a given operation type.
-           * @param {String} type
-           * @return {Boolean}
-           */
-function command(t){try{return document.execCommand(t)}catch(t){return false}}
-/**
-           * Cut action wrapper.
-           * @param {String|HTMLElement} target
-           * @return {String}
-           */
-var f=function ClipboardActionCut(t){var e=l()(t);command("cut");return e};var s=f;
-/**
-           * Creates a fake textarea element with a value.
-           * @param {String} value
-           * @return {HTMLElement}
-           */
-function createFakeElement(t){var e="rtl"===document.documentElement.getAttribute("dir");var n=document.createElement("textarea");n.style.fontSize="12pt";n.style.border="0";n.style.padding="0";n.style.margin="0";n.style.position="absolute";n.style[e?"right":"left"]="-9999px";var r=window.pageYOffset||document.documentElement.scrollTop;n.style.top="".concat(r,"px");n.setAttribute("readonly","");n.value=t;return n}
-/**
-           * Create fake copy action wrapper using a fake element.
-           * @param {String} target
-           * @param {Object} options
-           * @return {String}
-           */
-var p=function fakeCopyAction(t,e){var n=createFakeElement(t);e.container.appendChild(n);var r=l()(n);command("copy");n.remove();return r};
-/**
-           * Copy action wrapper.
-           * @param {String|HTMLElement} target
-           * @param {Object} options
-           * @return {String}
-           */var d=function ClipboardActionCopy(t){var e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{container:document.body};var n="";if("string"===typeof t)n=p(t,e);else if(t instanceof HTMLInputElement&&!["text","search","url","tel","password"].includes(null===t||void 0===t?void 0:t.type))n=p(t.value,e);else{n=l()(t);command("copy")}return n};var y=d;function _typeof(t){_typeof="function"===typeof Symbol&&"symbol"===typeof Symbol.iterator?function _typeof(t){return typeof t}:function _typeof(t){return t&&"function"===typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t};return _typeof(t)}
-/**
-           * Inner function which performs selection from either `text` or `target`
-           * properties and then executes copy or cut operations.
-           * @param {Object} options
-           */var v=function ClipboardActionDefault(){var t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{};var e=t.action,n=void 0===e?"copy":e,r=t.container,o=t.target,i=t.text;if("copy"!==n&&"cut"!==n)throw new Error('Invalid "action" value, use either "copy" or "cut"');if(void 0!==o){if(!o||"object"!==_typeof(o)||1!==o.nodeType)throw new Error('Invalid "target" value, use a valid Element');if("copy"===n&&o.hasAttribute("disabled"))throw new Error('Invalid "target" attribute. Please use "readonly" instead of "disabled" attribute');if("cut"===n&&(o.hasAttribute("readonly")||o.hasAttribute("disabled")))throw new Error('Invalid "target" attribute. You can\'t cut text from elements with "readonly" or "disabled" attributes')}return i?y(i,{container:r}):o?"cut"===n?s(o):y(o,{container:r}):void 0};var b=v;function clipboard_typeof(t){clipboard_typeof="function"===typeof Symbol&&"symbol"===typeof Symbol.iterator?function _typeof(t){return typeof t}:function _typeof(t){return t&&"function"===typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t};return clipboard_typeof(t)}function _classCallCheck(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}function _defineProperties(t,e){for(var n=0;n<e.length;n++){var r=e[n];r.enumerable=r.enumerable||false;r.configurable=true;"value"in r&&(r.writable=true);Object.defineProperty(t,r.key,r)}}function _createClass(t,e,n){e&&_defineProperties(t.prototype,e);n&&_defineProperties(t,n);return t}function _inherits(t,e){if("function"!==typeof e&&null!==e)throw new TypeError("Super expression must either be null or a function");t.prototype=Object.create(e&&e.prototype,{constructor:{value:t,writable:true,configurable:true}});e&&_setPrototypeOf(t,e)}function _setPrototypeOf(t,e){_setPrototypeOf=Object.setPrototypeOf||function _setPrototypeOf(t,e){t.__proto__=e;return t};return _setPrototypeOf(t,e)}function _createSuper(e){var n=_isNativeReflectConstruct();return function _createSuperInternal(){var r,o=_getPrototypeOf(e);if(n){var i=_getPrototypeOf(this||t).constructor;r=Reflect.construct(o,arguments,i)}else r=o.apply(this||t,arguments);return _possibleConstructorReturn(this||t,r)}}function _possibleConstructorReturn(t,e){return!e||"object"!==clipboard_typeof(e)&&"function"!==typeof e?_assertThisInitialized(t):e}function _assertThisInitialized(t){if(void 0===t)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return t}function _isNativeReflectConstruct(){if("undefined"===typeof Reflect||!Reflect.construct)return false;if(Reflect.construct.sham)return false;if("function"===typeof Proxy)return true;try{Date.prototype.toString.call(Reflect.construct(Date,[],(function(){})));return true}catch(t){return false}}function _getPrototypeOf(t){_getPrototypeOf=Object.setPrototypeOf?Object.getPrototypeOf:function _getPrototypeOf(t){return t.__proto__||Object.getPrototypeOf(t)};return _getPrototypeOf(t)}
-/**
-           * Helper function to retrieve attribute value.
-           * @param {String} suffix
-           * @param {Element} element
-           */function getAttributeValue(t,e){var n="data-clipboard-".concat(t);if(e.hasAttribute(n))return e.getAttribute(n)}var _=function(e){_inherits(Clipboard,e);var n=_createSuper(Clipboard);
-/**
-             * @param {String|HTMLElement|HTMLCollection|NodeList} trigger
-             * @param {Object} options
-             */function Clipboard(e,r){var o;_classCallCheck(this||t,Clipboard);o=n.call(this||t);o.resolveOptions(r);o.listenClick(e);return o}
-/**
-             * Defines if attributes would be resolved using internal setter functions
-             * or custom functions that were passed in the constructor.
-             * @param {Object} options
-             */_createClass(Clipboard,[{key:"resolveOptions",value:function resolveOptions(){var e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{};(this||t).action="function"===typeof e.action?e.action:(this||t).defaultAction;(this||t).target="function"===typeof e.target?e.target:(this||t).defaultTarget;(this||t).text="function"===typeof e.text?e.text:(this||t).defaultText;(this||t).container="object"===clipboard_typeof(e.container)?e.container:document.body}
-/**
-               * Adds a click event listener to the passed trigger.
-               * @param {String|HTMLElement|HTMLCollection|NodeList} trigger
-               */},{key:"listenClick",value:function listenClick(e){var n=this||t;(this||t).listener=u()(e,"click",(function(t){return n.onClick(t)}))}
-/**
-               * Defines a new `ClipboardAction` on each click event.
-               * @param {Event} e
-               */},{key:"onClick",value:function onClick(e){var n=e.delegateTarget||e.currentTarget;var r=this.action(n)||"copy";var o=b({action:r,container:(this||t).container,target:this.target(n),text:this.text(n)});this.emit(o?"success":"error",{action:r,text:o,trigger:n,clearSelection:function clearSelection(){n&&n.focus();window.getSelection().removeAllRanges()}})}
-/**
-               * Default `action` lookup function.
-               * @param {Element} trigger
-               */},{key:"defaultAction",value:function defaultAction(t){return getAttributeValue("action",t)}
-/**
-               * Default `target` lookup function.
-               * @param {Element} trigger
-               */},{key:"defaultTarget",value:function defaultTarget(t){var e=getAttributeValue("target",t);if(e)return document.querySelector(e)}
-/**
-               * Allow fire programmatically a copy action
-               * @param {String|HTMLElement} target
-               * @param {Object} options
-               * @returns Text copied.
-               */},{key:"defaultText",
-/**
-               * Default `text` lookup function.
-               * @param {Element} trigger
-               */
-value:function defaultText(t){return getAttributeValue("text",t)}},{key:"destroy",value:function destroy(){(this||t).listener.destroy()}}],[{key:"copy",value:function copy(t){var e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{container:document.body};return y(t,e)}
-/**
-               * Allow fire programmatically a cut action
-               * @param {String|HTMLElement} target
-               * @returns Text cutted.
-               */},{key:"cut",value:function cut(t){return s(t)}
-/**
-               * Returns the support of the given action, or all actions if no action is
-               * given.
-               * @param {String} [action]
-               */},{key:"isSupported",value:function isSupported(){var t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:["copy","cut"];var e="string"===typeof t?[t]:t;var n=!!document.queryCommandSupported;e.forEach((function(t){n=n&&!!document.queryCommandSupported(t)}));return n}}]);return Clipboard}(i());var h=_},828:function(t){var e=9;if("undefined"!==typeof Element&&!Element.prototype.matches){var n=Element.prototype;n.matches=n.matchesSelector||n.mozMatchesSelector||n.msMatchesSelector||n.oMatchesSelector||n.webkitMatchesSelector}
-/**
-           * Finds the closest parent that matches a selector.
-           *
-           * @param {Element} element
-           * @param {String} selector
-           * @return {Function}
-           */function closest(t,n){while(t&&t.nodeType!==e){if("function"===typeof t.matches&&t.matches(n))return t;t=t.parentNode}}t.exports=closest},438:function(e,n,r){var o=r(828);
-/**
-           * Delegates event to a selector.
-           *
-           * @param {Element} element
-           * @param {String} selector
-           * @param {String} type
-           * @param {Function} callback
-           * @param {Boolean} useCapture
-           * @return {Object}
-           */function _delegate(e,n,r,o,i){var a=listener.apply(this||t,arguments);e.addEventListener(r,a,i);return{destroy:function(){e.removeEventListener(r,a,i)}}}
-/**
-           * Delegates event to a selector.
-           *
-           * @param {Element|String|Array} [elements]
-           * @param {String} selector
-           * @param {String} type
-           * @param {Function} callback
-           * @param {Boolean} useCapture
-           * @return {Object}
-           */function delegate(t,e,n,r,o){if("function"===typeof t.addEventListener)return _delegate.apply(null,arguments);if("function"===typeof n)return _delegate.bind(null,document).apply(null,arguments);"string"===typeof t&&(t=document.querySelectorAll(t));return Array.prototype.map.call(t,(function(t){return _delegate(t,e,n,r,o)}))}
-/**
-           * Finds closest match and invokes callback.
-           *
-           * @param {Element} element
-           * @param {String} selector
-           * @param {String} type
-           * @param {Function} callback
-           * @return {Function}
-           */function listener(t,e,n,r){return function(n){n.delegateTarget=o(n.target,e);n.delegateTarget&&r.call(t,n)}}e.exports=delegate},879:function(t,e){
-/**
-           * Check if argument is a HTML element.
-           *
-           * @param {Object} value
-           * @return {Boolean}
-           */
-e.node=function(t){return void 0!==t&&t instanceof HTMLElement&&1===t.nodeType};
-/**
-           * Check if argument is a list of HTML elements.
-           *
-           * @param {Object} value
-           * @return {Boolean}
-           */e.nodeList=function(t){var n=Object.prototype.toString.call(t);return void 0!==t&&("[object NodeList]"===n||"[object HTMLCollection]"===n)&&"length"in t&&(0===t.length||e.node(t[0]))};
-/**
-           * Check if argument is a string.
-           *
-           * @param {Object} value
-           * @return {Boolean}
-           */e.string=function(t){return"string"===typeof t||t instanceof String};
-/**
-           * Check if argument is a function.
-           *
-           * @param {Object} value
-           * @return {Boolean}
-           */e.fn=function(t){var e=Object.prototype.toString.call(t);return"[object Function]"===e}},370:function(t,e,n){var r=n(879);var o=n(438);
-/**
-           * Validates all params and calls the right
-           * listener function based on its target type.
-           *
-           * @param {String|HTMLElement|HTMLCollection|NodeList} target
-           * @param {String} type
-           * @param {Function} callback
-           * @return {Object}
-           */function listen(t,e,n){if(!t&&!e&&!n)throw new Error("Missing required arguments");if(!r.string(e))throw new TypeError("Second argument must be a String");if(!r.fn(n))throw new TypeError("Third argument must be a Function");if(r.node(t))return listenNode(t,e,n);if(r.nodeList(t))return listenNodeList(t,e,n);if(r.string(t))return listenSelector(t,e,n);throw new TypeError("First argument must be a String, HTMLElement, HTMLCollection, or NodeList")}
-/**
-           * Adds an event listener to a HTML element
-           * and returns a remove listener function.
-           *
-           * @param {HTMLElement} node
-           * @param {String} type
-           * @param {Function} callback
-           * @return {Object}
-           */function listenNode(t,e,n){t.addEventListener(e,n);return{destroy:function(){t.removeEventListener(e,n)}}}
-/**
-           * Add an event listener to a list of HTML elements
-           * and returns a remove listener function.
-           *
-           * @param {NodeList|HTMLCollection} nodeList
-           * @param {String} type
-           * @param {Function} callback
-           * @return {Object}
-           */function listenNodeList(t,e,n){Array.prototype.forEach.call(t,(function(t){t.addEventListener(e,n)}));return{destroy:function(){Array.prototype.forEach.call(t,(function(t){t.removeEventListener(e,n)}))}}}
-/**
-           * Add an event listener to a selector
-           * and returns a remove listener function.
-           *
-           * @param {String} selector
-           * @param {String} type
-           * @param {Function} callback
-           * @return {Object}
-           */function listenSelector(t,e,n){return o(document.body,t,e,n)}t.exports=listen},817:function(t){function select(t){var e;if("SELECT"===t.nodeName){t.focus();e=t.value}else if("INPUT"===t.nodeName||"TEXTAREA"===t.nodeName){var n=t.hasAttribute("readonly");n||t.setAttribute("readonly","");t.select();t.setSelectionRange(0,t.value.length);n||t.removeAttribute("readonly");e=t.value}else{t.hasAttribute("contenteditable")&&t.focus();var r=window.getSelection();var o=document.createRange();o.selectNodeContents(t);r.removeAllRanges();r.addRange(o);e=r.toString()}return e}t.exports=select},279:function(e){function E(){}E.prototype={on:function(e,n,r){var o=(this||t).e||((this||t).e={});(o[e]||(o[e]=[])).push({fn:n,ctx:r});return this||t},once:function(e,n,r){var o=this||t;function listener(){o.off(e,listener);n.apply(r,arguments)}listener._=n;return this.on(e,listener,r)},emit:function(e){var n=[].slice.call(arguments,1);var r=(((this||t).e||((this||t).e={}))[e]||[]).slice();var o=0;var i=r.length;for(o;o<i;o++)r[o].fn.apply(r[o].ctx,n);return this||t},off:function(e,n){var r=(this||t).e||((this||t).e={});var o=r[e];var i=[];if(o&&n)for(var a=0,u=o.length;a<u;a++)o[a].fn!==n&&o[a].fn._!==n&&i.push(o[a]);i.length?r[e]=i:delete r[e];return this||t}};e.exports=E;e.exports.TinyEmitter=E}};var n={};function __webpack_require__(t){if(n[t])return n[t].exports;var r=n[t]={exports:{}};e[t](r,r.exports,__webpack_require__);return r.exports}!function(){__webpack_require__.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};__webpack_require__.d(e,{a:e});return e}}();!function(){__webpack_require__.d=function(t,e){for(var n in e)__webpack_require__.o(e,n)&&!__webpack_require__.o(t,n)&&Object.defineProperty(t,n,{enumerable:true,get:e[n]})}}();!function(){__webpack_require__.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)}}();return __webpack_require__(686)}().default}));var n=e;const r=e.ClipboardJS,o=e.node,i=e.nodeList,a=e.string,u=e.fn,c=e.TinyEmitter;export{r as ClipboardJS,c as TinyEmitter,n as default,u as fn,o as node,i as nodeList,a as string};
-

From 370eb2184448464bacd51b11ffd5da4bbd68301f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Sun, 1 Sep 2024 00:01:35 +0200
Subject: [PATCH 241/381] Add missing assertions to test/views.

---
 test/views/events/table_component_test.rb | 28 +++++++++++------------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/test/views/events/table_component_test.rb b/test/views/events/table_component_test.rb
index 911677c2243..412e57adade 100644
--- a/test/views/events/table_component_test.rb
+++ b/test/views/events/table_component_test.rb
@@ -1,9 +1,7 @@
 require "test_helper"
 require "phlex/testing/rails/view_helper"
 
-class Events::TableComponentTest < ActiveSupport::TestCase
-  include Phlex::Testing::Rails::ViewHelper
-
+class Events::TableComponentTest < ComponentTest
   class TestEvent
     include ActiveModel::Model
     include ActiveModel::Attributes
@@ -47,14 +45,14 @@ def page(array, page: 0, per: 10)
   test "renders an empty view" do
     page = render table
 
-    page.assert_text "No entries found"
+    assert_text page, "No entries found"
   end
 
   test "renders an unknown event" do
     page = render table(page([TestEvent.new(tag: "unknown:other")]))
 
-    page.assert_text "Displaying 1 entry"
-    page.assert_text "unknown:other"
+    assert_text page, "Displaying 1 entry"
+    assert_text page, "unknown:other"
   end
 
   test "renders redacted additional info when user_id does not match" do
@@ -68,11 +66,11 @@ def page(array, page: 0, per: 10)
                                                  })
                              ]), stubs: { current_user: user })
 
-    page.assert_text "Displaying 1 entry"
-    page.assert_text "user2:created"
-    page.assert_text "Redacted"
-    page.assert_no_text "Buffalo, NY, US"
-    page.assert_no_text "installer (implementation on system)"
+    assert_text page, "Displaying 1 entry"
+    assert_text page, "user2:created"
+    assert_text page, "Redacted"
+    assert_no_text page, "Buffalo, NY, US"
+    assert_no_text page, "installer (implementation on system)"
   end
 
   test "renders additional info when user_id matches" do
@@ -86,9 +84,9 @@ def page(array, page: 0, per: 10)
                                                  })
                              ]), stubs: { current_user: user })
 
-    page.assert_text "Displaying 1 entry"
-    page.assert_text "user:created"
-    page.assert_text "Buffalo, NY, US"
-    page.assert_text "installer (implementation on system)"
+    assert_text page, "Displaying 1 entry"
+    assert_text page, "user:created"
+    assert_text page, "Buffalo, NY, US"
+    assert_text page, "installer (implementation on system)"
   end
 end

From 961fda59016123763b6d3b5cd7804e723ea5a65e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Sun, 1 Sep 2024 00:04:47 +0200
Subject: [PATCH 242/381] Add missing assertions to test/unit.

---
 test/unit/factories_test.rb |  2 +-
 test/unit/fastly_test.rb    | 12 ++++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/test/unit/factories_test.rb b/test/unit/factories_test.rb
index cf1de6e4418..fb103e9336e 100644
--- a/test/unit/factories_test.rb
+++ b/test/unit/factories_test.rb
@@ -2,6 +2,6 @@
 
 class FactoriesTest < ActiveSupport::TestCase
   test "can create factories including traits" do
-    FactoryBot.lint(traits: true)
+    assert_nothing_raised { FactoryBot.lint(traits: true) }
   end
 end
diff --git a/test/unit/fastly_test.rb b/test/unit/fastly_test.rb
index ccca038dd44..102ad92bff2 100644
--- a/test/unit/fastly_test.rb
+++ b/test/unit/fastly_test.rb
@@ -21,7 +21,8 @@ class FastlyTest < ActiveSupport::TestCase
       stub_request(:purge, "https://domain2.example.com/some-url")
         .with(headers: { "Fastly-Key" => "api-key" })
         .to_return(status: 200, body: "{}")
-      Fastly.purge(path: "some-url")
+
+      assert Fastly.purge(path: "some-url")
     end
 
     should "soft purge for each domain" do
@@ -31,7 +32,8 @@ class FastlyTest < ActiveSupport::TestCase
       stub_request(:purge, "https://domain2.example.com/some-url")
         .with(headers: { "Fastly-Key" => "api-key", "Fastly-Soft-Purge" => "1" })
         .to_return(status: 200, body: "{}")
-      Fastly.purge(path: "some-url", soft: true)
+
+      assert Fastly.purge(path: "some-url", soft: true)
     end
   end
 
@@ -40,13 +42,15 @@ class FastlyTest < ActiveSupport::TestCase
       stub_request(:post, "https://api.fastly.com/service/service-id/purge/some-key")
         .with(headers: { "Fastly-Key" => "api-key" })
         .to_return(status: 200, body: "{}")
-      Fastly.purge_key("some-key")
+
+      assert Fastly.purge_key("some-key")
     end
     should "send a post request for soft purges" do
       stub_request(:post, "https://api.fastly.com/service/service-id/purge/some-key")
         .with(headers: { "Fastly-Key" => "api-key", "Fastly-Soft-Purge" => "1" })
         .to_return(status: 200, body: "{}")
-      Fastly.purge_key("some-key", soft: true)
+
+      assert Fastly.purge_key("some-key", soft: true)
     end
   end
 end

From 769b7c1de7d2f89ff82eb30fa10e8625a23bdac1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Sun, 1 Sep 2024 13:21:53 +0200
Subject: [PATCH 243/381] Add missing assertions to test/models.

---
 test/models/gem_name_reservation_test.rb   |  8 ++--
 test/models/log_ticket_test.rb             |  6 ++-
 test/models/pusher_test.rb                 |  4 +-
 test/models/rubygem_contents_entry_test.rb |  2 +-
 test/models/version_manifest_test.rb       |  4 +-
 test/models/version_test.rb                | 48 +++++++++++-----------
 6 files changed, 39 insertions(+), 33 deletions(-)

diff --git a/test/models/gem_name_reservation_test.rb b/test/models/gem_name_reservation_test.rb
index aab29c8a16f..809355804e0 100644
--- a/test/models/gem_name_reservation_test.rb
+++ b/test/models/gem_name_reservation_test.rb
@@ -19,16 +19,18 @@ class GemNameReservationTest < ActiveSupport::TestCase
   context "#reserved?" do
     should "recognize reserved gem name" do
       create(:gem_name_reservation, name: "reserved-gem-name")
-      GemNameReservation.reserved?("reserved-gem-name")
+
+      assert GemNameReservation.reserved?("reserved-gem-name")
     end
 
     should "recognize reserved case insensitive gem name" do
       create(:gem_name_reservation, name: "reserved-gem-name")
-      GemNameReservation.reserved?("RESERVED-gem-name")
+
+      assert GemNameReservation.reserved?("RESERVED-gem-name")
     end
 
     should "recognize not reserved gem name" do
-      GemNameReservation.reserved?("totally-random-gem-name")
+      refute GemNameReservation.reserved?("totally-random-gem-name")
     end
   end
 end
diff --git a/test/models/log_ticket_test.rb b/test/models/log_ticket_test.rb
index bd8cbd34fb6..876c42587fb 100644
--- a/test/models/log_ticket_test.rb
+++ b/test/models/log_ticket_test.rb
@@ -12,8 +12,10 @@ class LogTicketTest < ActiveSupport::TestCase
   end
 
   should "allow different keys for the same directory" do
-    LogTicket.create!(directory: "test", key: "bar")
-    LogTicket.create!(directory: "test", key: "baz")
+    assert_nothing_raised do
+      LogTicket.create!(directory: "test", key: "bar")
+      LogTicket.create!(directory: "test", key: "baz")
+    end
   end
 
   context "#pop" do
diff --git a/test/models/pusher_test.rb b/test/models/pusher_test.rb
index 7d1fd1a28b8..390a4e333d5 100644
--- a/test/models/pusher_test.rb
+++ b/test/models/pusher_test.rb
@@ -48,9 +48,9 @@ class PusherTest < ActiveSupport::TestCase
         @cutter.stubs(:verify_mfa_requirement).returns true
         @cutter.stubs(:verify_gem_scope).returns true
         @cutter.stubs(:validate).returns true
-        @cutter.stubs(:save)
+        @cutter.stubs(:save).returns true
 
-        @cutter.process
+        assert @cutter.process
       end
 
       should "not attempt to find rubygem if spec can't be pulled" do
diff --git a/test/models/rubygem_contents_entry_test.rb b/test/models/rubygem_contents_entry_test.rb
index 685f5fb714f..d3a0d45af16 100644
--- a/test/models/rubygem_contents_entry_test.rb
+++ b/test/models/rubygem_contents_entry_test.rb
@@ -226,7 +226,7 @@ def persisted_symlink_entry
     end
 
     should "not evaluate the reader when setting the body with a block" do
-      create_persisted_entry(file_entry.metadata) { raise }
+      assert_nothing_raised { create_persisted_entry(file_entry.metadata) { raise } }
     end
   end
 
diff --git a/test/models/version_manifest_test.rb b/test/models/version_manifest_test.rb
index cc9cd8ef8f0..8b89032ced0 100644
--- a/test/models/version_manifest_test.rb
+++ b/test/models/version_manifest_test.rb
@@ -287,9 +287,9 @@ def create_entry(path, sha256, body: rand.to_s, mime: "text/plain")
     end
 
     should "gracefully no-op when there's nothing to delete" do
-      @manifest.yank
+      assert @manifest.yank
 
-      @manifest.yank
+      assert @manifest.yank
     end
   end
 
diff --git a/test/models/version_test.rb b/test/models/version_test.rb
index 726ecf497e9..98b9194785c 100644
--- a/test/models/version_test.rb
+++ b/test/models/version_test.rb
@@ -637,29 +637,31 @@ class VersionTest < ActiveSupport::TestCase
 
   context "with a very long authors string." do
     should "create without error" do
-      create(:version,
-        authors: [
-          "Fbdoorman: David Pelaez",
-          "MiniFB:Appoxy",
-          "Dan Croak",
-          "Mike Burns",
-          "Jason Morrison",
-          "Joe Ferris",
-          "Eugene Bolshakov",
-          "Nick Quaranto",
-          "Josh Nichols",
-          "Mike Breen",
-          "Marcel G\303\266rner",
-          "Bence Nagy",
-          "Ben Mabey",
-          "Eloy Duran",
-          "Tim Pope",
-          "Mihai Anca",
-          "Mark Cornick",
-          "Shay Arnett",
-          "Jon Yurek",
-          "Chad Pytel"
-        ])
+      assert_nothing_raised do
+        create(:version,
+          authors: [
+            "Fbdoorman: David Pelaez",
+            "MiniFB:Appoxy",
+            "Dan Croak",
+            "Mike Burns",
+            "Jason Morrison",
+            "Joe Ferris",
+            "Eugene Bolshakov",
+            "Nick Quaranto",
+            "Josh Nichols",
+            "Mike Breen",
+            "Marcel G\303\266rner",
+            "Bence Nagy",
+            "Ben Mabey",
+            "Eloy Duran",
+            "Tim Pope",
+            "Mihai Anca",
+            "Mark Cornick",
+            "Shay Arnett",
+            "Jon Yurek",
+            "Chad Pytel"
+          ])
+      end
     end
   end
 

From b45a677f7e08b2c46041c6adcd8142050c41769c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Sun, 1 Sep 2024 14:03:31 +0200
Subject: [PATCH 244/381] Add missing assertions to test/integration.

---
 test/integration/api/v2/version_information_test.rb | 7 ++++---
 test/integration/null_char_param_test.rb            | 4 ++++
 test/integration/sign_in_test.rb                    | 4 ++--
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/test/integration/api/v2/version_information_test.rb b/test/integration/api/v2/version_information_test.rb
index cb5b4aa1da4..e24ca4f672a 100644
--- a/test/integration/api/v2/version_information_test.rb
+++ b/test/integration/api/v2/version_information_test.rb
@@ -29,9 +29,10 @@ def request_endpoint(rubygem, version, format = "json")
   test "has required fields" do
     request_endpoint(@rubygem, "2.0.0")
     json_response = JSON.load(@response.body)
-    json_response["sha"]
-    json_response["platform"]
-    json_response["ruby_version"]
+
+    assert json_response.key?("sha")
+    assert json_response.key?("platform")
+    assert json_response.key?("ruby_version")
   end
 
   test "version does not exist" do
diff --git a/test/integration/null_char_param_test.rb b/test/integration/null_char_param_test.rb
index 0d32fb3ad35..bc0ebd713ad 100644
--- a/test/integration/null_char_param_test.rb
+++ b/test/integration/null_char_param_test.rb
@@ -15,9 +15,13 @@ class NullCharParamTest < ActionDispatch::IntegrationTest
 
   test "cookie with null character responds with bad request for sign in" do
     get "/users/new", headers: { "HTTP_COOKIE" => "remember_token=php://input%00.;rubygems_session=php://input%00." }
+
+    assert_response :bad_request
   end
 
   test "cookie with null character responds with bad request for releases page" do
     get "/releases/popular", headers: { "HTTP_COOKIE" => "rubygems_session=php://input%00." }
+
+    assert_response :bad_request
   end
 end
diff --git a/test/integration/sign_in_test.rb b/test/integration/sign_in_test.rb
index dc24d2a5fd1..da222320e5d 100644
--- a/test/integration/sign_in_test.rb
+++ b/test/integration/sign_in_test.rb
@@ -297,8 +297,8 @@ class SignInTest < SystemTest
     fill_in "Password", with: PasswordHelpers::SECURE_TEST_PASSWORD
     click_button "Sign in"
 
-    page.assert_text "Sign in"
-    page.assert_text "Bad email or password."
+    assert page.has_content? "Sign in"
+    assert page.has_content? "Bad email or password."
   end
 
   teardown do

From 3a4b2f05aafa69805924741d1132d6f3f8f3a8ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Sun, 1 Sep 2024 16:53:41 +0200
Subject: [PATCH 245/381] Add missing assertions to test/functional.

---
 test/functional/api_keys_controller_test.rb  |  2 +-
 test/functional/passwords_controller_test.rb | 16 +++++------
 test/functional/profiles_controller_test.rb  |  4 +--
 test/functional/rubygems_controller_test.rb  |  6 ++---
 test/functional/searches_controller_test.rb  | 28 ++++++++++----------
 test/functional/sessions_controller_test.rb  |  4 +--
 test/functional/users_controller_test.rb     |  4 +--
 7 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/test/functional/api_keys_controller_test.rb b/test/functional/api_keys_controller_test.rb
index b4c50f3e425..3144739fa4c 100644
--- a/test/functional/api_keys_controller_test.rb
+++ b/test/functional/api_keys_controller_test.rb
@@ -223,7 +223,7 @@ class ApiKeysControllerTest < ActionController::TestCase
         end
 
         should "show error to user" do
-          page.assert_text "Show dashboard scope must be enabled exclusively"
+          assert page.has_content? "Show dashboard scope must be enabled exclusively"
         end
 
         should "not update scope of test key" do
diff --git a/test/functional/passwords_controller_test.rb b/test/functional/passwords_controller_test.rb
index 95105e48220..2b1ddb838be 100644
--- a/test/functional/passwords_controller_test.rb
+++ b/test/functional/passwords_controller_test.rb
@@ -58,8 +58,8 @@ class PasswordsControllerTest < ActionController::TestCase
         end
 
         should "display edit form" do
-          page.assert_text("Reset password")
-          page.assert_selector("input[type=password][autocomplete=new-password]")
+          assert page.has_text?("Reset password")
+          assert page.has_selector?("input[type=password][autocomplete=new-password]")
         end
 
         should "instruct the browser not to send referrer that contains the token" do
@@ -85,8 +85,8 @@ class PasswordsControllerTest < ActionController::TestCase
         end
 
         should "display edit form" do
-          page.assert_text("Reset password")
-          page.assert_selector("input[type=password][autocomplete=new-password]")
+          assert page.has_text?("Reset password")
+          assert page.has_selector?("input[type=password][autocomplete=new-password]")
         end
 
         should "instruct the browser not to send referrer that contains the token" do
@@ -113,8 +113,8 @@ class PasswordsControllerTest < ActionController::TestCase
         end
 
         should "display edit form" do
-          page.assert_text("Reset password")
-          page.assert_selector("input[type=password][autocomplete=new-password]")
+          assert page.has_text?("Reset password")
+          assert page.has_selector?("input[type=password][autocomplete=new-password]")
         end
 
         should "instruct the browser not to send referrer that contains the token" do
@@ -250,7 +250,7 @@ class PasswordsControllerTest < ActionController::TestCase
         end
 
         should "display edit form" do
-          page.assert_text("Reset password")
+          assert page.has_text?("Reset password")
         end
 
         should "clear mfa_expires_at" do
@@ -334,7 +334,7 @@ class PasswordsControllerTest < ActionController::TestCase
       end
 
       should "display edit form" do
-        page.assert_text("Reset password")
+        assert page.has_text?("Reset password")
       end
 
       should "clear mfa_expires_at" do
diff --git a/test/functional/profiles_controller_test.rb b/test/functional/profiles_controller_test.rb
index 876d60a8381..572a151588c 100644
--- a/test/functional/profiles_controller_test.rb
+++ b/test/functional/profiles_controller_test.rb
@@ -106,8 +106,8 @@ class ProfilesControllerTest < ActionController::TestCase
       should respond_with :success
 
       should "render user delete page" do
-        page.assert_text "Delete profile"
-        page.assert_selector "input[type=password][autocomplete=current-password]"
+        assert page.has_text? "Delete profile"
+        assert page.has_selector? "input[type=password][autocomplete=current-password]"
       end
     end
 
diff --git a/test/functional/rubygems_controller_test.rb b/test/functional/rubygems_controller_test.rb
index 0bf2ff07e61..9829a72a5ca 100644
--- a/test/functional/rubygems_controller_test.rb
+++ b/test/functional/rubygems_controller_test.rb
@@ -86,9 +86,9 @@ class RubygemsControllerTest < ActionController::TestCase
       should respond_with :success
 
       should "include the security events" do
-        page.assert_text "Owner Added"
-        page.assert_text "Owner Confirmed"
-        page.assert_text "Owner Removed"
+        assert page.has_text? "Owner Added"
+        assert page.has_text? "Owner Confirmed"
+        assert page.has_text? "Owner Removed"
       end
     end
   end
diff --git a/test/functional/searches_controller_test.rb b/test/functional/searches_controller_test.rb
index 63a7b2dd576..6a7ebdecc51 100644
--- a/test/functional/searches_controller_test.rb
+++ b/test/functional/searches_controller_test.rb
@@ -70,19 +70,19 @@ class SearchesControllerTest < ActionController::TestCase
 
     should respond_with :success
     should "see sinatra on the page in the results" do
-      page.assert_text(@sinatra.name)
-      page.assert_selector("a[href='#{rubygem_path(@sinatra.slug)}']")
+      assert page.has_text?(@sinatra.name)
+      assert page.has_selector?("a[href='#{rubygem_path(@sinatra.slug)}']")
     end
     should "not see brando on the page in the results" do
-      page.assert_no_text(@brando.name)
-      page.assert_no_selector("a[href='#{rubygem_path(@brando.slug)}']")
+      refute page.has_text?(@brando.name)
+      refute page.has_selector?("a[href='#{rubygem_path(@brando.slug)}']")
     end
     should "display pagination summary" do
-      page.assert_text("all 2 gems")
+      assert page.has_text?("all 2 gems")
     end
     should "not see suggestions" do
-      page.assert_no_text("Did you mean")
-      page.assert_no_selector(".search-suggestions")
+      refute page.has_text?("Did you mean")
+      refute page.has_selector?(".search-suggestions")
     end
   end
 
@@ -112,19 +112,19 @@ class SearchesControllerTest < ActionController::TestCase
 
     should respond_with :success
     should "see sinatra on the page in the suggestions" do
-      page.assert_text("Did you mean")
+      assert page.has_text?("Did you mean")
       assert page.find(".search__suggestions").has_content?(@sinatra.name)
       assert page.has_selector?("a[href='#{search_path(query: @sinatra.name)}']")
     end
     should "not see sinatra on the page in the results" do
-      page.assert_no_selector("a[href='#{rubygem_path(@sinatra.slug)}']")
+      refute page.has_selector?("a[href='#{rubygem_path(@sinatra.slug)}']")
     end
     should "not see brando on the page in the results" do
-      page.assert_no_text(@brando.name)
-      page.assert_no_selector("a[href='#{rubygem_path(@brando.slug)}']")
+      refute page.has_text?(@brando.name)
+      refute page.has_selector?("a[href='#{rubygem_path(@brando.slug)}']")
     end
     should "not see filters" do
-      page.assert_no_text("Filter")
+      refute page.has_text?("Filter")
     end
   end
 
@@ -141,10 +141,10 @@ class SearchesControllerTest < ActionController::TestCase
     should respond_with :success
 
     should "see sinatra_redux on the page in the results" do
-      page.assert_selector("a[href='#{rubygem_path(@sinatra_redux.slug)}']")
+      assert page.has_selector?("a[href='#{rubygem_path(@sinatra_redux.slug)}']")
     end
     should "not see sinatra on the page in the results" do
-      page.assert_no_selector("a[href='#{rubygem_path(@sinatra.slug)}']")
+      refute page.has_selector?("a[href='#{rubygem_path(@sinatra.slug)}']")
     end
   end
 
diff --git a/test/functional/sessions_controller_test.rb b/test/functional/sessions_controller_test.rb
index 7ef1f39db51..1835c70189d 100644
--- a/test/functional/sessions_controller_test.rb
+++ b/test/functional/sessions_controller_test.rb
@@ -474,8 +474,8 @@ class SessionsControllerTest < ActionController::TestCase
     end
 
     should "render sign-in form" do
-      page.assert_text("Sign in")
-      page.assert_selector("input[type=password][autocomplete=current-password]")
+      assert page.has_text?("Sign in")
+      assert page.has_selector?("input[type=password][autocomplete=current-password]")
     end
   end
 
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
index c038a29023a..ad2b8759dc6 100644
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -11,8 +11,8 @@ class UsersControllerTest < ActionController::TestCase
     should render_template(:new)
 
     should "render the new user form" do
-      page.assert_text "Sign up"
-      page.assert_selector "input[type=password][autocomplete=new-password]"
+      assert page.has_text? "Sign up"
+      assert page.has_selector? "input[type=password][autocomplete=new-password]"
     end
 
     context "when logged in" do

From cc08a13e689e634fe6fe893da1e1b7269363b7dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Sun, 1 Sep 2024 20:01:09 +0200
Subject: [PATCH 246/381] Add missing assertions to test/system.

---
 test/system/oidc_test.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/test/system/oidc_test.rb b/test/system/oidc_test.rb
index 65bae4ece8e..a6e19618a8a 100644
--- a/test/system/oidc_test.rb
+++ b/test/system/oidc_test.rb
@@ -276,8 +276,8 @@ def verify_session # rubocop:disable Minitest/TestMethodName
 
     click_button "Delete"
 
-    page.assert_text "Trusted Publisher deleted"
-    page.assert_text "NO RUBYGEM TRUSTED PUBLISHERS FOUND"
+    assert_content "Trusted Publisher deleted"
+    assert_content "NO RUBYGEM TRUSTED PUBLISHERS FOUND"
   end
 
   test "creating pending trusted publishers" do
@@ -349,7 +349,7 @@ def verify_session # rubocop:disable Minitest/TestMethodName
 
     click_button "Delete"
 
-    page.assert_text "Pending Trusted Publisher deleted"
-    page.assert_text "NO PENDING TRUSTED PUBLISHERS FOUND"
+    assert_content "Pending Trusted Publisher deleted"
+    assert_content "NO PENDING TRUSTED PUBLISHERS FOUND"
   end
 end

From b492fb4845c2a11c3b2550434a53a9535c51eccc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Mon, 30 Sep 2024 20:32:02 +0200
Subject: [PATCH 247/381] Add basic assertions to AC::TestCase.

---
 test/functional/api_keys_controller_test.rb  |  2 +-
 test/functional/passwords_controller_test.rb | 16 +++++------
 test/functional/profiles_controller_test.rb  |  4 +--
 test/functional/rubygems_controller_test.rb  |  6 ++--
 test/functional/searches_controller_test.rb  | 30 ++++++++++----------
 test/functional/sessions_controller_test.rb  |  4 +--
 test/functional/users_controller_test.rb     |  4 +--
 test/test_helper.rb                          | 16 +++++++++++
 8 files changed, 49 insertions(+), 33 deletions(-)

diff --git a/test/functional/api_keys_controller_test.rb b/test/functional/api_keys_controller_test.rb
index 3144739fa4c..087bed7af79 100644
--- a/test/functional/api_keys_controller_test.rb
+++ b/test/functional/api_keys_controller_test.rb
@@ -223,7 +223,7 @@ class ApiKeysControllerTest < ActionController::TestCase
         end
 
         should "show error to user" do
-          assert page.has_content? "Show dashboard scope must be enabled exclusively"
+          assert_text "Show dashboard scope must be enabled exclusively"
         end
 
         should "not update scope of test key" do
diff --git a/test/functional/passwords_controller_test.rb b/test/functional/passwords_controller_test.rb
index 2b1ddb838be..9e7ae33ac0f 100644
--- a/test/functional/passwords_controller_test.rb
+++ b/test/functional/passwords_controller_test.rb
@@ -58,8 +58,8 @@ class PasswordsControllerTest < ActionController::TestCase
         end
 
         should "display edit form" do
-          assert page.has_text?("Reset password")
-          assert page.has_selector?("input[type=password][autocomplete=new-password]")
+          assert_text "Reset password"
+          assert_selector "input[type=password][autocomplete=new-password]"
         end
 
         should "instruct the browser not to send referrer that contains the token" do
@@ -85,8 +85,8 @@ class PasswordsControllerTest < ActionController::TestCase
         end
 
         should "display edit form" do
-          assert page.has_text?("Reset password")
-          assert page.has_selector?("input[type=password][autocomplete=new-password]")
+          assert_text "Reset password"
+          assert_selector "input[type=password][autocomplete=new-password]"
         end
 
         should "instruct the browser not to send referrer that contains the token" do
@@ -113,8 +113,8 @@ class PasswordsControllerTest < ActionController::TestCase
         end
 
         should "display edit form" do
-          assert page.has_text?("Reset password")
-          assert page.has_selector?("input[type=password][autocomplete=new-password]")
+          assert_text "Reset password"
+          assert_selector "input[type=password][autocomplete=new-password]"
         end
 
         should "instruct the browser not to send referrer that contains the token" do
@@ -250,7 +250,7 @@ class PasswordsControllerTest < ActionController::TestCase
         end
 
         should "display edit form" do
-          assert page.has_text?("Reset password")
+          assert_text "Reset password"
         end
 
         should "clear mfa_expires_at" do
@@ -334,7 +334,7 @@ class PasswordsControllerTest < ActionController::TestCase
       end
 
       should "display edit form" do
-        assert page.has_text?("Reset password")
+        assert_text "Reset password"
       end
 
       should "clear mfa_expires_at" do
diff --git a/test/functional/profiles_controller_test.rb b/test/functional/profiles_controller_test.rb
index 572a151588c..1cfbb165ec8 100644
--- a/test/functional/profiles_controller_test.rb
+++ b/test/functional/profiles_controller_test.rb
@@ -106,8 +106,8 @@ class ProfilesControllerTest < ActionController::TestCase
       should respond_with :success
 
       should "render user delete page" do
-        assert page.has_text? "Delete profile"
-        assert page.has_selector? "input[type=password][autocomplete=current-password]"
+        assert_text "Delete profile"
+        assert_selector "input[type=password][autocomplete=current-password]"
       end
     end
 
diff --git a/test/functional/rubygems_controller_test.rb b/test/functional/rubygems_controller_test.rb
index 9829a72a5ca..68c698ac0e1 100644
--- a/test/functional/rubygems_controller_test.rb
+++ b/test/functional/rubygems_controller_test.rb
@@ -86,9 +86,9 @@ class RubygemsControllerTest < ActionController::TestCase
       should respond_with :success
 
       should "include the security events" do
-        assert page.has_text? "Owner Added"
-        assert page.has_text? "Owner Confirmed"
-        assert page.has_text? "Owner Removed"
+        assert_text "Owner Added"
+        assert_text "Owner Confirmed"
+        assert_text "Owner Removed"
       end
     end
   end
diff --git a/test/functional/searches_controller_test.rb b/test/functional/searches_controller_test.rb
index 6a7ebdecc51..050f11b5236 100644
--- a/test/functional/searches_controller_test.rb
+++ b/test/functional/searches_controller_test.rb
@@ -70,19 +70,19 @@ class SearchesControllerTest < ActionController::TestCase
 
     should respond_with :success
     should "see sinatra on the page in the results" do
-      assert page.has_text?(@sinatra.name)
-      assert page.has_selector?("a[href='#{rubygem_path(@sinatra.slug)}']")
+      assert_text @sinatra.name
+      assert_selector "a[href='#{rubygem_path(@sinatra.slug)}']"
     end
     should "not see brando on the page in the results" do
-      refute page.has_text?(@brando.name)
-      refute page.has_selector?("a[href='#{rubygem_path(@brando.slug)}']")
+      refute_text @brando.name
+      refute_selector "a[href='#{rubygem_path(@brando.slug)}']"
     end
     should "display pagination summary" do
       assert page.has_text?("all 2 gems")
     end
     should "not see suggestions" do
-      refute page.has_text?("Did you mean")
-      refute page.has_selector?(".search-suggestions")
+      refute_text "Did you mean"
+      refute_selector ".search-suggestions"
     end
   end
 
@@ -112,19 +112,19 @@ class SearchesControllerTest < ActionController::TestCase
 
     should respond_with :success
     should "see sinatra on the page in the suggestions" do
-      assert page.has_text?("Did you mean")
-      assert page.find(".search__suggestions").has_content?(@sinatra.name)
-      assert page.has_selector?("a[href='#{search_path(query: @sinatra.name)}']")
+      assert_text "Did you mean"
+      assert_text @sinatra.name, page.find(".search__suggestions")
+      assert_selector "a[href='#{search_path(query: @sinatra.name)}']"
     end
     should "not see sinatra on the page in the results" do
-      refute page.has_selector?("a[href='#{rubygem_path(@sinatra.slug)}']")
+      refute_selector "a[href='#{rubygem_path(@sinatra.slug)}']"
     end
     should "not see brando on the page in the results" do
-      refute page.has_text?(@brando.name)
-      refute page.has_selector?("a[href='#{rubygem_path(@brando.slug)}']")
+      refute_text @brando.name
+      refute_selector "a[href='#{rubygem_path(@brando.slug)}']"
     end
     should "not see filters" do
-      refute page.has_text?("Filter")
+      refute_text "Filter"
     end
   end
 
@@ -141,10 +141,10 @@ class SearchesControllerTest < ActionController::TestCase
     should respond_with :success
 
     should "see sinatra_redux on the page in the results" do
-      assert page.has_selector?("a[href='#{rubygem_path(@sinatra_redux.slug)}']")
+      assert_selector "a[href='#{rubygem_path(@sinatra_redux.slug)}']"
     end
     should "not see sinatra on the page in the results" do
-      refute page.has_selector?("a[href='#{rubygem_path(@sinatra.slug)}']")
+      refute_selector "a[href='#{rubygem_path(@sinatra.slug)}']"
     end
   end
 
diff --git a/test/functional/sessions_controller_test.rb b/test/functional/sessions_controller_test.rb
index 1835c70189d..b617beb7842 100644
--- a/test/functional/sessions_controller_test.rb
+++ b/test/functional/sessions_controller_test.rb
@@ -474,8 +474,8 @@ class SessionsControllerTest < ActionController::TestCase
     end
 
     should "render sign-in form" do
-      assert page.has_text?("Sign in")
-      assert page.has_selector?("input[type=password][autocomplete=current-password]")
+      assert_text "Sign in"
+      assert_selector "input[type=password][autocomplete=current-password]"
     end
   end
 
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
index ad2b8759dc6..0173d72abb3 100644
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -11,8 +11,8 @@ class UsersControllerTest < ActionController::TestCase
     should render_template(:new)
 
     should "render the new user form" do
-      assert page.has_text? "Sign up"
-      assert page.has_selector? "input[type=password][autocomplete=new-password]"
+      assert_text "Sign up"
+      assert_selector "input[type=password][autocomplete=new-password]"
     end
 
     context "when logged in" do
diff --git a/test/test_helper.rb b/test/test_helper.rb
index bce18a0017b..f381d4f6743 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -220,6 +220,22 @@ def verified_sign_in_as(user)
     session[:verification] = 10.minutes.from_now
     session[:verified_user] = user.id
   end
+
+  def assert_text(text, context = page)
+    assert context.has_content?(text), "page is missing content #{text}"
+  end
+
+  def refute_text(text)
+    refute page.has_content?(text), "page has unexpected content #{text}"
+  end
+
+  def assert_selector(selector)
+    assert page.has_selector?(selector), "page is missing selector #{selector}"
+  end
+
+  def refute_selector(selector)
+    refute page.has_selector?(selector), "page has unexpected selector #{selector}"
+  end
 end
 
 class ActionDispatch::IntegrationTest

From 12a7ab8e2986fca37f5663db2ad2c3f018a11296 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Mon, 30 Sep 2024 13:01:37 -0700
Subject: [PATCH 248/381] Guard against SSRF attacks in link verification
 (#5076)

Uses https://github.com/bhuga/faraday-restrict-ip-addresses/pull/16

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 Gemfile                           |  1 +
 Gemfile.lock                      |  4 ++++
 app/jobs/verify_link_job.rb       | 11 +++++++----
 test/jobs/verify_link_job_test.rb | 12 ++++++++++++
 4 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 55e96403100..dfee6e920df 100644
--- a/Gemfile
+++ b/Gemfile
@@ -15,6 +15,7 @@ gem "dogstatsd-ruby", "~> 5.6"
 gem "google-protobuf", "~> 4.28"
 gem "faraday", "~> 2.12"
 gem "faraday-retry", "~> 2.2"
+gem "faraday-restrict-ip-addresses", "~> 0.3.0", require: "faraday/restrict_ip_addresses"
 gem "good_job", "~> 3.99"
 gem "gravtastic", "~> 3.2"
 gem "honeybadger", "~> 5.5.1", require: false # see https://github.com/rubygems/rubygems.org/pull/4598
diff --git a/Gemfile.lock b/Gemfile.lock
index 9f610f900fc..0346a3b90b7 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -250,6 +250,8 @@ GEM
       multipart-post (~> 2)
     faraday-net_http (3.3.0)
       net-http
+    faraday-restrict-ip-addresses (0.3.0)
+      faraday (> 1.0, < 3.0)
     faraday-retry (2.2.1)
       faraday (~> 2.0)
     faraday_middleware-aws-sigv4 (1.0.1)
@@ -869,6 +871,7 @@ DEPENDENCIES
   factory_bot_rails (~> 6.4)
   faraday (~> 2.12)
   faraday-multipart (~> 1.0)
+  faraday-restrict-ip-addresses (~> 0.3.0)
   faraday-retry (~> 2.2)
   faraday_middleware-aws-sigv4 (~> 1.0)
   gem_server_conformance (~> 0.1.4)
@@ -1045,6 +1048,7 @@ CHECKSUMS
   faraday-follow_redirects (0.3.0) sha256=d92d975635e2c7fe525dd494fcd4b9bb7f0a4a0ec0d5f4c15c729530fdb807f9
   faraday-multipart (1.0.4) sha256=9012021ab57790f7d712f590b48d5f948b19b43cfa11ca83e6459f06090b0725
   faraday-net_http (3.3.0) sha256=93e6b0f679b1e8e358bcb4e983a52328dfc47ebbe6a232e4f9e8aba9c924e565
+  faraday-restrict-ip-addresses (0.3.0) sha256=2db7f6da6f59fa73a9d4ffe96b2b46a4b2b2c4d177e44a1962c1921d32ec7279
   faraday-retry (2.2.1) sha256=4146fed14549c0580bf14591fca419a40717de0dd24f267a8ec2d9a728677608
   faraday_middleware-aws-sigv4 (1.0.1) sha256=a001ea4f687ca1c60bad8f2a627196905ce3dbf285e461dc153240e92eaabe8f
   ffi (1.17.0) sha256=51630e43425078311c056ca75f961bb3bda1641ab36e44ad4c455e0b0e4a231c
diff --git a/app/jobs/verify_link_job.rb b/app/jobs/verify_link_job.rb
index 50667b6b0b5..8a18a838cf1 100644
--- a/app/jobs/verify_link_job.rb
+++ b/app/jobs/verify_link_job.rb
@@ -9,10 +9,6 @@ class NotHTTPSError < StandardError; end
   class LinkNotPresentError < StandardError; end
   class HTTPResponseError < StandardError; end
 
-  rescue_from NotHTTPSError do |_error|
-    record_failure
-  end
-
   rescue_from LinkNotPresentError, HTTPResponseError, *ERRORS do |error|
     logger.info "Linkback verification failed with error: #{error.message}", error: error, uri: link_verification.uri,
       linkable: link_verification.linkable.to_gid
@@ -23,6 +19,10 @@ class HTTPResponseError < StandardError; end
     end
   end
 
+  rescue_from NotHTTPSError, Faraday::RestrictIPAddresses::AddressNotAllowed do |_error|
+    record_failure
+  end
+
   TIMEOUT_SEC = 5
 
   def perform(link_verification:)
@@ -68,6 +68,9 @@ def verify_link!(uri, linkable)
 
   def get(url)
     Faraday.new(nil, request: { timeout: TIMEOUT_SEC }) do |f|
+      # prevent SSRF attacks
+      f.request :restrict_ip_addresses, deny_rfc6890: true
+
       f.response :logger, logger, headers: false, errors: true
       f.response :raise_error
     end.get(
diff --git a/test/jobs/verify_link_job_test.rb b/test/jobs/verify_link_job_test.rb
index 5874f7e0584..121aeed0224 100644
--- a/test/jobs/verify_link_job_test.rb
+++ b/test/jobs/verify_link_job_test.rb
@@ -199,4 +199,16 @@ class VerifyLinkJobTest < ActiveJob::TestCase
     assert_equal 1, @docs.failures_since_last_verification
     assert_enqueued_jobs 0, only: VerifyLinkJob
   end
+
+  test "does not retry link verification for localhost link" do
+    @home.update!(uri: "https://localhost")
+    freeze_time
+
+    VerifyLinkJob.perform_now(link_verification: @home)
+
+    refute_predicate @home.reload, :verified?
+    assert_nil @home.last_verified_at
+    assert_equal 1, @home.failures_since_last_verification
+    assert_enqueued_jobs 0, only: VerifyLinkJob
+  end
 end

From e31dd4bdecd7f3d3d8501962c5d697b369cb4f6e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20V=C3=A1squez?= <juan@ombulabs.com>
Date: Mon, 30 Sep 2024 14:39:49 -0600
Subject: [PATCH 249/381] Rails 7.2.1 Upgrade (#5057)

---
 Gemfile      |   2 +-
 Gemfile.lock | 162 +++++++++++++++++++++++++--------------------------
 2 files changed, 81 insertions(+), 83 deletions(-)

diff --git a/Gemfile b/Gemfile
index dfee6e920df..4b3fdbbf5dc 100644
--- a/Gemfile
+++ b/Gemfile
@@ -2,7 +2,7 @@ source "https://rubygems.org"
 
 ruby file: ".ruby-version"
 
-gem "rails", "~> 7.1.0", ">= 7.1.3.2"
+gem "rails", "~> 7.2.1"
 gem "rails-i18n", "~> 7.0"
 
 gem "aws-sdk-s3", "~> 1.166"
diff --git a/Gemfile.lock b/Gemfile.lock
index 0346a3b90b7..ccd455629cb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,51 +1,46 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.1.4)
-      actionpack (= 7.1.4)
-      activesupport (= 7.1.4)
+    actioncable (7.2.1)
+      actionpack (= 7.2.1)
+      activesupport (= 7.2.1)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
       zeitwerk (~> 2.6)
-    actionmailbox (7.1.4)
-      actionpack (= 7.1.4)
-      activejob (= 7.1.4)
-      activerecord (= 7.1.4)
-      activestorage (= 7.1.4)
-      activesupport (= 7.1.4)
-      mail (>= 2.7.1)
-      net-imap
-      net-pop
-      net-smtp
-    actionmailer (7.1.4)
-      actionpack (= 7.1.4)
-      actionview (= 7.1.4)
-      activejob (= 7.1.4)
-      activesupport (= 7.1.4)
-      mail (~> 2.5, >= 2.5.4)
-      net-imap
-      net-pop
-      net-smtp
+    actionmailbox (7.2.1)
+      actionpack (= 7.2.1)
+      activejob (= 7.2.1)
+      activerecord (= 7.2.1)
+      activestorage (= 7.2.1)
+      activesupport (= 7.2.1)
+      mail (>= 2.8.0)
+    actionmailer (7.2.1)
+      actionpack (= 7.2.1)
+      actionview (= 7.2.1)
+      activejob (= 7.2.1)
+      activesupport (= 7.2.1)
+      mail (>= 2.8.0)
       rails-dom-testing (~> 2.2)
-    actionpack (7.1.4)
-      actionview (= 7.1.4)
-      activesupport (= 7.1.4)
+    actionpack (7.2.1)
+      actionview (= 7.2.1)
+      activesupport (= 7.2.1)
       nokogiri (>= 1.8.5)
       racc
-      rack (>= 2.2.4)
+      rack (>= 2.2.4, < 3.2)
       rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    actiontext (7.1.4)
-      actionpack (= 7.1.4)
-      activerecord (= 7.1.4)
-      activestorage (= 7.1.4)
-      activesupport (= 7.1.4)
+      useragent (~> 0.16)
+    actiontext (7.2.1)
+      actionpack (= 7.2.1)
+      activerecord (= 7.2.1)
+      activestorage (= 7.2.1)
+      activesupport (= 7.2.1)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.1.4)
-      activesupport (= 7.1.4)
+    actionview (7.2.1)
+      activesupport (= 7.2.1)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
@@ -53,31 +48,32 @@ GEM
     active_link_to (1.0.5)
       actionpack
       addressable
-    activejob (7.1.4)
-      activesupport (= 7.1.4)
+    activejob (7.2.1)
+      activesupport (= 7.2.1)
       globalid (>= 0.3.6)
-    activemodel (7.1.4)
-      activesupport (= 7.1.4)
-    activerecord (7.1.4)
-      activemodel (= 7.1.4)
-      activesupport (= 7.1.4)
+    activemodel (7.2.1)
+      activesupport (= 7.2.1)
+    activerecord (7.2.1)
+      activemodel (= 7.2.1)
+      activesupport (= 7.2.1)
       timeout (>= 0.4.0)
-    activestorage (7.1.4)
-      actionpack (= 7.1.4)
-      activejob (= 7.1.4)
-      activerecord (= 7.1.4)
-      activesupport (= 7.1.4)
+    activestorage (7.2.1)
+      actionpack (= 7.2.1)
+      activejob (= 7.2.1)
+      activerecord (= 7.2.1)
+      activesupport (= 7.2.1)
       marcel (~> 1.0)
-    activesupport (7.1.4)
+    activesupport (7.2.1)
       base64
       bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
       minitest (>= 5.1)
-      mutex_m
-      tzinfo (~> 2.0)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
     aes_key_wrap (1.1.0)
@@ -448,7 +444,6 @@ GEM
     multi_xml (0.7.1)
       bigdecimal (~> 3.1)
     multipart-post (2.4.1)
-    mutex_m (0.2.0)
     net-http (0.4.1)
       uri
     net-imap (0.4.15)
@@ -570,20 +565,20 @@ GEM
     rackup (2.1.0)
       rack (>= 3)
       webrick (~> 1.8)
-    rails (7.1.4)
-      actioncable (= 7.1.4)
-      actionmailbox (= 7.1.4)
-      actionmailer (= 7.1.4)
-      actionpack (= 7.1.4)
-      actiontext (= 7.1.4)
-      actionview (= 7.1.4)
-      activejob (= 7.1.4)
-      activemodel (= 7.1.4)
-      activerecord (= 7.1.4)
-      activestorage (= 7.1.4)
-      activesupport (= 7.1.4)
+    rails (7.2.1)
+      actioncable (= 7.2.1)
+      actionmailbox (= 7.2.1)
+      actionmailer (= 7.2.1)
+      actionpack (= 7.2.1)
+      actiontext (= 7.2.1)
+      actionview (= 7.2.1)
+      activejob (= 7.2.1)
+      activemodel (= 7.2.1)
+      activerecord (= 7.2.1)
+      activestorage (= 7.2.1)
+      activesupport (= 7.2.1)
       bundler (>= 1.15.0)
-      railties (= 7.1.4)
+      railties (= 7.2.1)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
@@ -607,10 +602,10 @@ GEM
       rack
       railties (>= 5.1)
       semantic_logger (~> 4.16)
-    railties (7.1.4)
-      actionpack (= 7.1.4)
-      activesupport (= 7.1.4)
-      irb
+    railties (7.2.1)
+      actionpack (= 7.2.1)
+      activesupport (= 7.2.1)
+      irb (~> 1.13)
       rackup (>= 1.0.0)
       rake (>= 12.2)
       thor (~> 1.0, >= 1.2.2)
@@ -712,6 +707,7 @@ GEM
     searchkick (5.4.0)
       activemodel (>= 6.1)
       hashie
+    securerandom (0.3.1)
     selenium-webdriver (4.25.0)
       base64 (~> 0.2)
       logger (~> 1.4)
@@ -795,6 +791,7 @@ GEM
       pwned (~> 2.0)
     uri (0.13.1)
     user_agent_parser (2.18.0)
+    useragent (0.16.10)
     validate_url (1.0.15)
       activemodel (>= 3.0.0)
       public_suffix
@@ -920,7 +917,7 @@ DEPENDENCIES
   rack-sanitizer (~> 2.0)
   rack-test (~> 2.1)
   rackup (~> 2.1)
-  rails (~> 7.1.0, >= 7.1.3.2)
+  rails (~> 7.2.1)
   rails-controller-testing (~> 1.0)
   rails-erd (~> 1.7)
   rails-i18n (~> 7.0)
@@ -961,18 +958,18 @@ DEPENDENCIES
   xml-simple (~> 1.1)
 
 CHECKSUMS
-  actioncable (7.1.4) sha256=8443dfe12129cf6d7c93b16a5f0be83bf0d3f686875d7ff5e1110c884c3e8fbc
-  actionmailbox (7.1.4) sha256=30be3b404290ef19c477aab19ee48cbcb6b409cc3f377f732c7b907998e6f36f
-  actionmailer (7.1.4) sha256=eae396a3f2de43c54f1d267ecc2e4593a0122f20e321dbee5c96ffcbbdfa4b25
-  actionpack (7.1.4) sha256=f5f8879debbf0b1a73dcc60f91c975b7bed7ff87c873b5fa794acaa1f3b7e230
-  actiontext (7.1.4) sha256=5d07bfe0d50cec80f55f71526aa67bbcc401f0ea6dcb611687119294b0da9b92
-  actionview (7.1.4) sha256=c02bf0665edbfaf1616b41aad0ce8919820005226d4e78e56a998b6b32593953
+  actioncable (7.2.1) sha256=b409c96b0acc90abe6aa8fd9656eaff0980c1b36c9e22b8f7c490a46eafc2204
+  actionmailbox (7.2.1) sha256=09c20d0bcb769a6521d22cb8987e2d1d8335b58610957a6c615c85e6743adf89
+  actionmailer (7.2.1) sha256=e4853a32c84105066e64d900ee1025ef075893ee3c51de3a3bc59a6e09586e56
+  actionpack (7.2.1) sha256=260b80acc720123f23eb2b106b04d2de7d8cf0492d4eeb2dfa7afc8be36dcaad
+  actiontext (7.2.1) sha256=1257a2384373188039fc35d46946e757014710361a4af4481e37b510ac7d7d79
+  actionview (7.2.1) sha256=d1f8f4df2bff842a03e2a6e86275e4d73e70c654159617ad4abbe7c6b2aed4f4
   active_link_to (1.0.5) sha256=4830847b3d14589df1e9fc62038ceec015257fce975ec1c2a77836c461b139ba
-  activejob (7.1.4) sha256=65f65a552aeb33f444fb57b9dc75ecc01693ef13ae410591c7a5f7763c3c0bf6
-  activemodel (7.1.4) sha256=188d055afdd07d2f037d23403c939618ea0d7fa518a7de1b76324c2876d410b6
-  activerecord (7.1.4) sha256=836d6dac137ec5bb71e7ab943f6eca97917c8a2968fa466b38920f4812642cdd
-  activestorage (7.1.4) sha256=23ebbb59fb9563f035ffa18d30b6bbc3a5d3f5cda004d19765f594db24f70b46
-  activesupport (7.1.4) sha256=3a8e1a7ce5541ab2ffefaa390c40c89d7f54273dc671ed429614953cffd8a232
+  activejob (7.2.1) sha256=eb145f5aaf8276f37b9e4e9f72f3d56b1733172b4be680e836c765f2e6a3c503
+  activemodel (7.2.1) sha256=7b24e3927122b99c4623f07607a1d0f1cfd598f9dc5077e70178536dd6663348
+  activerecord (7.2.1) sha256=b58a26b9337594f2639cafcc443f4d28d786289f5b5b07b810e8251eeace533c
+  activestorage (7.2.1) sha256=e5d6746aa9e5d92fff9d214fad782b6a7189bc080d319c0b196e3dfa1595a676
+  activesupport (7.2.1) sha256=7557fa077a592a4f36f7ddacf4d9d71c34aff69ed20236b8a61c22d567da8c24
   addressable (2.8.7) sha256=462986537cf3735ab5f3c0f557f14155d778f4b43ea4f485a9deb9c8f7c58232
   aes_key_wrap (1.1.0) sha256=b935f4756b37375895db45669e79dfcdc0f7901e12d4e08974d5540c8e0776a5
   aggregate_assertions (0.2.0) sha256=9bc51a48323a8e7b82f47cc38d48132817247345e5a8713686c9d65b25daca9e
@@ -1130,7 +1127,6 @@ CHECKSUMS
   multi_json (1.15.0) sha256=1fd04138b6e4a90017e8d1b804c039031399866ff3fbabb7822aea367c78615d
   multi_xml (0.7.1) sha256=4fce100c68af588ff91b8ba90a0bb3f0466f06c909f21a32f4962059140ba61b
   multipart-post (2.4.1) sha256=9872d03a8e552020ca096adadbf5e3cb1cd1cdd6acd3c161136b8a5737cdb4a8
-  mutex_m (0.2.0) sha256=b6ef0c6c842ede846f2ec0ade9e266b1a9dac0bc151682b04835e8ebd54840d5
   net-http (0.4.1) sha256=a96efc5ea18bcb9715e24dda4159d10f67ff0345c8a980d04630028055b2c282
   net-imap (0.4.15) sha256=e468121d50cfcf82b7bbcee823d352bbb62ba8add963daa0c08d21680d83b53d
   net-pop (0.1.2) sha256=848b4e982013c15b2f0382792268763b748cce91c9e91e36b0f27ed26420dff3
@@ -1181,14 +1177,14 @@ CHECKSUMS
   rack-session (2.0.0) sha256=db04b2063e180369192a9046b4559af311990af38c6a93d4c600cee4eb6d4e81
   rack-test (2.1.0) sha256=0c61fc61904049d691922ea4bb99e28004ed3f43aa5cfd495024cc345f125dfb
   rackup (2.1.0) sha256=6ecb884a581990332e45ee17bdfdc14ccbee46c2f710ae1566019907869a6c4d
-  rails (7.1.4) sha256=dfcf9e78d26db70320b99958e7ee8957db9cee5969279d449b925cdab18cc51e
+  rails (7.2.1) sha256=fd5684e5d007220960666a3a8b31a57cd1c8cd7f60d88cb40e28e95f1911b705
   rails-controller-testing (1.0.5) sha256=741448db59366073e86fc965ba403f881c636b79a2c39a48d0486f2607182e94
   rails-dom-testing (2.2.0) sha256=e515712e48df1f687a1d7c380fd7b07b8558faa26464474da64183a7426fa93b
   rails-erd (1.7.2) sha256=0b17d0fba25d319d8da8af7a3e5e2149d02d6187cc7351e8be43423f07c48bcd
   rails-html-sanitizer (1.6.0) sha256=86e9f19d2e6748890dcc2633c8945ca45baa08a1df9d8c215ce17b3b0afaa4de
   rails-i18n (7.0.9) sha256=c184db80a7c7bf21c14e0e400fe9e27c4c20312f019aaff5b364a82858dc1369
   rails_semantic_logger (4.17.0) sha256=cc10cca01491736596cd5ab40b52b3bbf98338d9d1f5a7916b2be10231615047
-  railties (7.1.4) sha256=54395f2753366699e54417aea67d8b3c0eefd994de2f4152d364a400de634a5a
+  railties (7.2.1) sha256=4b6ad279bbfb9228d7e7fbc8df562a8f5d4910e179b957d801fcec176d548463
   rainbow (3.1.1) sha256=039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a
   rake (13.2.1) sha256=46cb38dae65d7d74b6020a4ac9d48afed8eb8149c040eccf0523bec91907059d
   rb-fsevent (0.11.2) sha256=43900b972e7301d6570f64b850a5aa67833ee7d87b458ee92805d56b7318aefe
@@ -1232,6 +1228,7 @@ CHECKSUMS
   sassc-embedded (1.70.1) sha256=a95172c9c6725dfc412c702a0e705fb8a5bcb3aac2a32586b18e5432987103d3
   sawyer (0.9.2) sha256=fa3a72d62a4525517b18857ddb78926aab3424de0129be6772a8e2ba240e7aca
   searchkick (5.4.0) sha256=75d7256d3ec2af2dc11c2ba8160c86d80451f3f86447aae2ace1f79553de0bf3
+  securerandom (0.3.1) sha256=98f0450c0ea46d2f9a4b6db4f391dbd83dc08049592eada155739f40e0341bde
   selenium-webdriver (4.25.0) sha256=7e11abf2b0fd56df61d98b6d59d621781cf103261d941df3510837547bd4a0d5
   semantic (1.6.1) sha256=3cdbb48f59198ebb782a3fdfb87b559e0822a311610db153bae22777a7d0c163
   semantic_logger (4.16.0) sha256=ffba0bd0e008ceaf6be26da588f610a61208b9a9f55676b32729e962904023d9
@@ -1269,6 +1266,7 @@ CHECKSUMS
   unpwn (1.0.0) sha256=6239d17d46a882b3719b24fb79c78a34caff89d57ab0f5e546be5b5c882bc7d3
   uri (0.13.1) sha256=df2d8b13e3e8c8a43432637e2ace4f9de7b42674361b4dd26302b40f7d7fcd1e
   user_agent_parser (2.18.0) sha256=aa943b91da8906cace7d3fe16b450c9d77b68f571485c11e577af97aecb25584
+  useragent (0.16.10) sha256=1794380d9ea5c087d687bbfe14752f81839293f238c1132ef05c9344f09e65bb
   validate_url (1.0.15) sha256=72fe164c0713d63a9970bd6700bea948babbfbdcec392f2342b6704042f57451
   validates_formatting_of (0.9.0) sha256=139590a4b87596dbfb04d93e897bd2e6d30fb849d04fab0343e71ed2ca856e7e
   version_gem (1.1.1) sha256=3c2da6ded29045ddcc0387e152dc634e1f0c490b7128dce0697ccc1cf0915b6c

From f71762f23f67f1d7e6478dcdf7db4bc6e443c594 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Mon, 30 Sep 2024 13:48:38 -0700
Subject: [PATCH 250/381] Run app:update on rails 7.2 (#5064)

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 bin/brakeman                                  | 24 +----
 bin/rubocop                                   | 25 +-----
 bin/setup                                     |  6 +-
 config/environments/development.rb            | 18 ++--
 config/environments/production.rb             | 18 ++--
 config/environments/test.rb                   | 10 ++-
 .../initializers/content_security_policy.rb   | 90 +++++++++----------
 .../initializers/filter_parameter_logging.rb  |  6 +-
 .../new_framework_defaults_7_2.rb             | 70 +++++++++++++++
 config/puma.rb                                | 37 +++++---
 public/robots.txt                             |  1 +
 11 files changed, 182 insertions(+), 123 deletions(-)
 create mode 100644 config/initializers/new_framework_defaults_7_2.rb

diff --git a/bin/brakeman b/bin/brakeman
index b4fe8de2663..ace1c9ba08a 100755
--- a/bin/brakeman
+++ b/bin/brakeman
@@ -1,27 +1,7 @@
 #!/usr/bin/env ruby
-# frozen_string_literal: true
-
-#
-# This file was generated by Bundler.
-#
-# The application 'brakeman' is installed as part of a gem, and
-# this file is here to facilitate running it.
-#
-
-ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
-
-bundle_binstub = File.expand_path("bundle", __dir__)
-
-if File.file?(bundle_binstub)
-  if File.read(bundle_binstub, 300).include?("This file was generated by Bundler")
-    load(bundle_binstub)
-  else
-    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
-Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
-  end
-end
-
 require "rubygems"
 require "bundler/setup"
 
+ARGV.unshift("--ensure-latest")
+
 load Gem.bin_path("brakeman", "brakeman")
diff --git a/bin/rubocop b/bin/rubocop
index 369a05bedb5..40330c0ff1c 100755
--- a/bin/rubocop
+++ b/bin/rubocop
@@ -1,27 +1,8 @@
 #!/usr/bin/env ruby
-# frozen_string_literal: true
-
-#
-# This file was generated by Bundler.
-#
-# The application 'rubocop' is installed as part of a gem, and
-# this file is here to facilitate running it.
-#
-
-ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
-
-bundle_binstub = File.expand_path("bundle", __dir__)
-
-if File.file?(bundle_binstub)
-  if File.read(bundle_binstub, 300).include?("This file was generated by Bundler")
-    load(bundle_binstub)
-  else
-    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
-Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
-  end
-end
-
 require "rubygems"
 require "bundler/setup"
 
+# explicit rubocop config increases performance slightly while avoiding config confusion.
+ARGV.unshift("--config", File.expand_path("../.rubocop.yml", __dir__))
+
 load Gem.bin_path("rubocop", "rubocop")
diff --git a/bin/setup b/bin/setup
index e2675753e1d..51afbda953b 100755
--- a/bin/setup
+++ b/bin/setup
@@ -1,8 +1,8 @@
 #!/usr/bin/env ruby
 require "fileutils"
 
-# path to your application root.
 APP_ROOT = File.expand_path("..", __dir__)
+APP_NAME = "gemcutter"
 
 def system!(*args)
   system(*args, exception: true)
@@ -36,4 +36,8 @@ FileUtils.chdir APP_ROOT do
 
   puts "\n== Restarting application server =="
   system! "bin/rails restart"
+
+  # puts "\n== Configuring puma-dev =="
+  # system "ln -nfs #{APP_ROOT} ~/.puma-dev/#{APP_NAME}"
+  # system "curl -Is https://#{APP_NAME}.test/up | head -n 1"
 end
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 42bbef4f7de..985853896bd 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -1,4 +1,3 @@
-require_relative "../../lib/gemcutter/middleware/hostess"
 require "active_support/core_ext/integer/time"
 
 Rails.application.configure do
@@ -15,7 +14,7 @@
   # Show full error reports.
   config.consider_all_requests_local = true
 
-  # Enable server timing
+  # Enable server timing.
   config.server_timing = true
 
   # Enable/disable caching. By default caching is disabled.
@@ -26,9 +25,7 @@
 
     config.cache_store = :mem_cache_store,
                          { compress: true, compression_min_size: 524_288 }
-    config.public_file_server.headers = {
-      "Cache-Control" => "public, max-age=#{2.days.to_i}"
-    }
+    config.public_file_server.headers = { "Cache-Control" => "public, max-age=#{2.days.to_i}" }
   else
     config.action_controller.perform_caching = false
 
@@ -40,6 +37,8 @@
 
   config.action_mailer.raise_delivery_errors = true
 
+  # Disable caching for Action Mailer templates even if Action Controller
+  # caching is enabled.
   config.action_mailer.perform_caching = false
 
   config.action_mailer.default_url_options = { host: Gemcutter::HOST,
@@ -75,13 +74,18 @@
   # Raises error for missing translations.
   # config.i18n.raise_on_missing_translations = true
 
+  require_relative "../../lib/gemcutter/middleware/hostess"
   config.middleware.use Gemcutter::Middleware::Hostess
+
   # Annotate rendered view with file names.
-  # config.action_view.annotate_rendered_view_with_filenames = true
+  config.action_view.annotate_rendered_view_with_filenames = true
 
-  # Raise error when a before_action's only/except options reference missing actions
+  # Raise error when a before_action's only/except options reference missing actions.
   config.action_controller.raise_on_missing_callback_actions = true
 
+  # Apply autocorrection by RuboCop to files generated by `bin/rails generate`.
+  config.generators.apply_rubocop_autocorrect_after_generate!
+
   # Use an evented file watcher to asynchronously detect changes in source code,
   # routes, locales, etc. This feature depends on the listen gem.
   config.file_watcher = ActiveSupport::EventedFileUpdateChecker
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 8d5862924f6..fce4d18fc9b 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -1,5 +1,3 @@
-require Rails.root.join("config", "secret") if Rails.root.join("config", "secret.rb").file?
-require_relative "../../lib/gemcutter/middleware/redirector"
 require "active_support/core_ext/integer/time"
 
 Rails.application.configure do
@@ -22,8 +20,7 @@
   # key such as config/credentials/production.key. This key is used to decrypt credentials (and other encrypted files).
   # config.require_master_key = true
 
-  # Disable serving static files from the `/public` folder by default since
-  # Apache or NGINX already handles this.
+  # Disable serving static files from `public/`, relying on NGINX/Apache to do so instead.
   config.public_file_server.enabled = ENV["RAILS_SERVE_STATIC_FILES"].present?
   config.public_file_server.headers = {
     'Cache-Control' => 'max-age=315360000, public',
@@ -36,7 +33,7 @@
   # Compress CSS using a preprocessor.
   config.assets.css_compressor = :sass
 
-  # Do not fallback to assets pipeline if a precompiled asset is missed.
+  # Do not fall back to assets pipeline if a precompiled asset is missed.
   config.assets.compile = false
 
   # Enable serving of images, stylesheets, and JavaScripts from an asset server.
@@ -62,7 +59,6 @@
   # Include generic and useful information about system operation, but avoid logging too much
   # information to avoid inadvertent exposure of personally identifiable information (PII).
   $stdout.sync = true
-  config.log_level = :info
   config.rails_semantic_logger.format = :json
   config.rails_semantic_logger.semantic = true
   config.rails_semantic_logger.add_file_appender = false
@@ -71,13 +67,20 @@
   # Prepend all log lines with the following tags.
   # config.log_tags = [ :request_id ]
 
+  # "info" includes generic and useful information about system operation, but avoids logging too much
+  # information to avoid inadvertent exposure of personally identifiable information (PII). If you
+  # want to log everything, set the level to "debug".
+  config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "info")
+
   # Use a different cache store in production.
   # config.cache_store = :mem_cache_store
 
   # Use a real queuing backend for Active Job (and separate queues per environment).
-  # config.active_job.queue_adapter     = :resque
+  # config.active_job.queue_adapter = :resque
   # config.active_job.queue_name_prefix = "gemcutter_production"
 
+  # Disable caching for Action Mailer templates even if Action Controller
+  # caching is enabled.
   config.action_mailer.perform_caching = false
 
   # Ignore bad email addresses and do not raise email delivery errors.
@@ -122,5 +125,6 @@
     value_max_bytes: 2_097_152 # 2MB
   }
 
+  require_relative "../../lib/gemcutter/middleware/redirector"
   config.middleware.use Gemcutter::Middleware::Redirector
 end
diff --git a/config/environments/test.rb b/config/environments/test.rb
index 73358c44122..a65ac8280f1 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -1,4 +1,3 @@
-require_relative "../../lib/gemcutter/middleware/redirector"
 require "active_support/core_ext/integer/time"
 
 # The test environment is used exclusively to run your application's
@@ -35,12 +34,17 @@
   # Disable request forgery protection in test environment.
   config.action_controller.allow_forgery_protection = false
 
+  # Disable caching for Action Mailer templates even if Action Controller
+  # caching is enabled.
   config.action_mailer.perform_caching = false
 
   # Tell Action Mailer not to deliver emails to the real world.
   # The :test delivery method accumulates sent emails in the
   # ActionMailer::Base.deliveries array.
   config.action_mailer.delivery_method = :test
+
+  # Unlike controllers, the mailer instance doesn't have any context about the
+  # incoming request so you'll need to provide the :host parameter yourself.
   config.action_mailer.default_url_options = { host: Gemcutter::HOST,
                                                port: "31337",
                                                protocol: Gemcutter::PROTOCOL }
@@ -48,7 +52,7 @@
   # Print deprecation notices to the stderr.
   config.active_support.deprecation = :stderr
 
-  require 'clearance_backdoor'
+  require_relative "../../lib/clearance_backdoor"
   config.middleware.use ClearanceBackdoor
 
   # Raise exceptions for disallowed deprecations.
@@ -65,7 +69,7 @@
   # Annotate rendered view with file names.
   # config.action_view.annotate_rendered_view_with_filenames = true
 
-  # Raise error when a before_action's only/except options reference missing actions
+  # Raise error when a before_action's only/except options reference missing actions.
   config.action_controller.raise_on_missing_callback_actions = true
 
   BCrypt::Engine.cost = BCrypt::Engine::MIN_COST
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index f332248831b..616790254b5 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -1,49 +1,51 @@
 # Be sure to restart your server when you modify this file.
 
-# Define an application-wide content security policy
-# For further information see the following documentation
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+# Define an application-wide content security policy.
+# See the Securing Rails Applications Guide for more information:
+# https://guides.rubyonrails.org/security.html#content-security-policy-header
 
-Rails.application.config.content_security_policy do |policy|
-  policy.default_src :self
-  policy.font_src    :self, "https://fonts.gstatic.com"
-  policy.img_src     :self, "https://secure.gaug.es", "https://gravatar.com", "https://www.gravatar.com", "https://secure.gravatar.com",
-    "https://*.fastly-insights.com", "https://avatars.githubusercontent.com"
-  policy.object_src  :none
-  # NOTE: This scirpt_src is overridden for all requests in ApplicationController
-  # This is the baseline in case the override is ever skipped
-  policy.script_src :self, "https://secure.gaug.es", "https://www.fastly-insights.com"
-  policy.style_src :self, "https://fonts.googleapis.com"
-  policy.connect_src :self, "https://s3-us-west-2.amazonaws.com/rubygems-dumps/", "https://*.fastly-insights.com", "https://fastly-insights.com",
-    "https://api.github.com", "http://localhost:*"
-  policy.form_action :self, "https://github.com/login/oauth/authorize"
-  policy.frame_ancestors :self
-  policy.base_uri :self
+Rails.application.configure do
+  config.content_security_policy do |policy|
+    policy.default_src :self
+    policy.font_src    :self, "https://fonts.gstatic.com"
+    policy.img_src     :self, "https://secure.gaug.es", "https://gravatar.com", "https://www.gravatar.com", "https://secure.gravatar.com",
+      "https://*.fastly-insights.com", "https://avatars.githubusercontent.com"
+    policy.object_src  :none
+    # NOTE: This scirpt_src is overridden for all requests in ApplicationController
+    # This is the baseline in case the override is ever skipped
+    policy.script_src :self, "https://secure.gaug.es", "https://www.fastly-insights.com"
+    policy.style_src :self, "https://fonts.googleapis.com"
+    policy.connect_src :self, "https://s3-us-west-2.amazonaws.com/rubygems-dumps/", "https://*.fastly-insights.com", "https://fastly-insights.com",
+      "https://api.github.com", "http://localhost:*"
+    policy.form_action :self, "https://github.com/login/oauth/authorize"
+    policy.frame_ancestors :self
+    policy.base_uri :self
 
-  # Specify URI for violation reports
-  policy.report_uri lambda {
-    dd_api_key = ENV['DATADOG_CSP_API_KEY'].presence
-    url = ActionDispatch::Http::URL.url_for(
-      protocol: 'https',
-      host: 'csp-report.browser-intake-datadoghq.com',
-      path: '/api/v2/logs',
-      params: {
-        "dd-api-key": dd_api_key,
-        "dd-evp-origin": 'content-security-policy',
-        ddsource: 'csp-report',
-        ddtags: {
-          service: "rubygems.org",
-          version: AppRevision.version,
-          env: Rails.env,
-          trace_id: Datadog::Tracing.correlation&.trace_id,
-          "gemcutter.user.id": (current_user.id if respond_to?(:signed_in?) && signed_in?)
-        }.compact.map { |k, v| "#{k}:#{v}" }.join(',')
-      }
-    )
-    # ensure we compute the URL on development/test,
-    # but onlu return it if the API key is configures
-    url if dd_api_key
-  }
+    # Specify URI for violation reports
+    policy.report_uri lambda {
+      dd_api_key = ENV['DATADOG_CSP_API_KEY'].presence
+      url = ActionDispatch::Http::URL.url_for(
+        protocol: 'https',
+        host: 'csp-report.browser-intake-datadoghq.com',
+        path: '/api/v2/logs',
+        params: {
+          "dd-api-key": dd_api_key,
+          "dd-evp-origin": 'content-security-policy',
+          ddsource: 'csp-report',
+          ddtags: {
+            service: "rubygems.org",
+            version: AppRevision.version,
+            env: Rails.env,
+            trace_id: Datadog::Tracing.correlation&.trace_id,
+            "gemcutter.user.id": (current_user.id if respond_to?(:signed_in?) && signed_in?)
+          }.compact.map { |k, v| "#{k}:#{v}" }.join(',')
+        }
+      )
+      # ensure we compute the URL on development/test,
+      # but onlu return it if the API key is configures
+      url if dd_api_key
+    }
+  end
 end
 
 # Generate session nonces for permitted importmap, inline scripts, and inline styles.
@@ -54,7 +56,3 @@
   request.session.id.to_s.presence || SecureRandom.base64(16)
 }
 Rails.application.config.content_security_policy_nonce_directives = %w[script-src style-src]
-
-# Report CSP violations to a specified URI. See:
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
-# config.content_security_policy_report_only = truepoint
diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb
index d997f9aa485..89c5d312f58 100644
--- a/config/initializers/filter_parameter_logging.rb
+++ b/config/initializers/filter_parameter_logging.rb
@@ -3,7 +3,7 @@
 # Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file.
 # Use this to limit dissemination of sensitive information.
 # See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors.
-Rails.application.config.filter_parameters += %I[
-  password passw secret token _key crypt salt certificate otp ssn api_key recovery_codes seed
-  jwt
+Rails.application.config.filter_parameters += %i[
+  passw email secret token _key crypt salt certificate otp ssn
+  api_key recovery_codes seed jwt password
 ]
diff --git a/config/initializers/new_framework_defaults_7_2.rb b/config/initializers/new_framework_defaults_7_2.rb
new file mode 100644
index 00000000000..b549c4a258a
--- /dev/null
+++ b/config/initializers/new_framework_defaults_7_2.rb
@@ -0,0 +1,70 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file eases your Rails 7.2 framework defaults upgrade.
+#
+# Uncomment each configuration one by one to switch to the new default.
+# Once your application is ready to run with all new defaults, you can remove
+# this file and set the `config.load_defaults` to `7.2`.
+#
+# Read the Guide for Upgrading Ruby on Rails for more info on each option.
+# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html
+
+###
+# Controls whether Active Job's `#perform_later` and similar methods automatically defer
+# the job queuing to after the current Active Record transaction is committed.
+#
+# Example:
+#   Topic.transaction do
+#     topic = Topic.create(...)
+#     NewTopicNotificationJob.perform_later(topic)
+#   end
+#
+# In this example, if the configuration is set to `:never`, the job will
+# be enqueued immediately, even though the `Topic` hasn't been committed yet.
+# Because of this, if the job is picked up almost immediately, or if the
+# transaction doesn't succeed for some reason, the job will fail to find this
+# topic in the database.
+#
+# If `enqueue_after_transaction_commit` is set to `:default`, the queue adapter
+# will define the behaviour.
+#
+# Note: Active Job backends can disable this feature. This is generally done by
+# backends that use the same database as Active Record as a queue, hence they
+# don't need this feature.
+#++
+# Rails.application.config.active_job.enqueue_after_transaction_commit = :default
+
+###
+# Adds image/webp to the list of content types Active Storage considers as an image
+# Prevents automatic conversion to a fallback PNG, and assumes clients support WebP, as they support gif, jpeg, and png.
+# This is possible due to broad browser support for WebP, but older browsers and email clients may still not support
+# WebP. Requires imagemagick/libvips built with WebP support.
+#++
+# Rails.application.config.active_storage.web_image_content_types = %w[image/png image/jpeg image/gif image/webp]
+
+###
+# Enable validation of migration timestamps. When set, an ActiveRecord::InvalidMigrationTimestampError
+# will be raised if the timestamp prefix for a migration is more than a day ahead of the timestamp
+# associated with the current time. This is done to prevent forward-dating of migration files, which can
+# impact migration generation and other migration commands.
+#
+# Applications with existing timestamped migrations that do not adhere to the
+# expected format can disable validation by setting this config to `false`.
+#++
+# Rails.application.config.active_record.validate_migration_timestamps = true
+
+###
+# Controls whether the PostgresqlAdapter should decode dates automatically with manual queries.
+#
+# Example:
+#   ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.select_value("select '2024-01-01'::date") #=> Date
+#
+# This query used to return a `String`.
+#++
+# Rails.application.config.active_record.postgresql_adapter_decode_dates = true
+
+###
+# Enables YJIT as of Ruby 3.3, to bring sizeable performance improvements. If you are
+# deploying to a memory constrained environment you may want to set this to `false`.
+#++
+# Rails.application.config.yjit = true
diff --git a/config/puma.rb b/config/puma.rb
index cbc576cdb8f..06bcbfdb6d8 100644
--- a/config/puma.rb
+++ b/config/puma.rb
@@ -2,20 +2,32 @@
 # are invoked here are part of Puma's configuration DSL. For more information
 # about methods provided by the DSL, see https://puma.io/puma/Puma/DSL.html.
 
-# Puma can serve each request in a thread from an internal thread pool.
-# The `threads` method setting takes two numbers: a minimum and maximum.
-# Any libraries that use thread pools should be configured to match
-# the maximum value specified for Puma. Default is set to 5 threads for minimum
-# and maximum; this matches the default thread size of Active Record.
-max_threads_count = ENV.fetch("RAILS_MAX_THREADS", 5)
-min_threads_count = ENV.fetch("RAILS_MIN_THREADS") { max_threads_count }
-threads min_threads_count, max_threads_count
-
-require "concurrent"
+# Puma starts a configurable number of processes (workers) and each process
+# serves each request in a thread from an internal thread pool.
+#
+# The ideal number of threads per worker depends both on how much time the
+# application spends waiting for IO operations and on how much you wish to
+# to prioritize throughput over latency.
+#
+# As a rule of thumb, increasing the number of threads will increase how much
+# traffic a given process can handle (throughput), but due to CRuby's
+# Global VM Lock (GVL) it has diminishing returns and will degrade the
+# response time (latency) of the application.
+#
+# The default is set to 3 threads as it's deemed a decent compromise between
+# throughput and latency for the average Rails application.
+#
+# Any libraries that use a connection pool or another resource pool should
+# be configured to provide at least as many connections as the number of
+# threads. This includes Active Record's `pool` parameter in `database.yml`.
+threads_count = ENV.fetch("RAILS_MAX_THREADS", 3)
+threads threads_count, threads_count
 
 rails_env = ENV.fetch("RAILS_ENV") { "development" }
 production_like = !%w[development test].include?(rails_env) # rubocop:disable Rails/NegateInclude
 
+require "concurrent"
+
 if production_like
   # Specifies that the worker count should equal the number of processors in production.
   worker_count = Integer(ENV.fetch("WEB_CONCURRENCY") { Concurrent.physical_processor_count })
@@ -39,8 +51,9 @@
 # Specifies the `environment` that Puma will run in.
 environment rails_env
 
-# Specifies the `pidfile` that Puma will use.
-pidfile ENV.fetch("PIDFILE") { "tmp/pids/server.pid" }
+# Specify the PID file. Defaults to tmp/pids/server.pid in development.
+# In other environments, only set the PID file if requested.
+pidfile ENV["PIDFILE"] if ENV["PIDFILE"]
 
 before_fork do
   sleep 1
diff --git a/public/robots.txt b/public/robots.txt
index 1fab05ef6e9..a1bc7a1368b 100644
--- a/public/robots.txt
+++ b/public/robots.txt
@@ -1,3 +1,4 @@
+# See https://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file
 User-agent: *
 Disallow: /downloads/
 Disallow: /gems?letter=*

From 855dc67ef819bc54aba2e299beba8e2098682437 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Tue, 1 Oct 2024 09:46:49 -0700
Subject: [PATCH 251/381] Disable turbo for admin oauth (#5087)

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 app/views/avo/login.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/avo/login.html.erb b/app/views/avo/login.html.erb
index 3c119593efb..c9cda781715 100644
--- a/app/views/avo/login.html.erb
+++ b/app/views/avo/login.html.erb
@@ -13,7 +13,7 @@
       </div>
       <div class="content">
         <p>To reach the admin panel, please log in via GitHub.</p>
-        <%= form_tag ActionDispatch::Http::URL.path_for(path: '/oauth/github', params: { origin: request.fullpath }) do %>
+        <%= form_tag ActionDispatch::Http::URL.path_for(path: '/oauth/github', params: { origin: request.fullpath }, data: { turbo: false }) do %>
           <button id="github-login" type="submit" autofocus>
             <svg viewBox="0 0 16 16" height="48" width="48" focusable="false" role="img" fill="currentColor" xmlns="http://www.w3.org/2000/svg">
               <path d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.012 8.012 0 0 0 16 8c0-4.42-3.58-8-8-8z"></path>

From 47e9b5a22b589f60e58f0be19b87a5046502ac8e Mon Sep 17 00:00:00 2001
From: Martin Emde <me@martinemde.com>
Date: Tue, 1 Oct 2024 13:20:04 -0700
Subject: [PATCH 252/381] Advanced Search Stimulus.js

---
 app/javascript/application.js                 |  1 -
 .../controllers/search_controller.js          | 15 ++++++++++
 app/javascript/src/search.js                  | 28 -------------------
 app/views/searches/advanced.html.erb          | 22 ++++++++++-----
 4 files changed, 30 insertions(+), 36 deletions(-)
 create mode 100644 app/javascript/controllers/search_controller.js
 delete mode 100644 app/javascript/src/search.js

diff --git a/app/javascript/application.js b/app/javascript/application.js
index 10a27b831c7..3623739686b 100644
--- a/app/javascript/application.js
+++ b/app/javascript/application.js
@@ -9,7 +9,6 @@ import "controllers"
 
 import "src/oidc_api_key_role_form";
 import "src/pages";
-import "src/search";
 import "src/transitive_dependencies";
 import "src/webauthn";
 import "github-buttons";
diff --git a/app/javascript/controllers/search_controller.js b/app/javascript/controllers/search_controller.js
new file mode 100644
index 00000000000..c8a9a2bbcff
--- /dev/null
+++ b/app/javascript/controllers/search_controller.js
@@ -0,0 +1,15 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static targets = [ "query", "attribute" ]
+
+  input(e) {
+    this.queryTarget.value = this.attributeTargets.map(field =>
+      field.value.length > 0 && field.checkValidity() ? `${field.name}: ${field.value}` : ''
+    ).join(' ')
+  }
+
+  submit() {
+    this.queryTarget.form.submit()
+  }
+}
diff --git a/app/javascript/src/search.js b/app/javascript/src/search.js
deleted file mode 100644
index d9ddae734bf..00000000000
--- a/app/javascript/src/search.js
+++ /dev/null
@@ -1,28 +0,0 @@
-import $ from "jquery";
-
-if($("#advanced-search").length){
-  var $main        = $('#query');
-  var $name        = $('input#name');
-  var $summary     = $('input#summary');
-  var $description = $('input#description');
-  var $downloads   = $('input#downloads');
-  var $updated     = $('input#updated');
-
-  $name.add($summary)
-    .add($description)
-    .add($downloads)
-    .add($updated)
-    .on('input', function(e) {
-      var name        = $name.val().length > 0 ? 'name: ' + $name.val() : '';
-      var summary     = $summary.val().length > 0 ? 'summary: ' + $summary.val() : '';
-      var description = $description.val().length > 0 ? 'description: ' + $description.val() : '';
-      var downloads   = $downloads.val().length > 0 ? 'downloads: ' + $downloads.val() : '';
-      var updated     = $updated.val().length > 0 ? 'updated: ' + $updated.val() : '';
-
-      $main.val($.trim(name + ' ' + summary + ' ' + description + ' ' + downloads + ' ' + updated));
-  }).on('keypress', function(e) {
-    if (e.key === 'Enter') {
-      $("input#advanced_search_submit").click();
-    }
-  });
-}
diff --git a/app/views/searches/advanced.html.erb b/app/views/searches/advanced.html.erb
index 68f7c62a262..0a5ccd43042 100644
--- a/app/views/searches/advanced.html.erb
+++ b/app/views/searches/advanced.html.erb
@@ -1,8 +1,16 @@
 <% @title = t("advanced_search") %>
 
-<div class="home__search-wrap" role="search">
+<div class="home__search-wrap" role="search" data-controller="search">
   <%= form_tag search_url, id: "advanced-search", method: :get do %>
-    <%= search_field_tag :query, params[:query], placeholder: t("layouts.application.header.search_gem_html"), autofocus: current_page?(root_url), id: "query", class: "home__search" %>
+    <%= search_field_tag(
+      :query,
+      params[:query],
+      placeholder: t("layouts.application.header.search_gem_html"),
+      autofocus: current_page?(root_url),
+      id: "query",
+      class: "home__search",
+      data: { search_target: "query" }
+    ) %>
     <%= label_tag :query do %>
       <span class="t-hidden"><%= t("layouts.application.header.search_gem_html") %></span>
     <% end %>
@@ -11,18 +19,18 @@
 
   <dl class="search-fields">
     <dt><%= label_tag :name, t(".name"), class: "form__label" %></dt>
-    <dd><%= text_field_tag :name, "", placeholder: "active OR action", class: "form__input"%></dd>
+    <dd><%= text_field_tag :name, "", placeholder: "active OR action", class: "form__input", data: { search_target: "attribute", action: "input->search#input keydown.enter->search#submit" } %></dd>
 
     <dt><%= label_tag :summary, t(".summary"), class: "form__label" %></dt>
-    <dd><%= text_field_tag :summary, "", placeholder: "ORM, NoSQL", class: "form__input"%></dd>
+    <dd><%= text_field_tag :summary, "", placeholder: "ORM, NoSQL", class: "form__input", data: { search_target: "attribute", action: "input->search#input keydown.enter->search#submit" } %></dd>
 
     <dt><%= label_tag :description, t(".description"), class: "form__label" %></dt>
-    <dd><%= text_field_tag :description, "", placeholder: "associations AND validations", class: "form__input"%></dd>
+    <dd><%= text_field_tag :description, "", placeholder: "associations AND validations", class: "form__input", data: { search_target: "attribute", action: "input->search#input keydown.enter->search#submit" } %></dd>
 
     <dt><%= label_tag :downloads, t(".downloads"), class: "form__label" %></dt>
-    <dd><%= text_field_tag :downloads, "", placeholder: ">20000", class: "form__input"%></dd>
+    <dd><%= text_field_tag :downloads, "", placeholder: ">20000", class: "form__input", pattern: "\\s*(<=?|>=?)?[\\d]+\\s*", data: { search_target: "attribute", action: "input->search#input keydown.enter->search#submit" } %></dd>
 
     <dt><%= label_tag :updated, t(".updated"), class: "form__label" %></dt>
-    <dd><%= text_field_tag :updated, "", placeholder: ">#{1.week.ago.strftime('%F')}", class: "form__input"%></dd>
+    <dd><%= text_field_tag :updated, "", placeholder: ">#{1.week.ago.strftime('%F')}", class: "form__input", pattern: "\\s*(<=?|>=?)?[\\d-]+\\s*", data: { search_target: "attribute", action: "input->search#input keydown.enter->search#submit" } %></dd>
   </dl>
 </div>

From 6d4829d1b655e777b96b6492c93868bed3c3a2ed Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 1 Oct 2024 16:37:14 -0700
Subject: [PATCH 253/381] Bump webmock from 3.23.1 to 3.24.0 (#5086)

---
 Gemfile      |  2 +-
 Gemfile.lock | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Gemfile b/Gemfile
index 4b3fdbbf5dc..586656ce5fc 100644
--- a/Gemfile
+++ b/Gemfile
@@ -138,7 +138,7 @@ group :test do
   gem "shoulda-context", "~> 3.0.0.rc1"
   gem "shoulda-matchers", "~> 6.4"
   gem "selenium-webdriver", "~> 4.25"
-  gem "webmock", "~> 3.23"
+  gem "webmock", "~> 3.24"
   gem "simplecov", "~> 0.22", require: false
   gem "simplecov-cobertura", "~> 2.1", require: false
   gem "aggregate_assertions", "~> 0.2.0"
diff --git a/Gemfile.lock b/Gemfile.lock
index ccd455629cb..afd16910eaf 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -292,7 +292,7 @@ GEM
     gravtastic (3.2.6)
     groupdate (6.4.0)
       activesupport (>= 6.1)
-    hashdiff (1.1.0)
+    hashdiff (1.1.1)
     hashie (5.0.0)
     heapy (0.2.0)
       thor
@@ -625,7 +625,7 @@ GEM
     regexp_parser (2.9.2)
     reline (0.5.10)
       io-console (~> 0.5)
-    rexml (3.3.7)
+    rexml (3.3.8)
     roadie (5.2.1)
       css_parser (~> 1.4)
       nokogiri (~> 1.15)
@@ -815,7 +815,7 @@ GEM
       activesupport
       faraday (~> 2.0)
       faraday-follow_redirects
-    webmock (3.23.1)
+    webmock (3.24.0)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -954,7 +954,7 @@ DEPENDENCIES
   validates_formatting_of (~> 0.9)
   view_component (~> 3.14)
   webauthn (~> 3.1)
-  webmock (~> 3.23)
+  webmock (~> 3.24)
   xml-simple (~> 1.1)
 
 CHECKSUMS
@@ -1065,7 +1065,7 @@ CHECKSUMS
   google-protobuf (4.28.2-x86_64-linux) sha256=c7bb3952d150cb1a0544cef3e3a01ac87fdd190dbf7c26b2ff9e58629bab08ea
   gravtastic (3.2.6) sha256=ef98abcecf7c402b61cff1ae7c50a2c6d97dd22bac21ea9b421ce05bc03d734f
   groupdate (6.4.0) sha256=65940645bf2a48f9b2d10ab7a1d19bdc78f3c89559d8fce39cea3448a15aec54
-  hashdiff (1.1.0) sha256=b5465f0e7375f1ee883f53a766ece4dbc764b7674a7c5ffd76e79b2f5f6fc9c9
+  hashdiff (1.1.1) sha256=c7966316726e0ceefe9f5c6aef107ebc3ccfef8b6db55fe3934f046b2cf0936a
   hashie (5.0.0) sha256=9d6c4e51f2a36d4616cbc8a322d619a162d8f42815a792596039fc95595603da
   heapy (0.2.0) sha256=74141e845d61ffc7c1e8bf8b127c8cf94544ec7a1181aec613288682543585ea
   honeybadger (5.5.1) sha256=22350ccfc9f3bac4bf7c5c733d5263d21dc57adeba16f14054428d9cc63fb56d
@@ -1194,7 +1194,7 @@ CHECKSUMS
   redcarpet (3.6.0) sha256=8ad1889c0355ff4c47174af14edd06d62f45a326da1da6e8a121d59bdcd2e9e9
   regexp_parser (2.9.2) sha256=5a27e767ad634f8a4b544520d5cd28a0db7aa1198a5d7c9d7e11d7b3d9066446
   reline (0.5.10) sha256=1660c969a792ebd034e6ceee8ca628f3b6698dcdb34f7a282a5edda37b958166
-  rexml (3.3.7) sha256=62a3a4d288ace18830ad6ca8aba845037d231c4f8cb481ba270ca1b75b605027
+  rexml (3.3.8) sha256=f68fd96345330a1062896d0d0401324b0dae0ee20f784791b0843db96b212167
   roadie (5.2.1) sha256=e4a4f61ce792bd91b228b6844b4bad6b160cdc1b8df86c81a8b983082a5001d6
   roadie-rails (3.2.0) sha256=90a534857fcfe9fdbe4f9ebfdbc47e5d33462c4f36f478fc80ba6a7b6257433f
   rotp (6.3.0) sha256=75d40087e65ed0d8022c33055a6306c1c400d1c12261932533b5d6cbcd868854
@@ -1273,7 +1273,7 @@ CHECKSUMS
   view_component (3.14.0) sha256=96816de1c40d276d9fac49316ee4d196de90b1ce6eb39373b887c639749e630c
   webauthn (3.1.0) sha256=e545fcf17d8a6b821161a37c1c4bc8c3d2ead0ff6ff3b098f57f417e731790b7
   webfinger (2.1.3) sha256=567a52bde77fb38ca6b67e55db755f988766ec4651c1d24916a65aa70540695c
-  webmock (3.23.1) sha256=0fa738c0767d1c4ec8cc57f6b21998f0c238c8a5b32450df1c847f2767140d95
+  webmock (3.24.0) sha256=be01357f6fc773606337ca79f3ba332b7d52cbe5c27587671abc0572dbec7122
   webrick (1.8.2) sha256=431746a349199546ff9dd272cae10849c865f938216e41c402a6489248f12f21
   websocket (1.2.11) sha256=b7e7a74e2410b5e85c25858b26b3322f29161e300935f70a0e0d3c35e0462737
   websocket-driver (0.7.6) sha256=f69400be7bc197879726ad8e6f5869a61823147372fd8928836a53c2c741d0db

From 563f28a77d7bbf0a5e08e3cd8ea650f2ca02aa35 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Oct 2024 14:11:44 +0000
Subject: [PATCH 254/381] Bump codecov/codecov-action from 4.5.0 to 4.6.0

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.5.0 to 4.6.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/e28ff129e5465c2c0dcc6f003fc735cb6ae0c673...b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index bb590c06e46..23ca7462f69 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -64,6 +64,6 @@ jobs:
 
       - name: Upload coverage to Codecov
         if: matrix.rubygems.name == 'locked' && (success() || failure())
-        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
+        uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

From d1e66bd09cd74529307dafc1891b8cabd9664011 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Oct 2024 18:47:08 -0700
Subject: [PATCH 255/381] Bump tailwindcss-rails from 2.7.6 to 2.7.7 (#5092)

---
 Gemfile.lock | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index afd16910eaf..434cde3aa4f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -323,7 +323,7 @@ GEM
       activesupport (>= 3.0)
       nokogiri (>= 1.6)
     io-console (0.7.2)
-    irb (1.14.0)
+    irb (1.14.1)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
     jmespath (1.6.2)
@@ -755,13 +755,13 @@ GEM
       attr_required (>= 0.0.5)
       faraday (~> 2.0)
       faraday-follow_redirects
-    tailwindcss-rails (2.7.6)
+    tailwindcss-rails (2.7.7)
       railties (>= 7.0.0)
-    tailwindcss-rails (2.7.6-arm64-darwin)
+    tailwindcss-rails (2.7.7-arm64-darwin)
       railties (>= 7.0.0)
-    tailwindcss-rails (2.7.6-x86_64-darwin)
+    tailwindcss-rails (2.7.7-x86_64-darwin)
       railties (>= 7.0.0)
-    tailwindcss-rails (2.7.6-x86_64-linux)
+    tailwindcss-rails (2.7.7-x86_64-linux)
       railties (>= 7.0.0)
     terser (1.2.3)
       execjs (>= 0.3.0, < 3)
@@ -1080,7 +1080,7 @@ CHECKSUMS
   importmap-rails (2.0.1) sha256=e739a6e70c09f797688c6983fa79567ec1edc9becc30d55b3f7cc897b1825586
   inline_svg (1.10.0) sha256=5b652934236fd9f8adc61f3fd6e208b7ca3282698b19f28659971da84bf9a10f
   io-console (0.7.2) sha256=f0dccff252f877a4f60d04a4dc6b442b185ebffb4b320ab69212a92b48a7a221
-  irb (1.14.0) sha256=53d805013bbd194874b8c13a56aca6aebcd11dd79166d88724f8a434fedde615
+  irb (1.14.1) sha256=5975003b58d36efaf492380baa982ceedf5aed36967a4d5b40996bc5c66e80f8
   jmespath (1.6.2) sha256=238d774a58723d6c090494c8879b5e9918c19485f7e840f2c1c7532cf84ebcb1
   job-iteration (1.5.1) sha256=1428ad5b308adbaae8776c16b7792a846eb1ad7f4ab3c6e0f9668dd2ab1179e5
   json (2.7.2) sha256=1898b5cbc81cd36c0fd4d0b7ad2682c39fb07c5ff682fc6265f678f550d4982c
@@ -1248,10 +1248,10 @@ CHECKSUMS
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
-  tailwindcss-rails (2.7.6) sha256=f2c7521ca178bc0218ed21679fccb6f2e59e81d634ddd22212a753215fc392ab
-  tailwindcss-rails (2.7.6-arm64-darwin) sha256=d30a57f7a7eb68087821878427c4dadb480553590ab324f4973089d817f24fb4
-  tailwindcss-rails (2.7.6-x86_64-darwin) sha256=cffd79d7f1da311caccdcf479521d622fda301895e02489aa8e1a54e01e2fcec
-  tailwindcss-rails (2.7.6-x86_64-linux) sha256=f679dd3b9f6eb4d32caae26b3aaa29076c7437599ccfd810dbf8ce405fd4277b
+  tailwindcss-rails (2.7.7) sha256=a74751bad9f956ab4c365de3abd10912ca2399f521c197d1e6025e0bbfc0c5ab
+  tailwindcss-rails (2.7.7-arm64-darwin) sha256=90d0cc13753612579b63a67cd67f45a176f04fd7860a32bc3028dcd6ace94769
+  tailwindcss-rails (2.7.7-x86_64-darwin) sha256=af952d88ea84c166905fba3a815c51040f2baecce52554304282c2d7ef400d8c
+  tailwindcss-rails (2.7.7-x86_64-linux) sha256=01408afe03f3c61447126c2c33caf940c9729ac8fda2da500887268b5fd3c51c
   terser (1.2.3) sha256=c03111b9b01a7e70cd456b5d9aedf0a56fb99314a19311c4278c01ccebe3da9c
   thor (1.3.2) sha256=eef0293b9e24158ccad7ab383ae83534b7ad4ed99c09f96f1a6b036550abbeda
   tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c

From ce904820b992505e7ede6cee67dcb0d5805e1d2c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Oct 2024 18:47:19 -0700
Subject: [PATCH 256/381] Bump groupdate from 6.4.0 to 6.5.0 (#5091)

---
 Gemfile      | 2 +-
 Gemfile.lock | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Gemfile b/Gemfile
index 586656ce5fc..0724292e48f 100644
--- a/Gemfile
+++ b/Gemfile
@@ -67,7 +67,7 @@ gem "pagy", "~> 8.4"
 gem "view_component", "~> 3.14"
 gem "pundit", "~> 2.4"
 gem "chartkick", "~> 5.1"
-gem "groupdate", "~> 6.2"
+gem "groupdate", "~> 6.5"
 
 # Logging
 gem "amazing_print", "~> 1.6"
diff --git a/Gemfile.lock b/Gemfile.lock
index 434cde3aa4f..c0cbaf95484 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -290,8 +290,8 @@ GEM
       bigdecimal
       rake (>= 13)
     gravtastic (3.2.6)
-    groupdate (6.4.0)
-      activesupport (>= 6.1)
+    groupdate (6.5.0)
+      activesupport (>= 7)
     hashdiff (1.1.1)
     hashie (5.0.0)
     heapy (0.2.0)
@@ -875,7 +875,7 @@ DEPENDENCIES
   good_job (~> 3.99)
   google-protobuf (~> 4.28)
   gravtastic (~> 3.2)
-  groupdate (~> 6.2)
+  groupdate (~> 6.5)
   honeybadger (~> 5.5.1)
   http_accept_language (~> 2.1)
   importmap-rails (~> 2.0)
@@ -1064,7 +1064,7 @@ CHECKSUMS
   google-protobuf (4.28.2-x86_64-darwin) sha256=e1247c97fd2fb882abc2b6aa2c25211dcf91769665d123358bff8177e9277f8e
   google-protobuf (4.28.2-x86_64-linux) sha256=c7bb3952d150cb1a0544cef3e3a01ac87fdd190dbf7c26b2ff9e58629bab08ea
   gravtastic (3.2.6) sha256=ef98abcecf7c402b61cff1ae7c50a2c6d97dd22bac21ea9b421ce05bc03d734f
-  groupdate (6.4.0) sha256=65940645bf2a48f9b2d10ab7a1d19bdc78f3c89559d8fce39cea3448a15aec54
+  groupdate (6.5.0) sha256=1f17bcc7502c354e6bb00a65db3f727457e3c95b6434011971f51b458e541654
   hashdiff (1.1.1) sha256=c7966316726e0ceefe9f5c6aef107ebc3ccfef8b6db55fe3934f046b2cf0936a
   hashie (5.0.0) sha256=9d6c4e51f2a36d4616cbc8a322d619a162d8f42815a792596039fc95595603da
   heapy (0.2.0) sha256=74141e845d61ffc7c1e8bf8b127c8cf94544ec7a1181aec613288682543585ea

From 495bef44bf7617803c1b16a5ac37545176398ade Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Oct 2024 14:12:53 +0000
Subject: [PATCH 257/381] Bump docker/setup-buildx-action from 3.6.1 to 3.7.0

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.6.1 to 3.7.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/988b5a0280414f521da01fcc63a27aeeb4b104db...8026d2bc3645ea78b0d2544766a1225eb5691f89)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index bcc87047271..7d9f57d3c7f 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -20,7 +20,7 @@ jobs:
       - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # master
+        uses: docker/setup-buildx-action@8026d2bc3645ea78b0d2544766a1225eb5691f89 # master
       - name: Cache Docker layers
         uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:

From d2a602d275d4452b7ece7f9210437e9ce52270ae Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Oct 2024 14:19:50 +0000
Subject: [PATCH 258/381] Bump aws-sdk-s3 from 1.166.0 to 1.167.0

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.166.0 to 1.167.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Gemfile b/Gemfile
index 0724292e48f..8e5610a9a73 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,7 +5,7 @@ ruby file: ".ruby-version"
 gem "rails", "~> 7.2.1"
 gem "rails-i18n", "~> 7.0"
 
-gem "aws-sdk-s3", "~> 1.166"
+gem "aws-sdk-s3", "~> 1.167"
 gem "aws-sdk-sqs", "~> 1.86"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
diff --git a/Gemfile.lock b/Gemfile.lock
index c0cbaf95484..6dd2c8833fb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -106,8 +106,8 @@ GEM
       zeitwerk (>= 2.6.2)
     awrence (1.2.1)
     aws-eventstream (1.3.0)
-    aws-partitions (1.978.0)
-    aws-sdk-core (3.209.0)
+    aws-partitions (1.983.0)
+    aws-sdk-core (3.209.1)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.9)
@@ -115,7 +115,7 @@ GEM
     aws-sdk-kms (1.94.0)
       aws-sdk-core (~> 3, >= 3.207.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.166.0)
+    aws-sdk-s3 (1.167.0)
       aws-sdk-core (~> 3, >= 3.207.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
@@ -845,7 +845,7 @@ DEPENDENCIES
   amazing_print (~> 1.6)
   autoprefixer-rails (~> 10.4)
   avo (~> 2.53)
-  aws-sdk-s3 (~> 1.166)
+  aws-sdk-s3 (~> 1.167)
   aws-sdk-sqs (~> 1.86)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
@@ -983,10 +983,10 @@ CHECKSUMS
   avo (2.53.0) sha256=e8f1fb9abaf6d874d898449d4db863586c16e60634a136d97ae436ded976d1a6
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
-  aws-partitions (1.978.0) sha256=01721682d23749e3c226cbbb3f22a333830fbb6a7d9d16a39ec5053e7e6fa4de
-  aws-sdk-core (3.209.0) sha256=7b70aa85e7eb451cf7c9d4ad3797b6118d4e0a8327f8b28c3db106784b3ea842
+  aws-partitions (1.983.0) sha256=eb3ab086749ca426e735a50bd1ea669a4b7bc52be3c119a772bd277cc906bb11
+  aws-sdk-core (3.209.1) sha256=18cfb211d37d70a3131743ba02a785668beefacebed9827829af5922deb9b91a
   aws-sdk-kms (1.94.0) sha256=b0c623199f1f46bd82c1d1fa0feef105ab8cfc6bd2f643d71cd1c289e11a9da9
-  aws-sdk-s3 (1.166.0) sha256=57c99cb32919cf7cb9ec946ab5a8fbd3de0c4b5f567cfb6bd5e8c9dbe9e0fc7e
+  aws-sdk-s3 (1.167.0) sha256=a6aab762b07f4d6c7c4e9e98ea8ec5b12b49be3849f29483ecd9a821702096ce
   aws-sdk-sqs (1.86.0) sha256=defa5bd65679c8877c335cb5f46462620fa10c42115cdcc58333f1ddee9a0715
   aws-sigv4 (1.10.0) sha256=159b113dc93f9fa5a13603a8bd09eab54a9a0e8f98e606b47f1cee504780df9c
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507

From 0923f0eea5c33e3681f2e3b9352167fe35e33094 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 4 Oct 2024 14:37:20 +0000
Subject: [PATCH 259/381] Bump github/codeql-action from 3.26.10 to 3.26.11

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.10 to 3.26.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/e2b3eafc8d227b0241d48be5f425d47c2d750a13...6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 424aef48e9f..1e14ea56573 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10
+        uses: github/codeql-action/init@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10
+        uses: github/codeql-action/autobuild@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10
+        uses: github/codeql-action/analyze@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index e7fe719c06a..66dd618e645 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10
+        uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
         with:
           sarif_file: results.sarif

From c47f370b24bf1c46c7300158b8fff2fbf8e17345 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 4 Oct 2024 10:45:21 -0700
Subject: [PATCH 260/381] Bump docker/setup-buildx-action from 3.7.0 to 3.7.1
 (#5096)

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.7.0 to 3.7.1.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/8026d2bc3645ea78b0d2544766a1225eb5691f89...c47758b77c9736f4b2ef4073d4d51994fabfe349)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 7d9f57d3c7f..8c1f32fdbd3 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -20,7 +20,7 @@ jobs:
       - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@8026d2bc3645ea78b0d2544766a1225eb5691f89 # master
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # master
       - name: Cache Docker layers
         uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:

From fbcd668a5a6711ec71b83333658617fa9276008a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Oct 2024 14:43:03 +0000
Subject: [PATCH 261/381] Bump actions/cache from 4.0.2 to 4.1.0

Bumps [actions/cache](https://github.com/actions/cache) from 4.0.2 to 4.1.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/0c45773b623bea8c8e75f6c82b208c3cf94ea4f9...2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 8c1f32fdbd3..c521306e092 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -22,7 +22,7 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # master
       - name: Cache Docker layers
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-rubygems-${{ hashFiles('**/Gemfile.lock') }}

From ca7e9f98c39cce65f2991f424d901a181235c9f6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Oct 2024 10:46:29 -0700
Subject: [PATCH 262/381] Bump ruby/setup-ruby from 1.194.0 to 1.195.0 (#5100)

---
 .github/workflows/lint.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index bd92544722c..bee5b6dd7c8 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
-      - uses: ruby/setup-ruby@c04af2bb7258bb6a03df1d3c1865998ac9390972 # v1.194.0
+      - uses: ruby/setup-ruby@086ffb1a2090c870a3f881cc91ea83aa4243d408 # v1.195.0
         with:
           bundler-cache: true
       - name: Rubocop
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
-      - uses: ruby/setup-ruby@c04af2bb7258bb6a03df1d3c1865998ac9390972 # v1.194.0
+      - uses: ruby/setup-ruby@086ffb1a2090c870a3f881cc91ea83aa4243d408 # v1.195.0
         with:
           bundler-cache: true
       - name: Brakeman
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
-      - uses: ruby/setup-ruby@c04af2bb7258bb6a03df1d3c1865998ac9390972 # v1.194.0
+      - uses: ruby/setup-ruby@086ffb1a2090c870a3f881cc91ea83aa4243d408 # v1.195.0
         with:
           bundler-cache: true
       - name: Importmap Verify
@@ -51,7 +51,7 @@ jobs:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
       - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
-      - uses: ruby/setup-ruby@c04af2bb7258bb6a03df1d3c1865998ac9390972 # v1.194.0
+      - uses: ruby/setup-ruby@086ffb1a2090c870a3f881cc91ea83aa4243d408 # v1.195.0
         with:
           bundler-cache: true
       - name: krane render

From b7ae53060b34300419e5ee6f0d72f0fa54cd1176 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Oct 2024 14:10:45 +0000
Subject: [PATCH 263/381] Bump github/codeql-action from 3.26.11 to 3.26.12

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.11 to 3.26.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea...c36620d31ac7c881962c3d9dd939c40ec9434f2b)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 1e14ea56573..4afccf13cfa 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
+        uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
+        uses: github/codeql-action/autobuild@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
+        uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 66dd618e645..ae2960f9bd2 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
+        uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
         with:
           sarif_file: results.sarif

From 7ecd53781c5ddf68f4ee59cbb889bf3f3173f4d1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Oct 2024 14:10:50 +0000
Subject: [PATCH 264/381] Bump actions/checkout from 4.2.0 to 4.2.1

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/d632683dd7b4114ad314bca15554477dd762a938...eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml     |  2 +-
 .github/workflows/docker.yml     |  2 +-
 .github/workflows/lint.yml       | 10 +++++-----
 .github/workflows/scorecards.yml |  2 +-
 .github/workflows/test.yml       |  2 +-
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 1e14ea56573..8089d1f0ef0 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -41,7 +41,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index c521306e092..86bb20bc432 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -17,7 +17,7 @@ jobs:
       RUBYGEMS_VERSION: "3.5.20"
       RUBY_VERSION: "3.3.5"
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # master
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index bee5b6dd7c8..7678f5cdfa6 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -12,7 +12,7 @@ jobs:
     name: Rubocop
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - uses: ruby/setup-ruby@086ffb1a2090c870a3f881cc91ea83aa4243d408 # v1.195.0
         with:
           bundler-cache: true
@@ -22,7 +22,7 @@ jobs:
     name: Brakeman
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - uses: ruby/setup-ruby@086ffb1a2090c870a3f881cc91ea83aa4243d408 # v1.195.0
         with:
           bundler-cache: true
@@ -32,7 +32,7 @@ jobs:
     name: Importmap Verify
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - uses: ruby/setup-ruby@086ffb1a2090c870a3f881cc91ea83aa4243d408 # v1.195.0
         with:
           bundler-cache: true
@@ -50,7 +50,7 @@ jobs:
     steps:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - uses: ruby/setup-ruby@086ffb1a2090c870a3f881cc91ea83aa4243d408 # v1.195.0
         with:
           bundler-cache: true
@@ -73,7 +73,7 @@ jobs:
     name: Frizbee
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - uses: segiddins/frizbee-action@c162fdaa6c73525a577d2d6eb193683dfc9ba2be # segiddins/run-in-place
         env:
           GITHUB_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 66dd618e645..c30c774bc61 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v3.1.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v3.1.0
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 23ca7462f69..3a08f1d949d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -42,7 +42,7 @@ jobs:
       # Fail hard when Toxiproxy is not running to ensure all tests (even Toxiproxy optional ones) are passing
       REQUIRE_TOXIPROXY: true
     steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Setup rubygems.org
         uses: ./.github/actions/setup-rubygems.org

From 098ccd21ebd94a96cc639d67246c7c8fad70038a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Oct 2024 14:10:59 +0000
Subject: [PATCH 265/381] Bump actions/upload-artifact from 4.4.0 to 4.4.1

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.4.0 to 4.4.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/50769540e7f4bd5e21e526ee35c689e35e0d6874...604373da6381bf24206979c74d06a550515601b9)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint.yml | 2 +-
 .github/workflows/test.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index bee5b6dd7c8..68be7f61f2a 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -60,7 +60,7 @@ jobs:
         env:
           ENVIRONMENT: "${{ matrix.environment }}"
           REVISION: "${{ github.sha }}"
-      - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+      - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
         with:
           name: "${{ matrix.environment }}.rendered.yaml"
           path: "config/deploy/${{ matrix.environment }}.rendered.yaml"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 23ca7462f69..0aaf3251e07 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -56,7 +56,7 @@ jobs:
 
       - name: Save capybara screenshots
         if: ${{ failure() && steps.test-all.outcome == 'failure' }}
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
         with:
           name: capybara-screenshots-${{ matrix.tests.name }}-${{ matrix.rubygems.name }}
           path: tmp/capybara

From 5dbc47108eb0e0b7131e1e8cb081a62fa84e8bea Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Oct 2024 14:12:33 +0000
Subject: [PATCH 266/381] Bump terser from 1.2.3 to 1.2.4

Bumps [terser](https://github.com/ahorek/terser-ruby) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/ahorek/terser-ruby/releases)
- [Changelog](https://github.com/ahorek/terser-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ahorek/terser-ruby/compare/1.2.3...1.2.4)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 6dd2c8833fb..a81413d3ee8 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -763,7 +763,7 @@ GEM
       railties (>= 7.0.0)
     tailwindcss-rails (2.7.7-x86_64-linux)
       railties (>= 7.0.0)
-    terser (1.2.3)
+    terser (1.2.4)
       execjs (>= 0.3.0, < 3)
     thor (1.3.2)
     tilt (2.3.0)
@@ -1252,7 +1252,7 @@ CHECKSUMS
   tailwindcss-rails (2.7.7-arm64-darwin) sha256=90d0cc13753612579b63a67cd67f45a176f04fd7860a32bc3028dcd6ace94769
   tailwindcss-rails (2.7.7-x86_64-darwin) sha256=af952d88ea84c166905fba3a815c51040f2baecce52554304282c2d7ef400d8c
   tailwindcss-rails (2.7.7-x86_64-linux) sha256=01408afe03f3c61447126c2c33caf940c9729ac8fda2da500887268b5fd3c51c
-  terser (1.2.3) sha256=c03111b9b01a7e70cd456b5d9aedf0a56fb99314a19311c4278c01ccebe3da9c
+  terser (1.2.4) sha256=c85f46e0fcdeef4a52639cbb6dd6b359bf0151d035206b072366e7dac379cc83
   thor (1.3.2) sha256=eef0293b9e24158ccad7ab383ae83534b7ad4ed99c09f96f1a6b036550abbeda
   tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c
   timeout (0.4.1) sha256=6f1f4edd4bca28cffa59501733a94215407c6960bd2107331f0280d4abdebb9a

From 83e64ed1664a43426fbcb0f48613718b0b5580d1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Oct 2024 14:13:13 +0000
Subject: [PATCH 267/381] Bump groupdate from 6.5.0 to 6.5.1

Bumps [groupdate](https://github.com/ankane/groupdate) from 6.5.0 to 6.5.1.
- [Changelog](https://github.com/ankane/groupdate/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/groupdate/compare/v6.5.0...v6.5.1)

---
updated-dependencies:
- dependency-name: groupdate
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 6dd2c8833fb..345125b3df1 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -290,7 +290,7 @@ GEM
       bigdecimal
       rake (>= 13)
     gravtastic (3.2.6)
-    groupdate (6.5.0)
+    groupdate (6.5.1)
       activesupport (>= 7)
     hashdiff (1.1.1)
     hashie (5.0.0)
@@ -1064,7 +1064,7 @@ CHECKSUMS
   google-protobuf (4.28.2-x86_64-darwin) sha256=e1247c97fd2fb882abc2b6aa2c25211dcf91769665d123358bff8177e9277f8e
   google-protobuf (4.28.2-x86_64-linux) sha256=c7bb3952d150cb1a0544cef3e3a01ac87fdd190dbf7c26b2ff9e58629bab08ea
   gravtastic (3.2.6) sha256=ef98abcecf7c402b61cff1ae7c50a2c6d97dd22bac21ea9b421ce05bc03d734f
-  groupdate (6.5.0) sha256=1f17bcc7502c354e6bb00a65db3f727457e3c95b6434011971f51b458e541654
+  groupdate (6.5.1) sha256=a0a78d051a510d61864fe987f00089d8f03739741eadc41e6ad4ea6f786da110
   hashdiff (1.1.1) sha256=c7966316726e0ceefe9f5c6aef107ebc3ccfef8b6db55fe3934f046b2cf0936a
   hashie (5.0.0) sha256=9d6c4e51f2a36d4616cbc8a322d619a162d8f42815a792596039fc95595603da
   heapy (0.2.0) sha256=74141e845d61ffc7c1e8bf8b127c8cf94544ec7a1181aec613288682543585ea

From 3bbf675e80482bddffb8bae62c6e948bd5fe885d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Oct 2024 14:13:55 +0000
Subject: [PATCH 268/381] Bump launchdarkly-server-sdk from 8.7.0 to 8.7.1

Bumps [launchdarkly-server-sdk](https://github.com/launchdarkly/ruby-server-sdk) from 8.7.0 to 8.7.1.
- [Release notes](https://github.com/launchdarkly/ruby-server-sdk/releases)
- [Changelog](https://github.com/launchdarkly/ruby-server-sdk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/launchdarkly/ruby-server-sdk/compare/8.7.0...8.7.1)

---
updated-dependencies:
- dependency-name: launchdarkly-server-sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 6dd2c8833fb..e41d8f2cfad 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -305,7 +305,7 @@ GEM
       http-cookie (~> 1.0)
       http-form_data (~> 2.2)
       llhttp-ffi (~> 0.5.0)
-    http-cookie (1.0.6)
+    http-cookie (1.0.7)
       domain_name (~> 0.5)
     http-form_data (2.3.0)
     http_accept_language (2.1.1)
@@ -351,7 +351,7 @@ GEM
       kaminari-core (= 1.2.2)
     kaminari-core (1.2.2)
     language_server-protocol (3.17.0.3)
-    launchdarkly-server-sdk (8.7.0)
+    launchdarkly-server-sdk (8.7.1)
       concurrent-ruby (~> 1.1)
       http (>= 4.4.0, < 6.0.0)
       json (~> 2.3)
@@ -1072,7 +1072,7 @@ CHECKSUMS
   htmlbeautifier (1.4.3) sha256=b43d08f7e2aa6ae1b5a6f0607b4ed8954c8d4a8e85fd2336f975dda1e4db385b
   htmlentities (4.3.4) sha256=125a73c6c9f2d1b62100b7c3c401e3624441b663762afa7fe428476435a673da
   http (5.2.0) sha256=b99ed3c65376e0fd8107647fbaf5a8ab4f66c347d1271fb74cea757e209c6115
-  http-cookie (1.0.6) sha256=7713d3196f21ff5ab0944011d7d4e619b62ec082374a52de2193ccfe78924044
+  http-cookie (1.0.7) sha256=cb7a399f3344f720b8a0f3b0765f29b62608ebb9c3ce4abf4d6eeff2caf42253
   http-form_data (2.3.0) sha256=cc4eeb1361d9876821e31d7b1cf0b68f1cf874b201d27903480479d86448a5f3
   http_accept_language (2.1.1) sha256=0043f0d55a148cf45b604dbdd197cb36437133e990016c68c892d49dbea31634
   httparty (0.22.0) sha256=78652a5c9471cf0093d3b2083c2295c9c8f12b44c65112f1846af2b71430fa6c
@@ -1091,7 +1091,7 @@ CHECKSUMS
   kaminari-activerecord (1.2.2) sha256=0dd3a67bab356a356f36b3b7236bcb81cef313095365befe8e98057dd2472430
   kaminari-core (1.2.2) sha256=3bd26fec7370645af40ca73b9426a448d09b8a8ba7afa9ba3c3e0d39cdbb83ff
   language_server-protocol (3.17.0.3) sha256=3d5c58c02f44a20d972957a9febe386d7e7468ab3900ce6bd2b563dd910c6b3f
-  launchdarkly-server-sdk (8.7.0) sha256=062e7dc42c2884ed9deed42c49937917faa911128a659386e4bd45d1ad1506eb
+  launchdarkly-server-sdk (8.7.1) sha256=38361f8f548a917bccf52844ad9cf666c67a4b02a647d4b582766f8725986533
   launchy (3.0.1) sha256=b7fa60bda0197cf57614e271a250a8ca1f6a34ab889a3c73f67ec5d57c8a7f2c
   ld-eventsource (2.2.2) sha256=5ea087a6f06bbd8e325d2c1aaead50f37f13d025b952985739e9380a78a96beb
   letter_opener (1.10.0) sha256=2ff33f2e3b5c3c26d1959be54b395c086ca6d44826e8bf41a14ff96fdf1bdbb2

From 9e5cad2a775a8fa4ae42f3d93d8a7677c041828b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Oct 2024 01:31:33 +0000
Subject: [PATCH 269/381] Bump ruby/setup-ruby from 1.195.0 to 1.196.0

Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.195.0 to 1.196.0.
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/086ffb1a2090c870a3f881cc91ea83aa4243d408...f26937343756480a8cb3ae1f623b9c8d89ed6984)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index dd2a5b63805..afeac872b1b 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
-      - uses: ruby/setup-ruby@086ffb1a2090c870a3f881cc91ea83aa4243d408 # v1.195.0
+      - uses: ruby/setup-ruby@f26937343756480a8cb3ae1f623b9c8d89ed6984 # v1.196.0
         with:
           bundler-cache: true
       - name: Rubocop
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
-      - uses: ruby/setup-ruby@086ffb1a2090c870a3f881cc91ea83aa4243d408 # v1.195.0
+      - uses: ruby/setup-ruby@f26937343756480a8cb3ae1f623b9c8d89ed6984 # v1.196.0
         with:
           bundler-cache: true
       - name: Brakeman
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
-      - uses: ruby/setup-ruby@086ffb1a2090c870a3f881cc91ea83aa4243d408 # v1.195.0
+      - uses: ruby/setup-ruby@f26937343756480a8cb3ae1f623b9c8d89ed6984 # v1.196.0
         with:
           bundler-cache: true
       - name: Importmap Verify
@@ -51,7 +51,7 @@ jobs:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
-      - uses: ruby/setup-ruby@086ffb1a2090c870a3f881cc91ea83aa4243d408 # v1.195.0
+      - uses: ruby/setup-ruby@f26937343756480a8cb3ae1f623b9c8d89ed6984 # v1.196.0
         with:
           bundler-cache: true
       - name: krane render

From 839de879ac363777d37456b93130cc9c869e67b2 Mon Sep 17 00:00:00 2001
From: Colby Swandale <996377+colby-swandale@users.noreply.github.com>
Date: Wed, 9 Oct 2024 16:32:18 +1100
Subject: [PATCH 270/381] Add aarch64-linux to list of Gemfile platforms
 (#5109)

---
 Gemfile.lock | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index e765c5a7363..450f15ab5e5 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -254,6 +254,7 @@ GEM
       aws-sigv4 (~> 1.0)
       faraday (>= 2.0, < 3)
     ffi (1.17.0)
+    ffi (1.17.0-aarch64-linux-gnu)
     ffi (1.17.0-arm64-darwin)
     ffi (1.17.0-x86_64-darwin)
     ffi (1.17.0-x86_64-linux-gnu)
@@ -280,6 +281,9 @@ GEM
     google-protobuf (4.28.2)
       bigdecimal
       rake (>= 13)
+    google-protobuf (4.28.2-aarch64-linux)
+      bigdecimal
+      rake (>= 13)
     google-protobuf (4.28.2-arm64-darwin)
       bigdecimal
       rake (>= 13)
@@ -373,9 +377,12 @@ GEM
       railties (>= 6.1)
       rexml
     libdatadog (11.0.0.1.0)
+    libdatadog (11.0.0.1.0-aarch64-linux)
     libdatadog (11.0.0.1.0-x86_64-linux)
     libddwaf (1.14.0.0.0)
       ffi (~> 1.0)
+    libddwaf (1.14.0.0.0-aarch64-linux)
+      ffi (~> 1.0)
     libddwaf (1.14.0.0.0-arm64-darwin)
       ffi (~> 1.0)
     libddwaf (1.14.0.0.0-x86_64-darwin)
@@ -459,6 +466,8 @@ GEM
     nokogiri (1.16.7)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
+    nokogiri (1.16.7-aarch64-linux)
+      racc (~> 1.4)
     nokogiri (1.16.7-arm64-darwin)
       racc (~> 1.4)
     nokogiri (1.16.7-x86_64-darwin)
@@ -691,6 +700,8 @@ GEM
     sass-embedded (1.72.0)
       google-protobuf (>= 3.25, < 5.0)
       rake (>= 13.0.0)
+    sass-embedded (1.72.0-aarch64-linux-gnu)
+      google-protobuf (>= 3.25, < 5.0)
     sass-embedded (1.72.0-arm64-darwin)
       google-protobuf (>= 3.25, < 5.0)
     sass-embedded (1.72.0-x86_64-darwin)
@@ -757,6 +768,8 @@ GEM
       faraday-follow_redirects
     tailwindcss-rails (2.7.7)
       railties (>= 7.0.0)
+    tailwindcss-rails (2.7.7-aarch64-linux)
+      railties (>= 7.0.0)
     tailwindcss-rails (2.7.7-arm64-darwin)
       railties (>= 7.0.0)
     tailwindcss-rails (2.7.7-x86_64-darwin)
@@ -833,6 +846,7 @@ GEM
     zlib (3.1.1)
 
 PLATFORMS
+  aarch64-linux
   arm64-darwin
   arm64-linux
   ruby
@@ -1049,6 +1063,7 @@ CHECKSUMS
   faraday-retry (2.2.1) sha256=4146fed14549c0580bf14591fca419a40717de0dd24f267a8ec2d9a728677608
   faraday_middleware-aws-sigv4 (1.0.1) sha256=a001ea4f687ca1c60bad8f2a627196905ce3dbf285e461dc153240e92eaabe8f
   ffi (1.17.0) sha256=51630e43425078311c056ca75f961bb3bda1641ab36e44ad4c455e0b0e4a231c
+  ffi (1.17.0-aarch64-linux-gnu) sha256=228c8fb79e6b018a31c75414115a75ca65f74e8138b2c9c97d22041e4e12f2c1
   ffi (1.17.0-arm64-darwin) sha256=609c874e76614542c6d485b0576e42a7a38ffcdf086612f9a300c4ec3fcd0d12
   ffi (1.17.0-x86_64-darwin) sha256=fdcd48c69db3303ef95aec5c64d6275fcf9878a02c0bec0afddc506ceca0f56b
   ffi (1.17.0-x86_64-linux-gnu) sha256=1015e59d5919dd6bbcb0704325b0bd639be664a79b1e2189943ceb18faa34198
@@ -1060,6 +1075,7 @@ CHECKSUMS
   globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9
   good_job (3.99.1) sha256=7d3869d8a8ee8ef7048fee5d746f41c21987b7822c20038a2f773036bef0830a
   google-protobuf (4.28.2) sha256=6841bb4566bc33fc2d59b4dd28bfd9308fc528545f21722e9f6e6fa566289c29
+  google-protobuf (4.28.2-aarch64-linux) sha256=a2ea5fc997adeed17a135a9fc46d05de69a6e4bf90c023c5ff1ab071c28bceea
   google-protobuf (4.28.2-arm64-darwin) sha256=fe43de80f4818900c734dfb9076251ef582d200d4a21985675fc6e1500364602
   google-protobuf (4.28.2-x86_64-darwin) sha256=e1247c97fd2fb882abc2b6aa2c25211dcf91769665d123358bff8177e9277f8e
   google-protobuf (4.28.2-x86_64-linux) sha256=c7bb3952d150cb1a0544cef3e3a01ac87fdd190dbf7c26b2ff9e58629bab08ea
@@ -1097,8 +1113,10 @@ CHECKSUMS
   letter_opener (1.10.0) sha256=2ff33f2e3b5c3c26d1959be54b395c086ca6d44826e8bf41a14ff96fdf1bdbb2
   letter_opener_web (3.0.0) sha256=3f391efe0e8b9b24becfab5537dfb17a5cf5eb532038f947daab58cb4b749860
   libdatadog (11.0.0.1.0) sha256=44779762b21149be5e17ce599dc2e89f6a3c89a99262293dfafd96ddb110f7f1
+  libdatadog (11.0.0.1.0-aarch64-linux) sha256=ff1e5870a44df49d056ebab9c544a4ad4a04ab541dbe3945d8be6981ff5b870f
   libdatadog (11.0.0.1.0-x86_64-linux) sha256=f03b510d5b4f85febf640139282b9c3aeb88eb876dcccebc15f704c91c3e73ad
   libddwaf (1.14.0.0.0) sha256=b91ea9675f7d79d1cd10dd6513e3706760ac442cb8902164fbcef79b7082a8fd
+  libddwaf (1.14.0.0.0-aarch64-linux) sha256=549f83ba339afb0e500bd9f4c43459e274d42f5736a18d347ba2007be026649c
   libddwaf (1.14.0.0.0-arm64-darwin) sha256=cd3c84d58b8f77f93ebb17e6ceb1cfd257c8d3a3a1ea558a7fc14d92f697cc2b
   libddwaf (1.14.0.0.0-x86_64-darwin) sha256=33017c057fd6b4948ef4577c4a13bc89d878541961b205309fac1e71516433ff
   libddwaf (1.14.0.0.0-x86_64-linux) sha256=030640a4158ae05f9276cc1e09bfe9d19dda5af26703235cf17cf3752f1985b1
@@ -1134,6 +1152,7 @@ CHECKSUMS
   net-smtp (0.5.0) sha256=5fc0415e6ea1cc0b3dfea7270438ec22b278ca8d524986a3ae4e5ae8d087b42a
   nio4r (2.7.3) sha256=54b94cdd4b8f9dc39aaad5f699e97afae13efb44f2b180a6e724df76105ff604
   nokogiri (1.16.7) sha256=f819cbfdfb0a7b19c9c52c6f2ca63df0e58a6125f4f139707b586b9511d7fe95
+  nokogiri (1.16.7-aarch64-linux) sha256=78778d35f165b59513be31c0fe232c63a82cf97626ffba695b5f822e5da1d74b
   nokogiri (1.16.7-arm64-darwin) sha256=276dcea1b988a5b22b5acc1ba901d24b8e908c40b71dccd5d54a2ae279480dad
   nokogiri (1.16.7-x86_64-darwin) sha256=630732b80fc572690eab50c73a1f18988f3ac401ed0b67ca9956ba2b1e2c3faa
   nokogiri (1.16.7-x86_64-linux) sha256=9e1e428641d5942af877c60b418c71163560e9feb4a5c4015f3230a8b86a40f6
@@ -1221,6 +1240,7 @@ CHECKSUMS
   rubyzip (2.3.2) sha256=3f57e3935dc2255c414484fbf8d673b4909d8a6a57007ed754dde39342d2373f
   safety_net_attestation (0.4.0) sha256=96be2d74e7ed26453a51894913449bea0e072f44490021545ac2d1c38b0718ce
   sass-embedded (1.72.0) sha256=05d3e53092022a4b4eef5b76b9597c7f2af4e4efb06812e1a60e3601189a3d2e
+  sass-embedded (1.72.0-aarch64-linux-gnu) sha256=cbe3b303bb2acf784a46e98cbb22b5218f1607524dc66c00f5bd3b32f029eae4
   sass-embedded (1.72.0-arm64-darwin) sha256=24bbb0fe3cb255070c0bd7d44ee330b1226bd02647a4390d6f50e706a3819a4a
   sass-embedded (1.72.0-x86_64-darwin) sha256=f8b4940847cda523b418b8d1354dfb22464ca1f108d05be3e0d2bab7643d8757
   sass-embedded (1.72.0-x86_64-linux-gnu) sha256=33ecf2737eb685dc61853652312b0395c645b30578fc0d853d4b15f67cab1f3c
@@ -1249,6 +1269,7 @@ CHECKSUMS
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
   tailwindcss-rails (2.7.7) sha256=a74751bad9f956ab4c365de3abd10912ca2399f521c197d1e6025e0bbfc0c5ab
+  tailwindcss-rails (2.7.7-aarch64-linux) sha256=d9f30312e02ae8395a8e7dbf5bc03d9f39625ce1042800321db2edb1df8fcfbc
   tailwindcss-rails (2.7.7-arm64-darwin) sha256=90d0cc13753612579b63a67cd67f45a176f04fd7860a32bc3028dcd6ace94769
   tailwindcss-rails (2.7.7-x86_64-darwin) sha256=af952d88ea84c166905fba3a815c51040f2baecce52554304282c2d7ef400d8c
   tailwindcss-rails (2.7.7-x86_64-linux) sha256=01408afe03f3c61447126c2c33caf940c9729ac8fda2da500887268b5fd3c51c
@@ -1288,4 +1309,4 @@ RUBY VERSION
    ruby 3.3.5p100
 
 BUNDLED WITH
-   2.5.20
+   2.5.21

From c6fd65ce6c71a9aa3c2db00b5761099f4f2e7eee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Oct 2024 10:34:51 -0700
Subject: [PATCH 271/381] Bump tailwindcss-rails from 2.7.7 to 2.7.8 (#5112)

Bumps [tailwindcss-rails](https://github.com/rails/tailwindcss-rails) from 2.7.7 to 2.7.8.
- [Release notes](https://github.com/rails/tailwindcss-rails/releases)
- [Changelog](https://github.com/rails/tailwindcss-rails/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/tailwindcss-rails/compare/v2.7.7...v2.7.8)

---
updated-dependencies:
- dependency-name: tailwindcss-rails
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 450f15ab5e5..48c43aba57b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -766,15 +766,15 @@ GEM
       attr_required (>= 0.0.5)
       faraday (~> 2.0)
       faraday-follow_redirects
-    tailwindcss-rails (2.7.7)
+    tailwindcss-rails (2.7.8)
       railties (>= 7.0.0)
-    tailwindcss-rails (2.7.7-aarch64-linux)
+    tailwindcss-rails (2.7.8-aarch64-linux)
       railties (>= 7.0.0)
-    tailwindcss-rails (2.7.7-arm64-darwin)
+    tailwindcss-rails (2.7.8-arm64-darwin)
       railties (>= 7.0.0)
-    tailwindcss-rails (2.7.7-x86_64-darwin)
+    tailwindcss-rails (2.7.8-x86_64-darwin)
       railties (>= 7.0.0)
-    tailwindcss-rails (2.7.7-x86_64-linux)
+    tailwindcss-rails (2.7.8-x86_64-linux)
       railties (>= 7.0.0)
     terser (1.2.4)
       execjs (>= 0.3.0, < 3)
@@ -1268,11 +1268,11 @@ CHECKSUMS
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
-  tailwindcss-rails (2.7.7) sha256=a74751bad9f956ab4c365de3abd10912ca2399f521c197d1e6025e0bbfc0c5ab
-  tailwindcss-rails (2.7.7-aarch64-linux) sha256=d9f30312e02ae8395a8e7dbf5bc03d9f39625ce1042800321db2edb1df8fcfbc
-  tailwindcss-rails (2.7.7-arm64-darwin) sha256=90d0cc13753612579b63a67cd67f45a176f04fd7860a32bc3028dcd6ace94769
-  tailwindcss-rails (2.7.7-x86_64-darwin) sha256=af952d88ea84c166905fba3a815c51040f2baecce52554304282c2d7ef400d8c
-  tailwindcss-rails (2.7.7-x86_64-linux) sha256=01408afe03f3c61447126c2c33caf940c9729ac8fda2da500887268b5fd3c51c
+  tailwindcss-rails (2.7.8) sha256=b64103bbe60a419b0bf76f5ed1c159ded10101ff57f17aa59d33f7c9fc0bebf6
+  tailwindcss-rails (2.7.8-aarch64-linux) sha256=11d9a2bc810c64591b1db847d41a40ca88a7ed1517d9c2340ad7aa906a1fbbd3
+  tailwindcss-rails (2.7.8-arm64-darwin) sha256=5c32029a5b25cf0aea9e7163802d6d5384714170aed798959d3c170ec366f34f
+  tailwindcss-rails (2.7.8-x86_64-darwin) sha256=8b5f5d995916f30c071b960b9ad8caa16efea4e0465ea029cba66fe438184da5
+  tailwindcss-rails (2.7.8-x86_64-linux) sha256=cb5c4b350454f62796a72b35669ad953f564077d1b6ebdcd353551d8ceb6a86e
   terser (1.2.4) sha256=c85f46e0fcdeef4a52639cbb6dd6b359bf0151d035206b072366e7dac379cc83
   thor (1.3.2) sha256=eef0293b9e24158ccad7ab383ae83534b7ad4ed99c09f96f1a6b036550abbeda
   tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c

From ae613daee2d80045568b1dee10df1b731ff797b8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Oct 2024 11:33:54 -0700
Subject: [PATCH 272/381] Bump actions/cache from 4.1.0 to 4.1.1 (#5115)

Bumps [actions/cache](https://github.com/actions/cache) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2...3624ceb22c1c5a301c8db4169662070a689d9ea8)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 86bb20bc432..d381b4d8c76 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -22,7 +22,7 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # master
       - name: Cache Docker layers
-        uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-rubygems-${{ hashFiles('**/Gemfile.lock') }}

From 4dbd92ea5ba4c39efdc9ad84703a11908f994347 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Oct 2024 11:34:02 -0700
Subject: [PATCH 273/381] Bump actions/upload-artifact from 4.4.1 to 4.4.2
 (#5114)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.4.1 to 4.4.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/604373da6381bf24206979c74d06a550515601b9...84480863f228bb9747b473957fcc9e309aa96097)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/lint.yml | 2 +-
 .github/workflows/test.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index afeac872b1b..4fe3dddb771 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -60,7 +60,7 @@ jobs:
         env:
           ENVIRONMENT: "${{ matrix.environment }}"
           REVISION: "${{ github.sha }}"
-      - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
+      - uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 # v4.4.2
         with:
           name: "${{ matrix.environment }}.rendered.yaml"
           path: "config/deploy/${{ matrix.environment }}.rendered.yaml"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 9b71857341e..4d7b82775e2 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -56,7 +56,7 @@ jobs:
 
       - name: Save capybara screenshots
         if: ${{ failure() && steps.test-all.outcome == 'failure' }}
-        uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
+        uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 # v4.4.2
         with:
           name: capybara-screenshots-${{ matrix.tests.name }}-${{ matrix.rubygems.name }}
           path: tmp/capybara

From 8a6e211455a188ea4e23f4d26c88848b74fe8415 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Oct 2024 11:34:18 -0700
Subject: [PATCH 274/381] Bump statsd-instrument from 3.9.1 to 3.9.2 (#5111)

Bumps [statsd-instrument](https://github.com/Shopify/statsd-instrument) from 3.9.1 to 3.9.2.
- [Changelog](https://github.com/Shopify/statsd-instrument/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Shopify/statsd-instrument/compare/v3.9.1...v3.9.2)

---
updated-dependencies:
- dependency-name: statsd-instrument
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 48c43aba57b..3d242f77ab4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -755,7 +755,7 @@ GEM
       actionpack (>= 6.1)
       activesupport (>= 6.1)
       sprockets (>= 3.0.0)
-    statsd-instrument (3.9.1)
+    statsd-instrument (3.9.2)
     stimulus-rails (1.3.4)
       railties (>= 6.0.0)
     stringio (3.1.1)
@@ -1263,7 +1263,7 @@ CHECKSUMS
   snaky_hash (2.0.1) sha256=1ac87ec157fcfe7a460e821e0cd48ae1e6f5e3e082ab520f03f31a9259dbdc31
   sprockets (4.2.1) sha256=951b13dd2f2fcae840a7184722689a803e0ff9d2702d902bd844b196da773f97
   sprockets-rails (3.5.2) sha256=a9e88e6ce9f8c912d349aa5401509165ec42326baf9e942a85de4b76dbc4119e
-  statsd-instrument (3.9.1) sha256=8fe65a4a68753e1152f3d3e1b215fb426fb63d5a56c16c2ee9da36fd27580057
+  statsd-instrument (3.9.2) sha256=56c70080fb73fed02d9ce26bbf573850b16739ae4252ca508e855dfcfb08db86
   stimulus-rails (1.3.4) sha256=765676ffa1f33af64ce026d26b48e8ffb2e0b94e0f50e9119e11d6107d67cb06
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d

From 37ed1f2f9cd4919359f182ed8c2b9cf8807ae145 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 13 Oct 2024 09:06:04 -0700
Subject: [PATCH 275/381] Bump tailwindcss-rails from 2.7.8 to 2.7.9 (#5117)

---
 Gemfile.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 3d242f77ab4..0472888c9a8 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -766,15 +766,15 @@ GEM
       attr_required (>= 0.0.5)
       faraday (~> 2.0)
       faraday-follow_redirects
-    tailwindcss-rails (2.7.8)
+    tailwindcss-rails (2.7.9)
       railties (>= 7.0.0)
-    tailwindcss-rails (2.7.8-aarch64-linux)
+    tailwindcss-rails (2.7.9-aarch64-linux)
       railties (>= 7.0.0)
-    tailwindcss-rails (2.7.8-arm64-darwin)
+    tailwindcss-rails (2.7.9-arm64-darwin)
       railties (>= 7.0.0)
-    tailwindcss-rails (2.7.8-x86_64-darwin)
+    tailwindcss-rails (2.7.9-x86_64-darwin)
       railties (>= 7.0.0)
-    tailwindcss-rails (2.7.8-x86_64-linux)
+    tailwindcss-rails (2.7.9-x86_64-linux)
       railties (>= 7.0.0)
     terser (1.2.4)
       execjs (>= 0.3.0, < 3)
@@ -842,7 +842,7 @@ GEM
     xpath (3.2.0)
       nokogiri (~> 1.8)
     yard (0.9.36)
-    zeitwerk (2.6.18)
+    zeitwerk (2.7.0)
     zlib (3.1.1)
 
 PLATFORMS
@@ -1268,11 +1268,11 @@ CHECKSUMS
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
   strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
-  tailwindcss-rails (2.7.8) sha256=b64103bbe60a419b0bf76f5ed1c159ded10101ff57f17aa59d33f7c9fc0bebf6
-  tailwindcss-rails (2.7.8-aarch64-linux) sha256=11d9a2bc810c64591b1db847d41a40ca88a7ed1517d9c2340ad7aa906a1fbbd3
-  tailwindcss-rails (2.7.8-arm64-darwin) sha256=5c32029a5b25cf0aea9e7163802d6d5384714170aed798959d3c170ec366f34f
-  tailwindcss-rails (2.7.8-x86_64-darwin) sha256=8b5f5d995916f30c071b960b9ad8caa16efea4e0465ea029cba66fe438184da5
-  tailwindcss-rails (2.7.8-x86_64-linux) sha256=cb5c4b350454f62796a72b35669ad953f564077d1b6ebdcd353551d8ceb6a86e
+  tailwindcss-rails (2.7.9) sha256=227a80aecdc25465646e501b5b992dcde98799e9d58c44938b61ab8b62cccdb9
+  tailwindcss-rails (2.7.9-aarch64-linux) sha256=e445c0761bcdc8fab423f35a9c6f2791ca73e46ef558a0e02601c9a2cf83dcb3
+  tailwindcss-rails (2.7.9-arm64-darwin) sha256=9fd0e0f45e6695bf09c9275170d81ba47fdf6af4b7b6352d97467b7bb8e019f5
+  tailwindcss-rails (2.7.9-x86_64-darwin) sha256=55a361c43ff8a65209e6d46f4d7dd901badb3b8a26ab603991789a2e5f4f79a9
+  tailwindcss-rails (2.7.9-x86_64-linux) sha256=6ac0523506cb122e3e26bb07c2f6e150542530d0d13d8a4e8466ed7a69fbfce2
   terser (1.2.4) sha256=c85f46e0fcdeef4a52639cbb6dd6b359bf0151d035206b072366e7dac379cc83
   thor (1.3.2) sha256=eef0293b9e24158ccad7ab383ae83534b7ad4ed99c09f96f1a6b036550abbeda
   tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c
@@ -1302,7 +1302,7 @@ CHECKSUMS
   xml-simple (1.1.9) sha256=d21131e519c86f1a5bc2b6d2d57d46e6998e47f18ed249b25cad86433dbd695d
   xpath (3.2.0) sha256=6dfda79d91bb3b949b947ecc5919f042ef2f399b904013eb3ef6d20dd3a4082e
   yard (0.9.36) sha256=5505736c1b00c926f71053a606ab75f02070c5960d0778b901fe9d8b0a470be4
-  zeitwerk (2.6.18) sha256=bd2d213996ff7b3b364cd342a585fbee9797dbc1c0c6d868dc4150cc75739781
+  zeitwerk (2.7.0) sha256=a44c846861f2dfb571b834110a38f610dae5f15bac7ebf642a0d46b723da43a4
   zlib (3.1.1) sha256=f61bb03139bbe256c36ba99ef9fece1fb223e9034ed9e5fa3ddb1588d99abc71
 
 RUBY VERSION

From 8021e2eb47fdabbb08af2cc57e52e24756236cb2 Mon Sep 17 00:00:00 2001
From: Colby Swandale <996377+colby-swandale@users.noreply.github.com>
Date: Mon, 14 Oct 2024 18:14:02 +1100
Subject: [PATCH 276/381] Maintainer Role (#4883)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Add Access Level field to Ownership table and update RubyGem policies to check for the level of access

* Add Ownership edit form to owners table

* Add role field to add Ownership form

* Replace Access Level field with Role

* better validate the role in Owners API endpoint

* Refactor Access Level field to be Role instead

* Notify users when their Role was updated

* Don’t allow a user to update their own Ownership

* prevent maintainers for accessing trusted publishing

* Replace Role type object with an Enum

* separate checking for onwnership and permissions into separate methods

* Add Minimum Role Scope to the Ownership model

Replace the raw sql with something nicer

* Add translations for Role field

* Record event when a ownership role is updated

* Indicate what role the user was updated to in the notification email

* Fix the wrong select values being passed to the edit/create ownership form

* Always email owners of any changes to their roles

* Fixup breaking test

* Remove tests that are no longer relevant

* Fixup migration file name

* add role to Membership

* Refactor Ownership policies to cover updating user's own ownership

Make authorization failures more helpful on ownership changes.
We were sometimes returning just the text 'Forbidden' when
really we need to say that you can't edit your own role or
explain the authorization problem, if possible, then redirect
back to the rubygem page.

* Improve readability of role access list

* Add organization policy object

* record the previous value when recording the change role event

* Move method to OrganizationPolicy

* Fix new lint error

* Update app/models/events/rubygem_event.rb

Co-authored-by: Martin Emde <martinemde@users.noreply.github.com>

* Fix breaking test

* Remove unused code

---------

Co-authored-by: Martin Emde <me@martinemde.com>
Co-authored-by: Martin Emde <martinemde@users.noreply.github.com>
---
 app/avo/resources/ownership_resource.rb       |   1 +
 app/controllers/api/v1/owners_controller.rb   |  25 ++-
 app/controllers/owners_controller.rb          |  42 +++-
 app/mailers/owners_mailer.rb                  |  11 +
 app/models/api_key.rb                         |   4 +-
 app/models/events/rubygem_event.rb            |  11 +
 app/models/membership.rb                      |   2 +
 app/models/ownership.rb                       |  24 ++-
 app/models/rubygem.rb                         |   7 +
 app/policies/api/application_policy.rb        |   9 +
 app/policies/api/ownership_policy.rb          |  11 +
 app/policies/api/rubygem_policy.rb            |   7 +
 app/policies/application_policy.rb            |   4 +
 .../oidc/rubygem_trusted_publisher_policy.rb  |   6 +-
 app/policies/organization_policy.rb           |  54 +++++
 app/policies/ownership_policy.rb              |   6 +
 app/policies/rubygem_policy.rb                |  32 +--
 app/views/owners/_owners_table.html.erb       |  12 ++
 app/views/owners/edit.html.erb                |  21 ++
 app/views/owners/index.html.erb               |   6 +
 .../owners_mailer/owner_updated.html.erb      |  40 ++++
 .../owners_mailer/owner_updated.text.erb      |   5 +
 config/brakeman.ignore                        |  52 +++++
 config/brakeman.yml                           |   2 +-
 config/initializers/requires.rb               |   1 +
 config/locales/de.yml                         |  21 +-
 config/locales/en.yml                         |  21 +-
 config/locales/es.yml                         |  21 +-
 config/locales/fr.yml                         |  21 +-
 config/locales/ja.yml                         |  21 +-
 config/locales/nl.yml                         |  21 +-
 config/locales/pt-BR.yml                      |  21 +-
 config/locales/zh-CN.yml                      |  21 +-
 config/locales/zh-TW.yml                      |  21 +-
 config/routes.rb                              |   4 +-
 .../20240802151324_add_role_to_ownership.rb   |   5 +
 .../20240917042436_add_role_to_memberships.rb |   5 +
 db/schema.rb                                  |   4 +-
 lib/access.rb                                 |  27 +++
 test/factories/memberships.rb                 |   9 +
 test/factories/organizations.rb               |  20 ++
 test/factories/ownership.rb                   |   6 +
 test/factories/rubygem.rb                     |   7 +-
 .../api/v1/owners_controller_test.rb          | 110 ++++++++++
 test/functional/owners_controller_test.rb     | 196 ++++++++++++++++--
 test/integration/owner_test.rb                |  38 ++++
 test/lib/access_test.rb                       |  40 ++++
 test/mailers/owners_test.rb                   |  20 ++
 test/mailers/previews/mailer_preview.rb       |   7 +
 test/models/membership_test.rb                |   6 +
 test/models/ownership_test.rb                 |  69 +++++-
 test/models/rubygem_test.rb                   |  59 ++++++
 test/policies/api/ownership_policy_test.rb    |  31 +++
 test/policies/organization_policy_test.rb     |  86 ++++++++
 test/policies/ownership_policy_test.rb        |  29 ++-
 test/policies/rubygem_policy_test.rb          |  58 +++++-
 .../rubygem_trusted_publishing_policy_test.rb |  42 ++++
 test/system/avo/rubygems_test.rb              |   3 +-
 58 files changed, 1385 insertions(+), 80 deletions(-)
 create mode 100644 app/policies/api/ownership_policy.rb
 create mode 100644 app/policies/organization_policy.rb
 create mode 100644 app/views/owners/edit.html.erb
 create mode 100644 app/views/owners_mailer/owner_updated.html.erb
 create mode 100644 app/views/owners_mailer/owner_updated.text.erb
 create mode 100644 config/brakeman.ignore
 create mode 100644 db/migrate/20240802151324_add_role_to_ownership.rb
 create mode 100644 db/migrate/20240917042436_add_role_to_memberships.rb
 create mode 100644 lib/access.rb
 create mode 100644 test/lib/access_test.rb
 create mode 100644 test/mailers/owners_test.rb
 create mode 100644 test/policies/api/ownership_policy_test.rb
 create mode 100644 test/policies/organization_policy_test.rb
 create mode 100644 test/policies/rubygem_trusted_publishing_policy_test.rb

diff --git a/app/avo/resources/ownership_resource.rb b/app/avo/resources/ownership_resource.rb
index cd51054bbd0..ed4a6f686bd 100644
--- a/app/avo/resources/ownership_resource.rb
+++ b/app/avo/resources/ownership_resource.rb
@@ -26,4 +26,5 @@ class ConfirmedFilter < ScopeBooleanFilter; end
 
   field :authorizer, as: :belongs_to
   field :confirmed_at, as: :date_time
+  field :role, as: :select, enum: Ownership.roles
 end
diff --git a/app/controllers/api/v1/owners_controller.rb b/app/controllers/api/v1/owners_controller.rb
index 57bec65a620..ec4e6ed3f1c 100644
--- a/app/controllers/api/v1/owners_controller.rb
+++ b/app/controllers/api/v1/owners_controller.rb
@@ -15,7 +15,8 @@ def show
   def create
     authorize @rubygem, :add_owner?
     owner = User.find_by_name!(email_param)
-    ownership = @rubygem.ownerships.new(user: owner, authorizer: @api_key.user)
+    ownership = @rubygem.ownerships.new(user: owner, authorizer: @api_key.user, **ownership_params)
+
     if ownership.save
       OwnersMailer.ownership_confirmation(ownership).deliver_later
       render plain: response_with_mfa_warning("#{owner.display_handle} was added as an unconfirmed owner. " \
@@ -26,10 +27,28 @@ def create
     end
   end
 
+  def update
+    owner = User.find_by_name(email_param)
+    ownership = @rubygem.ownerships.find_by(user: owner) if owner
+    if ownership
+      authorize(ownership)
+    else
+      authorize(@rubygem, :update_owner?) # don't leak presence of an email unless authorized
+      return render_not_found
+    end
+
+    if ownership.update(ownership_params)
+      render plain: response_with_mfa_warning("Owner updated successfully.")
+    else
+      render plain: response_with_mfa_warning(ownership.errors.full_messages.to_sentence), status: :unprocessable_entity
+    end
+  end
+
   def destroy
     authorize @rubygem, :remove_owner?
     owner = User.find_by_name!(email_param)
     ownership = @rubygem.ownerships_including_unconfirmed.find_by!(user: owner)
+
     if ownership.safe_destroy
       OwnersMailer.owner_removed(ownership.user_id, @api_key.user.id, ownership.rubygem_id).deliver_later
       render plain: response_with_mfa_warning("Owner removed successfully.")
@@ -60,4 +79,8 @@ def render_not_found
   def email_param
     params.permit(:email).require(:email)
   end
+
+  def ownership_params
+    params.permit(:role)
+  end
 end
diff --git a/app/controllers/owners_controller.rb b/app/controllers/owners_controller.rb
index 6134249f78a..1c393af0dfa 100644
--- a/app/controllers/owners_controller.rb
+++ b/app/controllers/owners_controller.rb
@@ -2,8 +2,13 @@ class OwnersController < ApplicationController
   include SessionVerifiable
 
   before_action :find_rubygem, except: :confirm
-  verify_session_before only: %i[index create destroy]
-  before_action :verify_mfa_requirement, only: %i[create destroy]
+  verify_session_before only: %i[index edit update create destroy]
+  before_action :verify_mfa_requirement, only: %i[create edit update destroy]
+  before_action :find_ownership, only: %i[edit update destroy]
+
+  rescue_from(Pundit::NotAuthorizedError) do |e|
+    redirect_to rubygem_path(@rubygem.slug), alert: e.policy.error
+  end
 
   def confirm
     ownership = Ownership.find_by!(token: token_params)
@@ -32,10 +37,14 @@ def index
     @ownerships = @rubygem.ownerships_including_unconfirmed.includes(:user, :authorizer)
   end
 
+  def edit
+  end
+
   def create
     authorize @rubygem, :add_owner?
     owner = User.find_by_name(handle_params)
-    ownership = @rubygem.ownerships.new(user: owner, authorizer: current_user)
+
+    ownership = @rubygem.ownerships.new(user: owner, authorizer: current_user, role: params[:role])
     if ownership.save
       OwnersMailer.ownership_confirmation(ownership).deliver_later
       redirect_to rubygem_owners_path(@rubygem.slug), notice: t(".success_notice", handle: owner.name)
@@ -44,9 +53,19 @@ def create
     end
   end
 
+  # This action is used to update a user's owenrship role. This endpoint currently asssumes
+  # the role is the only thing that can be updated. If more fields are added to the ownership
+  # this action will need to be tweaked a bit
+  def update
+    if @ownership.update(update_params)
+      OwnersMailer.with(ownership: @ownership, authorizer: current_user).owner_updated.deliver_later
+      redirect_to rubygem_owners_path(@ownership.rubygem.slug), notice: t(".success_notice", handle: @ownership.user.name)
+    else
+      index_with_error @ownership.errors.full_messages.to_sentence, :unprocessable_entity
+    end
+  end
+
   def destroy
-    authorize @rubygem, :remove_owner?
-    @ownership = @rubygem.ownerships_including_unconfirmed.find_by_owner_handle!(handle_params)
     if @ownership.safe_destroy
       OwnersMailer.owner_removed(@ownership.user_id, current_user.id, @ownership.rubygem_id).deliver_later
       redirect_to rubygem_owners_path(@ownership.rubygem.slug), notice: t(".removed_notice", owner_name: @ownership.owner_name)
@@ -61,6 +80,15 @@ def verify_session_redirect_path
     rubygem_owners_url(params[:rubygem_id])
   end
 
+  def find_ownership
+    @ownership = @rubygem.ownerships_including_unconfirmed.find_by_owner_handle(handle_params)
+    return authorize(@ownership) if @ownership
+
+    predicate = params[:action] == "destroy" ? :remove_owner? : :update_owner?
+    authorize(@rubygem, predicate)
+    render_not_found
+  end
+
   def token_params
     params.permit(:token).require(:token)
   end
@@ -69,6 +97,10 @@ def handle_params
     params.permit(:handle).require(:handle)
   end
 
+  def update_params
+    params.permit(:role)
+  end
+
   def notify_owner_added(ownership)
     ownership.rubygem.ownership_notifiable_owners.each do |notified_user|
       OwnersMailer.owner_added(
diff --git a/app/mailers/owners_mailer.rb b/app/mailers/owners_mailer.rb
index 7b6bef127c1..2130ee0abcb 100644
--- a/app/mailers/owners_mailer.rb
+++ b/app/mailers/owners_mailer.rb
@@ -13,6 +13,17 @@ def ownership_confirmation(ownership)
       end
   end
 
+  def owner_updated
+    @ownership = params[:ownership]
+    @user = @ownership.user
+    @rubygem = @ownership.rubygem
+
+    mail(
+      to: @user.email,
+      subject: t("mailer.owner_updated.subject", gem: @rubygem.name, host: Gemcutter::HOST_DISPLAY)
+    )
+  end
+
   def owner_removed(user_id, remover_id, gem_id)
     @user = User.find(user_id)
     @remover = User.find(remover_id)
diff --git a/app/models/api_key.rb b/app/models/api_key.rb
index 98b6bbacacf..9a41d74fa29 100644
--- a/app/models/api_key.rb
+++ b/app/models/api_key.rb
@@ -1,9 +1,9 @@
 class ApiKey < ApplicationRecord
   class ScopeError < RuntimeError; end
 
-  API_SCOPES = %i[show_dashboard index_rubygems push_rubygem yank_rubygem add_owner remove_owner access_webhooks
+  API_SCOPES = %i[show_dashboard index_rubygems push_rubygem yank_rubygem add_owner update_owner remove_owner access_webhooks
                   configure_trusted_publishers].freeze
-  APPLICABLE_GEM_API_SCOPES = %i[push_rubygem yank_rubygem add_owner remove_owner configure_trusted_publishers].freeze
+  APPLICABLE_GEM_API_SCOPES = %i[push_rubygem yank_rubygem add_owner update_owner remove_owner configure_trusted_publishers].freeze
   EXCLUSIVE_SCOPES = %i[show_dashboard].freeze
 
   self.ignored_columns += API_SCOPES
diff --git a/app/models/events/rubygem_event.rb b/app/models/events/rubygem_event.rb
index 11c7dea8b13..6f4895dd442 100644
--- a/app/models/events/rubygem_event.rb
+++ b/app/models/events/rubygem_event.rb
@@ -59,6 +59,17 @@ class Events::RubygemEvent < ApplicationRecord
     attribute :owner_gid, :global_id
   end
 
+  OWNER_ROLE_UPDATED = define_event "rubygem:owner:role_updated" do
+    attribute :owner, :string
+    attribute :updated_by, :string
+
+    attribute :actor_gid, :global_id
+    attribute :owner_gid, :global_id
+
+    attribute :previous_role, :string
+    attribute :current_role, :string
+  end
+
   OWNER_REMOVED = define_event "rubygem:owner:removed" do
     attribute :owner, :string
     attribute :removed_by, :string
diff --git a/app/models/membership.rb b/app/models/membership.rb
index c15753d8b9a..e1e73cf2a9c 100644
--- a/app/models/membership.rb
+++ b/app/models/membership.rb
@@ -5,6 +5,8 @@ class Membership < ApplicationRecord
   scope :unconfirmed, -> { where(confirmed_at: nil) }
   scope :confirmed, -> { where.not(confirmed_at: nil) }
 
+  enum :role, { owner: Access::OWNER, maintainer: Access::MAINTAINER, admin: Access::ADMIN }, validate: true, default: :maintainer
+
   def confirmed?
     !confirmed_at.nil?
   end
diff --git a/app/models/ownership.rb b/app/models/ownership.rb
index fd6e4b94d1a..bbe1f3776c8 100644
--- a/app/models/ownership.rb
+++ b/app/models/ownership.rb
@@ -13,11 +13,17 @@ class Ownership < ApplicationRecord
 
   after_create :record_create_event
   after_update :record_confirmation_event, if: :saved_change_to_confirmed_at?
+  after_update :record_role_updated_event, if: :saved_change_to_role?
+  after_update :notify_user_role_of_role_change, if: :saved_change_to_role?
   after_destroy :record_destroy_event
 
   scope :confirmed, -> { where.not(confirmed_at: nil) }
   scope :unconfirmed, -> { where(confirmed_at: nil) }
 
+  enum :role, { owner: Access::OWNER, maintainer: Access::MAINTAINER }, validate: true, default: :owner
+
+  scope :user_with_minimum_role, ->(user, role) { where(user: user, role: Access.with_minimum_role(role)) }
+
   def self.by_indexed_gem_name
     select("ownerships.*, rubygems.name")
       .left_joins(rubygem: :versions)
@@ -26,8 +32,8 @@ def self.by_indexed_gem_name
       .order("rubygems.name ASC")
   end
 
-  def self.find_by_owner_handle!(handle)
-    joins(:user).find_by(users: { handle: handle }) || joins(:user).find_by!(users: { id: handle })
+  def self.find_by_owner_handle(handle)
+    joins(:user).find_by(users: { handle: handle }) || joins(:user).find_by(users: { id: handle })
   end
 
   def self.create_confirmed(rubygem, user, approver)
@@ -107,6 +113,16 @@ def record_confirmation_event
       actor_gid: Current.user&.to_gid)
   end
 
+  def record_role_updated_event
+    rubygem.record_event!(Events::RubygemEvent::OWNER_ROLE_UPDATED,
+      owner: user.display_handle,
+      updated_by: Current.user&.display_handle,
+      owner_gid: user.to_gid,
+      actor_gid: Current.user&.to_gid,
+      previous_role: role_previously_was,
+      current_role: role)
+  end
+
   def record_destroy_event
     rubygem.record_event!(Events::RubygemEvent::OWNER_REMOVED,
       owner: user.display_handle,
@@ -114,4 +130,8 @@ def record_destroy_event
       owner_gid: user.to_gid,
       actor_gid: Current.user&.to_gid)
   end
+
+  def notify_user_role_of_role_change
+    OwnersMailer.with(ownership: self).owner_updated.deliver_later
+  end
 end
diff --git a/app/models/rubygem.rb b/app/models/rubygem.rb
index a306bcbfd31..03b5793cceb 100644
--- a/app/models/rubygem.rb
+++ b/app/models/rubygem.rb
@@ -188,6 +188,13 @@ def owned_by?(user)
     ownerships.exists?(user_id: user.id)
   end
 
+  def owned_by_with_role?(user, minimum_required_role)
+    return false if user.blank?
+    ownerships.user_with_minimum_role(user, minimum_required_role).exists?
+  rescue KeyError
+    false
+  end
+
   def unconfirmed_ownerships
     ownerships_including_unconfirmed.unconfirmed
   end
diff --git a/app/policies/api/application_policy.rb b/app/policies/api/application_policy.rb
index 3b69c8e5f12..3d7d9b7f873 100644
--- a/app/policies/api/application_policy.rb
+++ b/app/policies/api/application_policy.rb
@@ -42,10 +42,19 @@ def deny(error)
     false
   end
 
+  def api_policy!(record)
+    Pundit.policy!(api_key, [:api, record])
+  end
+
   def user_policy!(record)
     Pundit.policy!(api_key.user, record)
   end
 
+  def api_authorized?(record, action)
+    policy = api_policy!(record)
+    policy.send(action) || deny(policy.error)
+  end
+
   def user_authorized?(record, action)
     policy = user_policy!(record)
     policy.send(action) || deny(policy.error)
diff --git a/app/policies/api/ownership_policy.rb b/app/policies/api/ownership_policy.rb
new file mode 100644
index 00000000000..464b2376bf0
--- /dev/null
+++ b/app/policies/api/ownership_policy.rb
@@ -0,0 +1,11 @@
+class Api::OwnershipPolicy < Api::ApplicationPolicy
+  class Scope < Api::ApplicationPolicy::Scope
+  end
+
+  delegate :rubygem, to: :record
+
+  def update?
+    api_authorized?(rubygem, :update_owner?) &&
+      user_authorized?(record, :update?)
+  end
+end
diff --git a/app/policies/api/rubygem_policy.rb b/app/policies/api/rubygem_policy.rb
index e181f66850a..690ede046c3 100644
--- a/app/policies/api/rubygem_policy.rb
+++ b/app/policies/api/rubygem_policy.rb
@@ -26,6 +26,13 @@ def add_owner?
       user_authorized?(rubygem, :add_owner?)
   end
 
+  def update_owner?
+    user_api_key? &&
+      mfa_requirement_satisfied?(rubygem) &&
+      api_key_scope?(:update_owner, rubygem) &&
+      user_authorized?(rubygem, :update_owner?)
+  end
+
   def remove_owner?
     user_api_key? &&
       mfa_requirement_satisfied?(rubygem) &&
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
index 0ec698761ba..e999c1fac18 100644
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@@ -80,6 +80,10 @@ def rubygem_owned_by?(user)
     rubygem.owned_by?(user) || deny(t(:forbidden))
   end
 
+  def rubygem_owned_by_with_role?(user, minimum_required_role:)
+    rubygem.owned_by_with_role?(user, minimum_required_role) || deny(t(:forbidden))
+  end
+
   def policy!(user, record) = Pundit.policy!(user, record)
   def user_policy!(record) = policy!(user, record)
 
diff --git a/app/policies/oidc/rubygem_trusted_publisher_policy.rb b/app/policies/oidc/rubygem_trusted_publisher_policy.rb
index b035c911d03..85ea19aef2d 100644
--- a/app/policies/oidc/rubygem_trusted_publisher_policy.rb
+++ b/app/policies/oidc/rubygem_trusted_publisher_policy.rb
@@ -5,14 +5,14 @@ class Scope < ApplicationPolicy::Scope
   delegate :rubygem, to: :record
 
   def show?
-    rubygem_owned_by?(user)
+    rubygem_owned_by_with_role?(user, minimum_required_role: :owner)
   end
 
   def create?
-    rubygem_owned_by?(user)
+    rubygem_owned_by_with_role?(user, minimum_required_role: :owner)
   end
 
   def destroy?
-    rubygem_owned_by?(user)
+    rubygem_owned_by_with_role?(user, minimum_required_role: :owner)
   end
 end
diff --git a/app/policies/organization_policy.rb b/app/policies/organization_policy.rb
new file mode 100644
index 00000000000..249750d60bd
--- /dev/null
+++ b/app/policies/organization_policy.rb
@@ -0,0 +1,54 @@
+class OrganizationPolicy < ApplicationPolicy
+  class Scope < ApplicationPolicy::Scope
+  end
+
+  def show?
+    true
+  end
+
+  def update?
+    organization_member_with_role?(user, minimum_required_role: Access::OWNER)
+  end
+
+  def create?
+    true
+  end
+
+  def add_gem?
+    organization_member_with_role?(user, minimum_required_role: Access::OWNER)
+  end
+
+  def remove_gem?
+    organization_member_with_role?(user, minimum_required_role: Access::OWNER)
+  end
+
+  def add_membership?
+    organization_member_with_role?(user, minimum_required_role: Access::OWNER)
+  end
+
+  def update_membership?
+    organization_member_with_role?(user, minimum_required_role: Access::OWNER)
+  end
+
+  def remove_membership?
+    organization_member_with_role?(user, minimum_required_role: Access::OWNER)
+  end
+
+  def show_membership?
+    organization_member_with_role?(user, minimum_required_role: Access::MAINTAINER)
+  end
+
+  def list_memberships?
+    organization_member_with_role?(user, minimum_required_role: Access::MAINTAINER)
+  end
+
+  def destroy?
+    false # For now organizations cannot be deleted
+  end
+
+  private
+
+  def organization_member_with_role?(user, minimum_required_role:)
+    record.memberships.exists?(["user_id = ? AND role >= ?", user.id, minimum_required_role])
+  end
+end
diff --git a/app/policies/ownership_policy.rb b/app/policies/ownership_policy.rb
index de8fbc958fa..ad31e15c265 100644
--- a/app/policies/ownership_policy.rb
+++ b/app/policies/ownership_policy.rb
@@ -8,6 +8,12 @@ def create?
     policy!(user, rubygem).add_owner?
   end
 
+  def update?
+    return deny(t("owners.update.update_current_user_role")) if current_user?(record.user)
+    policy!(user, rubygem).update_owner?
+  end
+  alias edit? update?
+
   def destroy?
     policy!(user, rubygem).remove_owner?
   end
diff --git a/app/policies/rubygem_policy.rb b/app/policies/rubygem_policy.rb
index 56a5c02ec58..1c90dc77967 100644
--- a/app/policies/rubygem_policy.rb
+++ b/app/policies/rubygem_policy.rb
@@ -23,24 +23,16 @@ def destroy?
     false
   end
 
-  def add_owner?
-    rubygem_owned_by?(user)
-  end
-
   def configure_oidc?
-    rubygem_owned_by?(user)
+    rubygem_owned_by_with_role?(user, minimum_required_role: :owner)
   end
 
   def configure_trusted_publishers?
-    rubygem_owned_by?(user)
+    rubygem_owned_by_with_role?(user, minimum_required_role: :owner)
   end
 
   def manage_adoption?
-    rubygem_owned_by?(user)
-  end
-
-  def remove_owner?
-    rubygem_owned_by?(user)
+    rubygem_owned_by_with_role?(user, minimum_required_role: :owner)
   end
 
   def request_ownership?
@@ -58,7 +50,23 @@ def show_events?
     rubygem_owned_by?(user)
   end
 
+  def close_ownership_requests?
+    rubygem_owned_by_with_role?(user, minimum_required_role: :owner)
+  end
+
   def show_unconfirmed_ownerships?
-    rubygem_owned_by?(user)
+    rubygem_owned_by_with_role?(user, minimum_required_role: :owner)
+  end
+
+  def add_owner?
+    rubygem_owned_by_with_role?(user, minimum_required_role: :owner)
+  end
+
+  def update_owner?
+    rubygem_owned_by_with_role?(user, minimum_required_role: :owner)
+  end
+
+  def remove_owner?
+    rubygem_owned_by_with_role?(user, minimum_required_role: :owner)
   end
 end
diff --git a/app/views/owners/_owners_table.html.erb b/app/views/owners/_owners_table.html.erb
index ec78a4160d5..4ad86899233 100644
--- a/app/views/owners/_owners_table.html.erb
+++ b/app/views/owners/_owners_table.html.erb
@@ -13,6 +13,9 @@
     <th class="owners__cell">
       <%= t("owners.index.added_by") %>
     </th>
+    <th class="owners__cell">
+      <%= t("owners.index.role") %>
+    </th>
     <th class="owners__cell">
       <%= t("owners.index.confirmed_at") %>
     </th>
@@ -40,6 +43,9 @@
       <td class="owners__cell" data-title="Added By">
         <%= ownership.authorizer_name %>
       </td>
+      <td class="owners__cell" data-title="Role">
+        <%= Ownership.human_attribute_name("role.#{ownership.role}") %>
+      </td>
       <td class="owners__cell" data-title="Confirmed At">
         <%= ownership.confirmed_at.strftime("%Y-%m-%d %H:%M %Z") if ownership.confirmed? %>
       </td>
@@ -49,6 +55,12 @@
           method: "delete",
           data: { confirm: t("owners.index.confirm_remove") },
           class: "form__submit form__submit--small" %>
+        <br/>
+        <%= button_to "Edit",
+          edit_rubygem_owner_path(@rubygem.name, ownership.user.display_id),
+          disabled: ownership.user == current_user,
+          method: "get",
+          class: "form__submit form__submit--small" %>
       </td>
     </tr>
   <% end %>
diff --git a/app/views/owners/edit.html.erb b/app/views/owners/edit.html.erb
new file mode 100644
index 00000000000..e1e7bfcd9d4
--- /dev/null
+++ b/app/views/owners/edit.html.erb
@@ -0,0 +1,21 @@
+<% @title = t('.title') %>
+<% @roles = Ownership.roles.map { |k,_| [Ownership.human_attribute_name("role.#{k}"), k] } %>
+
+<%= form_tag rubygem_owner_path(rubygem_id: @rubygem.slug, owner_id: @ownership.user.display_id), method: :patch do |form| %>
+  <%= error_messages_for(@ownership) %>
+
+  <div class="text_field">
+    <%= label_tag :display_id, "User", class: 'form__label' %>
+    <%= text_field_tag :display_id, @ownership.user.display_id, disabled: true, :class => 'form__input' %>
+  </div>
+
+  <div class="text_field">
+    <%= label_tag :role, t(".role"), class: 'form__label' %>
+    <br/>
+    <%= select_tag :role, options_for_select(@roles, @ownership.role), class: "form__input form__select"  %>
+  </div>
+
+  <div class="submit_field">
+    <%= submit_tag 'Update', :data => {:disable_with => t('form_disable_with')}, :class => 'form__submit' %>
+  </div>
+<% end %>
diff --git a/app/views/owners/index.html.erb b/app/views/owners/index.html.erb
index 75bc1084b47..957f5a24daa 100644
--- a/app/views/owners/index.html.erb
+++ b/app/views/owners/index.html.erb
@@ -1,5 +1,6 @@
 <% @title = @rubygem.name %>
 <% @subtitle = t(".info", gem: @rubygem.name) %>
+<% @roles = Ownership.roles.map { |k,_| [Ownership.human_attribute_name("role.#{k}"), k] } %>
 
 <div class="t-body">
   <%= render "owners_table" %>
@@ -14,6 +15,11 @@
       <%= label_tag :handle, t(".email_field"), class: "form__label" %>
       <%= text_field_tag :handle, nil, class: "form__input", required: true %>
     </div>
+    <div class="text_field">
+      <%= label_tag :role, t(".role_field"), class: "form__label" %>
+      <br/>
+      <%= select_tag :role, options_for_select(@roles), class: "form__input form__select" %>
+    </div>
     <div class="submit_field">
       <%= submit_tag t(".submit_button"), data: {disable_with: t("form_disable_with")}, class: "form__submit" %>
     </div>
diff --git a/app/views/owners_mailer/owner_updated.html.erb b/app/views/owners_mailer/owner_updated.html.erb
new file mode 100644
index 00000000000..9c7a8a1e286
--- /dev/null
+++ b/app/views/owners_mailer/owner_updated.html.erb
@@ -0,0 +1,40 @@
+<% @title = t("mailer.owner_updated.title") %>
+<% @sub_title = t("mailer.owner_updated.subtitle", user_handle: @user.handle) %>
+
+<!-- Body -->   
+<table width="100%" border="0" cellspacing="0" cellpadding="0" bgcolor="#ffffff">
+  <tr>
+    <td class="content-spacing" style="font-size:0pt; line-height:0pt; text-align:left" width="20"></td>
+    <td>
+      <div class="h3-1-center" style="color:#1e1e1e; font-family:Georgia, serif; min-width:auto !important; font-size:20px; line-height:26px;">
+        <br>
+        <p>
+          <%= t("mailer.owner_updated.body_html", gem: @rubygem.name, host: Gemcutter::HOST_DISPLAY, role: Ownership.human_attribute_name("role.#{@ownership.role}")) %>
+        </p>
+        <table width="100%" border="0" cellspacing="0" cellpadding="0" class="spacer" style="font-size:0pt; line-height:0pt; text-align:center; width:100%; min-width:100%"><tr><td height="35" class="spacer" style="font-size:0pt; line-height:0pt; text-align:center; width:100%; min-width:100%">&nbsp;</td></tr></table>
+
+        <p>If this change is expected, you do not need to take further action.</p>
+        <p>
+          <strong>Only if this change is unexpected</strong>
+          please take immediate steps to secure your account and gems:
+        </p>
+
+        <%= render "mailer/compromised_instructions" do %>
+          <li>Look out for unexpected changes to your gems on RubyGems.org</li>
+        <% end %>
+
+        <p>
+          <em>
+            To stop receiving these messages, update your <%= link_to("email notification settings", notifier_url) %>.
+          </em>
+        </p>
+      </div>
+
+      <table width="100%" border="0" cellspacing="0" cellpadding="0" class="spacer" style="font-size:0pt; line-height:0pt; text-align:center; width:100%; min-width:100%"><tr><td height="30" class="spacer" style="font-size:0pt; line-height:0pt; text-align:center; width:100%; min-width:100%">&nbsp;</td></tr></table>
+
+      <table width="100%" border="0" cellspacing="0" cellpadding="0" class="spacer" style="font-size:0pt; line-height:0pt; text-align:center; width:100%; min-width:100%"><tr><td height="35" class="spacer" style="font-size:0pt; line-height:0pt; text-align:center; width:100%; min-width:100%">&nbsp;</td></tr></table>
+
+    </td>
+    <td class="content-spacing" style="font-size:0pt; line-height:0pt; text-align:left" width="20"></td>
+  </tr>
+</table>
diff --git a/app/views/owners_mailer/owner_updated.text.erb b/app/views/owners_mailer/owner_updated.text.erb
new file mode 100644
index 00000000000..b68561ccfd8
--- /dev/null
+++ b/app/views/owners_mailer/owner_updated.text.erb
@@ -0,0 +1,5 @@
+<%= t("mailer.owner_updated.subtitle", user_handle: @user.handle) %>
+
+<%= t("mailer.owner_updated.body_text", gem: @rubygem.name, host: Gemcutter::HOST_DISPLAY, role: Ownership.human_attribute_name("role.#{@ownership.role}")) %>
+
+<%= rubygem_owners_url(@rubygem.slug) %>
diff --git a/config/brakeman.ignore b/config/brakeman.ignore
new file mode 100644
index 00000000000..2a902bfc302
--- /dev/null
+++ b/config/brakeman.ignore
@@ -0,0 +1,52 @@
+{
+  "ignored_warnings": [
+    {
+      "warning_type": "Mass Assignment",
+      "warning_code": 105,
+      "fingerprint": "85e397bacae5462238e8ce59c0fcd1045a414e603588ae313c5156c09a623fed",
+      "check_name": "PermitAttributes",
+      "message": "Potentially dangerous key allowed for mass assignment",
+      "file": "app/controllers/owners_controller.rb",
+      "line": 101,
+      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
+      "code": "params.permit(:role)",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "OwnersController",
+        "method": "update_params"
+      },
+      "user_input": ":role",
+      "confidence": "Medium",
+      "cwe_id": [
+        915
+      ],
+      "note": ""
+    },
+    {
+      "warning_type": "Mass Assignment",
+      "warning_code": 105,
+      "fingerprint": "b57c75e671196846b60667930fc3c1a4d02122b7ec3ae5ae0cf8cecc6c1d0b63",
+      "check_name": "PermitAttributes",
+      "message": "Potentially dangerous key allowed for mass assignment",
+      "file": "app/controllers/api/v1/owners_controller.rb",
+      "line": 84,
+      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
+      "code": "params.permit(:role)",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Api::V1::OwnersController",
+        "method": "ownership_params"
+      },
+      "user_input": ":role",
+      "confidence": "Medium",
+      "cwe_id": [
+        915
+      ],
+      "note": ""
+    }
+  ],
+  "updated": "2024-09-21 16:16:50 -0700",
+  "brakeman_version": "6.2.1"
+}
diff --git a/config/brakeman.yml b/config/brakeman.yml
index d9492b31e1d..26a7bbdc235 100644
--- a/config/brakeman.yml
+++ b/config/brakeman.yml
@@ -7,5 +7,5 @@
 :output_files:
 - reports/brakeman/brakeman.json
 - reports/brakeman/brakeman.html
-:rails5: true
+:rails7: true
 :github_repo: rubygems/rubygems.org
diff --git a/config/initializers/requires.rb b/config/initializers/requires.rb
index 966db0b8de5..8a6f441cff6 100644
--- a/config/initializers/requires.rb
+++ b/config/initializers/requires.rb
@@ -5,3 +5,4 @@
 require 'rack/rewindable_input'
 require 'elastic_searcher'
 require 'github_secret_scanning'
+require 'access'
diff --git a/config/locales/de.yml b/config/locales/de.yml
index 975b1593aa1..6a2a3412b72 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -73,6 +73,10 @@ de:
         full_name: Vollständiger Name
         handle: Benutzername
         password: Passwort
+      ownership/role:
+        owner:
+        admin:
+        maintainer:
       api_key:
         oidc_api_key_role: OIDC-API-Schlüsselrolle
       oidc/id_token:
@@ -186,6 +190,7 @@ de:
         können. Neuer API-Schlüssel:'
       mfa: MFA
       expiration:
+      update_owner:
     new:
       new_api_key: Neuer API-Schlüssel
     reset:
@@ -369,6 +374,12 @@ de:
       subtitle: Hallo %{user_handle}!
       body_html: <b>Du</b> wurdest als Besitzer für das <strong><a href="https://rubygems.org/gems/%{gem}">%{gem}</a></strong>-Gem
         auf %{host} von <b>%{remover}</b> entfernt.
+    owner_updated:
+      subject:
+      title:
+      subtitle:
+      body_html:
+      body_text:
     ownerhip_request_closed:
       title: ANFRAGE ZUR BESITZERRECHTIGUNG
       subtitle: Hallo %{handle}!
@@ -635,6 +646,8 @@ de:
       confirmed:
       pending:
       confirm_remove:
+      role:
+      role_field:
     resend_confirmation:
       resent_notice:
     create:
@@ -643,6 +656,12 @@ de:
       removed_notice:
       failed_notice:
     mfa_required:
+    update:
+      success_notice:
+      update_current_user_role:
+    edit:
+      role:
+      title:
   settings:
     edit:
       title:
@@ -1051,4 +1070,4 @@ de:
         api_key_scopes:
         api_key_gem_html:
         api_key_mfa:
-        not_required:
+        not_required:
\ No newline at end of file
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 3a05781c196..83681e23319 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -70,6 +70,10 @@ en:
         full_name: Full name
         handle: Username
         password: Password
+      ownership/role:
+        owner: Owner
+        admin: Admin
+        maintainer: Maintainer
       api_key:
         oidc_api_key_role: OIDC API Key Role
       oidc/id_token:
@@ -178,6 +182,7 @@ en:
       save_key: "Note that we won't be able to show the key to you again. New API key:"
       mfa: MFA
       expiration: Expiration
+      update_owner: Update Owner
     new:
       new_api_key: New API key
     reset:
@@ -335,6 +340,12 @@ en:
       title: OWNER REMOVED
       subtitle: Hi %{user_handle}!
       body_html: <b>You</b> were removed as an owner for <strong><a href="https://rubygems.org/gems/%{gem}">%{gem}</a></strong> gem on %{host} by <b>%{remover}</b>.
+    owner_updated:
+      subject: Your role was updated for %{gem} gem
+      title: OWNER ROLE UPDATED
+      subtitle: Hi %{user_handle}!
+      body_html: Your role was updated to %{role} for <strong><a href="https://rubygems.org/gems/%{gem}">%{gem}</a></strong> gem.
+      body_text: Your role was updated to %{role} for %{gem} gem.
     ownerhip_request_closed:
       title: OWNERSHIP REQUEST
       subtitle: Hi %{handle}!
@@ -531,6 +542,9 @@ en:
       title: Error - Verification Failed
       close_browser: Please close this browser and try again.
   owners:
+    edit:
+      role: Role
+      title: Edit Owner
     confirm:
       confirmed_email: You were added as an owner to %{gem} gem
       token_expired: The confirmation token has expired. Please try resending the token from the gem page.
@@ -542,6 +556,8 @@ en:
       confirmed_at: CONFIRMED AT
       added_by: ADDED BY
       action: ACTION
+      role: ROLE
+      role_field: Role
       email_field: Email / Handle
       submit_button: Add Owner
       info: add or remove owners
@@ -552,6 +568,9 @@ en:
       resent_notice: A confirmation mail has been re-sent to your email
     create:
       success_notice: "%{handle} was added as an unconfirmed owner. Ownership access will be enabled after the user clicks on the confirmation mail sent to their email."
+    update:
+      update_current_user_role: Can't update your own Role
+      success_notice: "%{handle} was succesfully updated."
     destroy:
       removed_notice: "%{owner_name} was removed from the owners successfully"
       failed_notice: Can't remove the only owner of the gem
@@ -972,4 +991,4 @@ en:
         api_key_scopes: "Scopes: %{scopes}"
         api_key_gem_html: "Gem: %{gem}"
         api_key_mfa: "MFA: %{mfa}"
-        not_required: "Not required"
+        not_required: "Not required"
\ No newline at end of file
diff --git a/config/locales/es.yml b/config/locales/es.yml
index 4efa807b479..fa9b7be388f 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -71,6 +71,10 @@ es:
         full_name: Nombre completo
         handle: Usuario
         password: Contraseña
+      ownership/role:
+        owner:
+        admin:
+        maintainer:
       api_key:
         oidc_api_key_role:
       oidc/id_token:
@@ -184,6 +188,7 @@ es:
         clave de API:'
       mfa: AMF
       expiration:
+      update_owner:
     new:
       new_api_key: Nueva clave de API
     reset:
@@ -368,6 +373,12 @@ es:
       subtitle: "¡Hola %{handle}!"
       body_html: Has sido eliminado como propietario/a de la gema <strong><a href="https://rubygems.org/gems/%{gem}">%{gem}</a></strong>
         en %{host} por <b>%{remover}</b>.
+    owner_updated:
+      subject:
+      title:
+      subtitle:
+      body_html:
+      body_text:
     ownerhip_request_closed:
       title: CANDIDATURA A PROPIETARIO
       subtitle: "¡Hola %{handle}!"
@@ -621,6 +632,8 @@ es:
       confirmed: Confirmado
       pending: Pendiente
       confirm_remove: "¿Seguro que quieres eliminar a este usuario de los propietarios?"
+      role:
+      role_field:
     resend_confirmation:
       resent_notice: Se ha reenviado un mensaje de confirmación a tu correo electrónico
     create:
@@ -632,6 +645,12 @@ es:
       failed_notice: No se puede eliminar al único propietario de una gema
     mfa_required: La gema tiene activado el requerimiento de AMF, configura AMF en
       tu cuenta por favor.
+    edit:
+      role:
+      title:
+    update:
+      update_current_user_role:
+      success_notice:
   settings:
     edit:
       title: Editar configuración
@@ -1106,4 +1125,4 @@ es:
         api_key_scopes:
         api_key_gem_html:
         api_key_mfa:
-        not_required:
+        not_required:
\ No newline at end of file
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index fcd1c729046..fb7fbccf6e1 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -71,6 +71,10 @@ fr:
         full_name: Nom complet
         handle: Pseudonyme
         password: Mot de passe
+      ownership/role:
+        owner:
+        admin:
+        maintainer:
       api_key:
         oidc_api_key_role:
       oidc/id_token:
@@ -172,6 +176,7 @@ fr:
       yank_rubygem:
       add_owner:
       remove_owner:
+      update_owner:
       access_webhooks:
       show_dashboard:
       configure_trusted_publishers:
@@ -347,6 +352,12 @@ fr:
       title:
       subtitle:
       body_html:
+    owner_updated:
+      subject:
+      title:
+      subtitle:
+      body_html:
+      body_text:
     ownerhip_request_closed:
       title:
       subtitle:
@@ -559,6 +570,8 @@ fr:
       confirmed:
       pending:
       confirm_remove:
+      role:
+      role_field:
     resend_confirmation:
       resent_notice:
     create:
@@ -566,6 +579,12 @@ fr:
     destroy:
       removed_notice:
       failed_notice:
+    update:
+      update_current_user_role:
+      success_notice:
+    edit:
+      role:
+      title:
     mfa_required:
   settings:
     edit:
@@ -1001,4 +1020,4 @@ fr:
         api_key_scopes:
         api_key_gem_html:
         api_key_mfa:
-        not_required:
+        not_required:
\ No newline at end of file
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index 1ea681dfbf4..93c1aa92fc4 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -64,6 +64,10 @@ ja:
         full_name: フルネーム
         handle: ユーザー名
         password: パスワード
+      ownership/role:
+        owner:
+        admin:
+        maintainer:
       api_key:
         oidc_api_key_role: OIDC APIキーのロール
       oidc/id_token:
@@ -165,6 +169,7 @@ ja:
       yank_rubygem: rubygemをヤンクする
       add_owner: 所有者を追加する
       remove_owner: 所有者を削除する
+      update_owner:
       access_webhooks: webhookにアクセスする
       show_dashboard: ダッシュボードを表示
       configure_trusted_publishers: 信頼できる発行元を構成
@@ -335,6 +340,12 @@ ja:
       subtitle: こんにちは、%{user_handle}！
       body_html: <b>あなた</b>は<b>%{remover}</b>によって%{host}上の<strong><a href="https://rubygems.org/gems/%{gem}">%{gem}</a></strong>
         gemの所有者から削除されました。
+    owner_updated:
+      subject:
+      title:
+      subtitle:
+      body_html:
+      body_text:
     ownerhip_request_closed:
       title: 所有権の申請
       subtitle: こんにちは、%{handle}！
@@ -539,6 +550,8 @@ ja:
       confirmed: 確定
       pending: 保留
       confirm_remove: このユーザーを所有者から削除されたいとのことでよろしいですか。
+      role:
+      role_field:
     resend_confirmation:
       resent_notice: 確定メールがEメールに再送されました。
     create:
@@ -546,6 +559,12 @@ ja:
     destroy:
       removed_notice: "%{owner_name}は所有者から正常に削除されました"
       failed_notice: gemの唯一の所有者は削除できません。
+    edit:
+      title:
+      role:
+    update:
+      update_current_user_role:
+      success_notice:
     mfa_required: gemでMFAの要件が有効化されているため、アカウントにMFAを設定してください。
   settings:
     edit:
@@ -977,4 +996,4 @@ ja:
         api_key_scopes: スコープ：%{scopes}
         api_key_gem_html: 'gem: %{gem}'
         api_key_mfa: 'MFA: %{mfa}'
-        not_required: 必要ではありません
+        not_required: 必要ではありません
\ No newline at end of file
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index cf043b2b4a4..936e48a5b04 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -63,6 +63,10 @@ nl:
         full_name: Voor-en achternaam
         handle: Gebruikersnaam
         password: Wachtwoord
+      ownership/role:
+        owner:
+        admin:
+        maintainer:
       api_key:
         oidc_api_key_role:
       oidc/id_token:
@@ -164,6 +168,7 @@ nl:
       yank_rubygem:
       add_owner:
       remove_owner:
+      update_owner:
       access_webhooks:
       show_dashboard:
       configure_trusted_publishers:
@@ -332,6 +337,12 @@ nl:
       title:
       subtitle:
       body_html:
+    owner_updated:
+      subject:
+      title:
+      subtitle:
+      body_html:
+      body_text:
     ownerhip_request_closed:
       title:
       subtitle:
@@ -540,6 +551,8 @@ nl:
       confirmed:
       pending:
       confirm_remove:
+      role:
+      role_field:
     resend_confirmation:
       resent_notice:
     create:
@@ -547,6 +560,12 @@ nl:
     destroy:
       removed_notice:
       failed_notice:
+    edit:
+      role:
+      title:
+    update:
+      success_notice:
+      update_current_user_role:
     mfa_required:
   settings:
     edit:
@@ -956,4 +975,4 @@ nl:
         api_key_scopes:
         api_key_gem_html:
         api_key_mfa:
-        not_required:
+        not_required:
\ No newline at end of file
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index 0918fae12c5..a98589a5caa 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -70,6 +70,10 @@ pt-BR:
         full_name: Nome completo
         handle: Usuário
         password: Senha
+      ownership/role:
+        owner:
+        admin:
+        maintainer:
       api_key:
         oidc_api_key_role:
       oidc/id_token:
@@ -171,6 +175,7 @@ pt-BR:
       yank_rubygem:
       add_owner:
       remove_owner:
+      update_owner:
       access_webhooks:
       show_dashboard:
       configure_trusted_publishers:
@@ -344,6 +349,12 @@ pt-BR:
       title:
       subtitle:
       body_html:
+    owner_updated:
+      subject:
+      title:
+      subtitle:
+      body_html:
+      body_text:
     ownerhip_request_closed:
       title:
       subtitle:
@@ -551,6 +562,8 @@ pt-BR:
       confirmed:
       pending:
       confirm_remove:
+      role:
+      role_field:
     resend_confirmation:
       resent_notice:
     create:
@@ -558,6 +571,12 @@ pt-BR:
     destroy:
       removed_notice:
       failed_notice:
+    edit:
+      title:
+      role:
+    update:
+      update_current_user_role:
+      success_notice:
     mfa_required:
   settings:
     edit:
@@ -979,4 +998,4 @@ pt-BR:
         api_key_scopes:
         api_key_gem_html:
         api_key_mfa:
-        not_required:
+        not_required:
\ No newline at end of file
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index 6421206df98..c8c9b2c2b23 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -65,6 +65,10 @@ zh-CN:
         full_name: 全名
         handle: 用户名
         password: 密码
+      ownership/role:
+        owner:
+        admin:
+        maintainer:
       api_key:
         oidc_api_key_role:
       oidc/id_token:
@@ -166,6 +170,7 @@ zh-CN:
       yank_rubygem: 撤回 Gem
       add_owner: 添加 Gem 业主
       remove_owner: 移除（某个）Gem 业主
+      update_owner:
       access_webhooks: 访问后 (Access) Webhook
       show_dashboard: 显示仪表盘
       configure_trusted_publishers:
@@ -337,6 +342,12 @@ zh-CN:
       subtitle: 你好啊，%{user_handle}！
       body_html: <b>您</b>在 RubyGems.org 上对 Gem <strong><a href="https://rubygems.org/gems/%{gem}">%{gem}</a></strong>
         的业主身份已被 <b>%{remover}</b> 移除
+    owner_updated:
+      subject:
+      title:
+      subtitle:
+      body_html:
+      body_text:
     ownerhip_request_closed:
       title: 所有权申请
       subtitle: 你好啊，%{hand}！
@@ -545,6 +556,8 @@ zh-CN:
       confirmed: 已批准
       pending: 待定
       confirm_remove: 您确定您想要从业主中移除该用户吗？
+      role:
+      role_field:
     resend_confirmation:
       resent_notice: 一封确认邮件已被重新发送到您的邮箱中
     create:
@@ -552,6 +565,12 @@ zh-CN:
     destroy:
       removed_notice: "%{owner_name} 已成功从业主中移除"
       failed_notice: 不能删除该 Gem 的唯一业主
+    edit:
+      role:
+      title:
+    update:
+      success_notice:
+      update_current_user_role:
     mfa_required: 该 Gem 已启用多因素验证，请在您的帐户上设置多因素验证。
   settings:
     edit:
@@ -970,4 +989,4 @@ zh-CN:
         api_key_scopes:
         api_key_gem_html:
         api_key_mfa:
-        not_required:
+        not_required:
\ No newline at end of file
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index a2f84c0ded2..38c6ad49a77 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -64,6 +64,10 @@ zh-TW:
         full_name: 全名
         handle: 帳號
         password: 密碼
+      ownership/role:
+        owner:
+        admin:
+        maintainer:
       api_key:
         oidc_api_key_role: OIDC API 金鑰角色
       oidc/id_token:
@@ -165,6 +169,7 @@ zh-TW:
       yank_rubygem: 移除 rubygem
       add_owner: 新增擁有者
       remove_owner: 移除擁有者
+      update_owner:
       access_webhooks: 存取 Webhooks
       show_dashboard: 顯示儀表板
       configure_trusted_publishers:
@@ -332,6 +337,12 @@ zh-TW:
       title:
       subtitle: 嗨 %{user_handle}！
       body_html:
+    owner_updated:
+      subject:
+      title:
+      subtitle:
+      body_html:
+      body_text:
     ownerhip_request_closed:
       title: 所有權請求
       subtitle: 嗨 %{handle}！
@@ -540,6 +551,8 @@ zh-TW:
       confirmed: 已確認
       pending: 待確認
       confirm_remove: 您確定要將此使用者從擁有者名單中移除嗎？
+      role:
+      role_field:
     resend_confirmation:
       resent_notice:
     create:
@@ -547,6 +560,12 @@ zh-TW:
     destroy:
       removed_notice:
       failed_notice: 無法移除 Gem 的唯一擁有者
+    edit:
+      role:
+      title:
+    update:
+      update_current_user_role:
+      success_notice:
     mfa_required: Gem 啟用了 MFA 要求，請設定您的帳號的 MFA。
   settings:
     edit:
@@ -961,4 +980,4 @@ zh-TW:
         api_key_scopes:
         api_key_gem_html:
         api_key_mfa:
-        not_required:
+        not_required:
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index fd5871e8c0c..03dd015b3d2 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -87,7 +87,7 @@
           delete :yank, to: "deletions#create"
         end
         constraints rubygem_id: Patterns::ROUTE_PATTERN do
-          resource :owners, only: %i[show create destroy]
+          resource :owners, only: %i[show create edit update destroy]
           resources :trusted_publishers, controller: 'oidc/rubygem_trusted_publishers', only: %i[index create destroy show]
         end
       end
@@ -211,7 +211,7 @@
         get '/dependencies', to: 'dependencies#show', constraints: { format: /json|html/ }
       end
       resources :reverse_dependencies, only: %i[index]
-      resources :owners, only: %i[index destroy create], param: :handle do
+      resources :owners, only: %i[index destroy edit update create], param: :handle do
         get 'confirm', to: 'owners#confirm', as: :confirm, on: :collection
         get 'resend_confirmation', to: 'owners#resend_confirmation', as: :resend_confirmation, on: :collection
       end
diff --git a/db/migrate/20240802151324_add_role_to_ownership.rb b/db/migrate/20240802151324_add_role_to_ownership.rb
new file mode 100644
index 00000000000..236a6040c4d
--- /dev/null
+++ b/db/migrate/20240802151324_add_role_to_ownership.rb
@@ -0,0 +1,5 @@
+class AddRoleToOwnership < ActiveRecord::Migration[7.1]
+  def change
+    add_column :ownerships, :role, :integer, null: false, default: 70 # Access::OWNER
+  end
+end
diff --git a/db/migrate/20240917042436_add_role_to_memberships.rb b/db/migrate/20240917042436_add_role_to_memberships.rb
new file mode 100644
index 00000000000..1a1d311325a
--- /dev/null
+++ b/db/migrate/20240917042436_add_role_to_memberships.rb
@@ -0,0 +1,5 @@
+class AddRoleToMemberships < ActiveRecord::Migration[7.1]
+  def change
+    add_column :memberships, :role, :integer, null: false, default: 50 # Access::MAINTAINER
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 8fbfefc8343..fe03e03761d 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_07_22_182907) do
+ActiveRecord::Schema[7.1].define(version: 2024_09_17_042436) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "hstore"
   enable_extension "pgcrypto"
@@ -337,6 +337,7 @@
     t.datetime "confirmed_at", precision: nil
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.integer "role", default: 50, null: false
     t.index ["organization_id"], name: "index_memberships_on_organization_id"
     t.index ["user_id", "organization_id"], name: "index_memberships_on_user_id_and_organization_id", unique: true
     t.index ["user_id"], name: "index_memberships_on_user_id"
@@ -455,6 +456,7 @@
     t.boolean "owner_notifier", default: true, null: false
     t.integer "authorizer_id"
     t.boolean "ownership_request_notifier", default: true, null: false
+    t.integer "role", default: 70, null: false
     t.index ["rubygem_id"], name: "index_ownerships_on_rubygem_id"
     t.index ["user_id", "rubygem_id"], name: "index_ownerships_on_user_id_and_rubygem_id", unique: true
   end
diff --git a/lib/access.rb b/lib/access.rb
new file mode 100644
index 00000000000..12316b95d03
--- /dev/null
+++ b/lib/access.rb
@@ -0,0 +1,27 @@
+module Access
+  MAINTAINER = 50
+  OWNER = 70
+  ADMIN = 90
+
+  DEFAULT_ROLE = "owner".freeze
+
+  ROLES = {
+    "maintainer" => MAINTAINER,
+    "owner" => OWNER,
+    "admin" => ADMIN
+  }.with_indifferent_access.freeze
+
+  def self.flag_for_role(role)
+    ROLES.fetch(role)
+  end
+
+  def self.with_minimum_role(role)
+    Range.new(flag_for_role(role), nil)
+  end
+
+  def self.role_for_flag(flag)
+    ROLES.key(flag)&.inquiry.tap do |role|
+      raise ArgumentError, "Unknown role flag: #{flag}" if role.blank?
+    end
+  end
+end
diff --git a/test/factories/memberships.rb b/test/factories/memberships.rb
index 7b586fb30f4..5920d25336f 100644
--- a/test/factories/memberships.rb
+++ b/test/factories/memberships.rb
@@ -3,5 +3,14 @@
     user
     organization
     confirmed_at { Time.zone.now }
+    role { :maintainer }
+
+    trait :owner do
+      role { :owner }
+    end
+
+    trait :admin do
+      role { :admin }
+    end
   end
 end
diff --git a/test/factories/organizations.rb b/test/factories/organizations.rb
index 1a520024daa..77155e05655 100644
--- a/test/factories/organizations.rb
+++ b/test/factories/organizations.rb
@@ -1,9 +1,29 @@
 FactoryBot.define do
   factory :organization do
+    transient do
+      owners { [] }
+      admins { [] }
+      maintainers { [] }
+    end
+
     handle
     name
     deleted_at { nil }
 
+    after(:create) do |organization, evaluator|
+      evaluator.owners.each do |user|
+        create(:membership, user: user, organization: organization, role: :owner)
+      end
+
+      evaluator.admins.each do |user|
+        create(:membership, user: user, organization: organization, role: :admin)
+      end
+
+      evaluator.maintainers.each do |user|
+        create(:membership, user: user, organization: organization, role: :maintainer)
+      end
+    end
+
     trait :with_members do
       memberships { build_list(:membership, 2) }
     end
diff --git a/test/factories/ownership.rb b/test/factories/ownership.rb
index 196cb80382a..9931e2754e2 100644
--- a/test/factories/ownership.rb
+++ b/test/factories/ownership.rb
@@ -4,8 +4,14 @@
     user
     confirmed_at { Time.current }
     authorizer { association :user }
+    role { :owner }
+
     trait :unconfirmed do
       confirmed_at { nil }
     end
+
+    trait :maintainer do
+      role { :maintainer }
+    end
   end
 end
diff --git a/test/factories/rubygem.rb b/test/factories/rubygem.rb
index 78224af58d9..285e833a735 100644
--- a/test/factories/rubygem.rb
+++ b/test/factories/rubygem.rb
@@ -2,6 +2,7 @@
   factory :rubygem do
     transient do
       owners { [] }
+      maintainers { [] }
       number { nil }
       downloads { 0 }
     end
@@ -18,7 +19,11 @@
 
     after(:create) do |rubygem, evaluator|
       evaluator.owners.each do |owner|
-        create(:ownership, rubygem: rubygem, user: owner)
+        create(:ownership, rubygem: rubygem, user: owner, role: :owner)
+      end
+
+      evaluator.maintainers.each do |maintainer|
+        create(:ownership, rubygem: rubygem, user: maintainer, role: :maintainer)
       end
 
       create(:version, rubygem: rubygem, number: evaluator.number) if evaluator.number
diff --git a/test/functional/api/v1/owners_controller_test.rb b/test/functional/api/v1/owners_controller_test.rb
index c0755b85999..e1164f85882 100644
--- a/test/functional/api/v1/owners_controller_test.rb
+++ b/test/functional/api/v1/owners_controller_test.rb
@@ -2,6 +2,7 @@
 
 class Api::V1::OwnersControllerTest < ActionController::TestCase
   include ActiveJob::TestHelper
+  include ActionMailer::TestHelper
 
   def self.should_respond_to(format)
     should "route GET show with #{format.to_s.upcase}" do
@@ -518,6 +519,39 @@ def self.should_respond_to(format)
           end
         end
       end
+
+      context "when not supplying a role" do
+        should "set a default role" do
+          post :create, params: { rubygem_id: @rubygem.slug, email: @second_user.display_id }
+
+          assert_equal 200, @response.status
+          assert_predicate Ownership.find_by(user: @second_user, rubygem: @rubygem), :owner?
+        end
+      end
+
+      context "given a role" do
+        should "set the role for the given user" do
+          post :create, params: { rubygem_id: @rubygem.slug, email: @second_user.display_id, role: :maintainer }
+
+          assert_equal 200, @response.status
+          assert_predicate Ownership.find_by(user: @second_user, rubygem: @rubygem), :maintainer?
+        end
+      end
+
+      context "when given an invalid role" do
+        should "raise an error" do
+          post :create, params: { rubygem_id: @rubygem.slug, email: @second_user.display_id, role: :invalid }
+
+          assert_equal 422, @response.status
+          assert_equal "Role is not included in the list", @response.body
+        end
+
+        should "not create the ownership" do
+          post :create, params: { rubygem_id: @rubygem.slug, email: @second_user.email, role: :invalid }
+
+          assert_nil @rubygem.ownerships.find_by(user: @second_user)
+        end
+      end
     end
 
     context "without add owner api key scope" do
@@ -927,4 +961,80 @@ def self.should_respond_to(format)
 
     assert_equal "This rubygem could not be found.", @response.body
   end
+
+  should "route PUT /api/v1/gems/rubygem/owners.yaml" do
+    route = { controller: "api/v1/owners",
+              action: "update",
+              rubygem_id: "rails",
+              format: "yaml" }
+
+    assert_recognizes(route, path: "/api/v1/gems/rails/owners.yaml", method: :put)
+  end
+
+  context "on PATCH to owner gem" do
+    setup do
+      @owner = create(:user)
+      @maintainer = create(:user)
+      @rubygem = create(:rubygem, owners: [@owner])
+
+      @api_key = create(:api_key, key: "12223", scopes: %i[update_owner], owner: @owner, rubygem: @rubygem)
+      @request.env["HTTP_AUTHORIZATION"] = "12223"
+    end
+
+    should "set the maintainer to a lower access level" do
+      ownership = create(:ownership, user: @maintainer, rubygem: @rubygem, role: :owner)
+
+      patch :update, params: { rubygem_id: @rubygem.slug, email: @maintainer.email, role: :maintainer }
+
+      assert_response :success
+      assert_predicate ownership.reload, :maintainer?
+      assert_enqueued_email_with OwnersMailer, :owner_updated, params: { ownership: ownership }
+    end
+
+    context "when the current user is changing their own role" do
+      should "forbid changing the role" do
+        patch :update, params: { rubygem_id: @rubygem.slug, email: @owner.email, role: :maintainer }
+
+        ownership = @rubygem.ownerships.find_by(user: @owner)
+
+        assert_response :forbidden
+        assert_predicate ownership.reload, :owner?
+      end
+    end
+
+    context "when the role is invalid" do
+      should "return a bad request response with the error message" do
+        ownership = create(:ownership, user: @maintainer, rubygem: @rubygem, role: :maintainer)
+
+        patch :update, params: { rubygem_id: @rubygem.slug, email: @maintainer.email, role: :invalid }
+
+        assert_response :unprocessable_entity
+        assert_equal "Role is not included in the list", @response.body
+        assert_predicate ownership.reload, :maintainer?
+      end
+    end
+
+    context "when the owner is not found" do
+      context "when the update is authorized" do
+        should "return a not found response" do
+          patch :update, params: { rubygem_id: @rubygem.slug, email: "notauser", role: :owner }
+
+          assert_response :not_found
+          assert_equal "Owner could not be found.", @response.body
+        end
+      end
+
+      context "when the update is not authorized" do
+        should "return a forbidden response" do
+          @api_key = create(:api_key, key: "99999", scopes: %i[push_rubygem], owner: @owner)
+          @request.env["HTTP_AUTHORIZATION"] = "99999"
+
+          patch :update, params: { rubygem_id: @rubygem.slug, email: "notauser", role: :owner }
+
+          assert_response :forbidden
+          assert_equal "This API key cannot perform the specified action on this gem.", @response.body
+        end
+      end
+    end
+  end
 end
diff --git a/test/functional/owners_controller_test.rb b/test/functional/owners_controller_test.rb
index 30cbb604abc..7cbc4e78dfd 100644
--- a/test/functional/owners_controller_test.rb
+++ b/test/functional/owners_controller_test.rb
@@ -39,11 +39,8 @@ class OwnersControllerTest < ActionController::TestCase
           get :index, params: { rubygem_id: @rubygem.name }
         end
 
-        should respond_with :forbidden
-
-        should "render forbidden message" do
-          assert page.has_content?("Forbidden")
-        end
+        should redirect_to("gem info page") { rubygem_path(@rubygem.slug) }
+        should set_flash[:alert].to "Forbidden"
       end
     end
 
@@ -52,7 +49,7 @@ class OwnersControllerTest < ActionController::TestCase
         context "with invalid handle" do
           setup do
             perform_enqueued_jobs only: ActionMailer::MailDeliveryJob do
-              post :create, params: { handle: "no_user", rubygem_id: @rubygem.name }
+              post :create, params: { handle: "no_user", rubygem_id: @rubygem.name, role: :owner }
             end
           end
 
@@ -72,7 +69,7 @@ class OwnersControllerTest < ActionController::TestCase
         context "with valid handle" do
           setup do
             @new_owner = create(:user)
-            post :create, params: { handle: @new_owner.display_id, rubygem_id: @rubygem.name }
+            post :create, params: { handle: @new_owner.display_id, rubygem_id: @rubygem.name, role: :owner }
           end
 
           should redirect_to("ownerships index") { rubygem_owners_path(@rubygem.slug) }
@@ -132,7 +129,7 @@ class OwnersControllerTest < ActionController::TestCase
           context "owner has enabled mfa" do
             setup do
               @user.enable_totp!(ROTP::Base32.random_base32, :ui_and_api)
-              post :create, params: { handle: @new_owner.display_id, rubygem_id: @rubygem.name }
+              post :create, params: { handle: @new_owner.display_id, rubygem_id: @rubygem.name, role: :owner }
             end
 
             should redirect_to("ownerships index") { rubygem_owners_path(@rubygem.slug) }
@@ -144,6 +141,19 @@ class OwnersControllerTest < ActionController::TestCase
               assert_equal expected_notice, flash[:notice]
             end
           end
+
+          context "with invalid role" do
+            setup do
+              @user.enable_totp!(ROTP::Base32.random_base32, :ui_and_api)
+              post :create, params: { handle: @new_owner.display_id, rubygem_id: @rubygem.name, role: :invalid }
+            end
+
+            should render_template :index
+
+            should "set alert notice flash" do
+              assert_equal "Role is not included in the list", flash[:alert]
+            end
+          end
         end
       end
 
@@ -154,7 +164,8 @@ class OwnersControllerTest < ActionController::TestCase
           post :create, params: { handle: @other_user.display_id, rubygem_id: @rubygem.name }
         end
 
-        should respond_with :forbidden
+        should redirect_to("gem info page") { rubygem_path(@rubygem.slug) }
+        should set_flash[:alert].to "Forbidden"
 
         should "not add other user as owner" do
           refute_includes @rubygem.owners_including_unconfirmed, @other_user
@@ -179,6 +190,7 @@ class OwnersControllerTest < ActionController::TestCase
               delete :destroy, params: { rubygem_id: @rubygem.name, handle: @second_user.display_id }
             end
           end
+
           should redirect_to("ownership index") { rubygem_owners_path(@rubygem.slug) }
 
           should "remove the ownership record" do
@@ -218,15 +230,10 @@ class OwnersControllerTest < ActionController::TestCase
               delete :destroy, params: { rubygem_id: @rubygem.name, handle: @last_owner.display_id }
             end
           end
-          should respond_with :forbidden
+          should set_flash.now[:alert].to "Can't remove the only owner of the gem"
 
           should "not remove the ownership record" do
             assert_includes @rubygem.owners_including_unconfirmed, @last_owner
-          end
-          should "should flash error" do
-            assert_equal "Can't remove the only owner of the gem", flash[:alert]
-          end
-          should "not send email notifications about owner removal" do
             assert_emails 0
           end
         end
@@ -280,7 +287,7 @@ class OwnersControllerTest < ActionController::TestCase
           delete :destroy, params: { rubygem_id: @rubygem.name, handle: @last_owner.display_id }
         end
 
-        should respond_with :forbidden
+        should redirect_to("gem info page") { rubygem_path(@rubygem.slug) }
 
         should "not remove user as owner" do
           assert_includes @rubygem.owners, @last_owner
@@ -344,6 +351,113 @@ class OwnersControllerTest < ActionController::TestCase
         end
       end
     end
+
+    context "on GET edit ownership" do
+      setup do
+        @owner = create(:user)
+        @maintainer = create(:user)
+        @rubygem = create(:rubygem, owners: [@owner, @maintainer])
+
+        verified_sign_in_as(@owner)
+      end
+
+      context "when editing another owner's role" do
+        setup do
+          get :edit, params: { rubygem_id: @rubygem.name, handle: @maintainer.display_id }
+        end
+
+        should respond_with :success
+        should render_template :edit
+      end
+
+      context "when editing your own role" do
+        setup do
+          get :edit, params: { rubygem_id: @rubygem.name, handle: @owner.display_id }
+        end
+
+        should redirect_to("gem info page") { rubygem_path(@rubygem.slug) }
+        should set_flash[:alert].to "Can't update your own Role"
+      end
+    end
+
+    context "on PATCH to update ownership" do
+      setup do
+        @owner = create(:user)
+        @maintainer = create(:user)
+        @rubygem = create(:rubygem, owners: [@owner, @maintainer])
+
+        verified_sign_in_as(@owner)
+        patch :update, params: { rubygem_id: @rubygem.name, handle: @maintainer.display_id, role: :maintainer }
+      end
+
+      should redirect_to("rubygem show") { rubygem_owners_path(@rubygem.slug) }
+
+      should "set success notice flash" do
+        assert_equal "#{@maintainer.name} was succesfully updated.", flash[:notice]
+      end
+
+      should "downgrade the ownership to a maintainer role" do
+        ownership = Ownership.find_by(rubygem: @rubygem, user: @maintainer)
+
+        assert_predicate ownership, :maintainer?
+        assert_enqueued_email_with OwnersMailer, :owner_updated, params: { ownership: ownership, authorizer: @owner }
+      end
+    end
+
+    context "when updating ownership without role" do
+      setup do
+        @owner = create(:user)
+        @maintainer = create(:user)
+        @rubygem = create(:rubygem, owners: [@owner, @maintainer])
+
+        verified_sign_in_as(@owner)
+        patch :update, params: { rubygem_id: @rubygem.name, handle: @maintainer.display_id }
+      end
+
+      should redirect_to("ownerships index") { rubygem_owners_path(@rubygem.slug) }
+
+      should "not update the role" do
+        ownership = Ownership.find_by(rubygem: @rubygem, user: @maintainer)
+
+        assert_predicate ownership, :owner?
+      end
+    end
+
+    context "when updating ownership with invalid role" do
+      setup do
+        @owner = create(:user)
+        @maintainer = create(:user)
+        @rubygem = create(:rubygem, owners: [@owner, @maintainer])
+
+        verified_sign_in_as(@owner)
+        patch :update, params: { rubygem_id: @rubygem.name, handle: @maintainer.display_id, role: :invalid }
+      end
+
+      should respond_with :unprocessable_content
+
+      should "set error flash message" do
+        assert_equal "Role is not included in the list", flash[:alert]
+      end
+    end
+
+    context "when updating the role of currently signed in user" do
+      setup do
+        @owner = create(:user)
+        @rubygem = create(:rubygem)
+        @ownership = create(:ownership, user: @owner, rubygem: @rubygem, role: :owner)
+
+        verified_sign_in_as(@owner)
+        patch :update, params: { rubygem_id: @rubygem.name, handle: @owner.display_id, role: :maintainer }
+      end
+
+      should "not update the ownership of the current user" do
+        assert_predicate @ownership.reload, :owner?
+      end
+
+      should "set notice flash message" do
+        assert_equal "Can't update your own Role", flash[:alert]
+      end
+    end
   end
 
   context "when logged in and unverified" do
@@ -366,7 +480,7 @@ class OwnersControllerTest < ActionController::TestCase
     context "on POST to create ownership" do
       setup do
         @new_owner = create(:user)
-        post :create, params: { handle: @new_owner.display_id, rubygem_id: @rubygem.name }
+        post :create, params: { handle: @new_owner.display_id, rubygem_id: @rubygem.name, role: :owner }
       end
 
       should redirect_to("sessions#verify") { verify_session_path }
@@ -386,9 +500,31 @@ class OwnersControllerTest < ActionController::TestCase
       should redirect_to("sessions#verify") { verify_session_path }
       should use_before_action(:redirect_to_verify)
 
-      should "remove the ownership record" do
-        assert_includes @rubygem.owners_including_unconfirmed, @second_user
+      should "not remove the ownership record" do
+        assert_includes @rubygem.owners, @second_user
+      end
+    end
+
+    context "on GET to edit" do
+      setup do
+        @second_user = create(:user)
+        @ownership = create(:ownership, :unconfirmed, rubygem: @rubygem, user: @second_user)
+        get :edit, params: { rubygem_id: @rubygem.name, handle: @second_user.display_id }
+      end
+
+      should redirect_to("sessions#verify") { verify_session_path }
+      should use_before_action(:redirect_to_verify)
+    end
+
+    context "on PATCH to update" do
+      setup do
+        @second_user = create(:user)
+        @ownership = create(:ownership, :unconfirmed, rubygem: @rubygem, user: @second_user, role: :owner)
+        patch :update, params: { rubygem_id: @rubygem.name, handle: @second_user.display_id, role: :maintainer }
       end
+
+      should redirect_to("sessions#verify") { verify_session_path }
+      should use_before_action(:redirect_to_verify)
     end
   end
 
@@ -485,5 +621,27 @@ class OwnersControllerTest < ActionController::TestCase
         assert redirect_to("sign in") { sign_in_path }
       end
     end
+
+    context "on EDIT to update owner" do
+      setup do
+        create(:ownership, rubygem: @rubygem, user: @user)
+        get :edit, params: { rubygem_id: @rubygem.name, handle: @user.display_id }
+      end
+
+      should "redirect to sign in path" do
+        assert redirect_to("sign in") { sign_in_path }
+      end
+    end
+
+    context "on PATCH to update owner" do
+      setup do
+        create(:ownership, rubygem: @rubygem, user: @user)
+        patch :update, params: { rubygem_id: @rubygem.name, handle: @user.display_id, role: :owner }
+      end
+
+      should "redirect to sign in path" do
+        assert redirect_to("sign in") { sign_in_path }
+      end
+    end
   end
 end
diff --git a/test/integration/owner_test.rb b/test/integration/owner_test.rb
index d7aa11e91bb..e13015369cc 100644
--- a/test/integration/owner_test.rb
+++ b/test/integration/owner_test.rb
@@ -256,6 +256,44 @@ class OwnerTest < SystemTest
     refute page.has_content? @other_user.handle
   end
 
+  test "updating user to maintainer role" do
+    maintainer = create(:user)
+    create(:ownership, user: maintainer, rubygem: @rubygem)
+
+    visit_ownerships_page
+
+    within_element owner_row(maintainer) do
+      click_button "Edit"
+    end
+
+    select "Maintainer", from: "role"
+
+    click_button "Update"
+
+    assert_cell maintainer, "Role", "Maintainer"
+  end
+
+  test "editing the ownership of the current user" do
+    visit_ownerships_page
+
+    within_element owner_row(@user) do
+      assert_selector "button[disabled]", text: "Edit"
+    end
+  end
+
+  test "creating new owner with maintainer role" do
+    maintainer = create(:user)
+
+    visit_ownerships_page
+
+    fill_in "Handle", with: maintainer.handle
+    select "Maintainer", from: "role"
+
+    click_button "Add Owner"
+
+    assert_cell maintainer, "Role", "Maintainer"
+  end
+
   teardown do
     @authenticator&.remove!
     Capybara.reset_sessions!
diff --git a/test/lib/access_test.rb b/test/lib/access_test.rb
new file mode 100644
index 00000000000..1173c5f54f6
--- /dev/null
+++ b/test/lib/access_test.rb
@@ -0,0 +1,40 @@
+require "test_helper"
+
+class AccessTest < ActiveSupport::TestCase
+  context ".role_for_flag" do
+    should "return the role for a given permission flag" do
+      assert_equal "owner", Access.role_for_flag(Access::OWNER)
+    end
+
+    context "when the permission flag does not exist" do
+      should "raise an error" do
+        assert_raises(ArgumentError) { Access.role_for_flag(999) }
+      end
+    end
+  end
+
+  context ".flag_for_role" do
+    should "return the role for a given permission flag" do
+      assert_equal Access::OWNER, Access.flag_for_role("owner")
+    end
+
+    should "cast the given input into the correct type" do
+      assert_equal Access::OWNER, Access.flag_for_role(:owner)
+    end
+
+    context "when the role does not exist" do
+      should "raise an error" do
+        assert_raises(KeyError) { Access.flag_for_role("unknown") }
+      end
+    end
+  end
+
+  context ".with_minimum_role" do
+    should "return the range of roles for a given permission flag" do
+      assert_equal Range.new(Access::OWNER, nil), Access.with_minimum_role("owner")
+      refute_includes Access.with_minimum_role("owner"), Access::MAINTAINER
+      assert_includes Access.with_minimum_role("owner"), Access::OWNER
+      assert_includes Access.with_minimum_role("owner"), Access::ADMIN
+    end
+  end
+end
diff --git a/test/mailers/owners_test.rb b/test/mailers/owners_test.rb
new file mode 100644
index 00000000000..a4bd094fd7d
--- /dev/null
+++ b/test/mailers/owners_test.rb
@@ -0,0 +1,20 @@
+require "test_helper"
+
+class OwnersMailerTest < ActionMailer::TestCase
+  setup do
+    @owner = create(:user)
+    @maintainer = create(:user)
+    @rubygem = create(:rubygem, name: "test-gem")
+    @owner_ownership = create(:ownership, rubygem: @rubygem, user: @owner)
+    @maintainer_ownership = create(:ownership, rubygem: @rubygem, user: @maintainer)
+  end
+
+  context "#owner_updated" do
+    should "include host in subject" do
+      email = OwnersMailer.with(ownership: @maintainer_ownership).owner_updated
+
+      assert_emails(1) { email.deliver_now }
+      assert_equal email.subject, "Your role was updated for #{@rubygem.name} gem"
+    end
+  end
+end
diff --git a/test/mailers/previews/mailer_preview.rb b/test/mailers/previews/mailer_preview.rb
index 0f9d7debf59..e2241ae7712 100644
--- a/test/mailers/previews/mailer_preview.rb
+++ b/test/mailers/previews/mailer_preview.rb
@@ -96,6 +96,13 @@ def owner_added
     OwnersMailer.owner_added(user.id, owner.id, authorizer.id, gem.id)
   end
 
+  def owner_updated
+    ownership = Ownership.last
+    owner = User.last
+
+    OwnersMailer.with(ownership: ownership, authorizer: owner).owner_updated
+  end
+
   def api_key_created
     api_key = ApiKey.where(owner_type: "User").last
     Mailer.api_key_created(api_key.id)
diff --git a/test/models/membership_test.rb b/test/models/membership_test.rb
index 194cbde5da8..08d0bedce0b 100644
--- a/test/models/membership_test.rb
+++ b/test/models/membership_test.rb
@@ -22,4 +22,10 @@ class MembershipTest < ActiveSupport::TestCase
     assert_predicate(membership, :confirmed?)
     assert_equal(Membership.confirmed, [membership])
   end
+
+  should "have a default role" do
+    membership = Membership.create!(organization: @organization, user: @user)
+
+    assert_predicate membership, :maintainer?
+  end
 end
diff --git a/test/models/ownership_test.rb b/test/models/ownership_test.rb
index 1b3e5f1d6c5..963027faecd 100644
--- a/test/models/ownership_test.rb
+++ b/test/models/ownership_test.rb
@@ -1,6 +1,8 @@
 require "test_helper"
 
 class OwnershipTest < ActiveSupport::TestCase
+  include ActionMailer::TestHelper
+
   should "be valid with factory" do
     assert_predicate build(:ownership), :valid?
   end
@@ -123,6 +125,41 @@ class OwnershipTest < ActiveSupport::TestCase
     end
   end
 
+  context "#update" do
+    context "when updating the role" do
+      setup do
+        @actor = create(:user)
+        @ownership = create(:ownership, role: :owner)
+
+        Current.user = @actor
+      end
+
+      should "record an event" do
+        @ownership.update!(role: :maintainer)
+
+        event = @ownership.rubygem.events.last
+        attributes = {
+          "user_agent_info" => nil,
+          "owner" => @ownership.user.display_handle,
+          "updated_by" => @actor.display_handle,
+          "actor_gid" => @actor.to_gid,
+          "owner_gid" => @ownership.user.to_gid,
+          "previous_role" => "owner",
+          "current_role" => "maintainer"
+        }
+
+        assert_equal "rubygem:owner:role_updated", event.tag
+        assert_equal attributes, event.additional.attributes
+      end
+
+      should "enqueue the owner updated email" do
+        assert_enqueued_emails 1 do
+          @ownership.update!(role: :maintainer)
+        end
+      end
+    end
+  end
+
   context "#valid_confirmation_token?" do
     setup do
       @ownership = create(:ownership)
@@ -165,14 +202,12 @@ class OwnershipTest < ActiveSupport::TestCase
     end
 
     should "find owner by matching handle/id" do
-      assert_equal @ownership, @rubygem.ownerships.find_by_owner_handle!(@user.handle)
-      assert_equal @ownership, @rubygem.ownerships.find_by_owner_handle!(@user)
+      assert_equal @ownership, @rubygem.ownerships.find_by_owner_handle(@user.handle)
+      assert_equal @ownership, @rubygem.ownerships.find_by_owner_handle(@user)
     end
 
-    should "raise not found" do
-      assert_raise ActiveRecord::RecordNotFound do
-        @rubygem.ownerships.find_by_owner_handle!("wrong user")
-      end
+    should "return nil" do
+      assert_nil @rubygem.ownerships.find_by_owner_handle("wronguser")
     end
   end
 
@@ -248,4 +283,26 @@ class OwnershipTest < ActiveSupport::TestCase
       refute_predicate @ownership, :unconfirmed?
     end
   end
+
+  context "#role" do
+    setup do
+      @ownership = create(:ownership)
+    end
+
+    should "set a default role" do
+      assert_predicate @ownership, :owner?
+    end
+  end
+
+  context "#user_with_minimum_role" do
+    setup do
+      @user = create(:user)
+      @ownership = create(:ownership, user: @user, role: :owner)
+    end
+
+    should "return the ownerships with a role less than or equal to the given role" do
+      assert_includes Ownership.user_with_minimum_role(@user, :owner), @ownership
+      assert_includes Ownership.user_with_minimum_role(@user, :maintainer), @ownership
+    end
+  end
 end
diff --git a/test/models/rubygem_test.rb b/test/models/rubygem_test.rb
index 68626ff4a44..f27fe34e490 100644
--- a/test/models/rubygem_test.rb
+++ b/test/models/rubygem_test.rb
@@ -1180,4 +1180,63 @@ class RubygemTest < ActiveSupport::TestCase
       refute_predicate @version_three, :yanked?
     end
   end
+
+  context "#owned_by_with_role?" do
+    setup do
+      @rubygem = create(:rubygem)
+      @owner = create(:user)
+    end
+
+    context "when the user is not an owner of a gem" do
+      should "return false" do
+        refute @rubygem.owned_by_with_role?(@owner, :maintainer)
+      end
+    end
+
+    context "when the user is an owner of a gem" do
+      setup do
+        @ownership = create(:ownership, user: @owner, rubygem: @rubygem)
+      end
+
+      should "return true" do
+        assert @rubygem.owned_by_with_role?(@owner, :maintainer)
+      end
+    end
+
+    context "when the role is less than the given value" do
+      setup do
+        @ownership = create(:ownership, user: @owner, rubygem: @rubygem, role: :maintainer)
+      end
+
+      should "return false" do
+        refute @rubygem.owned_by_with_role?(@owner, :owner)
+      end
+    end
+
+    context "when the role is more than the given value" do
+      setup do
+        @ownership = create(:ownership, user: @owner, rubygem: @rubygem, role: :owner)
+      end
+
+      should "return true" do
+        assert @rubygem.owned_by_with_role?(@owner, :maintainer)
+      end
+    end
+
+    context "when the role is equal to the given role" do
+      setup do
+        @ownership = create(:ownership, user: @owner, rubygem: @rubygem, role: :owner)
+      end
+
+      should "return true" do
+        assert @rubygem.owned_by_with_role?(@owner, :owner)
+      end
+    end
+
+    context "when the given role does not exist" do
+      should "not raise an argument" do
+        refute @rubygem.owned_by_with_role?(@owner, :nonexistent_role)
+      end
+    end
+  end
 end
diff --git a/test/policies/api/ownership_policy_test.rb b/test/policies/api/ownership_policy_test.rb
new file mode 100644
index 00000000000..d0641f6533e
--- /dev/null
+++ b/test/policies/api/ownership_policy_test.rb
@@ -0,0 +1,31 @@
+require "test_helper"
+
+class Api::OwnershipPolicyTest < ApiPolicyTestCase
+  setup do
+    @owner = create(:user, handle: "owner")
+    @user = create(:user, handle: "user")
+    @rubygem = create(:rubygem, owners: [@owner])
+
+    @record = create(:ownership, rubygem: @rubygem, user: @user, authorizer: @owner)
+
+    OwnershipPolicy.any_instance.stubs(
+      update?: true,
+      destroy?: true
+    )
+  end
+
+  def policy!(api_key)
+    Pundit.policy!(api_key, [:api, @record])
+  end
+
+  context "#update?" do
+    scope = :update_owner
+    action = :update?
+
+    should_require_user_key scope, action
+    should_require_mfa scope, action
+    should_require_scope scope, action
+    should_require_rubygem_scope scope, action
+    should_delegate_to_policy scope, action, OwnershipPolicy
+  end
+end
diff --git a/test/policies/organization_policy_test.rb b/test/policies/organization_policy_test.rb
new file mode 100644
index 00000000000..d65ac86769a
--- /dev/null
+++ b/test/policies/organization_policy_test.rb
@@ -0,0 +1,86 @@
+require "test_helper"
+class OrganisationPolicyTest < PolicyTestCase
+  setup do
+    @owner = create(:user)
+    @admin = create(:user)
+    @maintainer = create(:user)
+    @guest = create(:user)
+    @organization = create(:organization, owners: [@owner], admins: [@admin], maintainers: [@maintainer])
+  end
+
+  def policy!(user)
+    Pundit.policy!(user, @organization)
+  end
+
+  context "#update?" do
+    should "only be authorized if the user is an owner" do
+      assert_authorized @owner, :update?
+      assert_authorized @admin, :update?
+      refute_authorized @maintainer, :update?
+      refute_authorized @guest, :update?
+    end
+  end
+
+  context "add_gem?" do
+    should "only be authorized if the user is an owner" do
+      assert_authorized @owner, :add_gem?
+      assert_authorized @admin, :add_gem?
+      refute_authorized @maintainer, :add_gem?
+      refute_authorized @guest, :add_gem?
+    end
+  end
+
+  context "#remove_gem?" do
+    should "only be authorized if the user is an owner" do
+      assert_authorized @owner, :remove_gem?
+      assert_authorized @admin, :remove_gem?
+      refute_authorized @maintainer, :remove_gem?
+      refute_authorized @guest, :remove_gem?
+    end
+  end
+
+  context "#add_membership?" do
+    should "only be authorized if the user is an owner" do
+      assert_authorized @owner, :add_membership?
+      assert_authorized @admin, :add_membership?
+      refute_authorized @maintainer, :add_membership?
+      refute_authorized @guest, :add_membership?
+    end
+  end
+
+  context "#update_membership?" do
+    should "only be authorized if the user is an owner" do
+      assert_authorized @owner, :update_membership?
+      assert_authorized @admin, :update_membership?
+      refute_authorized @maintainer, :update_membership?
+      refute_authorized @guest, :update_membership?
+    end
+  end
+
+  context "#remove_membership?" do
+    should "only be authorized if the user is an owner" do
+      assert_authorized @owner, :remove_membership?
+      assert_authorized @admin, :remove_membership?
+      refute_authorized @maintainer, :remove_membership?
+      refute_authorized @guest, :remove_membership?
+    end
+  end
+
+  context "#show_membership?" do
+    should "only be authorized if the user is an owner or maintainer" do
+      assert_authorized @owner, :show_membership?
+      assert_authorized @admin, :show_membership?
+      assert_authorized @maintainer, :show_membership?
+      refute_authorized @guest, :show_membership?
+    end
+  end
+
+  context "#list_memberships?" do
+    should "only be authorized if the user is an owner or maintainer" do
+      assert_authorized @owner, :list_memberships?
+      assert_authorized @admin, :list_memberships?
+      assert_authorized @maintainer, :list_memberships?
+      refute_authorized @guest, :list_memberships?
+    end
+  end
+end
diff --git a/test/policies/ownership_policy_test.rb b/test/policies/ownership_policy_test.rb
index b6d77fa0846..2fa68b75d37 100644
--- a/test/policies/ownership_policy_test.rb
+++ b/test/policies/ownership_policy_test.rb
@@ -2,10 +2,13 @@
 
 class OwnershipPolicyTest < ActiveSupport::TestCase
   setup do
-    @authorizer = FactoryBot.create(:user)
-    @rubygem = FactoryBot.create(:rubygem, owners: [@authorizer])
-    @confirmed_ownership = @rubygem.ownerships.first
+    @authorizer = FactoryBot.create(:user, handle: "owner")
+    @maintainer = FactoryBot.create(:user, handle: "maintainer")
+    @rubygem = FactoryBot.create(:rubygem, owners: [@authorizer], maintainers: [@maintainer])
+    @authorizer_ownership = @rubygem.ownerships.first
+    @maintainer_ownership = @maintainer.ownerships.first
     @unconfirmed_ownership = FactoryBot.build(:ownership, :unconfirmed, rubygem: @rubygem, authorizer: @authorizer)
+    @unconfirmed_maintainer_ownership = FactoryBot.build(:ownership, :maintainer, rubygem: @rubygem, authorizer: @authorizer)
 
     @invited = @unconfirmed_ownership.user
     @user = FactoryBot.create(:user)
@@ -15,11 +18,25 @@ def test_create
     assert_predicate Pundit.policy!(@authorizer, @unconfirmed_ownership), :create?
     refute_predicate Pundit.policy!(@invited, @unconfirmed_ownership), :create?
     refute_predicate Pundit.policy!(@user, @unconfirmed_ownership), :create?
+    refute_predicate Pundit.policy!(@maintainer, @maintainer_ownership), :create?
+    refute_predicate Pundit.policy!(@maintainer, @unconfirmed_maintainer_ownership), :create?
+  end
+
+  def test_update
+    assert_predicate Pundit.policy!(@authorizer, @maintainer_ownership), :update?
+    refute_predicate Pundit.policy!(@authorizer, @authorizer_ownership), :update?
+    refute_predicate Pundit.policy!(@invited, @unconfirmed_ownership), :update?
+    refute_predicate Pundit.policy!(@user, @unconfirmed_ownership), :update?
+    refute_predicate Pundit.policy!(@user, @unconfirmed_maintainer_ownership), :update?
+    refute_predicate Pundit.policy!(@maintainer, @maintainer_ownership), :update?
+    refute_predicate Pundit.policy!(@maintainer, @unconfirmed_maintainer_ownership), :update?
   end
 
   def test_destroy
-    assert_predicate Pundit.policy!(@authorizer, @confirmed_ownership), :destroy?
-    refute_predicate Pundit.policy!(@owner, @confirmed_ownership), :destroy?
-    refute_predicate Pundit.policy!(@user, @confirmed_ownership), :destroy?
+    assert_predicate Pundit.policy!(@authorizer, @authorizer_ownership), :destroy?
+    refute_predicate Pundit.policy!(@maintainer, @authorizer_ownership), :destroy?
+    refute_predicate Pundit.policy!(@user, @authorizer_ownership), :destroy?
+    refute_predicate Pundit.policy!(@user, @maintainer_ownership), :destroy?
+    refute_predicate Pundit.policy!(@user, @unconfirmed_maintainer_ownership), :destroy?
   end
 end
diff --git a/test/policies/rubygem_policy_test.rb b/test/policies/rubygem_policy_test.rb
index c5cefe7a214..40b29b2041e 100644
--- a/test/policies/rubygem_policy_test.rb
+++ b/test/policies/rubygem_policy_test.rb
@@ -3,7 +3,8 @@
 class RubygemPolicyTest < PolicyTestCase
   setup do
     @owner = create(:user, handle: "owner")
-    @rubygem = create(:rubygem, owners: [@owner])
+    @maintainer = create(:user, handle: "maintainer")
+    @rubygem = create(:rubygem, owners: [@owner], maintainers: [@maintainer])
     @user = create(:user, handle: "user")
   end
 
@@ -19,14 +20,6 @@ def policy!(user)
     end
   end
 
-  context "#configure_trusted_publishers?" do
-    should "only allow the owner" do
-      assert_authorized @owner, :configure_trusted_publishers?
-      refute_authorized @user, :configure_trusted_publishers?
-      refute_authorized nil, :configure_trusted_publishers?
-    end
-  end
-
   context "#manage_adoption?" do
     should "only allow the owner" do
       assert_authorized @owner, :manage_adoption?
@@ -68,9 +61,18 @@ def policy!(user)
     end
   end
 
+  context "#close_ownership_requests" do
+    should "only allow the owner to close ownership requests" do
+      assert_authorized @owner, :close_ownership_requests?
+      refute_authorized @maintainer, :close_ownership_requests?
+      refute_authorized @user, :close_ownership_requests?
+    end
+  end
+
   context "#show_adoption?" do
     should "be true if the gem is owned by the user" do
       assert_authorized @owner, :show_adoption?
+      refute_authorized @maintainer, :show_adoption?
     end
 
     should "be true if the rubygem is adoptable" do
@@ -83,16 +85,54 @@ def policy!(user)
   context "#show_events?" do
     should "only allow the owner" do
       assert_authorized @owner, :show_events?
+      assert_authorized @maintainer, :show_events?
       refute_authorized @user, :show_events?
       refute_authorized nil, :show_events?
     end
   end
 
+  context "#configure_trusted_publishers?" do
+    should "only allow the owner" do
+      assert_authorized @owner, :configure_trusted_publishers?
+      refute_authorized @maintainer, :configure_trusted_publishers?
+      refute_authorized @user, :configure_trusted_publishers?
+      refute_authorized nil, :configure_trusted_publishers?
+    end
+  end
+
   context "#show_unconfirmed_ownerships?" do
     should "only allow the owner" do
       assert_authorized @owner, :show_unconfirmed_ownerships?
+      refute_authorized @maintainer, :show_unconfirmed_ownerships?
       refute_authorized @user, :show_unconfirmed_ownerships?
       refute_authorized nil, :show_unconfirmed_ownerships?
     end
   end
+
+  context "#add_owner?" do
+    should "only allow the owner" do
+      assert_authorized @owner, :add_owner?
+      refute_authorized @maintainer, :add_owner?
+      refute_authorized @user, :add_owner?
+      refute_authorized nil, :add_owner?
+    end
+  end
+
+  context "#update_owner?" do
+    should "only allow the owner" do
+      assert_authorized @owner, :update_owner?
+      refute_authorized @maintainer, :update_owner?
+      refute_authorized @user, :update_owner?
+      refute_authorized nil, :update_owner?
+    end
+  end
+
+  context "#remove_owner?" do
+    should "only allow the owner" do
+      assert_authorized @owner, :remove_owner?
+      refute_authorized @maintainer, :remove_owner?
+      refute_authorized @user, :remove_owner?
+      refute_authorized nil, :remove_owner?
+    end
+  end
 end
diff --git a/test/policies/rubygem_trusted_publishing_policy_test.rb b/test/policies/rubygem_trusted_publishing_policy_test.rb
new file mode 100644
index 00000000000..953044e4c7a
--- /dev/null
+++ b/test/policies/rubygem_trusted_publishing_policy_test.rb
@@ -0,0 +1,42 @@
+require "test_helper"
+
+class RubygemTrustedPublishingPolicyTest < PolicyTestCase
+  setup do
+    @owner = create(:user, handle: "owner")
+    @maintainer = create(:user, handle: "maintainer")
+    @user = create(:user, handle: "user")
+    @rubygem = create(:rubygem, owners: [@owner], maintainers: [@maintainer])
+    @rubygem_trusted_publisher = create(:oidc_rubygem_trusted_publisher, rubygem: @rubygem)
+  end
+
+  def policy!(user)
+    Pundit.policy!(user, @rubygem_trusted_publisher)
+  end
+
+  context "#show?" do
+    should "only allow the owner" do
+      assert_authorized @owner, :show?
+      refute_authorized @maintainer, :show?
+      refute_authorized @user, :show?
+      refute_authorized nil, :show?
+    end
+  end
+
+  context "create?" do
+    should "only allow the owner" do
+      assert_authorized @owner, :create?
+      refute_authorized @maintainer, :create?
+      refute_authorized @user, :create?
+      refute_authorized nil, :create?
+    end
+  end
+
+  context "#destroy?" do
+    should "only allow the owner" do
+      assert_authorized @owner, :destroy?
+      refute_authorized @maintainer, :destroy?
+      refute_authorized @user, :destroy?
+      refute_authorized nil, :destroy?
+    end
+  end
+end
diff --git a/test/system/avo/rubygems_test.rb b/test/system/avo/rubygems_test.rb
index 2356068849a..1b42ed7206c 100644
--- a/test/system/avo/rubygems_test.rb
+++ b/test/system/avo/rubygems_test.rb
@@ -291,7 +291,8 @@ class Avo::RubygemsSystemTest < ApplicationSystemTestCase
                 "token_expires_at" => [nil, ownership.token_expires_at.as_json],
                 "owner_notifier" => [nil, true],
                 "authorizer_id" => [nil, security_user.id],
-                "ownership_request_notifier" => [nil, true]
+                "ownership_request_notifier" => [nil, true],
+                "role" => [nil, ownership.role]
               },
               "unchanged" => {}
             },

From 2be4f8a9c11c595e488ffb9a3c95f39fb790cdac Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Oct 2024 16:25:37 -0500
Subject: [PATCH 277/381] Bump rack from 3.1.7 to 3.1.8 (#5120)

Bumps [rack](https://github.com/rack/rack) from 3.1.7 to 3.1.8.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/v3.1.7...v3.1.8)

---
updated-dependencies:
- dependency-name: rack
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 0472888c9a8..67bfccd09ae 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -552,7 +552,7 @@ GEM
     pwned (2.3.0)
     raabro (1.4.0)
     racc (1.8.1)
-    rack (3.1.7)
+    rack (3.1.8)
     rack-attack (6.7.0)
       rack (>= 1.0, < 4)
     rack-oauth2 (2.2.1)
@@ -1188,7 +1188,7 @@ CHECKSUMS
   pwned (2.3.0) sha256=63f5a9576f109203684e9dd053f815649fd5bc0a0348b7190568272641b22353
   raabro (1.4.0) sha256=d4fa9ff5172391edb92b242eed8be802d1934b1464061ae5e70d80962c5da882
   racc (1.8.1) sha256=4a7f6929691dbec8b5209a0b373bc2614882b55fc5d2e447a21aaa691303d62f
-  rack (3.1.7) sha256=0e9982db4ea9013326788ca2a7f48e32a4e746765e7c3512d424ef0dd22ae58b
+  rack (3.1.8) sha256=d3fbcbca43dc2b43c9c6d7dfbac01667ae58643c42cea10013d0da970218a1b1
   rack-attack (6.7.0) sha256=3ca47e8f66cd33b2c96af53ea4754525cd928ed3fa8da10ee6dad0277791d77c
   rack-oauth2 (2.2.1) sha256=c73aa87c508043e2258f02b4fb110cacba9b37d2ccf884e22487d014a120d1a5
   rack-protection (4.0.0) sha256=d0db6185caa46a8c0d134c2c6b4803f4f392a67b2984da311409cb505f67bbf6

From b9097cf18a0f03b30e8f590c01b2b1c368d4370d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Oct 2024 16:25:57 -0500
Subject: [PATCH 278/381] Bump derailed_benchmarks from 2.1.2 to 2.2.0 (#5121)

Bumps [derailed_benchmarks](https://github.com/zombocom/derailed_benchmarks) from 2.1.2 to 2.2.0.
- [Changelog](https://github.com/zombocom/derailed_benchmarks/blob/main/CHANGELOG.md)
- [Commits](https://github.com/zombocom/derailed_benchmarks/compare/v2.1.2...v2.2.0)

---
updated-dependencies:
- dependency-name: derailed_benchmarks
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 30 +++++++++++++++++++-----------
 2 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/Gemfile b/Gemfile
index 8e5610a9a73..328c0a93cf6 100644
--- a/Gemfile
+++ b/Gemfile
@@ -122,7 +122,7 @@ group :development do
   gem "listen", "~> 3.9"
   gem "letter_opener", "~> 1.10"
   gem "letter_opener_web", "~> 3.0"
-  gem "derailed_benchmarks", "~> 2.1"
+  gem "derailed_benchmarks", "~> 2.2"
   gem "memory_profiler", "~> 1.1"
 end
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 67bfccd09ae..213cb49888d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -126,7 +126,7 @@ GEM
       aws-eventstream (~> 1, >= 1.0.2)
     base64 (0.2.0)
     bcrypt (3.1.20)
-    benchmark-ips (2.12.0)
+    benchmark-ips (2.14.0)
     better_html (2.1.1)
       actionview (>= 6.0)
       activesupport (>= 6.0)
@@ -199,19 +199,24 @@ GEM
       datadog (~> 2.3)
       msgpack
     date (3.3.4)
-    dead_end (4.0.0)
     debase-ruby_core_source (3.3.1)
-    derailed_benchmarks (2.1.2)
+    derailed_benchmarks (2.2.0)
+      base64
       benchmark-ips (~> 2)
-      dead_end
+      bigdecimal
+      drb
       get_process_mem (~> 0)
       heapy (~> 0)
+      logger
       memory_profiler (>= 0, < 2)
       mini_histogram (>= 0.3.0)
+      mutex_m
+      ostruct
       rack (>= 1)
       rack-test
       rake (> 10, < 14)
-      ruby-statistics (>= 2.1)
+      ruby-statistics (>= 4.0.1)
+      ruby2_keywords
       thor (>= 0.19, < 2)
     diff-lcs (1.5.1)
     discard (1.3.0)
@@ -451,6 +456,7 @@ GEM
     multi_xml (0.7.1)
       bigdecimal (~> 3.1)
     multipart-post (2.4.1)
+    mutex_m (0.2.0)
     net-http (0.4.1)
       uri
     net-imap (0.4.15)
@@ -518,6 +524,7 @@ GEM
     openssl-signature_algorithm (1.3.0)
       openssl (> 2.0)
     optimist (3.1.0)
+    ostruct (0.6.0)
     pagy (8.6.3)
     parallel (1.26.3)
     parser (3.3.5.0)
@@ -692,7 +699,7 @@ GEM
     ruby-magic (0.6.0)
       mini_portile2 (~> 2.8)
     ruby-progressbar (1.13.0)
-    ruby-statistics (3.0.2)
+    ruby-statistics (4.0.1)
     ruby2_keywords (0.0.5)
     rubyzip (2.3.2)
     safety_net_attestation (0.4.0)
@@ -875,7 +882,7 @@ DEPENDENCIES
   dartsass-sprockets (~> 3.1)
   datadog (~> 2.3)
   datadog-ci (~> 1.7)
-  derailed_benchmarks (~> 2.1)
+  derailed_benchmarks (~> 2.2)
   discard (~> 1.3)
   dogstatsd-ruby (~> 5.6)
   dotenv-rails (~> 3.1)
@@ -1005,7 +1012,7 @@ CHECKSUMS
   aws-sigv4 (1.10.0) sha256=159b113dc93f9fa5a13603a8bd09eab54a9a0e8f98e606b47f1cee504780df9c
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507
   bcrypt (3.1.20) sha256=8410f8c7b3ed54a3c00cd2456bf13917d695117f033218e2483b2e40b0784099
-  benchmark-ips (2.12.0) sha256=09dd4d5be05db42470e7e7b01be7310564073a054e35d9d9ec7840c523f3dbcb
+  benchmark-ips (2.14.0) sha256=b72bc8a65d525d5906f8cd94270dccf73452ee3257a32b89fbd6684d3e8a9b1d
   better_html (2.1.1) sha256=046c3551d1488a3f2939a7cac6fabf2bde08c32e135c91fcd683380118e5af55
   bigdecimal (3.1.8) sha256=a89467ed5a44f8ae01824af49cbc575871fa078332e8f77ea425725c1ffe27be
   bindata (2.5.0) sha256=29dccb8ba1cc9de148f24bb88930840c62db56715f0f80eccadd624d9f3d2623
@@ -1037,9 +1044,8 @@ CHECKSUMS
   datadog (2.3.0) sha256=28e28a48dafa4c553ba32b9c4ffe0a9aa40a9795f024279e505b255b84908566
   datadog-ci (1.7.0) sha256=41c064e2c26cfc63fb6767522e5a99fa43ec017be4b2fddfce1ff9073bb6c385
   date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
-  dead_end (4.0.0) sha256=695c8438993bb4c5415b1618a1b6e0afcae849ef2812fb8cb3846723904307eb
   debase-ruby_core_source (3.3.1) sha256=ed904cae290edf0cf274ad707f8981bf1cefad8081e78d4bb71be2a483bc2c08
-  derailed_benchmarks (2.1.2) sha256=eaadc6206ceeb5538ff8f5e04a0023d54ebdd95d04f33e8960fb95a5f189a14f
+  derailed_benchmarks (2.2.0) sha256=3e1a117c4366414faa909dc4276fae05a7e85b208302492d92da779c171d493d
   diff-lcs (1.5.1) sha256=273223dfb40685548436d32b4733aa67351769c7dea621da7d9dd4813e63ddfe
   discard (1.3.0) sha256=55218997ca4dc11f0594f1bb2d1196c4a959ceb562f1ab6490130233598dda67
   docile (1.4.1) sha256=96159be799bfa73cdb721b840e9802126e4e03dfc26863db73647204c727f21e
@@ -1145,6 +1151,7 @@ CHECKSUMS
   multi_json (1.15.0) sha256=1fd04138b6e4a90017e8d1b804c039031399866ff3fbabb7822aea367c78615d
   multi_xml (0.7.1) sha256=4fce100c68af588ff91b8ba90a0bb3f0466f06c909f21a32f4962059140ba61b
   multipart-post (2.4.1) sha256=9872d03a8e552020ca096adadbf5e3cb1cd1cdd6acd3c161136b8a5737cdb4a8
+  mutex_m (0.2.0) sha256=b6ef0c6c842ede846f2ec0ade9e266b1a9dac0bc151682b04835e8ebd54840d5
   net-http (0.4.1) sha256=a96efc5ea18bcb9715e24dda4159d10f67ff0345c8a980d04630028055b2c282
   net-imap (0.4.15) sha256=e468121d50cfcf82b7bbcee823d352bbb62ba8add963daa0c08d21680d83b53d
   net-pop (0.1.2) sha256=848b4e982013c15b2f0382792268763b748cce91c9e91e36b0f27ed26420dff3
@@ -1168,6 +1175,7 @@ CHECKSUMS
   openssl (3.2.0) sha256=3c4bb8760977b4becd2819c6c2569bcf5c6f48b32b9f7a4ce1fd37f996378d14
   openssl-signature_algorithm (1.3.0) sha256=a3b40b5e8276162d4a6e50c7c97cdaf1446f9b2c3946a6fa2c14628e0c957e80
   optimist (3.1.0) sha256=81886f53ee8919f330aa30076d320d88eef9bc85aae2275376b4afb007c69260
+  ostruct (0.6.0) sha256=3b1736c99f4d985de36bde1155be5e22aaf6e564b30ff9bd481e2ef7c2d9ba85
   pagy (8.6.3) sha256=537b2ee3119f237dd6c4a0d0a35c67a77b9d91ebb9d4f85e31407c2686774fb2
   parallel (1.26.3) sha256=d86babb7a2b814be9f4b81587bf0b6ce2da7d45969fab24d8ae4bf2bb4d4c7ef
   parser (3.3.5.0) sha256=f30ebb71b7830c2e7cdc4b2b0e0ec2234900e3fca3fe2fba47f78be759181ab3
@@ -1235,7 +1243,7 @@ CHECKSUMS
   ruby-graphviz (1.2.5) sha256=1c2bb44e3f6da9e2b829f5e7fd8d75a521485fb6b4d1fc66ff0f93f906121504
   ruby-magic (0.6.0) sha256=7b2138877b7d23aff812c95564eba6473b74b815ef85beb0eb792e729a2b6101
   ruby-progressbar (1.13.0) sha256=80fc9c47a9b640d6834e0dc7b3c94c9df37f08cb072b7761e4a71e22cff29b33
-  ruby-statistics (3.0.2) sha256=fb53e7a9f9681dac144c02539d3535fb2e8fae626f78b907219b0586ff53ec20
+  ruby-statistics (4.0.1) sha256=aede68e6261b979431b31ba39aa661844c18f97a89966768cb60edf2a56b6782
   ruby2_keywords (0.0.5) sha256=ffd13740c573b7301cf7a2e61fc857b2a8e3d3aff32545d6f8300d8bae10e3ef
   rubyzip (2.3.2) sha256=3f57e3935dc2255c414484fbf8d673b4909d8a6a57007ed754dde39342d2373f
   safety_net_attestation (0.4.0) sha256=96be2d74e7ed26453a51894913449bea0e072f44490021545ac2d1c38b0718ce

From 9a19f60ef6fe0004c49dfcaee865fc533ffed837 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Oct 2024 16:26:24 -0500
Subject: [PATCH 279/381] Bump datadog from 2.3.0 to 2.4.0 (#5122)

Bumps [datadog](https://github.com/DataDog/dd-trace-rb) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/DataDog/dd-trace-rb/releases)
- [Changelog](https://github.com/DataDog/dd-trace-rb/blob/master/CHANGELOG.md)
- [Commits](https://github.com/DataDog/dd-trace-rb/compare/v2.3.0...v2.4.0)

---
updated-dependencies:
- dependency-name: datadog
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 24 ++++++++++++------------
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/Gemfile b/Gemfile
index 328c0a93cf6..f0413a1e404 100644
--- a/Gemfile
+++ b/Gemfile
@@ -10,7 +10,7 @@ gem "aws-sdk-sqs", "~> 1.86"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
 gem "dalli", "~> 3.2"
-gem "datadog", "~> 2.3"
+gem "datadog", "~> 2.4"
 gem "dogstatsd-ruby", "~> 5.6"
 gem "google-protobuf", "~> 4.28"
 gem "faraday", "~> 2.12"
diff --git a/Gemfile.lock b/Gemfile.lock
index 213cb49888d..bb88b3174bb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -190,9 +190,9 @@ GEM
       sprockets (> 3.0)
       sprockets-rails
       tilt
-    datadog (2.3.0)
+    datadog (2.4.0)
       debase-ruby_core_source (= 3.3.1)
-      libdatadog (~> 11.0.0.1.0)
+      libdatadog (~> 12.0.0.1.0)
       libddwaf (~> 1.14.0.0.0)
       msgpack
     datadog-ci (1.7.0)
@@ -381,9 +381,9 @@ GEM
       letter_opener (~> 1.9)
       railties (>= 6.1)
       rexml
-    libdatadog (11.0.0.1.0)
-    libdatadog (11.0.0.1.0-aarch64-linux)
-    libdatadog (11.0.0.1.0-x86_64-linux)
+    libdatadog (12.0.0.1.0)
+    libdatadog (12.0.0.1.0-aarch64-linux)
+    libdatadog (12.0.0.1.0-x86_64-linux)
     libddwaf (1.14.0.0.0)
       ffi (~> 1.0)
     libddwaf (1.14.0.0.0-aarch64-linux)
@@ -451,7 +451,7 @@ GEM
       minitest (>= 5.0)
     mocha (2.4.5)
       ruby2_keywords (>= 0.0.5)
-    msgpack (1.7.2)
+    msgpack (1.7.3)
     multi_json (1.15.0)
     multi_xml (0.7.1)
       bigdecimal (~> 3.1)
@@ -880,7 +880,7 @@ DEPENDENCIES
   csv (~> 3.3)
   dalli (~> 3.2)
   dartsass-sprockets (~> 3.1)
-  datadog (~> 2.3)
+  datadog (~> 2.4)
   datadog-ci (~> 1.7)
   derailed_benchmarks (~> 2.2)
   discard (~> 1.3)
@@ -1041,7 +1041,7 @@ CHECKSUMS
   csv (3.3.0) sha256=0bbd1defdc31134abefed027a639b3723c2753862150f4c3ee61cab71b20d67d
   dalli (3.2.8) sha256=2e63595084d91fae2655514a02c5d4fc0f16c0799893794abe23bf628bebaaa5
   dartsass-sprockets (3.1.0) sha256=c238ec9f7f496489ac5a7813cd1f83d1e077a1826921acefc7e290a521b7a20a
-  datadog (2.3.0) sha256=28e28a48dafa4c553ba32b9c4ffe0a9aa40a9795f024279e505b255b84908566
+  datadog (2.4.0) sha256=3d30038eecb59cb7960cbb9e5eb32ee029b6516203698b4d4454b01688ca0aab
   datadog-ci (1.7.0) sha256=41c064e2c26cfc63fb6767522e5a99fa43ec017be4b2fddfce1ff9073bb6c385
   date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
   debase-ruby_core_source (3.3.1) sha256=ed904cae290edf0cf274ad707f8981bf1cefad8081e78d4bb71be2a483bc2c08
@@ -1118,9 +1118,9 @@ CHECKSUMS
   ld-eventsource (2.2.2) sha256=5ea087a6f06bbd8e325d2c1aaead50f37f13d025b952985739e9380a78a96beb
   letter_opener (1.10.0) sha256=2ff33f2e3b5c3c26d1959be54b395c086ca6d44826e8bf41a14ff96fdf1bdbb2
   letter_opener_web (3.0.0) sha256=3f391efe0e8b9b24becfab5537dfb17a5cf5eb532038f947daab58cb4b749860
-  libdatadog (11.0.0.1.0) sha256=44779762b21149be5e17ce599dc2e89f6a3c89a99262293dfafd96ddb110f7f1
-  libdatadog (11.0.0.1.0-aarch64-linux) sha256=ff1e5870a44df49d056ebab9c544a4ad4a04ab541dbe3945d8be6981ff5b870f
-  libdatadog (11.0.0.1.0-x86_64-linux) sha256=f03b510d5b4f85febf640139282b9c3aeb88eb876dcccebc15f704c91c3e73ad
+  libdatadog (12.0.0.1.0) sha256=a590bf111d6ce47186043ea30fa3efc4a9a898b83d2c6b982905a0b97922d3a7
+  libdatadog (12.0.0.1.0-aarch64-linux) sha256=19b2ccd58f1434a5d41ad156659cf5bc4fcd5d5fd23800c6eb931a93ffb2039b
+  libdatadog (12.0.0.1.0-x86_64-linux) sha256=2ecfbaa8ccd7b0bb51884a7d9dec3b74c5fc909b84f96657e5147aef4c7879c9
   libddwaf (1.14.0.0.0) sha256=b91ea9675f7d79d1cd10dd6513e3706760ac442cb8902164fbcef79b7082a8fd
   libddwaf (1.14.0.0.0-aarch64-linux) sha256=549f83ba339afb0e500bd9f4c43459e274d42f5736a18d347ba2007be026649c
   libddwaf (1.14.0.0.0-arm64-darwin) sha256=cd3c84d58b8f77f93ebb17e6ceb1cfd257c8d3a3a1ea558a7fc14d92f697cc2b
@@ -1147,7 +1147,7 @@ CHECKSUMS
   minitest-reporters (1.7.1) sha256=5060413a0c95b8c32fe73e0606f3631c173a884d7900e50013e15094eb50562c
   minitest-retry (0.2.3) sha256=7b7f4896efb9b931a1acb442a40e5273c441f44946cf4c6a8eb8895838e7bf29
   mocha (2.4.5) sha256=b4c17e103a9b20ec9e21374f4e9be41006dbd20c5e7cb1c215f8ec56599a6112
-  msgpack (1.7.2) sha256=59ab62fd8a4d0dfbde45009f87eb6f158ab2628a7c48886b0256f175166baaa8
+  msgpack (1.7.3) sha256=edb751dc3378020296365fef3197e5eeab8a7d9a571a25d046464d71b97d3012
   multi_json (1.15.0) sha256=1fd04138b6e4a90017e8d1b804c039031399866ff3fbabb7822aea367c78615d
   multi_xml (0.7.1) sha256=4fce100c68af588ff91b8ba90a0bb3f0466f06c909f21a32f4962059140ba61b
   multipart-post (2.4.1) sha256=9872d03a8e552020ca096adadbf5e3cb1cd1cdd6acd3c161136b8a5737cdb4a8

From 4b369c062c8d9e6c5dc22872ebde49edd681ce1d Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Mon, 14 Oct 2024 16:30:45 -0500
Subject: [PATCH 280/381] Upgrade to avo 3 (#4342)

* Add avo-advanced v3 to gemfile

* [WIP] Upgrade to avo 3

* Avo working?

* Ensure avo advanced when responding to requests in prod/staging

* More tests work without avo pro

* Better skip

* More avo tests passing

* Hacks migrated to avo 3

* Avo pro test fixes

* Fix docker builds with avo 3

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

* Fix policy tests

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

* Bundle install

* Remove manual editing of oidc api key roles

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

* Fix avo job ruby version

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

* Fix new action

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

* Update for no manual editing

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

* Fix docker building on CI

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

* Use avo main for actionstorage fix

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

* Add missing env

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

* Build avo assets

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

* Add git in builder

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

* Fix deleting js sourcemaps in dockerfile

* Skip avo pro in that CI job

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

* Fix checking for REQUIRE_AVO_PRO

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

* Fix finding comment field when avo pro is missing

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

* Avo 3.13

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

* Remove outdated comments

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

---------

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 .github/actions/setup-rubygems.org/action.yml |  9 ++
 .github/workflows/docker.yml                  |  2 +
 .github/workflows/test.yml                    |  8 ++
 Dockerfile                                    | 13 ++-
 Gemfile                                       | 13 ++-
 Gemfile.lock                                  | 93 +++++++++++++------
 app/avo/actions/add_owner.rb                  | 16 ++--
 .../{base_action.rb => application_action.rb} | 59 ++++++------
 app/avo/actions/block_user.rb                 |  6 +-
 app/avo/actions/change_user_email.rb          | 11 ++-
 app/avo/actions/create_user.rb                | 11 ++-
 app/avo/actions/delete_webhook.rb             |  6 +-
 app/avo/actions/refresh_oidc_provider.rb      |  6 +-
 app/avo/actions/release_reserved_namespace.rb |  6 +-
 app/avo/actions/reset_api_key.rb              | 21 +++--
 app/avo/actions/reset_user_2fa.rb             |  6 +-
 app/avo/actions/restore_version.rb            |  8 +-
 app/avo/actions/unblock_user.rb               |  6 +-
 app/avo/actions/upload_info_file.rb           |  6 +-
 app/avo/actions/upload_names_file.rb          |  4 +-
 app/avo/actions/upload_versions_file.rb       |  4 +-
 app/avo/actions/version_after_write.rb        |  8 +-
 app/avo/actions/yank_rubygem.rb               | 19 ++--
 app/avo/actions/yank_rubygems_for_user.rb     |  8 +-
 app/avo/actions/yank_user.rb                  |  6 +-
 app/avo/cards/dashboard_welcome_card.rb       |  2 +-
 app/avo/cards/pushes_chart.rb                 |  2 +-
 app/avo/cards/rubygems_metric.rb              |  2 +-
 app/avo/cards/users_metric.rb                 |  2 +-
 app/avo/cards/versions_metric.rb              |  2 +-
 app/avo/dashboards/dashy.rb                   | 21 +++--
 app/avo/fields/array_of_field.rb              |  4 +-
 app/avo/fields/audited_changes_field.rb       |  2 +-
 app/avo/fields/event_additional_field.rb      | 12 +--
 app/avo/fields/global_id_field.rb             |  2 +-
 app/avo/fields/json_viewer_field.rb           |  2 +-
 app/avo/fields/nested_field.rb                |  6 +-
 app/avo/fields/select_record_field.rb         |  6 +-
 app/avo/filters/email_filter.rb               |  2 +-
 app/avo/filters/scope_boolean_filter.rb       |  2 +-
 app/avo/resources/admin_github_user.rb        | 34 +++++++
 .../resources/admin_github_user_resource.rb   | 31 -------
 app/avo/resources/api_key.rb                  | 46 +++++++++
 app/avo/resources/api_key_resource.rb         | 39 --------
 app/avo/resources/api_key_rubygem_scope.rb    | 11 +++
 .../api_key_rubygem_scope_resource.rb         |  9 --
 app/avo/resources/audit.rb                    | 47 ++++++++++
 app/avo/resources/audit_resource.rb           | 36 -------
 .../concerns/avo_auditable_resource.rb        | 30 +++---
 app/avo/resources/deletion.rb                 | 14 +++
 app/avo/resources/deletion_resource.rb        | 17 ----
 app/avo/resources/dependency.rb               | 17 ++++
 app/avo/resources/dependency_resource.rb      | 19 ----
 app/avo/resources/events_rubygem_event.rb     | 30 ++++++
 .../events_rubygem_event_resource.rb          | 28 ------
 app/avo/resources/events_user_event.rb        | 30 ++++++
 .../resources/events_user_event_resource.rb   | 28 ------
 app/avo/resources/gem_download.rb             | 33 +++++++
 app/avo/resources/gem_download_resource.rb    | 27 ------
 app/avo/resources/gem_name_reservation.rb     | 14 +++
 .../gem_name_reservation_resource.rb          | 10 --
 app/avo/resources/gem_typo_exception.rb       | 19 ++++
 .../resources/gem_typo_exception_resource.rb  | 15 ---
 app/avo/resources/geoip_info.rb               | 14 +++
 app/avo/resources/geoip_info_resource.rb      | 13 ---
 app/avo/resources/ip_address.rb               | 24 +++++
 app/avo/resources/ip_address_resource.rb      | 20 ----
 app/avo/resources/link_verification.rb        | 16 ++++
 .../resources/link_verification_resource.rb   | 19 ----
 app/avo/resources/linkset.rb                  | 13 +++
 app/avo/resources/linkset_resource.rb         | 12 ---
 app/avo/resources/log_ticket.rb               | 21 +++++
 app/avo/resources/log_ticket_resource.rb      | 18 ----
 app/avo/resources/maintenance_tasks_run.rb    | 29 ++++++
 .../maintenance_tasks_run_resource.rb         | 29 ------
 app/avo/resources/membership.rb               | 15 +++
 app/avo/resources/membership_resource.rb      | 11 ---
 app/avo/resources/oidc_api_key_role.rb        | 34 +++++++
 .../resources/oidc_api_key_role_resource.rb   | 36 -------
 app/avo/resources/oidc_id_token.rb            | 20 ++++
 app/avo/resources/oidc_id_token_resource.rb   | 23 -----
 .../oidc_pending_trusted_publisher.rb         | 19 ++++
 ...oidc_pending_trusted_publisher_resource.rb | 16 ----
 app/avo/resources/oidc_provider.rb            | 24 +++++
 app/avo/resources/oidc_provider_resource.rb   | 20 ----
 .../oidc_rubygem_trusted_publisher.rb         | 11 +++
 ...oidc_rubygem_trusted_publisher_resource.rb | 11 ---
 .../oidc_trusted_publisher_github_action.rb   | 20 ++++
 ...rusted_publisher_github_action_resource.rb | 19 ----
 app/avo/resources/organization.rb             | 24 +++++
 app/avo/resources/organization_resource.rb    | 18 ----
 app/avo/resources/ownership.rb                | 36 +++++++
 app/avo/resources/ownership_resource.rb       | 30 ------
 app/avo/resources/rubygem.rb                  | 54 +++++++++++
 app/avo/resources/rubygem_resource.rb         | 47 ----------
 app/avo/resources/sendgrid_event.rb           | 27 ++++++
 app/avo/resources/sendgrid_event_resource.rb  | 25 -----
 app/avo/resources/user.rb                     | 77 +++++++++++++++
 app/avo/resources/user_resource.rb            | 80 ----------------
 app/avo/resources/version.rb                  | 79 ++++++++++++++++
 app/avo/resources/version_resource.rb         | 70 --------------
 app/avo/resources/web_hook.rb                 | 42 +++++++++
 app/avo/resources/web_hook_resource.rb        | 35 -------
 app/avo/resources/webauthn_credential.rb      | 13 +++
 .../resources/webauthn_credential_resource.rb | 13 ---
 app/avo/resources/webauthn_verification.rb    | 13 +++
 .../webauthn_verification_resource.rb         | 13 ---
 .../show_component.html.erb                   |  2 +-
 .../show_component.rb                         | 25 +++--
 .../show_component.html.erb                   |  1 +
 app/controllers/concerns/avo_auditable.rb     | 10 +-
 .../admin/{ => admin}/github_user_policy.rb   |  2 +-
 .../admin/oidc/api_key_role_policy.rb         |  2 -
 config/application.rb                         |  6 ++
 config/initializers/avo.rb                    | 55 +++++------
 config/initializers/prosopite.rb              |  3 +-
 config/initializers/zeitwerk.rb               |  6 ++
 lib/admin/authorization_client.rb             |  2 +-
 script/build_docker.sh                        |  2 +
 script/dev                                    |  2 +-
 script/update-rubygems                        |  1 +
 .../gem_name_reservations_controller_test.rb  |  8 +-
 test/policies/admin/avo_policies_test.rb      | 35 -------
 .../policies/admin/github_user_policy_test.rb |  2 +-
 .../admin/oidc/api_key_role_policy_test.rb    |  4 +-
 test/system/avo/manual_changes_test.rb        |  5 +-
 test/system/avo/oidc_api_key_roles_test.rb    | 58 ------------
 test/system/avo/rubygems_test.rb              |  5 +-
 test/system/avo/users_test.rb                 |  2 +-
 test/system/avo/versions_test.rb              |  1 -
 test/test_helper.rb                           | 20 ++--
 test/unit/avo/actions/base_action_test.rb     | 37 ++++----
 test/unit/avo/actions/unblock_user_test.rb    | 15 +--
 133 files changed, 1328 insertions(+), 1194 deletions(-)
 rename app/avo/actions/{base_action.rb => application_action.rb} (64%)
 create mode 100644 app/avo/resources/admin_github_user.rb
 delete mode 100644 app/avo/resources/admin_github_user_resource.rb
 create mode 100644 app/avo/resources/api_key.rb
 delete mode 100644 app/avo/resources/api_key_resource.rb
 create mode 100644 app/avo/resources/api_key_rubygem_scope.rb
 delete mode 100644 app/avo/resources/api_key_rubygem_scope_resource.rb
 create mode 100644 app/avo/resources/audit.rb
 delete mode 100644 app/avo/resources/audit_resource.rb
 create mode 100644 app/avo/resources/deletion.rb
 delete mode 100644 app/avo/resources/deletion_resource.rb
 create mode 100644 app/avo/resources/dependency.rb
 delete mode 100644 app/avo/resources/dependency_resource.rb
 create mode 100644 app/avo/resources/events_rubygem_event.rb
 delete mode 100644 app/avo/resources/events_rubygem_event_resource.rb
 create mode 100644 app/avo/resources/events_user_event.rb
 delete mode 100644 app/avo/resources/events_user_event_resource.rb
 create mode 100644 app/avo/resources/gem_download.rb
 delete mode 100644 app/avo/resources/gem_download_resource.rb
 create mode 100644 app/avo/resources/gem_name_reservation.rb
 delete mode 100644 app/avo/resources/gem_name_reservation_resource.rb
 create mode 100644 app/avo/resources/gem_typo_exception.rb
 delete mode 100644 app/avo/resources/gem_typo_exception_resource.rb
 create mode 100644 app/avo/resources/geoip_info.rb
 delete mode 100644 app/avo/resources/geoip_info_resource.rb
 create mode 100644 app/avo/resources/ip_address.rb
 delete mode 100644 app/avo/resources/ip_address_resource.rb
 create mode 100644 app/avo/resources/link_verification.rb
 delete mode 100644 app/avo/resources/link_verification_resource.rb
 create mode 100644 app/avo/resources/linkset.rb
 delete mode 100644 app/avo/resources/linkset_resource.rb
 create mode 100644 app/avo/resources/log_ticket.rb
 delete mode 100644 app/avo/resources/log_ticket_resource.rb
 create mode 100644 app/avo/resources/maintenance_tasks_run.rb
 delete mode 100644 app/avo/resources/maintenance_tasks_run_resource.rb
 create mode 100644 app/avo/resources/membership.rb
 delete mode 100644 app/avo/resources/membership_resource.rb
 create mode 100644 app/avo/resources/oidc_api_key_role.rb
 delete mode 100644 app/avo/resources/oidc_api_key_role_resource.rb
 create mode 100644 app/avo/resources/oidc_id_token.rb
 delete mode 100644 app/avo/resources/oidc_id_token_resource.rb
 create mode 100644 app/avo/resources/oidc_pending_trusted_publisher.rb
 delete mode 100644 app/avo/resources/oidc_pending_trusted_publisher_resource.rb
 create mode 100644 app/avo/resources/oidc_provider.rb
 delete mode 100644 app/avo/resources/oidc_provider_resource.rb
 create mode 100644 app/avo/resources/oidc_rubygem_trusted_publisher.rb
 delete mode 100644 app/avo/resources/oidc_rubygem_trusted_publisher_resource.rb
 create mode 100644 app/avo/resources/oidc_trusted_publisher_github_action.rb
 delete mode 100644 app/avo/resources/oidc_trusted_publisher_github_action_resource.rb
 create mode 100644 app/avo/resources/organization.rb
 delete mode 100644 app/avo/resources/organization_resource.rb
 create mode 100644 app/avo/resources/ownership.rb
 delete mode 100644 app/avo/resources/ownership_resource.rb
 create mode 100644 app/avo/resources/rubygem.rb
 delete mode 100644 app/avo/resources/rubygem_resource.rb
 create mode 100644 app/avo/resources/sendgrid_event.rb
 delete mode 100644 app/avo/resources/sendgrid_event_resource.rb
 create mode 100644 app/avo/resources/user.rb
 delete mode 100644 app/avo/resources/user_resource.rb
 create mode 100644 app/avo/resources/version.rb
 delete mode 100644 app/avo/resources/version_resource.rb
 create mode 100644 app/avo/resources/web_hook.rb
 delete mode 100644 app/avo/resources/web_hook_resource.rb
 create mode 100644 app/avo/resources/webauthn_credential.rb
 delete mode 100644 app/avo/resources/webauthn_credential_resource.rb
 create mode 100644 app/avo/resources/webauthn_verification.rb
 delete mode 100644 app/avo/resources/webauthn_verification_resource.rb
 rename app/policies/admin/{ => admin}/github_user_policy.rb (85%)
 delete mode 100644 test/policies/admin/avo_policies_test.rb
 delete mode 100644 test/system/avo/oidc_api_key_roles_test.rb

diff --git a/.github/actions/setup-rubygems.org/action.yml b/.github/actions/setup-rubygems.org/action.yml
index e8c11d1da90..f72039cf3e6 100644
--- a/.github/actions/setup-rubygems.org/action.yml
+++ b/.github/actions/setup-rubygems.org/action.yml
@@ -7,6 +7,10 @@ inputs:
   rubygems-version:
     description: "RubyGems version to use"
     required: true
+  install-avo-pro:
+    description: "Install Avo gem"
+    required: false
+    default: "true"
 runs:
   using: "composite"
   steps:
@@ -14,6 +18,11 @@ runs:
       shell: bash
       run: |
         docker compose up -d --wait
+    - name: Configure bundler environment
+      shell: bash
+      if: github.secret_source != 'None' && inputs.install-avo-pro == 'true'
+      run: |
+        printf "BUNDLE_WITH=avo\nRAILS_GROUPS=avo\n" >> $GITHUB_ENV
     - uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # v1.191.0
       with:
         ruby-version: ${{ inputs.ruby-version }}
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index d381b4d8c76..c47c11d3c8b 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -41,6 +41,8 @@ jobs:
         uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
       - name: build, test and optionally push docker image
         run: ./script/build_docker.sh
+        env:
+          BUNDLE_PACKAGER__DEV: ${{ secrets.BUNDLE_PACKAGER__DEV }}
       # Temp fix
       # https://github.com/docker/build-push-action/issues/252
       # https://github.com/moby/buildkit/issues/1896
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 4d7b82775e2..c12b8342938 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -35,12 +35,19 @@ jobs:
             command: test
           - name: system
             command: test:system
+        include:
+          - rubygems: { name: latest, version: latest }
+            ruby_version: "3.3.5"
+            tests: { name: "avo without pro", command: "test test/*/avo" }
     name: Rails tests ${{ matrix.tests.name }} (RubyGems ${{ matrix.rubygems.name }}, Ruby ${{ matrix.ruby_version }})
     runs-on: ubuntu-22.04
     env:
       RUBYGEMS_VERSION: ${{ matrix.rubygems.version }}
       # Fail hard when Toxiproxy is not running to ensure all tests (even Toxiproxy optional ones) are passing
       REQUIRE_TOXIPROXY: true
+      REQUIRE_AVO_PRO: ${{ github.secret_source != 'None' && matrix.tests.name != 'avo without pro' }}
+      AVO_LICENSE_KEY: ${{ secrets.AVO_LICENSE_KEY }}
+      BUNDLE_PACKAGER__DEV: ${{ secrets.BUNDLE_PACKAGER__DEV }}
     steps:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
@@ -49,6 +56,7 @@ jobs:
         with:
           ruby-version: ${{ matrix.ruby_version }}
           rubygems-version: ${{ matrix.rubygems.version }}
+          install-avo-pro: ${{ matrix.tests.name != 'avo without pro' }}
 
       - name: Tests ${{ matrix.tests.name }}
         id: test-all
diff --git a/Dockerfile b/Dockerfile
index 6e1085d6e9d..4def663466f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-# syntax = docker/dockerfile:1.4
+# syntax = docker/dockerfile:1.10
 
 # Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
 ARG RUBY_VERSION=3.3.5
@@ -40,18 +40,23 @@ RUN \
   build-base \
   linux-headers \
   zlib-dev \
-  tzdata
+  tzdata \
+  git
 
 WORKDIR /app
 
 ENV RAILS_ENV="production"
+ARG BUNDLE_WITH=""
 
 # Install application gems
 COPY Gemfile* .ruby-version /app/
-RUN --mount=type=cache,id=bld-gem-cache,sharing=locked,target=/srv/vendor <<BASH
+RUN --mount=type=cache,id=bld-gem-cache,sharing=locked,target=/srv/vendor \
+  --mount=type=secret,id=BUNDLE_PACKAGER__DEV,env=BUNDLE_PACKAGER__DEV \
+  <<BASH
   set -ex
 
   bundle config set --local without 'development test'
+  bundle config set --local with ${BUNDLE_WITH:-}
   bundle config set --local path /srv/vendor
   bundle install --jobs 20 --retry 5
   bundle clean
@@ -66,7 +71,7 @@ RUN --mount=type=cache,id=bld-gem-cache,sharing=locked,target=/srv/vendor <<BASH
   rm /app/vendor/ruby/*/extensions/*/*/*/gem_make.out
 
   # Remove avo source maps (8+ MB!)
-  rm /app/vendor/ruby/*/gems/avo-*/public/avo-assets/*.js.map
+  find /app/vendor/ruby -type f -name '*.js.map' -exec rm {} \;
 
   # Remove ruby 2.x source code
   find /app/vendor/ruby/*/gems/debase-ruby_core_source-*/lib/debase/ruby_core_source -maxdepth 1 -type d -name 'ruby-2.*' -exec rm -r {} \;
diff --git a/Gemfile b/Gemfile
index f0413a1e404..05a1df3e233 100644
--- a/Gemfile
+++ b/Gemfile
@@ -62,12 +62,19 @@ gem "faraday-multipart", "~> 1.0"
 gem "timescaledb", "~> 0.3"
 
 # Admin dashboard
-gem "avo", "~> 2.53"
+gem "avo", "~> 3.13"
 gem "pagy", "~> 8.4"
-gem "view_component", "~> 3.14"
+gem "view_component", "~> 3.14.0"
 gem "pundit", "~> 2.4"
 gem "chartkick", "~> 5.1"
 gem "groupdate", "~> 6.5"
+gem "dry-initializer", "~> 3.1"
+
+group :avo, optional: true do
+  source "https://packager.dev/avo-hq/" do
+    gem "avo-advanced", "~> 3.13"
+  end
+end
 
 # Logging
 gem "amazing_print", "~> 1.6"
@@ -146,3 +153,5 @@ group :test do
   gem "minitest-reporters", "~> 1.7"
   gem "gem_server_conformance", "~> 0.1.4"
 end
+
+gem "avo_upgrade", "~> 0.1.1", group: :development
diff --git a/Gemfile.lock b/Gemfile.lock
index bb88b3174bb..c2a8f9a4f77 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,3 +1,31 @@
+GEM
+  remote: https://packager.dev/avo-hq/
+  specs:
+    avo-advanced (3.13.1)
+      avo (= 3.13.1)
+      avo-dynamic_filters (= 3.13.1)
+      avo-pro (= 3.13.1)
+      zeitwerk (>= 2.6.12)
+    avo-dashboards (3.13.1)
+      avo (= 3.13.1)
+      turbo-rails
+      view_component (>= 3.7.0)
+      zeitwerk (>= 2.6.12)
+    avo-dynamic_filters (3.13.1)
+      avo (= 3.13.1)
+      ransack (>= 4.2.0)
+      view_component (>= 3.7.0)
+      zeitwerk (>= 2.6.12)
+    avo-menu (3.13.1)
+      avo (= 3.13.1)
+      docile
+      zeitwerk (>= 2.6.12)
+    avo-pro (3.13.1)
+      avo (= 3.13.1)
+      avo-dashboards (= 3.13.1)
+      avo-menu (= 3.13.1)
+      zeitwerk (>= 2.6.12)
+
 GEM
   remote: https://rubygems.org/
   specs:
@@ -89,21 +117,24 @@ GEM
     attr_required (1.0.2)
     autoprefixer-rails (10.4.19.0)
       execjs (~> 2)
-    avo (2.53.0)
-      actionview (>= 6.0)
+    avo (3.13.1)
+      actionview (>= 6.1)
       active_link_to
-      activerecord (>= 6.0)
+      activerecord (>= 6.1)
+      activesupport (>= 6.1)
       addressable
       docile
-      dry-initializer
-      httparty
       inline_svg
+      literal (~> 0.2)
       meta-tags
-      pagy
-      turbo-rails
-      turbo_power (~> 0.5.0)
-      view_component (>= 2.54.0)
-      zeitwerk (>= 2.6.2)
+      pagy (>= 7.0.0)
+      turbo-rails (>= 2.0.0)
+      turbo_power (>= 0.6.0)
+      view_component (>= 3.7.0)
+      zeitwerk (>= 2.6.12)
+    avo_upgrade (0.1.1)
+      rails (>= 6.0.0)
+      zeitwerk
     awrence (1.2.1)
     aws-eventstream (1.3.0)
     aws-partitions (1.983.0)
@@ -318,10 +349,6 @@ GEM
       domain_name (~> 0.5)
     http-form_data (2.3.0)
     http_accept_language (2.1.1)
-    httparty (0.22.0)
-      csv
-      mini_mime (>= 1.0.0)
-      multi_xml (>= 0.5.2)
     i18n (1.14.6)
       concurrent-ruby (~> 1.0)
     importmap-rails (2.0.1)
@@ -397,6 +424,7 @@ GEM
     listen (3.9.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
+    literal (0.2.1)
     llhttp-ffi (0.5.0)
       ffi-compiler (~> 1.0)
       rake (~> 13.0)
@@ -433,7 +461,7 @@ GEM
     marcel (1.0.4)
     matrix (0.4.2)
     memory_profiler (1.1.0)
-    meta-tags (2.22.0)
+    meta-tags (2.22.1)
       actionpack (>= 6.0.0, < 8.1)
     method_source (1.1.0)
     mini_histogram (0.3.1)
@@ -628,6 +656,10 @@ GEM
       zeitwerk (~> 2.6)
     rainbow (3.1.1)
     rake (13.2.1)
+    ransack (4.2.1)
+      activerecord (>= 6.1.5)
+      activesupport (>= 6.1.5)
+      i18n
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
@@ -797,12 +829,11 @@ GEM
       bindata (~> 2.4)
       openssl (> 2.0)
       openssl-signature_algorithm (~> 1.0)
-    turbo-rails (1.5.0)
+    turbo-rails (2.0.10)
       actionpack (>= 6.0.0)
-      activejob (>= 6.0.0)
       railties (>= 6.0.0)
-    turbo_power (0.5.0)
-      turbo-rails (~> 1.3)
+    turbo_power (0.6.2)
+      turbo-rails (>= 1.3.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.6.0)
@@ -865,7 +896,9 @@ DEPENDENCIES
   aggregate_assertions (~> 0.2.0)
   amazing_print (~> 1.6)
   autoprefixer-rails (~> 10.4)
-  avo (~> 2.53)
+  avo (~> 3.13)
+  avo-advanced (~> 3.13)!
+  avo_upgrade (~> 0.1.1)
   aws-sdk-s3 (~> 1.167)
   aws-sdk-sqs (~> 1.86)
   bcrypt (~> 3.1)
@@ -886,6 +919,7 @@ DEPENDENCIES
   discard (~> 1.3)
   dogstatsd-ruby (~> 5.6)
   dotenv-rails (~> 3.1)
+  dry-initializer (~> 3.1)
   factory_bot_rails (~> 6.4)
   faraday (~> 2.12)
   faraday-multipart (~> 1.0)
@@ -973,7 +1007,7 @@ DEPENDENCIES
   unpwn (~> 1.0)
   user_agent_parser (~> 2.18)
   validates_formatting_of (~> 0.9)
-  view_component (~> 3.14)
+  view_component (~> 3.14.0)
   webauthn (~> 3.1)
   webmock (~> 3.24)
   xml-simple (~> 1.1)
@@ -1001,7 +1035,13 @@ CHECKSUMS
   ast (2.4.2) sha256=1e280232e6a33754cde542bc5ef85520b74db2aac73ec14acef453784447cc12
   attr_required (1.0.2) sha256=f0ebfc56b35e874f4d0ae799066dbc1f81efefe2364ca3803dc9ea6a4de6cb99
   autoprefixer-rails (10.4.19.0) sha256=ccd21f47e5a07a581c7d239025e0d8d06a005825e96e06f72382d818fe665f4e
-  avo (2.53.0) sha256=e8f1fb9abaf6d874d898449d4db863586c16e60634a136d97ae436ded976d1a6
+  avo (3.13.1) sha256=6fd001bda35c4b307579fbc6f597de60d89846b04b96d2bc4cb06bcd54b5945b
+  avo-advanced (3.13.1) sha256=87d87a6e0837dbeab549428f3afbcb0e0c81e23e46de62dffd0a1270bffc1d0e
+  avo-dashboards (3.13.1) sha256=073cdbb7c7e9ad46693291d6d5976bdba1a900bf572376a88e02b793f9e4e528
+  avo-dynamic_filters (3.13.1) sha256=adb72eae45ca400c595e6999dcfcea7d28f3c2d513b0520599a3fe0d39538671
+  avo-menu (3.13.1) sha256=444fec35ccc1956bbbb6ff7489c48641d88350d8dfb55652681cadb03b87d901
+  avo-pro (3.13.1) sha256=c465c9886926f155dd9fd8d46bbb96018260cced9af8206bf64c428a25793f09
+  avo_upgrade (0.1.1) sha256=8d841083b9956392f5c8fe195f25bec0d139e3646d276f8a59e66b7d2e9ebf30
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
   aws-partitions (1.983.0) sha256=eb3ab086749ca426e735a50bd1ea669a4b7bc52be3c119a772bd277cc906bb11
@@ -1097,7 +1137,6 @@ CHECKSUMS
   http-cookie (1.0.7) sha256=cb7a399f3344f720b8a0f3b0765f29b62608ebb9c3ce4abf4d6eeff2caf42253
   http-form_data (2.3.0) sha256=cc4eeb1361d9876821e31d7b1cf0b68f1cf874b201d27903480479d86448a5f3
   http_accept_language (2.1.1) sha256=0043f0d55a148cf45b604dbdd197cb36437133e990016c68c892d49dbea31634
-  httparty (0.22.0) sha256=78652a5c9471cf0093d3b2083c2295c9c8f12b44c65112f1846af2b71430fa6c
   i18n (1.14.6) sha256=dc229a74f5d181f09942dd60ab5d6e667f7392c4ee826f35096db36d1fe3614c
   importmap-rails (2.0.1) sha256=e739a6e70c09f797688c6983fa79567ec1edc9becc30d55b3f7cc897b1825586
   inline_svg (1.10.0) sha256=5b652934236fd9f8adc61f3fd6e208b7ca3282698b19f28659971da84bf9a10f
@@ -1127,6 +1166,7 @@ CHECKSUMS
   libddwaf (1.14.0.0.0-x86_64-darwin) sha256=33017c057fd6b4948ef4577c4a13bc89d878541961b205309fac1e71516433ff
   libddwaf (1.14.0.0.0-x86_64-linux) sha256=030640a4158ae05f9276cc1e09bfe9d19dda5af26703235cf17cf3752f1985b1
   listen (3.9.0) sha256=db9e4424e0e5834480385197c139cb6b0ae0ef28cc13310cfd1ca78377d59c67
+  literal (0.2.1) sha256=7544725886486ce6ae701fea1ea23bb7955ef218ef109f91ad4414f3b7921261
   llhttp-ffi (0.5.0) sha256=496f40ad44bcbf99de02da1f26b1ad64e6593cd487b931508a86228e2a3af0fa
   local_time (3.0.2) sha256=cb8abb2d56726ae285d00b0bd7f4c34bafc38c0c1cbc70ddc28f3a5661168d9d
   logger (1.6.1) sha256=3ad9587ed3940bf7897ea64a673971415523f4f7d6b22c5e3af5219705669653
@@ -1137,7 +1177,7 @@ CHECKSUMS
   marcel (1.0.4) sha256=0d5649feb64b8f19f3d3468b96c680bae9746335d02194270287868a661516a4
   matrix (0.4.2) sha256=71083ccbd67a14a43bfa78d3e4dc0f4b503b9cc18e5b4b1d686dc0f9ef7c4cc0
   memory_profiler (1.1.0) sha256=79a17df7980a140c83c469785905409d3027ca614c42c086089d128b805aa8f8
-  meta-tags (2.22.0) sha256=c04df1f39cfbf7d48e2ae955124d89a2429ab508fc936b9a8f9a8ce4d326e6ec
+  meta-tags (2.22.1) sha256=e5ae1febbd320d396c7226d7edb868e5d63466c14b9c8b06622a1a74e6dce354
   method_source (1.1.0) sha256=181301c9c45b731b4769bc81e8860e72f9161ad7d66dd99103c9ab84f560f5c5
   mini_histogram (0.3.1) sha256=6a114b504e4618b0e076cc672996036870f7cc6f16b8e5c25c0c637726d2dd94
   mini_mime (1.1.5) sha256=8681b7e2e4215f2a159f9400b5816d85e9d8c6c6b491e96a12797e798f8bccef
@@ -1214,6 +1254,7 @@ CHECKSUMS
   railties (7.2.1) sha256=4b6ad279bbfb9228d7e7fbc8df562a8f5d4910e179b957d801fcec176d548463
   rainbow (3.1.1) sha256=039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a
   rake (13.2.1) sha256=46cb38dae65d7d74b6020a4ac9d48afed8eb8149c040eccf0523bec91907059d
+  ransack (4.2.1) sha256=e0f688c6ef35abe0bad3cf5afc1b050f36a819bdd56eb454c955c63cdd1bef40
   rb-fsevent (0.11.2) sha256=43900b972e7301d6570f64b850a5aa67833ee7d87b458ee92805d56b7318aefe
   rb-inotify (0.10.1) sha256=050062d4f31d307cca52c3f6a7f4b946df8de25fc4bd373e1a5142e41034a7ca
   rbtrace (0.5.1) sha256=e8cba64d462bfb8ba102d7be2ecaacc789247d52ac587d8003549d909cb9c5dc
@@ -1288,8 +1329,8 @@ CHECKSUMS
   timescaledb (0.3.0) sha256=9ce2b39417d30544054cb609fbd84e18e304c7b7952a793846b8f4489551a28f
   toxiproxy (2.0.2) sha256=2e3b53604fb921d40da3db8f78a52b3133fcae33e93d440725335b15974e440a
   tpm-key_attestation (0.12.0) sha256=e133d80cf24fef0e7a7dfad00fd6aeff01fc79875fbfc66cd8537bbd622b1e6d
-  turbo-rails (1.5.0) sha256=b426cc762fb0940277729b3f1751a9f0bd269f5613c1d62ac73e5f0be7c7a83e
-  turbo_power (0.5.0) sha256=869726c3a4308b038d6244f7a80eb1331bdd3171fa320dddcff71899fcae24fb
+  turbo-rails (2.0.10) sha256=11cde241f9335ef6962322642dfd764178de192d0ba45101963da0f10f8e5738
+  turbo_power (0.6.2) sha256=c9080d0d1bb79deed67bee2a7654dd38f9c903b57ad52b98d19d000958fde2cc
   tzinfo (2.0.6) sha256=8daf828cc77bcf7d63b0e3bdb6caa47e2272dcfaf4fbfe46f8c3a9df087a829b
   unicode-display_width (2.6.0) sha256=12279874bba6d5e4d2728cef814b19197dbb10d7a7837a869bab65da943b7f5a
   unpwn (1.0.0) sha256=6239d17d46a882b3719b24fb79c78a34caff89d57ab0f5e546be5b5c882bc7d3
diff --git a/app/avo/actions/add_owner.rb b/app/avo/actions/add_owner.rb
index bd98d1b8993..5f853c89e25 100644
--- a/app/avo/actions/add_owner.rb
+++ b/app/avo/actions/add_owner.rb
@@ -1,10 +1,14 @@
-class AddOwner < BaseAction
+class Avo::Actions::AddOwner < Avo::Actions::ApplicationAction
   self.name = "Add owner"
   self.visible = lambda {
     current_user.team_member?("rubygems-org") && view == :show
   }
 
-  field :owner, as: :select_record, searchable: true, name: "New owner", use_resource: UserResource
+  def fields
+    field :owner, as: :select_record, searchable: true, name: "New owner", use_resource: Avo::Resources::User
+
+    super
+  end
 
   self.message = lambda {
     "Are you sure you would like to add an owner to #{record.name}?"
@@ -12,7 +16,7 @@ class AddOwner < BaseAction
 
   self.confirm_button_label = "Add owner"
 
-  class ActionHandler < ActionHandler
+  class ActionHandler < Avo::Actions::ActionHandler
     set_callback :handle, :before do
       @owner = fields[:owner]
       error "Must specify a valid user to add as owner" if @owner.blank?
@@ -22,16 +26,16 @@ class ActionHandler < ActionHandler
       error "Cannot add #{@owner.name} as an owner since they are unconfirmed" if @owner.unconfirmed?
     end
 
-    def do_handle_model(rubygem)
+    def do_handle_record(rubygem)
       @rubygem = rubygem
       super
     end
 
-    set_callback :handle_model, :before do
+    set_callback :handle_record, :before do
       error "Cannot add #{@owner.name} as an owner since they are already an owner of #{@rubygem.name}" if @owner.rubygems.include?(@rubygem)
     end
 
-    def handle_model(rubygem)
+    def handle_record(rubygem)
       authorizer = User.security_user
       rubygem.ownerships.create!(user: @owner, authorizer: authorizer, confirmed_at: Time.current)
       succeed "Added #{@owner.name} to #{@rubygem.name}"
diff --git a/app/avo/actions/base_action.rb b/app/avo/actions/application_action.rb
similarity index 64%
rename from app/avo/actions/base_action.rb
rename to app/avo/actions/application_action.rb
index 4e985aef5b2..dc5998bd2ac 100644
--- a/app/avo/actions/base_action.rb
+++ b/app/avo/actions/application_action.rb
@@ -1,17 +1,12 @@
-class BaseAction < Avo::BaseAction
+class Avo::Actions::ApplicationAction < Avo::BaseAction
   include SemanticLogger::Loggable
 
-  field :comment, as: :textarea, required: true,
-    help: "A comment explaining why this action was taken.<br>Will be saved in the audit log.<br>Must be more than 10 characters."
-
-  def self.inherited(base)
-    super
-    base.items_holder = Avo::ItemsHolder.new
-    base.items_holder.instance_variable_get(:@items).replace items_holder.instance_variable_get(:@items).deep_dup
-    base.items_holder.invalid_fields.replace items_holder.invalid_fields.deep_dup
+  def fields
+    field :comment, as: :textarea, required: true,
+      help: "A comment explaining why this action was taken.<br>Will be saved in the audit log.<br>Must be more than 10 characters."
   end
 
-  class ActionHandler
+  class Avo::Actions::ActionHandler
     include Auditable
     include SemanticLogger::Loggable
 
@@ -20,7 +15,7 @@ class ActionHandler
       result_lambda.call
       target.errored?
     }
-    define_callbacks :handle_model, terminator: lambda { |target, result_lambda|
+    define_callbacks :handle_record, terminator: lambda { |target, result_lambda|
       result_lambda.call
       target.errored?
     }
@@ -35,18 +30,20 @@ def initialize( # rubocop:disable Metrics/ParameterLists
       arguments:,
       resource:,
       action:,
-      models: nil
+      query:,
+      records: nil
     )
-      @models = models
+      @records = records
       @fields = fields
       @current_user = current_user
       @arguments = arguments
       @resource = resource
+      @query = query
 
       @action = action
     end
 
-    attr_reader :models, :fields, :current_user, :arguments, :resource
+    attr_reader :records, :fields, :current_user, :arguments, :resource, :query
 
     delegate :error, :avo, :keep_modal_open, :redirect_to, :inform, :action_name, :succeed, :logger,
       to: :@action
@@ -60,7 +57,7 @@ def initialize( # rubocop:disable Metrics/ParameterLists
         block.call
       rescue StandardError => e
         Rails.error.report(e, handled: true)
-        error e.message.truncate(300)
+        error e.message
       end
     }
 
@@ -72,9 +69,17 @@ def do_handle
       keep_modal_open if errored?
     end
 
-    def do_handle_model(model)
-      run_callbacks :handle_model do
-        handle_model(model)
+    def handle_record(record)
+      raise NotImplementedError, "#{self.class}#handle_record is not implemented"
+    end
+
+    def handle_standalone
+      raise NotImplementedError, "#{self.class}#handle_standalone is not implemented"
+    end
+
+    def do_handle_record(record)
+      run_callbacks :handle_record do
+        handle_record(record)
       end
     end
 
@@ -89,7 +94,7 @@ def do_handle_standalone
         action: action_name,
         fields:,
         arguments:,
-        models:
+        models: records
       ) do
         run_callbacks :handle_standalone do
           handle_standalone
@@ -99,17 +104,17 @@ def do_handle_standalone
     end
 
     def handle
-      return do_handle_standalone if models.nil?
-      models.each do |model|
+      return do_handle_standalone if @action.class.standalone
+      records.each do |record|
         _, audit = in_audited_transaction(
-          auditable: model,
+          auditable: record,
           admin_github_user: current_user,
           action: action_name,
           fields:,
           arguments:,
-          models:
+          models: records
         ) do
-          do_handle_model(model)
+          do_handle_record(record)
         end
         redirect_to avo.resources_audit_path(audit)
       end
@@ -117,9 +122,9 @@ def handle
   end
 
   def handle(**args)
-    "#{self.class}::ActionHandler"
-      .constantize
+    action_handler = self.class.const_get(:ActionHandler)
       .new(**args, arguments:, action: self)
-      .do_handle
+
+    action_handler.do_handle
   end
 end
diff --git a/app/avo/actions/block_user.rb b/app/avo/actions/block_user.rb
index d73eb3fb7f8..2ec8e9ca525 100644
--- a/app/avo/actions/block_user.rb
+++ b/app/avo/actions/block_user.rb
@@ -1,4 +1,4 @@
-class BlockUser < BaseAction
+class Avo::Actions::BlockUser < Avo::Actions::ApplicationAction
   self.name = "Block User"
   self.visible = lambda {
     current_user.team_member?("rubygems-org") && view == :show
@@ -10,8 +10,8 @@ class BlockUser < BaseAction
 
   self.confirm_button_label = "Block User"
 
-  class ActionHandler < ActionHandler
-    def handle_model(user)
+  class ActionHandler < Avo::Actions::ActionHandler
+    def handle_record(user)
       user.block!
     end
   end
diff --git a/app/avo/actions/change_user_email.rb b/app/avo/actions/change_user_email.rb
index 949a0f82feb..5b84a4ddaf0 100644
--- a/app/avo/actions/change_user_email.rb
+++ b/app/avo/actions/change_user_email.rb
@@ -1,5 +1,8 @@
-class ChangeUserEmail < BaseAction
-  field :from_email, name: "Email", as: :text, required: true
+class Avo::Actions::ChangeUserEmail < Avo::Actions::ApplicationAction
+  def fields
+    field :from_email, name: "Email", as: :text, required: true
+    super
+  end
 
   self.name = "Change User Email"
   self.visible = lambda {
@@ -8,8 +11,8 @@ class ChangeUserEmail < BaseAction
 
   self.confirm_button_label = "Change User Email"
 
-  class ActionHandler < ActionHandler
-    def handle_model(user)
+  class ActionHandler < Avo::Actions::ActionHandler
+    def handle_record(user)
       user.email = fields["from_email"]
       user.email_confirmed = false
       user.generate_confirmation_token
diff --git a/app/avo/actions/create_user.rb b/app/avo/actions/create_user.rb
index 8abd11d3969..80ec4ed66e5 100644
--- a/app/avo/actions/create_user.rb
+++ b/app/avo/actions/create_user.rb
@@ -1,6 +1,4 @@
-class CreateUser < BaseAction
-  field :email, name: "Email", as: :text, required: true
-
+class Avo::Actions::CreateUser < Avo::Actions::ApplicationAction
   self.name = "Create User"
   self.visible = lambda {
     current_user.team_member?("rubygems-org") && view == :index && !Rails.env.production?
@@ -9,7 +7,12 @@ class CreateUser < BaseAction
 
   self.confirm_button_label = "Create User"
 
-  class ActionHandler < ActionHandler
+  def fields
+    field :email, name: "Email", as: :text, required: true
+    super
+  end
+
+  class ActionHandler < Avo::Actions::ActionHandler
     def handle_standalone
       user = User.new(
         email: fields["email"],
diff --git a/app/avo/actions/delete_webhook.rb b/app/avo/actions/delete_webhook.rb
index 4a696fbc5c8..da6959c8ed3 100644
--- a/app/avo/actions/delete_webhook.rb
+++ b/app/avo/actions/delete_webhook.rb
@@ -1,4 +1,4 @@
-class DeleteWebhook < BaseAction
+class Avo::Actions::DeleteWebhook < Avo::Actions::ApplicationAction
   self.name = "Delete Webhook"
   self.visible = lambda {
     current_user.team_member?("rubygems-org") && view == :show
@@ -10,8 +10,8 @@ class DeleteWebhook < BaseAction
 
   self.confirm_button_label = "Delete Webhook"
 
-  class ActionHandler < ActionHandler
-    def handle_model(webhook)
+  class ActionHandler < Avo::Actions::ActionHandler
+    def handle_record(webhook)
       webhook.destroy!
       WebHooksMailer.webhook_deleted(webhook.user_id, webhook.rubygem_id, webhook.url, webhook.failure_count).deliver_later
     end
diff --git a/app/avo/actions/refresh_oidc_provider.rb b/app/avo/actions/refresh_oidc_provider.rb
index c53e53d766f..eac8c960589 100644
--- a/app/avo/actions/refresh_oidc_provider.rb
+++ b/app/avo/actions/refresh_oidc_provider.rb
@@ -1,4 +1,4 @@
-class RefreshOIDCProvider < BaseAction
+class Avo::Actions::RefreshOIDCProvider < Avo::Actions::ApplicationAction
   self.name = "Refresh OIDC Provider"
   self.visible = lambda {
     current_user.team_member?("rubygems-org") && view == :show
@@ -10,8 +10,8 @@ class RefreshOIDCProvider < BaseAction
 
   self.confirm_button_label = "Refresh"
 
-  class ActionHandler < ActionHandler
-    def handle_model(provider)
+  class ActionHandler < Avo::Actions::ActionHandler
+    def handle_record(provider)
       RefreshOIDCProviderJob.perform_now(provider:)
     end
   end
diff --git a/app/avo/actions/release_reserved_namespace.rb b/app/avo/actions/release_reserved_namespace.rb
index 1cbbe8b793c..8ae227a433f 100644
--- a/app/avo/actions/release_reserved_namespace.rb
+++ b/app/avo/actions/release_reserved_namespace.rb
@@ -1,4 +1,4 @@
-class ReleaseReservedNamespace < BaseAction
+class Avo::Actions::ReleaseReservedNamespace < Avo::Actions::ApplicationAction
   self.name = "Release reserved namespace"
   self.visible = lambda {
     current_user.team_member?("rubygems-org") && view == :show
@@ -10,8 +10,8 @@ class ReleaseReservedNamespace < BaseAction
 
   self.confirm_button_label = "Release namespace"
 
-  class ActionHandler < ActionHandler
-    def handle_model(rubygem)
+  class ActionHandler < Avo::Actions::ActionHandler
+    def handle_record(rubygem)
       rubygem.release_reserved_namespace!
     end
   end
diff --git a/app/avo/actions/reset_api_key.rb b/app/avo/actions/reset_api_key.rb
index 9f5240c4958..51b89340bb3 100644
--- a/app/avo/actions/reset_api_key.rb
+++ b/app/avo/actions/reset_api_key.rb
@@ -1,4 +1,4 @@
-class ResetApiKey < BaseAction
+class Avo::Actions::ResetApiKey < Avo::Actions::ApplicationAction
   self.name = "Reset Api Key"
   self.visible = lambda {
     current_user.team_member?("rubygems-org") && view == :show
@@ -8,15 +8,18 @@ class ResetApiKey < BaseAction
   }
   self.confirm_button_label = "Reset Api Key"
 
-  field :template, as: :select,
-    options: {
-      "Public Gem": :public_gem_reset_api_key,
-      Honeycomb: :honeycomb_reset_api_key
-    },
-    help: "Select mailer template"
+  def fields
+    field :template, as: :select,
+      options: {
+        "Public Gem": :public_gem_reset_api_key,
+        Honeycomb: :honeycomb_reset_api_key
+      },
+      help: "Select mailer template"
+    super
+  end
 
-  class ActionHandler < ActionHandler
-    def handle_model(user)
+  class ActionHandler < Avo::Actions::ActionHandler
+    def handle_record(user)
       user.reset_api_key!
 
       Mailer.reset_api_key(user, fields["template"]).deliver_later
diff --git a/app/avo/actions/reset_user_2fa.rb b/app/avo/actions/reset_user_2fa.rb
index 03e19a1d518..c775f717593 100644
--- a/app/avo/actions/reset_user_2fa.rb
+++ b/app/avo/actions/reset_user_2fa.rb
@@ -1,4 +1,4 @@
-class ResetUser2fa < BaseAction
+class Avo::Actions::ResetUser2fa < Avo::Actions::ApplicationAction
   self.name = "Reset User 2FA"
   self.visible = lambda {
     current_user.team_member?("rubygems-org") && view == :show
@@ -10,8 +10,8 @@ class ResetUser2fa < BaseAction
 
   self.confirm_button_label = "Reset MFA"
 
-  class ActionHandler < ActionHandler
-    def handle_model(user)
+  class ActionHandler < Avo::Actions::ActionHandler
+    def handle_record(user)
       user.disable_totp!
       user.password = SecureRandom.hex(20).encode("UTF-8")
       user.save!
diff --git a/app/avo/actions/restore_version.rb b/app/avo/actions/restore_version.rb
index 2a5bf7f250f..bfb80bdba34 100644
--- a/app/avo/actions/restore_version.rb
+++ b/app/avo/actions/restore_version.rb
@@ -1,17 +1,17 @@
-class RestoreVersion < BaseAction
+class Avo::Actions::RestoreVersion < Avo::Actions::ApplicationAction
   self.name = "Restore version"
   self.visible = lambda {
     current_user.team_member?("rubygems-org") &&
       view == :show &&
-      resource.model.deletion.present?
+      resource.record.deletion.present?
   }
   self.message = lambda {
     "Are you sure you would like to restore #{record.slug} with "
   }
   self.confirm_button_label = "Restore version"
 
-  class ActionHandler < ActionHandler
-    def handle_model(version)
+  class ActionHandler < Avo::Actions::ActionHandler
+    def handle_record(version)
       version.deletion&.restore!
     end
   end
diff --git a/app/avo/actions/unblock_user.rb b/app/avo/actions/unblock_user.rb
index 69643f42433..d8e7305bb07 100644
--- a/app/avo/actions/unblock_user.rb
+++ b/app/avo/actions/unblock_user.rb
@@ -1,4 +1,4 @@
-class UnblockUser < BaseAction
+class Avo::Actions::UnblockUser < Avo::Actions::ApplicationAction
   self.name = "Unblock User"
   self.visible = lambda {
     current_user.team_member?("rubygems-org") && view == :show && record.blocked?
@@ -10,8 +10,8 @@ class UnblockUser < BaseAction
 
   self.confirm_button_label = "Unblock User"
 
-  class ActionHandler < ActionHandler
-    def handle_model(user)
+  class ActionHandler < Avo::Actions::ActionHandler
+    def handle_record(user)
       user.unblock!
     end
   end
diff --git a/app/avo/actions/upload_info_file.rb b/app/avo/actions/upload_info_file.rb
index 38740af0a4f..264dd083ac9 100644
--- a/app/avo/actions/upload_info_file.rb
+++ b/app/avo/actions/upload_info_file.rb
@@ -1,12 +1,12 @@
-class UploadInfoFile < BaseAction
+class Avo::Actions::UploadInfoFile < Avo::Actions::ApplicationAction
   self.name = "Upload Info File"
   self.visible = lambda {
     current_user.team_member?("rubygems-org") && view == :show
   }
   self.confirm_button_label = "Upload"
 
-  class ActionHandler < ActionHandler
-    def handle_model(rubygem)
+  class ActionHandler < Avo::Actions::ActionHandler
+    def handle_record(rubygem)
       UploadInfoFileJob.perform_later(rubygem_name: rubygem.name)
 
       succeed("Upload job scheduled")
diff --git a/app/avo/actions/upload_names_file.rb b/app/avo/actions/upload_names_file.rb
index 1ab53b4ce95..c9eac66a398 100644
--- a/app/avo/actions/upload_names_file.rb
+++ b/app/avo/actions/upload_names_file.rb
@@ -1,4 +1,4 @@
-class UploadNamesFile < BaseAction
+class Avo::Actions::UploadNamesFile < Avo::Actions::ApplicationAction
   self.name = "Upload Names File"
   self.visible = lambda {
     current_user.team_member?("rubygems-org") && view == :index
@@ -6,7 +6,7 @@ class UploadNamesFile < BaseAction
   self.standalone = true
   self.confirm_button_label = "Upload"
 
-  class ActionHandler < ActionHandler
+  class ActionHandler < Avo::Actions::ActionHandler
     def handle_standalone
       UploadNamesFileJob.perform_later
 
diff --git a/app/avo/actions/upload_versions_file.rb b/app/avo/actions/upload_versions_file.rb
index ee5f700a02a..7a14e02a864 100644
--- a/app/avo/actions/upload_versions_file.rb
+++ b/app/avo/actions/upload_versions_file.rb
@@ -1,4 +1,4 @@
-class UploadVersionsFile < BaseAction
+class Avo::Actions::UploadVersionsFile < Avo::Actions::ApplicationAction
   self.name = "Upload Versions File"
   self.visible = lambda {
     current_user.team_member?("rubygems-org") && view == :index
@@ -6,7 +6,7 @@ class UploadVersionsFile < BaseAction
   self.standalone = true
   self.confirm_button_label = "Upload"
 
-  class ActionHandler < ActionHandler
+  class ActionHandler < Avo::Actions::ActionHandler
     def handle_standalone
       UploadVersionsFileJob.perform_later
 
diff --git a/app/avo/actions/version_after_write.rb b/app/avo/actions/version_after_write.rb
index 94490970847..cfbe40a9933 100644
--- a/app/avo/actions/version_after_write.rb
+++ b/app/avo/actions/version_after_write.rb
@@ -1,9 +1,9 @@
-class VersionAfterWrite < BaseAction
+class Avo::Actions::VersionAfterWrite < Avo::Actions::ApplicationAction
   self.name = "Run version post-write job"
   self.visible = lambda {
     current_user.team_member?("rubygems-org") &&
       view == :show &&
-      resource.model.deletion.blank?
+      resource.record.deletion.blank?
   }
 
   self.message = lambda {
@@ -12,8 +12,8 @@ class VersionAfterWrite < BaseAction
 
   self.confirm_button_label = "Run Job"
 
-  class ActionHandler < ActionHandler
-    def handle_model(version)
+  class ActionHandler < Avo::Actions::ActionHandler
+    def handle_record(version)
       AfterVersionWriteJob.new(version: version).perform(version: version)
     end
   end
diff --git a/app/avo/actions/yank_rubygem.rb b/app/avo/actions/yank_rubygem.rb
index 21c9771ef37..ddc86f8a855 100644
--- a/app/avo/actions/yank_rubygem.rb
+++ b/app/avo/actions/yank_rubygem.rb
@@ -1,17 +1,18 @@
-class YankRubygem < BaseAction
+class Avo::Actions::YankRubygem < Avo::Actions::ApplicationAction
   OPTION_ALL = "All".freeze
 
-  field :version, as: :select,
-    options: lambda { |model:, resource:, view:, field:| # rubocop:disable Lint/UnusedBlockArgument
-      [OPTION_ALL] + model.versions.indexed.pluck(:number, :id)
-    },
-    help: "Select Version which needs to be yanked."
+  def fields
+    field :version, as: :select,
+      options: -> { [OPTION_ALL] + record.versions.indexed.pluck(:number, :id) },
+      help: "Select Version which needs to be yanked."
+    super
+  end
 
   self.name = "Yank Rubygem"
   self.visible = lambda {
     current_user.team_member?("rubygems-org") &&
       view == :show &&
-      resource.model.versions.indexed.present?
+      resource.record.versions.indexed.present?
   }
 
   self.message = lambda {
@@ -20,8 +21,8 @@ class YankRubygem < BaseAction
 
   self.confirm_button_label = "Yank Rubygem"
 
-  class ActionHandler < ActionHandler
-    def handle_model(rubygem)
+  class ActionHandler < Avo::Actions::ActionHandler
+    def handle_record(rubygem)
       version_id = fields["version"]
       version_id_to_yank = version_id if version_id != OPTION_ALL
 
diff --git a/app/avo/actions/yank_rubygems_for_user.rb b/app/avo/actions/yank_rubygems_for_user.rb
index d6f5e00e334..ba3edb0b157 100644
--- a/app/avo/actions/yank_rubygems_for_user.rb
+++ b/app/avo/actions/yank_rubygems_for_user.rb
@@ -1,9 +1,9 @@
-class YankRubygemsForUser < BaseAction
+class Avo::Actions::YankRubygemsForUser < Avo::Actions::ApplicationAction
   self.name = "Yank all Rubygems"
   self.visible = lambda {
     current_user.team_member?("rubygems-org") &&
       view == :show &&
-      resource.model.rubygems.present?
+      resource.record.rubygems.present?
   }
 
   self.message = lambda {
@@ -12,8 +12,8 @@ class YankRubygemsForUser < BaseAction
 
   self.confirm_button_label = "Yank all Rubygems"
 
-  class ActionHandler < ActionHandler
-    def handle_model(user)
+  class ActionHandler < Avo::Actions::ActionHandler
+    def handle_record(user)
       user.rubygems.find_each do |rubygem|
         rubygem.yank_versions!(force: true)
       end
diff --git a/app/avo/actions/yank_user.rb b/app/avo/actions/yank_user.rb
index 1f4f34acdf8..9a0612048cf 100644
--- a/app/avo/actions/yank_user.rb
+++ b/app/avo/actions/yank_user.rb
@@ -1,4 +1,4 @@
-class YankUser < BaseAction
+class Avo::Actions::YankUser < Avo::Actions::ApplicationAction
   self.name = "Yank User"
   self.visible = lambda {
     current_user.team_member?("rubygems-org") && view == :show
@@ -8,8 +8,8 @@ class YankUser < BaseAction
   }
   self.confirm_button_label = "Yank User"
 
-  class ActionHandler < ActionHandler
-    def handle_model(user)
+  class ActionHandler < Avo::Actions::ActionHandler
+    def handle_record(user)
       user.rubygems.find_each do |rubygem|
         rubygem.yank_versions!(force: true)
       end
diff --git a/app/avo/cards/dashboard_welcome_card.rb b/app/avo/cards/dashboard_welcome_card.rb
index 8cbadb73c47..e5d37e51490 100644
--- a/app/avo/cards/dashboard_welcome_card.rb
+++ b/app/avo/cards/dashboard_welcome_card.rb
@@ -1,4 +1,4 @@
-class DashboardWelcomeCard < Avo::Dashboards::PartialCard
+class Avo::Cards::DashboardWelcomeCard < Avo::Cards::PartialCard
   self.id = "dashboard_welcome_card"
   self.label = "Welcome to the RubyGems.org admin dashboard!"
   self.partial = "avo/cards/dashboard_welcome_card"
diff --git a/app/avo/cards/pushes_chart.rb b/app/avo/cards/pushes_chart.rb
index 5d45743df0b..523970c762f 100644
--- a/app/avo/cards/pushes_chart.rb
+++ b/app/avo/cards/pushes_chart.rb
@@ -1,4 +1,4 @@
-class PushesChart < Avo::Dashboards::ChartkickCard
+class Avo::Cards::PushesChart < Avo::Cards::ChartkickCard
   self.id = "pushes_chart"
   self.label = "Pushes by day"
   self.chart_type = :line_chart
diff --git a/app/avo/cards/rubygems_metric.rb b/app/avo/cards/rubygems_metric.rb
index 03f9dfc57a6..cd74a871bed 100644
--- a/app/avo/cards/rubygems_metric.rb
+++ b/app/avo/cards/rubygems_metric.rb
@@ -1,4 +1,4 @@
-class RubygemsMetric < Avo::Dashboards::MetricCard
+class Avo::Cards::RubygemsMetric < Avo::Cards::MetricCard
   self.id = "rubygems_metric"
   self.label = "RubyGems "
   self.cols = 2
diff --git a/app/avo/cards/users_metric.rb b/app/avo/cards/users_metric.rb
index 18033d49463..e9eb71941f2 100644
--- a/app/avo/cards/users_metric.rb
+++ b/app/avo/cards/users_metric.rb
@@ -1,4 +1,4 @@
-class UsersMetric < Avo::Dashboards::MetricCard
+class Avo::Cards::UsersMetric < Avo::Cards::MetricCard
   self.id = "users_metric"
   self.label = "Total users"
   self.cols = 2
diff --git a/app/avo/cards/versions_metric.rb b/app/avo/cards/versions_metric.rb
index fefa912a30f..0c245831f40 100644
--- a/app/avo/cards/versions_metric.rb
+++ b/app/avo/cards/versions_metric.rb
@@ -1,4 +1,4 @@
-class VersionsMetric < Avo::Dashboards::MetricCard
+class Avo::Cards::VersionsMetric < Avo::Cards::MetricCard
   self.id = "versions_metric"
   self.label = "Versions pushed"
 
diff --git a/app/avo/dashboards/dashy.rb b/app/avo/dashboards/dashy.rb
index 3a5ef54376c..18e8c43ebff 100644
--- a/app/avo/dashboards/dashy.rb
+++ b/app/avo/dashboards/dashy.rb
@@ -1,21 +1,22 @@
-class Dashy < Avo::Dashboards::BaseDashboard
+class Avo::Dashboards::Dashy < Avo::Dashboards::BaseDashboard
   self.id = "dashy"
-  self.name = "Dashy"
+  self.name = "Avo::Dashboards::Dashy"
   self.grid_cols = 6
   self.visible = lambda {
     current_user.team_member?("rubygems-org")
   }
 
-  # cards go here
-  card DashboardWelcomeCard
+  def cards
+    card Avo::Cards::DashboardWelcomeCard
 
-  divider label: "Metrics"
+    divider label: "Metrics"
 
-  card UsersMetric
-  card VersionsMetric
-  card RubygemsMetric
+    card Avo::Cards::UsersMetric
+    card Avo::Cards::VersionsMetric
+    card Avo::Cards::RubygemsMetric
 
-  divider label: "Charts"
+    divider label: "Charts"
 
-  card PushesChart
+    card Avo::Cards::PushesChart
+  end
 end
diff --git a/app/avo/fields/array_of_field.rb b/app/avo/fields/array_of_field.rb
index 7688f1662ed..d86dba064d2 100644
--- a/app/avo/fields/array_of_field.rb
+++ b/app/avo/fields/array_of_field.rb
@@ -1,9 +1,9 @@
-class ArrayOfField < Avo::Fields::BaseField
+class Avo::Fields::ArrayOfField < Avo::Fields::BaseField
   def initialize(name, field:, field_options: {}, **args, &block)
     super(name, **args, &nil)
 
     @make_field = lambda do |id:, index: nil, value: nil|
-      items_holder = Avo::ItemsHolder.new
+      items_holder = Avo::Resources::Items::Holder.new
       items_holder.field(id, name: index&.to_s || self.name, as: field, required: -> { false }, value:, **field_options, &block)
       items_holder.items.sole.hydrate(view:, resource:)
     end
diff --git a/app/avo/fields/audited_changes_field.rb b/app/avo/fields/audited_changes_field.rb
index 4d4398abcb3..3f4e8b522bb 100644
--- a/app/avo/fields/audited_changes_field.rb
+++ b/app/avo/fields/audited_changes_field.rb
@@ -1,2 +1,2 @@
-class AuditedChangesField < Avo::Fields::BaseField
+class Avo::Fields::AuditedChangesField < Avo::Fields::BaseField
 end
diff --git a/app/avo/fields/event_additional_field.rb b/app/avo/fields/event_additional_field.rb
index 3e42dc93235..faf2f30f69f 100644
--- a/app/avo/fields/event_additional_field.rb
+++ b/app/avo/fields/event_additional_field.rb
@@ -1,13 +1,13 @@
-class EventAdditionalField < Avo::Fields::BaseField
+class Avo::Fields::EventAdditionalField < Avo::Fields::BaseField
   def nested_field
-    return unless @model
-    additional_type = @model.additional_type
+    return unless record
+    additional_type = record.additional_type
     if additional_type.nil?
       return JsonViewerField.new(id, **@args)
-          .hydrate(model:, resource:, action:, view:, panel_name:, user:)
+          .hydrate(record:, resource:, action:, view:, panel_name:, user:)
     end
 
-    NestedField.new(id, **@args) do
+    Avo::Fields::NestedField.new(id, **@args) do
       additional_type.attribute_types.each do |attribute_name, type|
         case type
         when Types::GlobalId
@@ -20,7 +20,7 @@ def nested_field
           field attribute_name.to_sym, as: :json_viewer, hide_on: :index
         end
       end
-    end.hydrate(model:, resource:, action:, view:, panel_name:, user:)
+    end.hydrate(record:, resource:, action:, view:, panel_name:, user:)
   end
 
   methods = %i[fill_field value update_using to_permitted_param component_for_view visible get_fields]
diff --git a/app/avo/fields/global_id_field.rb b/app/avo/fields/global_id_field.rb
index 0f72f5637af..59cce30fcbc 100644
--- a/app/avo/fields/global_id_field.rb
+++ b/app/avo/fields/global_id_field.rb
@@ -1,4 +1,4 @@
-class GlobalIdField < Avo::Fields::BelongsToField
+class Avo::Fields::GlobalIdField < Avo::Fields::BelongsToField
   include SemanticLogger::Loggable
 
   delegate(*%i[values_for_type custom?], to: :@nil)
diff --git a/app/avo/fields/json_viewer_field.rb b/app/avo/fields/json_viewer_field.rb
index df4d52e45d3..aedb7030e5f 100644
--- a/app/avo/fields/json_viewer_field.rb
+++ b/app/avo/fields/json_viewer_field.rb
@@ -1,4 +1,4 @@
-class JsonViewerField < Avo::Fields::CodeField
+class Avo::Fields::JsonViewerField < Avo::Fields::CodeField
   def initialize(name, **args, &)
     super(name, **args, language: :javascript, line_wrapping: true, &)
   end
diff --git a/app/avo/fields/nested_field.rb b/app/avo/fields/nested_field.rb
index 769216a026a..c0078d70892 100644
--- a/app/avo/fields/nested_field.rb
+++ b/app/avo/fields/nested_field.rb
@@ -1,8 +1,8 @@
-class NestedField < Avo::Fields::BaseField
-  include Avo::Concerns::HasFields
+class Avo::Fields::NestedField < Avo::Fields::BaseField
+  include Avo::Concerns::HasItems
 
   def initialize(name, stacked: true, **args, &block)
-    @items_holder = Avo::ItemsHolder.new
+    @items_holder = Avo::Resources::Items::Holder.new
     hide_on :index
     super(name, stacked:, **args, &nil)
     instance_exec(&block) if block
diff --git a/app/avo/fields/select_record_field.rb b/app/avo/fields/select_record_field.rb
index 83da8985919..e4d07e2373e 100644
--- a/app/avo/fields/select_record_field.rb
+++ b/app/avo/fields/select_record_field.rb
@@ -1,4 +1,4 @@
-class SelectRecordField < Avo::Fields::BelongsToField
+class Avo::Fields::SelectRecordField < Avo::Fields::BelongsToField
   def foreign_key
     id
   end
@@ -7,4 +7,8 @@ def resolve_attribute(value)
     return if value.blank?
     target_resource.find_record value
   end
+
+  def form_field_label
+    is_searchable? ? id : super
+  end
 end
diff --git a/app/avo/filters/email_filter.rb b/app/avo/filters/email_filter.rb
index 2a3375c86c5..2cbc9e19912 100644
--- a/app/avo/filters/email_filter.rb
+++ b/app/avo/filters/email_filter.rb
@@ -1,4 +1,4 @@
-class EmailFilter < Avo::Filters::TextFilter
+class Avo::Filters::EmailFilter < Avo::Filters::TextFilter
   self.name = "Email filter"
   self.button_label = "Filter by email"
 
diff --git a/app/avo/filters/scope_boolean_filter.rb b/app/avo/filters/scope_boolean_filter.rb
index 6addbbcb400..67543347576 100644
--- a/app/avo/filters/scope_boolean_filter.rb
+++ b/app/avo/filters/scope_boolean_filter.rb
@@ -1,4 +1,4 @@
-class ScopeBooleanFilter < Avo::Filters::BooleanFilter
+class Avo::Filters::ScopeBooleanFilter < Avo::Filters::BooleanFilter
   def name
     arguments.fetch(:name) { self.class.to_s.demodulize.underscore.sub(/_filter$/, "").titleize }
   end
diff --git a/app/avo/resources/admin_github_user.rb b/app/avo/resources/admin_github_user.rb
new file mode 100644
index 00000000000..1f90f36b113
--- /dev/null
+++ b/app/avo/resources/admin_github_user.rb
@@ -0,0 +1,34 @@
+class Avo::Resources::AdminGitHubUser < Avo::BaseResource
+  self.title = :login
+  self.includes = []
+  self.model_class = ::Admin::GitHubUser
+  self.search = {
+    query: lambda {
+             query.where("login LIKE ?", "%#{params[:q]}%")
+           }
+  }
+
+  self.description = "GitHub users that have authenticated via the admin OAuth flow."
+
+  def fields
+    field :id, as: :id
+
+    field :is_admin, as: :boolean, readonly: true
+    field :login, as: :text, readonly: true,
+      as_html: true,
+      format_using: -> { link_to value, "https://github.com/#{value}" }
+    field :avatar_url, as: :external_image, name: "Avatar", readonly: true
+    field :github_id, as: :text, readonly: true
+    field :oauth_token, as: :text, visible: -> { false }
+
+    field :details, as: :heading
+
+    field :teams, as: :tags, readonly: true, format_using: -> { value.pluck(:slug) }
+
+    field :info_data,
+      as: :code, readonly: true, language: :javascript,
+      format_using: -> { JSON.pretty_generate value }
+
+    field :audits, as: :has_many
+  end
+end
diff --git a/app/avo/resources/admin_github_user_resource.rb b/app/avo/resources/admin_github_user_resource.rb
deleted file mode 100644
index 65a1e6c79e3..00000000000
--- a/app/avo/resources/admin_github_user_resource.rb
+++ /dev/null
@@ -1,31 +0,0 @@
-class AdminGitHubUserResource < Avo::BaseResource
-  self.title = :login
-  self.includes = []
-  self.model_class = ::Admin::GitHubUser
-  self.authorization_policy = ::Admin::GitHubUserPolicy
-  self.search_query = lambda {
-    scope.where("login LIKE ?", "%#{params[:q]}%")
-  }
-
-  self.description = "GitHub users that have authenticated via the admin OAuth flow."
-
-  field :id, as: :id
-
-  field :is_admin, as: :boolean, readonly: true
-  field :login, as: :text, readonly: true,
-    as_html: true,
-    format_using: -> { link_to value, "https://github.com/#{value}" }
-  field :avatar_url, as: :external_image, name: "Avatar", readonly: true
-  field :github_id, as: :text, readonly: true
-  field :oauth_token, as: :text, visible: ->(resource:) { false } # rubocop:disable Lint/UnusedBlockArgument
-
-  heading "Details"
-
-  field :teams, as: :tags, readonly: true, format_using: -> { value.pluck(:slug) }
-
-  field :info_data,
-    as: :code, readonly: true, language: :javascript,
-    format_using: -> { JSON.pretty_generate value }
-
-  field :audits, as: :has_many
-end
diff --git a/app/avo/resources/api_key.rb b/app/avo/resources/api_key.rb
new file mode 100644
index 00000000000..c3c2251565e
--- /dev/null
+++ b/app/avo/resources/api_key.rb
@@ -0,0 +1,46 @@
+class Avo::Resources::ApiKey < Avo::BaseResource
+  self.title = :name
+  self.includes = []
+
+  class ExpiredFilter < Avo::Filters::ScopeBooleanFilter; end
+
+  def filters
+    filter ExpiredFilter, arguments: { default: { expired: false, unexpired: true } }
+  end
+
+  def fields
+    main_panel do
+      field :id, as: :id, hide_on: :index
+
+      field :name, as: :text, link_to_resource: true
+      field :hashed_key, as: :text, visible: -> { false }
+      field :user, as: :belongs_to, visible: -> { false }
+      field :owner, as: :belongs_to,
+        polymorphic_as: :owner,
+        types: [::User, ::OIDC::TrustedPublisher::GitHubAction]
+      field :last_accessed_at, as: :date_time
+      field :soft_deleted_at, as: :date_time
+      field :soft_deleted_rubygem_name, as: :text
+      field :expires_at, as: :date_time
+
+      field :enabled_scopes, as: :tags
+
+      sidebar do
+        field :permissions, as: :heading
+
+        field :index_rubygems, as: :boolean
+        field :push_rubygem, as: :boolean
+        field :yank_rubygem, as: :boolean
+        field :add_owner, as: :boolean
+        field :remove_owner, as: :boolean
+        field :access_webhooks, as: :boolean
+        field :show_dashboard, as: :boolean
+        field :mfa, as: :boolean
+      end
+    end
+
+    field :api_key_rubygem_scope, as: :has_one
+    field :ownership, as: :has_one
+    field :oidc_id_token, as: :has_one
+  end
+end
diff --git a/app/avo/resources/api_key_resource.rb b/app/avo/resources/api_key_resource.rb
deleted file mode 100644
index dfcec27ceb2..00000000000
--- a/app/avo/resources/api_key_resource.rb
+++ /dev/null
@@ -1,39 +0,0 @@
-class ApiKeyResource < Avo::BaseResource
-  self.title = :name
-  self.includes = []
-
-  class ExpiredFilter < ScopeBooleanFilter; end
-  filter ExpiredFilter, arguments: { default: { expired: false, unexpired: true } }
-
-  field :id, as: :id, hide_on: :index
-
-  field :name, as: :text, link_to_resource: true
-  field :hashed_key, as: :text, visible: ->(_) { false }
-  field :user, as: :belongs_to, visible: ->(_) { false }
-  field :owner, as: :belongs_to,
-    polymorphic_as: :owner,
-    types: ["User", "OIDC::TrustedPublisher::GitHubAction"]
-  field :last_accessed_at, as: :date_time
-  field :soft_deleted_at, as: :date_time
-  field :soft_deleted_rubygem_name, as: :text
-  field :expires_at, as: :date_time
-
-  field :scopes, as: :tags
-
-  sidebar do
-    heading "Permissions"
-
-    field :index_rubygems, as: :boolean
-    field :push_rubygem, as: :boolean
-    field :yank_rubygem, as: :boolean
-    field :add_owner, as: :boolean
-    field :remove_owner, as: :boolean
-    field :access_webhooks, as: :boolean
-    field :show_dashboard, as: :boolean
-    field :mfa, as: :boolean
-  end
-
-  field :api_key_rubygem_scope, as: :has_one
-  field :ownership, as: :has_one
-  field :oidc_id_token, as: :has_one
-end
diff --git a/app/avo/resources/api_key_rubygem_scope.rb b/app/avo/resources/api_key_rubygem_scope.rb
new file mode 100644
index 00000000000..e8105285828
--- /dev/null
+++ b/app/avo/resources/api_key_rubygem_scope.rb
@@ -0,0 +1,11 @@
+class Avo::Resources::ApiKeyRubygemScope < Avo::BaseResource
+  self.title = :cache_key
+  self.includes = []
+
+  def fields
+    field :id, as: :id
+
+    field :api_key, as: :belongs_to
+    field :ownership, as: :belongs_to
+  end
+end
diff --git a/app/avo/resources/api_key_rubygem_scope_resource.rb b/app/avo/resources/api_key_rubygem_scope_resource.rb
deleted file mode 100644
index 9560edba16c..00000000000
--- a/app/avo/resources/api_key_rubygem_scope_resource.rb
+++ /dev/null
@@ -1,9 +0,0 @@
-class ApiKeyRubygemScopeResource < Avo::BaseResource
-  self.title = :cache_key
-  self.includes = []
-
-  field :id, as: :id
-
-  field :api_key, as: :belongs_to
-  field :ownership, as: :belongs_to
-end
diff --git a/app/avo/resources/audit.rb b/app/avo/resources/audit.rb
new file mode 100644
index 00000000000..4395346edd1
--- /dev/null
+++ b/app/avo/resources/audit.rb
@@ -0,0 +1,47 @@
+class Avo::Resources::Audit < Avo::BaseResource
+  self.includes = %i[
+    admin_github_user
+    auditable
+  ]
+
+  def fields
+    main_panel do
+      field :action, as: :text
+
+      if defined?(Avo::Pro)
+        sidebar do
+          panel_sidebar_contents
+        end
+      else
+        panel_sidebar_contents
+      end
+
+      field :audited_changes, as: :audited_changes, except_on: :index
+    end
+  end
+
+  def panel_sidebar_contents
+    field :admin_github_user, as: :belongs_to
+    field :created_at, as: :date_time
+    field :comment, as: :text
+
+    field :auditable, as: :belongs_to,
+      polymorphic_as: :auditable,
+      types: [::User, ::WebHook],
+      name: "Edited Record"
+
+    field :action_details, as: :heading
+
+    field :audited_changes_arguments, as: :json_viewer, only_on: :show do |_model|
+      record.audited_changes["arguments"]
+    end
+    field :audited_changes_fields, as: :json_viewer, only_on: :show do |_model|
+      record.audited_changes["fields"]
+    end
+    field :audited_changes_models, as: :text, as_html: true, only_on: :show do
+      record.audited_changes["models"]
+    end
+
+    field :id, as: :id
+  end
+end
diff --git a/app/avo/resources/audit_resource.rb b/app/avo/resources/audit_resource.rb
deleted file mode 100644
index 548729de209..00000000000
--- a/app/avo/resources/audit_resource.rb
+++ /dev/null
@@ -1,36 +0,0 @@
-class AuditResource < Avo::BaseResource
-  self.title = :id
-  self.includes = %i[
-    admin_github_user
-    auditable
-  ]
-
-  field :action, as: :text
-
-  sidebar do
-    field :admin_github_user, as: :belongs_to
-    field :created_at, as: :date_time
-    field :comment, as: :text
-
-    field :auditable, as: :belongs_to,
-      polymorphic_as: :auditable,
-      types: %w[User WebHook],
-      name: "Edited Record"
-
-    heading "Action Details"
-
-    field :audited_changes_arguments, as: :json_viewer, only_on: :show do |model|
-      model.audited_changes["arguments"]
-    end
-    field :audited_changes_fields, as: :json_viewer, only_on: :show do |model|
-      model.audited_changes["fields"]
-    end
-    field :audited_changes_models, as: :text, as_html: true, only_on: :show do
-      model.audited_changes["models"]
-    end
-
-    field :id, as: :id
-  end
-
-  field :audited_changes, as: :audited_changes, except_on: :index
-end
diff --git a/app/avo/resources/concerns/avo_auditable_resource.rb b/app/avo/resources/concerns/avo_auditable_resource.rb
index 5eb219fb67b..df3630780a4 100644
--- a/app/avo/resources/concerns/avo_auditable_resource.rb
+++ b/app/avo/resources/concerns/avo_auditable_resource.rb
@@ -1,20 +1,24 @@
-module Concerns::AvoAuditableResource
+module Avo::Resources::Concerns::AvoAuditableResource
   extend ActiveSupport::Concern
 
-  class_methods do
-    def inherited(base)
-      super
-      base.items_holder = Avo::ItemsHolder.new
-      base.items_holder.instance_variable_get(:@items).replace items_holder.instance_variable_get(:@items).deep_dup
-      base.items_holder.invalid_fields.replace items_holder.invalid_fields.deep_dup
-    end
+  def fetch_fields
+    super
+    return unless view.form?
+
+    field :comment, as: :textarea, required: true,
+          help: "A comment explaining why this action was taken.<br>Will be saved in the audit log.<br>Must be more than 10 characters."
   end
 
-  included do
-    panel "Auditable" do
-      field :comment, as: :textarea, required: true,
-        help: "A comment explaining why this action was taken.<br>Will be saved in the audit log.<br>Must be more than 10 characters.",
-        only_on: %i[new edit]
+  # Would be nice if there was a way to force a field to show up as visible
+  module HasItemsIncludeComment
+    def visible_items
+      items = super
+
+      if view.form?
+        comment = self.items.find { |item| item.respond_to?(:id) && item.id == :comment }
+        items << comment if comment
+      end
+      items
     end
   end
 end
diff --git a/app/avo/resources/deletion.rb b/app/avo/resources/deletion.rb
new file mode 100644
index 00000000000..d406c74d99a
--- /dev/null
+++ b/app/avo/resources/deletion.rb
@@ -0,0 +1,14 @@
+class Avo::Resources::Deletion < Avo::BaseResource
+  self.includes = [:version]
+
+  def fields
+    field :id, as: :id
+
+    field :created_at, as: :date_time, sortable: true, title: "Deleted At"
+    field :rubygem, as: :text
+    field :number, as: :text
+    field :platform, as: :text
+    field :user, as: :belongs_to
+    field :version, as: :belongs_to
+  end
+end
diff --git a/app/avo/resources/deletion_resource.rb b/app/avo/resources/deletion_resource.rb
deleted file mode 100644
index fdf0cca5387..00000000000
--- a/app/avo/resources/deletion_resource.rb
+++ /dev/null
@@ -1,17 +0,0 @@
-class DeletionResource < Avo::BaseResource
-  self.title = :id
-  self.includes = [:version]
-  # self.search_query = -> do
-  #   scope.ransack(id_eq: params[:q], m: "or").result(distinct: false)
-  # end
-
-  field :id, as: :id
-  # Fields generated from the model
-  field :created_at, as: :date_time, sortable: true, title: "Deleted At"
-  field :rubygem, as: :text
-  field :number, as: :text
-  field :platform, as: :text
-  field :user, as: :belongs_to
-  field :version, as: :belongs_to
-  # add fields here
-end
diff --git a/app/avo/resources/dependency.rb b/app/avo/resources/dependency.rb
new file mode 100644
index 00000000000..b5e364ba7a2
--- /dev/null
+++ b/app/avo/resources/dependency.rb
@@ -0,0 +1,17 @@
+class Avo::Resources::Dependency < Avo::BaseResource
+  self.includes = []
+
+  def fields
+    field :id, as: :id, link_to_resource: true
+
+    field :version, as: :belongs_to
+    field :rubygem, as: :belongs_to
+    field :requirements, as: :text
+    field :unresolved_name, as: :text
+
+    field :scope, as: :badge,
+      options: {
+        warning: "development"
+      }
+  end
+end
diff --git a/app/avo/resources/dependency_resource.rb b/app/avo/resources/dependency_resource.rb
deleted file mode 100644
index a3751556d8f..00000000000
--- a/app/avo/resources/dependency_resource.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-class DependencyResource < Avo::BaseResource
-  self.title = :id
-  self.includes = []
-  # self.search_query = -> do
-  #   scope.ransack(id_eq: params[:q], m: "or").result(distinct: false)
-  # end
-
-  field :id, as: :id, link_to_resource: true
-
-  field :version, as: :belongs_to
-  field :rubygem, as: :belongs_to
-  field :requirements, as: :text
-  field :unresolved_name, as: :text
-
-  field :scope, as: :badge,
-    options: {
-      warning: "development"
-    }
-end
diff --git a/app/avo/resources/events_rubygem_event.rb b/app/avo/resources/events_rubygem_event.rb
new file mode 100644
index 00000000000..74ab7bc5c19
--- /dev/null
+++ b/app/avo/resources/events_rubygem_event.rb
@@ -0,0 +1,30 @@
+class Avo::Resources::EventsRubygemEvent < Avo::BaseResource
+  self.title = :cache_key
+  self.includes = %i[rubygem ip_address geoip_info]
+  self.model_class = "Events::RubygemEvent"
+
+  def fields
+    field :id, as: :id, hide_on: :index
+    field :created_at, as: :date_time
+
+    field :trace_id, as: :text, format_using: proc {
+      if value.present?
+        link_to(
+          view == :index ? "🔗" : value,
+          "https://app.datadoghq.com/logs?query=#{{
+            :@traceid => value,
+          from_ts: (record.created_at - 12.hours).to_i * 1000,
+          to_ts: (record.created_at + 12.hours).to_i * 1000
+          }.to_query}",
+          { target: :_blank, rel: :noopener }
+        )
+      end
+    }
+
+    field :tag, as: :text
+    field :rubygem, as: :belongs_to
+    field :ip_address, as: :belongs_to
+    field :geoip_info, as: :belongs_to
+    field :additional, as: :event_additional, show_on: :index
+  end
+end
diff --git a/app/avo/resources/events_rubygem_event_resource.rb b/app/avo/resources/events_rubygem_event_resource.rb
deleted file mode 100644
index 00e1c212574..00000000000
--- a/app/avo/resources/events_rubygem_event_resource.rb
+++ /dev/null
@@ -1,28 +0,0 @@
-class EventsRubygemEventResource < Avo::BaseResource
-  self.title = :cache_key
-  self.includes = %i[rubygem ip_address geoip_info]
-  self.model_class = ::Events::RubygemEvent
-
-  field :id, as: :id, hide_on: :index
-  field :created_at, as: :date_time
-
-  field :trace_id, as: :text, format_using: proc {
-    if value.present?
-      link_to(
-        view == :index ? "🔗" : value,
-        "https://app.datadoghq.com/logs?query=#{{
-          :@traceid => value,
-          from_ts: (model.created_at - 12.hours).to_i * 1000,
-          to_ts: (model.created_at + 12.hours).to_i * 1000
-        }.to_query}",
-        { target: :_blank, rel: :noopener }
-      )
-    end
-  }
-
-  field :tag, as: :text
-  field :rubygem, as: :belongs_to
-  field :ip_address, as: :belongs_to
-  field :geoip_info, as: :belongs_to
-  field :additional, as: :event_additional, show_on: :index
-end
diff --git a/app/avo/resources/events_user_event.rb b/app/avo/resources/events_user_event.rb
new file mode 100644
index 00000000000..225c6fc723e
--- /dev/null
+++ b/app/avo/resources/events_user_event.rb
@@ -0,0 +1,30 @@
+class Avo::Resources::EventsUserEvent < Avo::BaseResource
+  self.title = :cache_key
+  self.includes = %i[user ip_address geoip_info]
+  self.model_class = "Events::UserEvent"
+
+  def fields
+    field :id, as: :id, hide_on: :index
+
+    field :created_at, as: :date_time
+    field :trace_id, as: :text, format_using: proc {
+      if value.present?
+        link_to(
+          view == :index ? "🔗" : value,
+          "https://app.datadoghq.com/logs?query=#{{
+            :@traceid => value,
+          from_ts: (record.created_at - 12.hours).to_i * 1000,
+          to_ts: (record.created_at + 12.hours).to_i * 1000
+          }.to_query}",
+          { target: :_blank, rel: :noopener }
+        )
+      end
+    }
+
+    field :tag, as: :text
+    field :user, as: :belongs_to
+    field :ip_address, as: :belongs_to
+    field :geoip_info, as: :belongs_to
+    field :additional, as: :event_additional, show_on: :index
+  end
+end
diff --git a/app/avo/resources/events_user_event_resource.rb b/app/avo/resources/events_user_event_resource.rb
deleted file mode 100644
index f1293d3fb1f..00000000000
--- a/app/avo/resources/events_user_event_resource.rb
+++ /dev/null
@@ -1,28 +0,0 @@
-class EventsUserEventResource < Avo::BaseResource
-  self.title = :cache_key
-  self.includes = %i[user ip_address geoip_info]
-  self.model_class = ::Events::UserEvent
-
-  field :id, as: :id, hide_on: :index
-
-  field :created_at, as: :date_time
-  field :trace_id, as: :text, format_using: proc {
-    if value.present?
-      link_to(
-        view == :index ? "🔗" : value,
-        "https://app.datadoghq.com/logs?query=#{{
-          :@traceid => value,
-          from_ts: (model.created_at - 12.hours).to_i * 1000,
-          to_ts: (model.created_at + 12.hours).to_i * 1000
-        }.to_query}",
-        { target: :_blank, rel: :noopener }
-      )
-    end
-  }
-
-  field :tag, as: :text
-  field :user, as: :belongs_to
-  field :ip_address, as: :belongs_to
-  field :geoip_info, as: :belongs_to
-  field :additional, as: :event_additional, show_on: :index
-end
diff --git a/app/avo/resources/gem_download.rb b/app/avo/resources/gem_download.rb
new file mode 100644
index 00000000000..fd33f5963b5
--- /dev/null
+++ b/app/avo/resources/gem_download.rb
@@ -0,0 +1,33 @@
+class Avo::Resources::GemDownload < Avo::BaseResource
+  self.title = :inspect
+  self.includes = %i[rubygem version]
+
+  self.index_query = lambda {
+    query.order(count: :desc)
+  }
+
+  class SpecificityFilter < Avo::Filters::ScopeBooleanFilter; end
+
+  def filters
+    filter SpecificityFilter, arguments: { default: { for_versions: true, for_rubygems: true, total: true } }
+  end
+
+  def fields
+    field :title, as: :text, link_to_resource: true do |_model, _resource, _view|
+      if record.version
+        "#{record.version.full_name} (#{record.count.to_fs(:delimited)})"
+      elsif record.rubygem
+        "#{record.rubygem} (#{record.count.to_fs(:delimited)})"
+      else
+        "All Gems (#{record.count.to_fs(:delimited)})"
+      end
+    end
+
+    field :rubygem, as: :belongs_to
+    field :version, as: :belongs_to
+    field :count, as: :number, sortable: true, html: { index: { wrapper: { classes: "text-right" } } },
+                  format_using: -> { value.to_fs(:delimited) }, default: 0
+
+    field :id, as: :id, hide_on: :index
+  end
+end
diff --git a/app/avo/resources/gem_download_resource.rb b/app/avo/resources/gem_download_resource.rb
deleted file mode 100644
index 4cc08993f07..00000000000
--- a/app/avo/resources/gem_download_resource.rb
+++ /dev/null
@@ -1,27 +0,0 @@
-class GemDownloadResource < Avo::BaseResource
-  self.title = :inspect
-  self.includes = %i[rubygem version]
-
-  self.resolve_query_scope = lambda { |model_class:|
-    model_class.order(count: :desc)
-  }
-
-  class SpecificityFilter < ScopeBooleanFilter; end
-  filter SpecificityFilter, arguments: { default: { for_versions: true, for_rubygems: true, total: true } }
-
-  field :title, as: :text, link_to_resource: true do |model, _resource, _view|
-    if model.version
-      "#{model.version.full_name} (#{model.count.to_fs(:delimited)})"
-    elsif model.rubygem
-      "#{model.rubygem} (#{model.count.to_fs(:delimited)})"
-    else
-      "All Gems (#{model.count.to_fs(:delimited)})"
-    end
-  end
-
-  field :rubygem, as: :belongs_to
-  field :version, as: :belongs_to
-  field :count, as: :number, sortable: true, index_text_align: :right, format_using: -> { value.to_fs(:delimited) }, default: 0
-
-  field :id, as: :id, hide_on: :index
-end
diff --git a/app/avo/resources/gem_name_reservation.rb b/app/avo/resources/gem_name_reservation.rb
new file mode 100644
index 00000000000..8676f15210e
--- /dev/null
+++ b/app/avo/resources/gem_name_reservation.rb
@@ -0,0 +1,14 @@
+class Avo::Resources::GemNameReservation < Avo::BaseResource
+  self.title = :name
+  self.includes = []
+  self.search = {
+    query: lambda {
+             query.where("name LIKE ?", "%#{params[:q]}%")
+           }
+  }
+
+  def fields
+    field :id, as: :id
+    field :name, as: :text
+  end
+end
diff --git a/app/avo/resources/gem_name_reservation_resource.rb b/app/avo/resources/gem_name_reservation_resource.rb
deleted file mode 100644
index 0b44fa49e59..00000000000
--- a/app/avo/resources/gem_name_reservation_resource.rb
+++ /dev/null
@@ -1,10 +0,0 @@
-class GemNameReservationResource < Avo::BaseResource
-  self.title = :name
-  self.includes = []
-  self.search_query = lambda {
-    scope.where("name LIKE ?", "%#{params[:q]}%")
-  }
-
-  field :id, as: :id
-  field :name, as: :text
-end
diff --git a/app/avo/resources/gem_typo_exception.rb b/app/avo/resources/gem_typo_exception.rb
new file mode 100644
index 00000000000..ae5579df463
--- /dev/null
+++ b/app/avo/resources/gem_typo_exception.rb
@@ -0,0 +1,19 @@
+class Avo::Resources::GemTypoException < Avo::BaseResource
+  self.title = :name
+  self.includes = []
+  self.search = {
+    query: lambda {
+             query.where("name ILIKE ?", "%#{params[:q]}%")
+           }
+  }
+
+  def fields
+    field :id, as: :id, hide_on: :index
+
+    field :name, as: :text, link_to_resource: true
+    field :info, as: :textarea
+
+    field :created_at, as: :date_time, sortable: true, readonly: true, only_on: %i[index show]
+    field :updated_at, as: :date_time, sortable: true, readonly: true, only_on: %i[index show]
+  end
+end
diff --git a/app/avo/resources/gem_typo_exception_resource.rb b/app/avo/resources/gem_typo_exception_resource.rb
deleted file mode 100644
index 8512e03d2f3..00000000000
--- a/app/avo/resources/gem_typo_exception_resource.rb
+++ /dev/null
@@ -1,15 +0,0 @@
-class GemTypoExceptionResource < Avo::BaseResource
-  self.title = :name
-  self.includes = []
-  self.search_query = lambda {
-    scope.where("name ILIKE ?", "%#{params[:q]}%")
-  }
-
-  field :id, as: :id, hide_on: :index
-  # Fields generated from the model
-  field :name, as: :text, link_to_resource: true
-  field :info, as: :textarea
-  # add fields here
-  field :created_at, as: :date_time, sortable: true, readonly: true, only_on: %i[index show]
-  field :updated_at, as: :date_time, sortable: true, readonly: true, only_on: %i[index show]
-end
diff --git a/app/avo/resources/geoip_info.rb b/app/avo/resources/geoip_info.rb
new file mode 100644
index 00000000000..ea4e35f35eb
--- /dev/null
+++ b/app/avo/resources/geoip_info.rb
@@ -0,0 +1,14 @@
+class Avo::Resources::GeoipInfo < Avo::BaseResource
+  self.includes = []
+
+  def fields
+    field :continent_code, as: :text
+    field :country_code, as: :text
+    field :country_code3, as: :text
+    field :country_name, as: :text
+    field :region, as: :text
+    field :city, as: :text
+
+    field :ip_addresses, as: :has_many
+  end
+end
diff --git a/app/avo/resources/geoip_info_resource.rb b/app/avo/resources/geoip_info_resource.rb
deleted file mode 100644
index b049c7b965c..00000000000
--- a/app/avo/resources/geoip_info_resource.rb
+++ /dev/null
@@ -1,13 +0,0 @@
-class GeoipInfoResource < Avo::BaseResource
-  self.title = :id
-  self.includes = []
-
-  field :continent_code, as: :text
-  field :country_code, as: :text
-  field :country_code3, as: :text
-  field :country_name, as: :text
-  field :region, as: :text
-  field :city, as: :text
-
-  field :ip_addresses, as: :has_many
-end
diff --git a/app/avo/resources/ip_address.rb b/app/avo/resources/ip_address.rb
new file mode 100644
index 00000000000..a0e757efaf8
--- /dev/null
+++ b/app/avo/resources/ip_address.rb
@@ -0,0 +1,24 @@
+class Avo::Resources::IpAddress < Avo::BaseResource
+  self.title = :ip_address
+  self.includes = []
+
+  self.search = {
+    hide_on_global: true,
+      query: lambda {
+               query.where("ip_address <<= inet ?", params[:q])
+             }
+  }
+
+  def fields
+    field :id, as: :id
+
+    field :ip_address, as: :text
+    field :hashed_ip_address, as: :textarea
+    field :geoip_info, as: :json_viewer
+
+    tabs style: :pills do
+      field :user_events, as: :has_many
+      field :rubygem_events, as: :has_many
+    end
+  end
+end
diff --git a/app/avo/resources/ip_address_resource.rb b/app/avo/resources/ip_address_resource.rb
deleted file mode 100644
index a6c99cc7271..00000000000
--- a/app/avo/resources/ip_address_resource.rb
+++ /dev/null
@@ -1,20 +0,0 @@
-class IpAddressResource < Avo::BaseResource
-  self.title = :ip_address
-  self.includes = []
-
-  self.hide_from_global_search = true
-  self.search_query = lambda {
-    scope.where("ip_address <<= inet ?", params[:q])
-  }
-
-  field :id, as: :id
-
-  field :ip_address, as: :text
-  field :hashed_ip_address, as: :textarea
-  field :geoip_info, as: :json_viewer
-
-  tabs style: :pills do
-    field :user_events, as: :has_many
-    field :rubygem_events, as: :has_many
-  end
-end
diff --git a/app/avo/resources/link_verification.rb b/app/avo/resources/link_verification.rb
new file mode 100644
index 00000000000..60048673afe
--- /dev/null
+++ b/app/avo/resources/link_verification.rb
@@ -0,0 +1,16 @@
+class Avo::Resources::LinkVerification < Avo::BaseResource
+  self.includes = []
+
+  def fields
+    field :id, as: :id
+
+    field :linkable, as: :belongs_to,
+      polymorphic_as: :linkable,
+      types: [::Rubygem]
+    field :uri, as: :text
+    field :verified?, as: :boolean
+    field :last_verified_at, as: :date_time
+    field :last_failure_at, as: :date_time
+    field :failures_since_last_verification, as: :number
+  end
+end
diff --git a/app/avo/resources/link_verification_resource.rb b/app/avo/resources/link_verification_resource.rb
deleted file mode 100644
index ee60c06d904..00000000000
--- a/app/avo/resources/link_verification_resource.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-class LinkVerificationResource < Avo::BaseResource
-  self.title = :id
-  self.includes = []
-  # self.search_query = -> do
-  #   scope.ransack(id_eq: params[:q], m: "or").result(distinct: false)
-  # end
-
-  field :id, as: :id
-  # Fields generated from the model
-  field :linkable, as: :belongs_to,
-    polymorphic_as: :linkable,
-    types: %w[Rubygem]
-  field :uri, as: :text
-  field :verified?, as: :boolean
-  field :last_verified_at, as: :date_time
-  field :last_failure_at, as: :date_time
-  field :failures_since_last_verification, as: :number
-  # add fields here
-end
diff --git a/app/avo/resources/linkset.rb b/app/avo/resources/linkset.rb
new file mode 100644
index 00000000000..aa642178821
--- /dev/null
+++ b/app/avo/resources/linkset.rb
@@ -0,0 +1,13 @@
+class Avo::Resources::Linkset < Avo::BaseResource
+  self.includes = [:rubygem]
+  self.visible_on_sidebar = false
+
+  def fields
+    field :id, as: :id, link_to_resource: true
+    field :rubygem, as: :belongs_to
+
+    Linkset::LINKS.each do |link|
+      field link, as: :text, format_using: -> { link_to value, value if value.present? }
+    end
+  end
+end
diff --git a/app/avo/resources/linkset_resource.rb b/app/avo/resources/linkset_resource.rb
deleted file mode 100644
index ac5966a45bf..00000000000
--- a/app/avo/resources/linkset_resource.rb
+++ /dev/null
@@ -1,12 +0,0 @@
-class LinksetResource < Avo::BaseResource
-  self.title = :id
-  self.includes = [:rubygem]
-  self.visible_on_sidebar = false
-
-  field :id, as: :id, link_to_resource: true
-  field :rubygem, as: :belongs_to
-
-  Linkset::LINKS.each do |link|
-    field link, as: :text, format_using: -> { link_to value, value if value.present? }
-  end
-end
diff --git a/app/avo/resources/log_ticket.rb b/app/avo/resources/log_ticket.rb
new file mode 100644
index 00000000000..1a16fbb13a1
--- /dev/null
+++ b/app/avo/resources/log_ticket.rb
@@ -0,0 +1,21 @@
+class Avo::Resources::LogTicket < Avo::BaseResource
+  self.includes = []
+
+  class BackendFilter < Avo::Filters::ScopeBooleanFilter; end
+  class StatusFilter < Avo::Filters::ScopeBooleanFilter; end
+
+  def filters
+    filter BackendFilter, arguments: { default: LogTicket.backends.transform_values { true } }
+    filter StatusFilter, arguments: { default: LogTicket.statuses.transform_values { true } }
+  end
+
+  def fields
+    field :id, as: :id, link_to_resource: true
+
+    field :key, as: :text
+    field :directory, as: :text
+    field :backend, as: :select, enum: LogTicket.backends
+    field :status, as: :select, enum: LogTicket.statuses
+    field :processed_count, as: :number, sortable: true
+  end
+end
diff --git a/app/avo/resources/log_ticket_resource.rb b/app/avo/resources/log_ticket_resource.rb
deleted file mode 100644
index 1a6c88419e2..00000000000
--- a/app/avo/resources/log_ticket_resource.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-class LogTicketResource < Avo::BaseResource
-  self.title = :id
-  self.includes = []
-
-  class BackendFilter < ScopeBooleanFilter; end
-  filter BackendFilter, arguments: { default: LogTicket.backends.transform_values { true } }
-
-  class StatusFilter < ScopeBooleanFilter; end
-  filter StatusFilter, arguments: { default: LogTicket.statuses.transform_values { true } }
-
-  field :id, as: :id, link_to_resource: true
-
-  field :key, as: :text
-  field :directory, as: :text
-  field :backend, as: :select, enum: LogTicket.backends
-  field :status, as: :select, enum: LogTicket.statuses
-  field :processed_count, as: :number, sortable: true
-end
diff --git a/app/avo/resources/maintenance_tasks_run.rb b/app/avo/resources/maintenance_tasks_run.rb
new file mode 100644
index 00000000000..d1d7fb36f0a
--- /dev/null
+++ b/app/avo/resources/maintenance_tasks_run.rb
@@ -0,0 +1,29 @@
+class Avo::Resources::MaintenanceTasksRun < Avo::BaseResource
+  self.includes = []
+  self.model_class = ::MaintenanceTasks::Run
+
+  class StatusFilter < Avo::Filters::ScopeBooleanFilter; end
+
+  def filters
+    filter StatusFilter, arguments: { default: MaintenanceTasks::Run.statuses.transform_values { true } }
+  end
+
+  def fields
+    field :id, as: :id
+
+    field :task_name, as: :text
+    field :started_at, as: :date_time, sortable: true
+    field :ended_at, as: :date_time, sortable: true
+    field :time_running, as: :number, sortable: true
+    field :tick_count, as: :number
+    field :tick_total, as: :number
+    field :job_id, as: :text
+    field :cursor, as: :number
+    field :status, as: :select, enum: MaintenanceTasks::Run.statuses
+    field :error_class, as: :text
+    field :error_message, as: :text
+    field :backtrace, as: :textarea
+    field :arguments, as: :textarea
+    field :lock_version, as: :number
+  end
+end
diff --git a/app/avo/resources/maintenance_tasks_run_resource.rb b/app/avo/resources/maintenance_tasks_run_resource.rb
deleted file mode 100644
index 0f553fdb3a5..00000000000
--- a/app/avo/resources/maintenance_tasks_run_resource.rb
+++ /dev/null
@@ -1,29 +0,0 @@
-class MaintenanceTasksRunResource < Avo::BaseResource
-  self.title = :id
-  self.includes = []
-  self.model_class = ::MaintenanceTasks::Run
-  # self.search_query = -> do
-  #   scope.ransack(id_eq: params[:q], m: "or").result(distinct: false)
-  # end
-
-  class StatusFilter < ScopeBooleanFilter; end
-  filter StatusFilter, arguments: { default: MaintenanceTasks::Run.statuses.transform_values { true } }
-
-  field :id, as: :id
-  # Fields generated from the model
-  field :task_name, as: :text
-  field :started_at, as: :date_time, sortable: true
-  field :ended_at, as: :date_time, sortable: true
-  field :time_running, as: :number, sortable: true
-  field :tick_count, as: :number
-  field :tick_total, as: :number
-  field :job_id, as: :text
-  field :cursor, as: :number
-  field :status, as: :select, enum: MaintenanceTasks::Run.statuses
-  field :error_class, as: :text
-  field :error_message, as: :text
-  field :backtrace, as: :textarea
-  field :arguments, as: :textarea
-  field :lock_version, as: :number
-  # add fields here
-end
diff --git a/app/avo/resources/membership.rb b/app/avo/resources/membership.rb
new file mode 100644
index 00000000000..006dbd889bf
--- /dev/null
+++ b/app/avo/resources/membership.rb
@@ -0,0 +1,15 @@
+class Avo::Resources::Membership < Avo::BaseResource
+  self.includes = []
+
+  class ConfirmedFilter < Avo::Filters::ScopeBooleanFilter; end
+
+  def filters
+    filter ConfirmedFilter, arguments: { default: { confirmed: true, unconfirmed: false } }
+  end
+
+  def fields
+    field :id, as: :id
+    field :user, as: :belongs_to
+    field :organization, as: :belongs_to
+  end
+end
diff --git a/app/avo/resources/membership_resource.rb b/app/avo/resources/membership_resource.rb
deleted file mode 100644
index 34ade886951..00000000000
--- a/app/avo/resources/membership_resource.rb
+++ /dev/null
@@ -1,11 +0,0 @@
-class MembershipResource < Avo::BaseResource
-  self.title = :id
-  self.includes = []
-
-  class ConfirmedFilter < ScopeBooleanFilter; end
-  filter ConfirmedFilter, arguments: { default: { confirmed: true, unconfirmed: false } }
-
-  field :id, as: :id
-  field :user, as: :belongs_to
-  field :organization, as: :belongs_to
-end
diff --git a/app/avo/resources/oidc_api_key_role.rb b/app/avo/resources/oidc_api_key_role.rb
new file mode 100644
index 00000000000..8dc81b51b6a
--- /dev/null
+++ b/app/avo/resources/oidc_api_key_role.rb
@@ -0,0 +1,34 @@
+class Avo::Resources::OIDCApiKeyRole < Avo::BaseResource
+  self.title = :token
+  self.includes = []
+  self.model_class = ::OIDC::ApiKeyRole
+
+  def fields
+    field :token, as: :text, link_to_resource: true, readonly: true
+    field :id, as: :id, link_to_resource: true, hide_on: :index
+    # Fields generated from the model
+    field :name, as: :text
+    field :provider, as: :belongs_to
+    field :user, as: :belongs_to, searchable: true
+    field :api_key_permissions, as: :nested do
+      field :valid_for, as: :text, format_using: -> { value&.iso8601 }
+      field :scopes, as: :tags, suggestions: ApiKey::API_SCOPES.map { { label: _1, value: _1 } }, enforce_suggestions: true
+      field :gems, as: :tags, suggestions: -> { Rubygem.limit(10).pluck(:name).map { { value: _1, label: _1 } } }
+    end
+    field :access_policy, as: :nested do
+      field :statements, as: :array_of, field: :nested do
+        field :effect, as: :select, options: { "Allow" => "allow" }, default: "Allow"
+        field :principal, as: :nested, field_options: { stacked: false } do
+          field :oidc, as: :text
+        end
+        field :conditions, as: :array_of, field: :nested, field_options: { stacked: false } do
+          field :operator, as: :select, options: OIDC::AccessPolicy::Statement::Condition::OPERATORS.index_by(&:titleize)
+          field :claim, as: :text
+          field :value, as: :text
+        end
+      end
+    end
+
+    field :id_tokens, as: :has_many
+  end
+end
diff --git a/app/avo/resources/oidc_api_key_role_resource.rb b/app/avo/resources/oidc_api_key_role_resource.rb
deleted file mode 100644
index 3f59087e912..00000000000
--- a/app/avo/resources/oidc_api_key_role_resource.rb
+++ /dev/null
@@ -1,36 +0,0 @@
-class OIDCApiKeyRoleResource < Avo::BaseResource
-  self.title = :token
-  self.includes = []
-  self.model_class = ::OIDC::ApiKeyRole
-  # self.search_query = -> do
-  #   scope.ransack(id_eq: params[:q], m: "or").result(distinct: false)
-  # end
-
-  field :token, as: :text, link_to_resource: true, readonly: true
-  field :id, as: :id, link_to_resource: true, hide_on: :index
-  # Fields generated from the model
-  field :name, as: :text
-  field :provider, as: :belongs_to
-  field :user, as: :belongs_to, searchable: true
-  field :api_key_permissions, as: :nested do
-    field :valid_for, as: :text, format_using: -> { value&.iso8601 }
-    field :scopes, as: :tags, suggestions: ApiKey::API_SCOPES.map { { label: _1, value: _1 } }, enforce_suggestions: true
-    field :gems, as: :tags, suggestions: -> { Rubygem.limit(10).pluck(:name).map { { value: _1, label: _1 } } }
-  end
-  field :access_policy, as: :nested do
-    field :statements, as: :array_of, field: :nested do
-      field :effect, as: :select, options: { "Allow" => "allow" }, default: "Allow"
-      field :principal, as: :nested, field_options: { stacked: false } do
-        field :oidc, as: :text
-      end
-      field :conditions, as: :array_of, field: :nested, field_options: { stacked: false } do
-        field :operator, as: :select, options: OIDC::AccessPolicy::Statement::Condition::OPERATORS.index_by(&:titleize)
-        field :claim, as: :text
-        field :value, as: :text
-      end
-    end
-  end
-
-  field :id_tokens, as: :has_many
-  # add fields here
-end
diff --git a/app/avo/resources/oidc_id_token.rb b/app/avo/resources/oidc_id_token.rb
new file mode 100644
index 00000000000..fc0c4a36462
--- /dev/null
+++ b/app/avo/resources/oidc_id_token.rb
@@ -0,0 +1,20 @@
+class Avo::Resources::OIDCIdToken < Avo::BaseResource
+  self.includes = []
+  self.model_class = ::OIDC::IdToken
+
+  def fields
+    field :id, as: :id
+    # Fields generated from the model
+    field :api_key_role, as: :belongs_to
+    field :provider, as: :has_one
+    field :api_key, as: :has_one
+
+    field :jwt, as: :heading
+    field :claims, as: :key_value, stacked: true do
+      record.jwt.fetch("claims")
+    end
+    field :header, as: :key_value, stacked: true do
+      record.jwt.fetch("header")
+    end
+  end
+end
diff --git a/app/avo/resources/oidc_id_token_resource.rb b/app/avo/resources/oidc_id_token_resource.rb
deleted file mode 100644
index bda90ed7025..00000000000
--- a/app/avo/resources/oidc_id_token_resource.rb
+++ /dev/null
@@ -1,23 +0,0 @@
-class OIDCIdTokenResource < Avo::BaseResource
-  self.title = :id
-  self.includes = []
-  self.model_class = ::OIDC::IdToken
-  # self.search_query = -> do
-  #   scope.ransack(id_eq: params[:q], m: "or").result(distinct: false)
-  # end
-
-  field :id, as: :id
-  # Fields generated from the model
-  field :api_key_role, as: :belongs_to
-  field :provider, as: :has_one
-  field :api_key, as: :has_one
-
-  heading "JWT"
-  field :claims, as: :key_value, stacked: true do
-    model.jwt.fetch("claims")
-  end
-  field :header, as: :key_value, stacked: true do
-    model.jwt.fetch("header")
-  end
-  # add fields here
-end
diff --git a/app/avo/resources/oidc_pending_trusted_publisher.rb b/app/avo/resources/oidc_pending_trusted_publisher.rb
new file mode 100644
index 00000000000..0e83788d396
--- /dev/null
+++ b/app/avo/resources/oidc_pending_trusted_publisher.rb
@@ -0,0 +1,19 @@
+class Avo::Resources::OIDCPendingTrustedPublisher < Avo::BaseResource
+  self.includes = []
+  self.model_class = ::OIDC::PendingTrustedPublisher
+
+  class ExpiredFilter < Avo::Filters::ScopeBooleanFilter; end
+
+  def filters
+    filter ExpiredFilter, arguments: { default: { expired: false, unexpired: true } }
+  end
+
+  def fields
+    field :id, as: :id
+
+    field :rubygem_name, as: :text
+    field :user, as: :belongs_to
+    field :trusted_publisher, as: :belongs_to, polymorphic_as: :trusted_publisher
+    field :expires_at, as: :date_time
+  end
+end
diff --git a/app/avo/resources/oidc_pending_trusted_publisher_resource.rb b/app/avo/resources/oidc_pending_trusted_publisher_resource.rb
deleted file mode 100644
index f546d3a8df1..00000000000
--- a/app/avo/resources/oidc_pending_trusted_publisher_resource.rb
+++ /dev/null
@@ -1,16 +0,0 @@
-class OIDCPendingTrustedPublisherResource < Avo::BaseResource
-  self.title = :id
-  self.includes = []
-  self.model_class = ::OIDC::PendingTrustedPublisher
-
-  class ExpiredFilter < ScopeBooleanFilter; end
-  filter ExpiredFilter, arguments: { default: { expired: false, unexpired: true } }
-
-  field :id, as: :id
-  # Fields generated from the model
-  field :rubygem_name, as: :text
-  field :user, as: :belongs_to
-  field :trusted_publisher, as: :belongs_to, polymorphic_as: :trusted_publisher
-  field :expires_at, as: :date_time
-  # add fields here
-end
diff --git a/app/avo/resources/oidc_provider.rb b/app/avo/resources/oidc_provider.rb
new file mode 100644
index 00000000000..12a06658e1e
--- /dev/null
+++ b/app/avo/resources/oidc_provider.rb
@@ -0,0 +1,24 @@
+class Avo::Resources::OIDCProvider < Avo::BaseResource
+  self.title = :issuer
+  self.includes = []
+  self.model_class = ::OIDC::Provider
+
+  def actions
+    action Avo::Actions::RefreshOIDCProvider
+  end
+
+  def fields
+    field :issuer, as: :text, link_to_resource: true
+    field :configuration, as: :nested do
+      visible_on = %i[edit new]
+      OIDC::Provider::Configuration.then { _1.required_attributes + _1.optional_attributes }.each do |k|
+        field k, as: (k.to_s.end_with?("s_supported") ? :tags : :text),
+            visible: -> { resource && (visible_on.include?(resource.view) || resource.record.configuration&.send(k).present?) }
+      end
+    end
+    field :jwks, as: :array_of, field: :json_viewer, hide_on: :index
+    field :api_key_roles, as: :has_many
+
+    field :id, as: :id
+  end
+end
diff --git a/app/avo/resources/oidc_provider_resource.rb b/app/avo/resources/oidc_provider_resource.rb
deleted file mode 100644
index 8a2fa0fe6d4..00000000000
--- a/app/avo/resources/oidc_provider_resource.rb
+++ /dev/null
@@ -1,20 +0,0 @@
-class OIDCProviderResource < Avo::BaseResource
-  self.title = :issuer
-  self.includes = []
-  self.model_class = ::OIDC::Provider
-
-  action RefreshOIDCProvider
-
-  # Fields generated from the model
-  field :issuer, as: :text, link_to_resource: true
-  field :configuration, as: :nested do
-    visible_on = %i[edit new]
-    OIDC::Provider::Configuration.then { (_1.required_attributes + _1.optional_attributes) - fields.map(&:id) }.each do |k|
-      field k, as: (k.to_s.end_with?("s_supported") ? :tags : :text), visible: ->(_) { visible_on.include?(view) || value.send(k).present? }
-    end
-  end
-  field :jwks, as: :array_of, field: :json_viewer, hide_on: :index
-  field :api_key_roles, as: :has_many
-  # add fields here
-  field :id, as: :id
-end
diff --git a/app/avo/resources/oidc_rubygem_trusted_publisher.rb b/app/avo/resources/oidc_rubygem_trusted_publisher.rb
new file mode 100644
index 00000000000..95e165d6d88
--- /dev/null
+++ b/app/avo/resources/oidc_rubygem_trusted_publisher.rb
@@ -0,0 +1,11 @@
+class Avo::Resources::OIDCRubygemTrustedPublisher < Avo::BaseResource
+  self.includes = [:trusted_publisher]
+  self.model_class = ::OIDC::RubygemTrustedPublisher
+
+  def fields
+    field :id, as: :id
+
+    field :rubygem, as: :belongs_to
+    field :trusted_publisher, as: :belongs_to, polymorphic_as: :trusted_publisher
+  end
+end
diff --git a/app/avo/resources/oidc_rubygem_trusted_publisher_resource.rb b/app/avo/resources/oidc_rubygem_trusted_publisher_resource.rb
deleted file mode 100644
index 96c63c43096..00000000000
--- a/app/avo/resources/oidc_rubygem_trusted_publisher_resource.rb
+++ /dev/null
@@ -1,11 +0,0 @@
-class OIDCRubygemTrustedPublisherResource < Avo::BaseResource
-  self.title = :id
-  self.includes = [:trusted_publisher]
-  self.model_class = ::OIDC::RubygemTrustedPublisher
-
-  field :id, as: :id
-  # Fields generated from the model
-  field :rubygem, as: :belongs_to
-  field :trusted_publisher, as: :belongs_to, polymorphic_as: :trusted_publisher
-  # add fields here
-end
diff --git a/app/avo/resources/oidc_trusted_publisher_github_action.rb b/app/avo/resources/oidc_trusted_publisher_github_action.rb
new file mode 100644
index 00000000000..0a850ed2e21
--- /dev/null
+++ b/app/avo/resources/oidc_trusted_publisher_github_action.rb
@@ -0,0 +1,20 @@
+class Avo::Resources::OIDCTrustedPublisherGitHubAction < Avo::BaseResource
+  self.title = :name
+  self.includes = []
+  self.model_class = ::OIDC::TrustedPublisher::GitHubAction
+
+  def fields
+    field :id, as: :id
+
+    field :repository_owner, as: :text
+    field :repository_name, as: :text
+    field :repository_owner_id, as: :text
+    field :workflow_filename, as: :text
+    field :environment, as: :text
+
+    field :rubygem_trusted_publishers, as: :has_many
+    field :pending_trusted_publishers, as: :has_many
+    field :rubygems, as: :has_many, through: :rubygem_trusted_publishers
+    field :api_keys, as: :has_many, inverse_of: :owner
+  end
+end
diff --git a/app/avo/resources/oidc_trusted_publisher_github_action_resource.rb b/app/avo/resources/oidc_trusted_publisher_github_action_resource.rb
deleted file mode 100644
index 0ea00fd83e4..00000000000
--- a/app/avo/resources/oidc_trusted_publisher_github_action_resource.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-class OIDCTrustedPublisherGitHubActionResource < Avo::BaseResource
-  self.title = :name
-  self.includes = []
-  self.model_class = ::OIDC::TrustedPublisher::GitHubAction
-
-  field :id, as: :id
-  # Fields generated from the model
-  field :repository_owner, as: :text
-  field :repository_name, as: :text
-  field :repository_owner_id, as: :text
-  field :workflow_filename, as: :text
-  field :environment, as: :text
-  # add fields here
-  #
-  field :rubygem_trusted_publishers, as: :has_many
-  field :pending_trusted_publishers, as: :has_many
-  field :rubygems, as: :has_many, through: :rubygem_trusted_publishers
-  field :api_keys, as: :has_many, inverse_of: :owner
-end
diff --git a/app/avo/resources/organization.rb b/app/avo/resources/organization.rb
new file mode 100644
index 00000000000..f15ebb2922d
--- /dev/null
+++ b/app/avo/resources/organization.rb
@@ -0,0 +1,24 @@
+class Avo::Resources::Organization < Avo::BaseResource
+  self.title = :name
+  self.includes = []
+  self.search = {
+    query: lambda {
+             query.where("name LIKE ? OR handle LIKE ?", "%#{params[:q]}%", "%#{params[:q]}%")
+           }
+  }
+
+  class DeletedFilter < Avo::Filters::ScopeBooleanFilter; end
+
+  def filters
+    filter DeletedFilter, arguments: { default: { not_deleted: true, deleted: false } }
+  end
+
+  def fields
+    field :id, as: :id
+    # Fields generated from the model
+    field :handle, as: :text
+    field :name, as: :text
+    field :deleted_at, as: :date_time
+    # add fields here
+  end
+end
diff --git a/app/avo/resources/organization_resource.rb b/app/avo/resources/organization_resource.rb
deleted file mode 100644
index 592fdb766d8..00000000000
--- a/app/avo/resources/organization_resource.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-class OrganizationResource < Avo::BaseResource
-  self.title = :name
-  self.includes = []
-  self.search_query = lambda {
-    scope.where("name LIKE ? OR handle LIKE ?", "%#{params[:q]}%", "%#{params[:q]}%")
-  }
-  self.unscoped_queries_on_index = true
-
-  class DeletedFilter < ScopeBooleanFilter; end
-  filter DeletedFilter, arguments: { default: { not_deleted: true, deleted: false } }
-
-  field :id, as: :id
-  # Fields generated from the model
-  field :handle, as: :text
-  field :name, as: :text
-  field :deleted_at, as: :date_time
-  # add fields here
-end
diff --git a/app/avo/resources/ownership.rb b/app/avo/resources/ownership.rb
new file mode 100644
index 00000000000..079445d9d63
--- /dev/null
+++ b/app/avo/resources/ownership.rb
@@ -0,0 +1,36 @@
+class Avo::Resources::Ownership < Avo::BaseResource
+  self.title = :cache_key
+  self.includes = []
+
+  class ConfirmedFilter < Avo::Filters::ScopeBooleanFilter; end
+
+  def filters
+    filter ConfirmedFilter, arguments: { default: { confirmed: true, unconfirmed: true } }
+  end
+
+  def fields
+    field :id, as: :id, link_to_resource: true
+
+    field :user, as: :belongs_to
+    field :rubygem, as: :belongs_to
+
+    field :role, as: :select, enum: Ownership.roles
+
+    field :token, as: :heading
+
+    field :token, as: :text, visible: -> { false }
+    field :token_expires_at, as: :date_time
+    field :api_key_rubygem_scopes, as: :has_many
+
+    field :notifications, as: :heading
+
+    field :push_notifier, as: :boolean
+    field :owner_notifier, as: :boolean
+    field :ownership_request_notifier, as: :boolean
+
+    field :authorization, as: :heading
+
+    field :authorizer, as: :belongs_to
+    field :confirmed_at, as: :date_time
+  end
+end
diff --git a/app/avo/resources/ownership_resource.rb b/app/avo/resources/ownership_resource.rb
deleted file mode 100644
index ed4a6f686bd..00000000000
--- a/app/avo/resources/ownership_resource.rb
+++ /dev/null
@@ -1,30 +0,0 @@
-class OwnershipResource < Avo::BaseResource
-  self.title = :cache_key
-  self.includes = []
-
-  class ConfirmedFilter < ScopeBooleanFilter; end
-  filter ConfirmedFilter, arguments: { default: { confirmed: true, unconfirmed: true } }
-
-  field :id, as: :id, link_to_resource: true
-
-  field :user, as: :belongs_to
-  field :rubygem, as: :belongs_to
-
-  heading "Token"
-
-  field :token, as: :text, visible: ->(_) { false }
-  field :token_expires_at, as: :date_time
-  field :api_key_rubygem_scopes, as: :has_many
-
-  heading "Notifications"
-
-  field :push_notifier, as: :boolean
-  field :owner_notifier, as: :boolean
-  field :ownership_request_notifier, as: :boolean
-
-  heading "Authorization"
-
-  field :authorizer, as: :belongs_to
-  field :confirmed_at, as: :date_time
-  field :role, as: :select, enum: Ownership.roles
-end
diff --git a/app/avo/resources/rubygem.rb b/app/avo/resources/rubygem.rb
new file mode 100644
index 00000000000..fd9da1ca5f1
--- /dev/null
+++ b/app/avo/resources/rubygem.rb
@@ -0,0 +1,54 @@
+class Avo::Resources::Rubygem < Avo::BaseResource
+  self.title = :name
+  self.includes = []
+  self.search = {
+    query: lambda {
+             query.where("name LIKE ?", "%#{params[:q]}%")
+           }
+  }
+
+  def actions
+    action Avo::Actions::ReleaseReservedNamespace
+    action Avo::Actions::AddOwner
+    action Avo::Actions::YankRubygem
+    action Avo::Actions::UploadInfoFile
+    action Avo::Actions::UploadNamesFile
+    action Avo::Actions::UploadVersionsFile
+  end
+
+  class IndexedFilter < Avo::Filters::ScopeBooleanFilter; end
+
+  def filters
+    filter IndexedFilter, arguments: { default: { with_versions: true, without_versions: true } }
+  end
+
+  def fields
+    field :name, as: :text, link_to_resource: true
+    field :indexed, as: :boolean
+    field :slug, as: :text, hide_on: :index
+    field :id, as: :id, hide_on: :index
+    field :protected_days, as: :number, hide_on: :index
+
+    tabs style: :pills do
+      field :versions, as: :has_many
+      field :latest_version, as: :has_one
+
+      field :ownerships, as: :has_many
+      field :ownerships_including_unconfirmed, as: :has_many
+      field :ownership_calls, as: :has_many
+      field :ownership_requests, as: :has_many
+
+      field :subscriptions, as: :has_many
+      field :subscribers, as: :has_many, through: :subscriptions
+
+      field :web_hooks, as: :has_many
+      field :linkset, as: :has_one
+      field :gem_download, as: :has_one
+
+      field :link_verifications, as: :has_many
+      field :oidc_rubygem_trusted_publishers, as: :has_many
+
+      field :audits, as: :has_many
+    end
+  end
+end
diff --git a/app/avo/resources/rubygem_resource.rb b/app/avo/resources/rubygem_resource.rb
deleted file mode 100644
index 09636f782de..00000000000
--- a/app/avo/resources/rubygem_resource.rb
+++ /dev/null
@@ -1,47 +0,0 @@
-class RubygemResource < Avo::BaseResource
-  self.title = :name
-  self.includes = []
-  self.search_query = lambda {
-    scope.where("name LIKE ?", "%#{params[:q]}%")
-  }
-
-  action ReleaseReservedNamespace
-  action AddOwner
-  action YankRubygem
-  action UploadInfoFile
-  action UploadNamesFile
-  action UploadVersionsFile
-
-  class IndexedFilter < ScopeBooleanFilter; end
-  filter IndexedFilter, arguments: { default: { with_versions: true, without_versions: true } }
-
-  # Fields generated from the model
-  field :name, as: :text, link_to_resource: true
-  field :indexed, as: :boolean
-  field :slug, as: :text, hide_on: :index
-  field :id, as: :id, hide_on: :index
-  field :protected_days, as: :number, hide_on: :index
-
-  tabs style: :pills do
-    field :versions, as: :has_many
-    field :latest_version, as: :has_one
-
-    field :ownerships, as: :has_many
-    field :ownerships_including_unconfirmed, as: :has_many
-    field :ownership_calls, as: :has_many
-    field :ownership_requests, as: :has_many
-
-    field :subscriptions, as: :has_many
-    field :subscribers, as: :has_many, through: :subscriptions
-
-    field :web_hooks, as: :has_many
-    field :linkset, as: :has_one
-    field :gem_download, as: :has_one
-
-    field :link_verifications, as: :has_many
-    field :oidc_rubygem_trusted_publishers, as: :has_many
-
-    field :events, as: :has_many
-    field :audits, as: :has_many
-  end
-end
diff --git a/app/avo/resources/sendgrid_event.rb b/app/avo/resources/sendgrid_event.rb
new file mode 100644
index 00000000000..c9d57d8a636
--- /dev/null
+++ b/app/avo/resources/sendgrid_event.rb
@@ -0,0 +1,27 @@
+class Avo::Resources::SendgridEvent < Avo::BaseResource
+  self.title = :sendgrid_id
+  self.includes = []
+  # self.search_query = -> do
+  #   query.ransack(id_eq: params[:q], m: "or").result(distinct: false)
+  # end
+
+  class StatusFilter < Avo::Filters::ScopeBooleanFilter; end
+  class EventTypeFilter < Avo::Filters::ScopeBooleanFilter; end
+
+  def filters
+    filter StatusFilter, arguments: { default: SendgridEvent.statuses.transform_values { true } }
+    filter EventTypeFilter, arguments: { default: SendgridEvent.event_types.transform_values { true } }
+    filter Avo::Filters::EmailFilter
+  end
+
+  def fields
+    field :id, as: :id, hide_on: :index
+
+    field :sendgrid_id, as: :text, link_to_resource: true
+    field :email, as: :text
+    field :event_type, as: :text
+    field :occurred_at, as: :date_time, sortable: true
+    field :payload, as: :json_viewer
+    field :status, as: :select, enum: SendgridEvent.statuses
+  end
+end
diff --git a/app/avo/resources/sendgrid_event_resource.rb b/app/avo/resources/sendgrid_event_resource.rb
deleted file mode 100644
index 9328ed102db..00000000000
--- a/app/avo/resources/sendgrid_event_resource.rb
+++ /dev/null
@@ -1,25 +0,0 @@
-class SendgridEventResource < Avo::BaseResource
-  self.title = :sendgrid_id
-  self.includes = []
-  # self.search_query = -> do
-  #   scope.ransack(id_eq: params[:q], m: "or").result(distinct: false)
-  # end
-
-  class StatusFilter < ScopeBooleanFilter; end
-  filter StatusFilter, arguments: { default: SendgridEvent.statuses.transform_values { true } }
-
-  class EventTypeFilter < ScopeBooleanFilter; end
-  filter EventTypeFilter, arguments: { default: SendgridEvent.event_types.transform_values { true } }
-
-  filter EmailFilter
-
-  field :id, as: :id, hide_on: :index
-  # Fields generated from the model
-  field :sendgrid_id, as: :text, link_to_resource: true
-  field :email, as: :text
-  field :event_type, as: :text
-  field :occurred_at, as: :date_time, sortable: true
-  field :payload, as: :json_viewer
-  field :status, as: :select, enum: SendgridEvent.statuses
-  # add fields here
-end
diff --git a/app/avo/resources/user.rb b/app/avo/resources/user.rb
new file mode 100644
index 00000000000..2e594b52c06
--- /dev/null
+++ b/app/avo/resources/user.rb
@@ -0,0 +1,77 @@
+class Avo::Resources::User < Avo::BaseResource
+  self.title = :name
+  self.includes = []
+  self.search = {
+    query: lambda {
+             query.where("email LIKE ? OR handle LIKE ?", "%#{params[:q]}%", "%#{params[:q]}%")
+           }
+  }
+
+  def actions
+    action Avo::Actions::BlockUser
+    action Avo::Actions::CreateUser
+    action Avo::Actions::ChangeUserEmail
+    action Avo::Actions::ResetApiKey
+    action Avo::Actions::ResetUser2fa
+    action Avo::Actions::YankRubygemsForUser
+    action Avo::Actions::YankUser
+  end
+
+  def fields # rubocop:disable Metrics
+    field :id, as: :id
+
+    field :email, as: :text
+    field :gravatar,
+      as: :gravatar,
+      rounded: true,
+      size: 48 do |_, _, _|
+        record.email
+      end
+
+    field :email_confirmed, as: :boolean
+
+    field :email_reset, as: :boolean
+    field :handle, as: :text
+    field :public_email, as: :boolean
+    field :twitter_username, as: :text, as_html: true, format_using: -> { link_to value, "https://twitter.com/#{value}", target: :_blank, rel: :noopener if value.present? }
+    field :unconfirmed_email, as: :text
+
+    field :mail_fails, as: :number
+    field :blocked_email, as: :text
+
+    tabs style: :pills do
+      tab "Auth" do
+        field :encrypted_password, as: :password, visible: -> { false }
+        field :totp_seed, as: :text, visible: -> { false }
+        field :mfa_seed, as: :text, visible: -> { false } # legacy field
+        field :mfa_level, as: :select, enum: ::User.mfa_levels
+        field :mfa_recovery_codes, as: :text, visible: -> { false }
+        field :mfa_hashed_recovery_codes, as: :text, visible: -> { false }
+        field :webauthn_id, as: :text
+        field :remember_token_expires_at, as: :date_time
+        field :api_key, as: :text, visible: -> { false }
+        field :confirmation_token, as: :text, visible: -> { false }
+        field :remember_token, as: :text, visible: -> { false }
+        field :salt, as: :text, visible: -> { false }
+        field :token, as: :text, visible: -> { false }
+        field :token_expires_at, as: :date_time
+      end
+      field :ownerships, as: :has_many
+      field :rubygems, as: :has_many, through: :ownerships
+      field :subscriptions, as: :has_many
+      field :subscribed_gems, as: :has_many, through: :subscriptions
+      field :deletions, as: :has_many
+      field :web_hooks, as: :has_many
+      field :unconfirmed_ownerships, as: :has_many
+      field :api_keys, as: :has_many, name: "API Keys"
+      field :ownership_calls, as: :has_many
+      field :ownership_requests, as: :has_many
+      field :pushed_versions, as: :has_many
+      field :oidc_api_key_roles, as: :has_many
+      field :webauthn_credentials, as: :has_many
+      field :webauthn_verification, as: :has_one
+
+      field :audits, as: :has_many
+    end
+  end
+end
diff --git a/app/avo/resources/user_resource.rb b/app/avo/resources/user_resource.rb
deleted file mode 100644
index acba5dfe213..00000000000
--- a/app/avo/resources/user_resource.rb
+++ /dev/null
@@ -1,80 +0,0 @@
-class UserResource < Avo::BaseResource
-  self.title = :name
-  self.includes = []
-  self.search_query = lambda {
-    scope.where("email LIKE ? OR handle LIKE ?", "%#{params[:q]}%", "%#{params[:q]}%")
-  }
-  self.unscoped_queries_on_index = true
-
-  class DeletedFilter < ScopeBooleanFilter; end
-  filter DeletedFilter, arguments: { default: { not_deleted: true, deleted: false } }
-
-  action BlockUser
-  action CreateUser
-  action ChangeUserEmail
-  action ResetApiKey
-  action ResetUser2fa
-  action YankRubygemsForUser
-  action YankUser
-
-  field :id, as: :id
-  # Fields generated from the model
-  field :email, as: :text
-  field :gravatar,
-    as: :gravatar,
-    rounded: true,
-    size: 48 do |_, _, _|
-      model.email
-    end
-
-  field :email_confirmed, as: :boolean
-
-  field :email_reset, as: :boolean
-  field :handle, as: :text
-  field :public_email, as: :boolean
-  field :twitter_username, as: :text, as_html: true, format_using: -> { link_to value, "https://twitter.com/#{value}", target: :_blank, rel: :noopener if value.present? }
-  field :unconfirmed_email, as: :text
-
-  field :mail_fails, as: :number
-  field :blocked_email, as: :text
-
-  field :deleted_at, as: :date_time
-
-  tabs style: :pills do
-    tab "Auth" do
-      field :encrypted_password, as: :password, visible: ->(_) { false }
-      field :totp_seed, as: :text, visible: ->(_) { false }
-      field :mfa_seed, as: :text, visible: ->(_) { false } # legacy field
-      field :mfa_level, as: :select, enum: ::User.mfa_levels
-      field :mfa_recovery_codes, as: :text, visible: ->(_) { false }
-      field :mfa_hashed_recovery_codes, as: :text, visible: ->(_) { false }
-      field :webauthn_id, as: :text
-      field :remember_token_expires_at, as: :date_time
-      field :api_key, as: :text, visible: ->(_) { false }
-      field :confirmation_token, as: :text, visible: ->(_) { false }
-      field :remember_token, as: :text, visible: ->(_) { false }
-      field :salt, as: :text, visible: ->(_) { false }
-      field :token, as: :text, visible: ->(_) { false }
-      field :token_expires_at, as: :date_time
-    end
-    field :ownerships, as: :has_many
-    field :rubygems, as: :has_many, through: :ownerships
-    field :memberships, as: :has_many
-    field :organizations, as: :has_many, through: :memberships
-    field :subscriptions, as: :has_many
-    field :subscribed_gems, as: :has_many, through: :subscriptions
-    field :deletions, as: :has_many
-    field :web_hooks, as: :has_many
-    field :unconfirmed_ownerships, as: :has_many
-    field :api_keys, as: :has_many, name: "API Keys"
-    field :ownership_calls, as: :has_many
-    field :ownership_requests, as: :has_many
-    field :pushed_versions, as: :has_many
-    field :oidc_api_key_roles, as: :has_many
-    field :webauthn_credentials, as: :has_many
-    field :webauthn_verification, as: :has_one
-
-    field :audits, as: :has_many
-    field :events, as: :has_many
-  end
-end
diff --git a/app/avo/resources/version.rb b/app/avo/resources/version.rb
new file mode 100644
index 00000000000..4e3e14de176
--- /dev/null
+++ b/app/avo/resources/version.rb
@@ -0,0 +1,79 @@
+class Avo::Resources::Version < Avo::BaseResource
+  self.title = :full_name
+  self.includes = [:rubygem]
+  self.search = {
+    query: lambda {
+             query.where("full_name LIKE ?", "#{params[:q]}%")
+           }
+  }
+
+  def actions
+    action Avo::Actions::RestoreVersion
+    action Avo::Actions::VersionAfterWrite
+  end
+
+  class IndexedFilter < Avo::Filters::ScopeBooleanFilter; end
+
+  def filters
+    filter IndexedFilter, arguments: { default: { indexed: true, yanked: true } }
+  end
+
+  def fields # rubocop:disable Metrics
+    field :full_name, as: :text, link_to_resource: true
+    field :id, as: :id, hide_on: :index, as_html: true do |_id, *_args|
+      link_to record.id, main_app.rubygem_version_url(record.rubygem.slug, record.slug)
+    end
+
+    field :rubygem, as: :belongs_to
+    field :slug, as: :text, hide_on: :index
+    field :number, as: :text
+    field :platform, as: :text
+
+    field :canonical_number, as: :text
+
+    field :indexed, as: :boolean
+    field :prerelease, as: :boolean
+    field :position, as: :number
+    field :latest, as: :boolean
+
+    field :yanked_at, as: :date_time, sortable: true
+
+    field :pusher, as: :belongs_to, class: "User"
+    field :pusher_api_key, as: :belongs_to, class: "ApiKey"
+
+    tabs do
+      tab "Metadata", description: "Metadata that comes from the gemspec" do
+        panel do
+          field :summary, as: :textarea
+          field :description, as: :textarea
+          field :authors, as: :textarea
+          field :licenses, as: :textarea
+          field :cert_chain, as: :textarea
+          field :built_at, as: :date_time, sortable: true
+          field :metadata, as: :key_value, stacked: true
+        end
+      end
+
+      tab "Runtime information" do
+        panel do
+          field :size, as: :number, sortable: true
+          field :requirements, as: :textarea
+          field :required_ruby_version, as: :text
+          field :sha256, as: :text
+          field :required_rubygems_version, as: :text
+        end
+      end
+
+      tab "API" do
+        panel do
+          field :info_checksum, as: :text
+          field :yanked_info_checksum, as: :text
+        end
+      end
+
+      field :dependencies, as: :has_many
+      field :gem_download, as: :has_one, name: "Downloads"
+      field :deletion, as: :has_one
+    end
+  end
+end
diff --git a/app/avo/resources/version_resource.rb b/app/avo/resources/version_resource.rb
deleted file mode 100644
index 62d853fb69c..00000000000
--- a/app/avo/resources/version_resource.rb
+++ /dev/null
@@ -1,70 +0,0 @@
-class VersionResource < Avo::BaseResource
-  self.title = :full_name
-  self.includes = [:rubygem]
-  self.search_query = lambda {
-    scope.where("full_name LIKE ?", "#{params[:q]}%")
-  }
-
-  action RestoreVersion
-  action VersionAfterWrite
-
-  class IndexedFilter < ScopeBooleanFilter; end
-  filter IndexedFilter, arguments: { default: { indexed: true, yanked: true } }
-
-  field :full_name, as: :text, link_to_resource: true
-  field :id, as: :id, hide_on: :index, as_html: true do |_id, *_args|
-    link_to model.id, main_app.rubygem_version_url(model.rubygem.slug, model.slug)
-  end
-
-  field :rubygem, as: :belongs_to
-  field :slug, as: :text, hide_on: :index
-  field :number, as: :text
-  field :platform, as: :text
-
-  field :canonical_number, as: :text
-
-  field :indexed, as: :boolean
-  field :prerelease, as: :boolean
-  field :position, as: :number
-  field :latest, as: :boolean
-
-  field :yanked_at, as: :date_time, sortable: true
-
-  field :pusher, as: :belongs_to, class: "User"
-  field :pusher_api_key, as: :belongs_to, class: "ApiKey"
-
-  tabs do
-    tab "Metadata", description: "Metadata that comes from the gemspec" do
-      panel do
-        field :summary, as: :textarea
-        field :description, as: :textarea
-        field :authors, as: :textarea
-        field :licenses, as: :textarea
-        field :cert_chain, as: :textarea
-        field :built_at, as: :date_time, sortable: true
-        field :metadata, as: :key_value, stacked: true
-      end
-    end
-
-    tab "Runtime information" do
-      panel do
-        field :size, as: :number, sortable: true
-        field :requirements, as: :textarea
-        field :required_ruby_version, as: :text
-        field :sha256, as: :text
-        field :required_rubygems_version, as: :text
-      end
-    end
-
-    tab "API" do
-      panel do
-        field :info_checksum, as: :text
-        field :yanked_info_checksum, as: :text
-      end
-    end
-
-    field :dependencies, as: :has_many
-    field :gem_download, as: :has_one, name: "Downloads"
-    field :deletion, as: :has_one
-  end
-end
diff --git a/app/avo/resources/web_hook.rb b/app/avo/resources/web_hook.rb
new file mode 100644
index 00000000000..786fdd4fac7
--- /dev/null
+++ b/app/avo/resources/web_hook.rb
@@ -0,0 +1,42 @@
+class Avo::Resources::WebHook < Avo::BaseResource
+  self.includes = %i[user rubygem]
+
+  def actions
+    action Avo::Actions::DeleteWebhook
+  end
+
+  class EnabledFilter < Avo::Filters::ScopeBooleanFilter; end
+  class GlobalFilter < Avo::Filters::ScopeBooleanFilter; end
+
+  def filters
+    filter EnabledFilter, arguments: { default: { enabled: true, disabled: false } }
+    filter GlobalFilter, arguments: { default: { global: true, specific: true } }
+  end
+
+  def fields
+    field :id, as: :id, link_to_resource: true
+
+    field :url, as: :text
+    field :enabled?, as: :boolean
+    field :failure_count, as: :number, sortable: true, html: { index: { wrapper: { classes: "text-right" } } }
+    field :user, as: :belongs_to
+    field :rubygem, as: :belongs_to
+    field :global?, as: :boolean
+
+    field :hook_relay_stream, as: :text do
+      stream_name = "webhook_id-#{record.id}"
+      link_to stream_name, "https://app.hookrelay.dev/hooks/#{ENV['HOOK_RELAY_HOOK_ID']}?started_at=P1W&stream=#{stream_name}"
+    end
+
+    field :disabled_reason, as: :text
+    field :disabled_at, as: :date_time, sortable: true
+    field :last_success, as: :date_time, sortable: true
+    field :last_failure, as: :date_time, sortable: true
+    field :successes_since_last_failure, as: :number, sortable: true
+    field :failures_since_last_success, as: :number, sortable: true
+
+    tabs style: :pills do
+      field :audits, as: :has_many
+    end
+  end
+end
diff --git a/app/avo/resources/web_hook_resource.rb b/app/avo/resources/web_hook_resource.rb
deleted file mode 100644
index 93c9e703a45..00000000000
--- a/app/avo/resources/web_hook_resource.rb
+++ /dev/null
@@ -1,35 +0,0 @@
-class WebHookResource < Avo::BaseResource
-  self.title = :id
-  self.includes = %i[user rubygem]
-
-  action DeleteWebhook
-  class EnabledFilter < ScopeBooleanFilter; end
-  filter EnabledFilter, arguments: { default: { enabled: true, disabled: false } }
-  class GlobalFilter < ScopeBooleanFilter; end
-  filter GlobalFilter, arguments: { default: { global: true, specific: true } }
-
-  field :id, as: :id, link_to_resource: true
-
-  field :url, as: :text
-  field :enabled?, as: :boolean
-  field :failure_count, as: :number, sortable: true, index_text_align: :right
-  field :user, as: :belongs_to
-  field :rubygem, as: :belongs_to
-  field :global?, as: :boolean
-
-  field :hook_relay_stream, as: :text do
-    stream_name = "webhook_id-#{model.id}"
-    link_to stream_name, "https://app.hookrelay.dev/hooks/#{ENV['HOOK_RELAY_HOOK_ID']}?started_at=P1W&stream=#{stream_name}"
-  end
-
-  field :disabled_reason, as: :text
-  field :disabled_at, as: :date_time, sortable: true
-  field :last_success, as: :date_time, sortable: true
-  field :last_failure, as: :date_time, sortable: true
-  field :successes_since_last_failure, as: :number, sortable: true
-  field :failures_since_last_success, as: :number, sortable: true
-
-  tabs style: :pills do
-    field :audits, as: :has_many
-  end
-end
diff --git a/app/avo/resources/webauthn_credential.rb b/app/avo/resources/webauthn_credential.rb
new file mode 100644
index 00000000000..efbde57c3c8
--- /dev/null
+++ b/app/avo/resources/webauthn_credential.rb
@@ -0,0 +1,13 @@
+class Avo::Resources::WebauthnCredential < Avo::BaseResource
+  self.includes = []
+
+  def fields
+    field :id, as: :id
+
+    field :external_id, as: :text
+    field :public_key, as: :text
+    field :nickname, as: :text
+    field :sign_count, as: :number
+    field :user, as: :belongs_to
+  end
+end
diff --git a/app/avo/resources/webauthn_credential_resource.rb b/app/avo/resources/webauthn_credential_resource.rb
deleted file mode 100644
index b6711b63eab..00000000000
--- a/app/avo/resources/webauthn_credential_resource.rb
+++ /dev/null
@@ -1,13 +0,0 @@
-class WebauthnCredentialResource < Avo::BaseResource
-  self.title = :id
-  self.includes = []
-
-  field :id, as: :id
-  # Fields generated from the model
-  field :external_id, as: :text
-  field :public_key, as: :text
-  field :nickname, as: :text
-  field :sign_count, as: :number
-  field :user, as: :belongs_to
-  # add fields here
-end
diff --git a/app/avo/resources/webauthn_verification.rb b/app/avo/resources/webauthn_verification.rb
new file mode 100644
index 00000000000..4d02a0409aa
--- /dev/null
+++ b/app/avo/resources/webauthn_verification.rb
@@ -0,0 +1,13 @@
+class Avo::Resources::WebauthnVerification < Avo::BaseResource
+  self.includes = []
+
+  def fields
+    field :id, as: :id
+
+    field :path_token, as: :text
+    field :path_token_expires_at, as: :date_time
+    field :otp, as: :text
+    field :otp_expires_at, as: :date_time
+    field :user, as: :belongs_to
+  end
+end
diff --git a/app/avo/resources/webauthn_verification_resource.rb b/app/avo/resources/webauthn_verification_resource.rb
deleted file mode 100644
index 5834540ac89..00000000000
--- a/app/avo/resources/webauthn_verification_resource.rb
+++ /dev/null
@@ -1,13 +0,0 @@
-class WebauthnVerificationResource < Avo::BaseResource
-  self.title = :id
-  self.includes = []
-
-  field :id, as: :id
-  # Fields generated from the model
-  field :path_token, as: :text
-  field :path_token_expires_at, as: :date_time
-  field :otp, as: :text
-  field :otp_expires_at, as: :date_time
-  field :user, as: :belongs_to
-  # add fields here
-end
diff --git a/app/components/avo/audited_changes_record_diff/show_component.html.erb b/app/components/avo/audited_changes_record_diff/show_component.html.erb
index 82c6d99e068..15bc48d4e8c 100644
--- a/app/components/avo/audited_changes_record_diff/show_component.html.erb
+++ b/app/components/avo/audited_changes_record_diff/show_component.html.erb
@@ -1,4 +1,4 @@
-<%= render Avo::PanelComponent.new(title: title_link, classes: %w[w-full]) do |c| %>
+<%= render Avo::PanelComponent.new(title: title_link, classes: "w-full") do |c| %>
   <% c.with_body do %>
     <% next unless authorized? %>
 
diff --git a/app/components/avo/audited_changes_record_diff/show_component.rb b/app/components/avo/audited_changes_record_diff/show_component.rb
index e898fe4593f..d17539f237d 100644
--- a/app/components/avo/audited_changes_record_diff/show_component.rb
+++ b/app/components/avo/audited_changes_record_diff/show_component.rb
@@ -10,16 +10,23 @@ def initialize(gid:, changes:, unchanged:, view:, user:)
     @view = view
 
     global_id = GlobalID.parse(gid)
-    model = begin
+    resource_class = Avo.resource_manager.get_resource_by_model_class(global_id.model_class)
+    unless resource_class
+      logger.info "No avo resource class for #{global_id} found"
+      return
+    end
+
+    record = begin
       global_id.find
     rescue ActiveRecord::RecordNotFound
       global_id.model_class.new(id: global_id.model_id)
     end
-    return unless (@resource = Avo::App.get_resource_by_model_name(global_id.model_class))
-    @resource.hydrate(model:, user:, view:)
+    @resource = resource_class.new(record:, view:, user:).detect_fields
 
-    @old_resource = resource.dup.hydrate(model: resource.model_class.new(**unchanged, **changes.transform_values(&:first)), view:)
-    @new_resource = resource.dup.hydrate(model: resource.model_class.new(**unchanged, **changes.transform_values(&:last)), view:)
+    @old_resource = resource_class
+      .new(record: resource.model_class.new(**unchanged, **changes.transform_values(&:first)), view:, user:).detect_fields
+    @new_resource = resource_class
+      .new(record: resource.model_class.new(**unchanged, **changes.transform_values(&:last)), view:, user:).detect_fields
   end
 
   def render?
@@ -29,7 +36,7 @@ def render?
   attr_reader :gid, :changes, :unchanged, :user, :resource, :old_resource, :new_resource, :view
 
   def sorted_fields
-    @resource.fields
+    @resource.only_fields
       .reject { _1.is_a?(Avo::Fields::HasBaseField) }
       .sort_by.with_index { |f, i| [changes.key?(f.id.to_s) ? -1 : 1, i] }
   end
@@ -59,16 +66,16 @@ def each_field # rubocop:disable Metrics/CyclomaticComplexity,Metrics/PerceivedC
   end
 
   def component_for_field(field, resource)
-    field = field.hydrate(model: resource.model, view:)
+    field = field.hydrate(resource:, record: resource.record, view:, user:)
     field.component_for_view(view).new(field:, resource:)
   end
 
   def authorized?
-    Pundit.policy!(user, [:admin, resource.model]).avo_show?
+    Pundit.policy!(user, [:admin, resource.record]).avo_show?
   end
 
   def title_link
-    link_to(resource.model_title, resource.record_path)
+    link_to(resource.record_title, resource.record_path)
   end
 
   def change_type_icon(type)
diff --git a/app/components/avo/fields/audited_changes_field/show_component.html.erb b/app/components/avo/fields/audited_changes_field/show_component.html.erb
index 9b4ee42a56e..20941303dd5 100644
--- a/app/components/avo/fields/audited_changes_field/show_component.html.erb
+++ b/app/components/avo/fields/audited_changes_field/show_component.html.erb
@@ -1,5 +1,6 @@
 <%= field_wrapper **field_wrapper_args, full_width: true do %>
   <% records&.each do |gid, changes, unchanged| %>
+    <h3><%= gid %></h3>
     <%= render Avo::AuditedChangesRecordDiff::ShowComponent.new(
       gid:,
       changes:,
diff --git a/app/controllers/concerns/avo_auditable.rb b/app/controllers/concerns/avo_auditable.rb
index bf7643f1005..2fdabd8772a 100644
--- a/app/controllers/concerns/avo_auditable.rb
+++ b/app/controllers/concerns/avo_auditable.rb
@@ -12,17 +12,17 @@ def perform_action_and_record_errors(&blk)
       action = params.fetch(:action)
       fields = action == "destroy" ? {} : cast_nullable(model_params)
 
-      @model.errors.add :comment, "must supply a sufficiently detailed comment" if fields[:comment]&.then { _1.length < 10 }
-      raise ActiveRecord::RecordInvalid, @model if @model.errors.present?
-      action_name = "Manual #{action} of #{@model.class}"
+      @record.errors.add :comment, "must supply a sufficiently detailed comment" if fields[:comment]&.then { _1.length < 10 }
+      raise ActiveRecord::RecordInvalid, @record if @record.errors.present?
+      action_name = "Manual #{action} of #{@record.class}"
 
       value, @audit = in_audited_transaction(
-        auditable: @model,
+        auditable: @record,
         admin_github_user: _current_user,
         action: action_name,
         fields: fields.reverse_merge(comment: action_name),
         arguments: {},
-        models: [@model],
+        models: [@record],
         &blk
       )
       value
diff --git a/app/policies/admin/github_user_policy.rb b/app/policies/admin/admin/github_user_policy.rb
similarity index 85%
rename from app/policies/admin/github_user_policy.rb
rename to app/policies/admin/admin/github_user_policy.rb
index 91eaabfb6c1..7f2dd7b7b4d 100644
--- a/app/policies/admin/github_user_policy.rb
+++ b/app/policies/admin/admin/github_user_policy.rb
@@ -1,4 +1,4 @@
-class Admin::GitHubUserPolicy < Admin::ApplicationPolicy
+class Admin::Admin::GitHubUserPolicy < Admin::ApplicationPolicy
   class Scope < Admin::ApplicationPolicy::Scope
     # NOTE: Be explicit about which records you allow access to!
     def resolve
diff --git a/app/policies/admin/oidc/api_key_role_policy.rb b/app/policies/admin/oidc/api_key_role_policy.rb
index 51f0c3ae0c5..0c3914089b8 100644
--- a/app/policies/admin/oidc/api_key_role_policy.rb
+++ b/app/policies/admin/oidc/api_key_role_policy.rb
@@ -10,7 +10,5 @@ def resolve
 
   def avo_index? = rubygems_org_admin?
   def avo_show? = rubygems_org_admin?
-  def avo_create? = rubygems_org_admin?
-  def avo_update? = rubygems_org_admin?
   def act_on? = rubygems_org_admin?
 end
diff --git a/config/application.rb b/config/application.rb
index 340006377d5..e70ccf8ded6 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -19,6 +19,12 @@
 # you've limited to :test, :development, or :production.
 Bundler.require(*Rails.groups)
 
+# allow dotenv to specify RAILS_GROUPS
+if defined?(Dotenv::Rails)
+  Dotenv::Rails.load
+  Bundler.require(*Rails.groups)
+end
+
 module Gemcutter
   class Application < Rails::Application
     # Initialize configuration defaults for originally generated Rails version.
diff --git a/config/initializers/avo.rb b/config/initializers/avo.rb
index 17c1acae253..4c606c90b2d 100644
--- a/config/initializers/avo.rb
+++ b/config/initializers/avo.rb
@@ -1,18 +1,21 @@
 # For more information regarding these settings check out our docs https://docs.avohq.io
-Avo.configure do |config|
+Avo.configure do |config| # rubocop:disable Metrics/BlockLength
   ## == Routing ==
   config.root_path = '/admin'
 
   # Where should the user be redirected when visting the `/avo` url
-  config.home_path = "/admin/dashboards/dashy"
+  config.home_path = "/admin/dashboards/dashy" if defined?(Avo::Pro)
 
   ## == Licensing ==
-  config.license = 'pro' # change this to 'pro' when you add the license key
   config.license_key = ENV['AVO_LICENSE_KEY']
 
   ## == Set the context ==
   config.set_context do
     # Return a context object that gets evaluated in Avo::ApplicationController
+
+    if !Rails.env.local? && !(Avo.license.valid? && Avo.license.advanced?)
+      raise "Avo::Pro is missing in #{Rails.env}. RAILS_GROUPS=#{ENV['RAILS_GROUPS'].inspect} Avo.license=#{Avo.license.inspect}"
+    end
   end
 
   ## == Authentication ==
@@ -98,33 +101,36 @@
   # end
 
   ## == Menus ==
-  config.main_menu = lambda {
-    section "Dashboards", icon: "dashboards" do
-      all_dashboards
-    end
+  if defined?(Avo::Pro)
+    config.main_menu = lambda {
+      section "Dashboards", icon: "dashboards" do
+        all_dashboards
+      end
 
-    section "Resources", icon: "resources" do
-      Avo::App.resources_for_navigation.group_by { |r| r.model_class.module_parent_name }.sort_by { |k, _| k.to_s }.each do |namespace, reses|
-        if namespace.present?
-          group namespace.titleize, icon: "folder" do
+      section "Resources", icon: "resources" do
+        Avo.resource_manager.resources_for_navigation(current_user).group_by { |r| r.model_class.module_parent_name }
+          .sort_by { |k, _| k.to_s }.each do |namespace, reses|
+          if namespace.present?
+            group namespace.titleize, icon: "folder" do
+              reses.each do |res|
+                resource res.route_key
+              end
+            end
+          else
             reses.each do |res|
               resource res.route_key
             end
           end
-        else
-          reses.each do |res|
-            resource res.route_key
-          end
         end
       end
-    end
 
-    unless all_tools.empty?
-      section "Tools", icon: "tools" do
-        all_tools
+      unless all_tools.empty?
+        section "Tools", icon: "tools" do
+          all_tools
+        end
       end
-    end
-  }
+    }
+  end
 
   config.profile_menu = lambda {
     link_to "Admin Profile",
@@ -136,11 +142,8 @@
 Rails.configuration.to_prepare do
   Avo::ApplicationController.include GitHubOAuthable
   Avo::BaseController.prepend AvoAuditable
-  Avo::BaseResource.include Concerns::AvoAuditableResource
-
-  Avo::ApplicationController.content_security_policy do |policy|
-    policy.style_src :self, "https://fonts.googleapis.com", :unsafe_inline
-  end
+  Avo::BaseResource.prepend Avo::Resources::Concerns::AvoAuditableResource
+  Avo::Concerns::HasItems.prepend Avo::Resources::Concerns::AvoAuditableResource::HasItemsIncludeComment
 
   # Fix for https://github.com/rails/rails/issues/49783
   Avo::Views::ResourceEditComponent.class_eval do
diff --git a/config/initializers/prosopite.rb b/config/initializers/prosopite.rb
index 95e7e0208d6..19c65ff5a37 100644
--- a/config/initializers/prosopite.rb
+++ b/config/initializers/prosopite.rb
@@ -11,8 +11,9 @@
       "app/mailers/",
 
       # avo auditing potentially loads things multiple times, but it will be bounded by the size of the audit
-      "app/avo/actions/base_action.rb",
+      "app/avo/actions/application_action.rb",
       "app/components/avo/fields/audited_changes_field/show_component.html.erb",
+      "app/components/avo/views/resource_index_component.html.erb",
 
       # calls count for each owner, AR doesn't yet allow preloading aggregates
       "app/views/ownership_requests/_ownership_request.html.erb"
diff --git a/config/initializers/zeitwerk.rb b/config/initializers/zeitwerk.rb
index cba98d517fc..3d7b4569489 100644
--- a/config/initializers/zeitwerk.rb
+++ b/config/initializers/zeitwerk.rb
@@ -9,6 +9,12 @@
 
 Rails.autoloaders.main.ignore(Rails.root.join("lib/puma/plugin"))
 
+unless defined?(Avo::Pro)
+  Rails.autoloaders.main.ignore(Rails.root.join("app/avo/cards"))
+  Rails.autoloaders.main.ignore(Rails.root.join("app/avo/dashboards"))
+  Rails.autoloaders.main.ignore(Rails.root.join("lib/admin/authorization_client.rb"))
+end
+
 Rails.autoloaders.once.inflector.inflect(
   "http" => "HTTP",
   "oidc" => "OIDC"
diff --git a/lib/admin/authorization_client.rb b/lib/admin/authorization_client.rb
index 6a95c709438..db6e81df77a 100644
--- a/lib/admin/authorization_client.rb
+++ b/lib/admin/authorization_client.rb
@@ -1,6 +1,6 @@
 # This class is the same as the default pundit authorization client.
 # It just adds the admin scope automatically so that Avo pundit policies can be kept separate.
-class Admin::AuthorizationClient < Avo::Services::AuthorizationClients::PunditClient
+class Admin::AuthorizationClient < Avo::Pro::Authorization::Clients::PunditClient
   def authorize(user, record, action, policy_class: nil)
     # After https://github.com/avo-hq/avo/pull/2827 lands, we can hopefully remove this hack
     policy_class ||= Admin::GitHubUserPolicy if record == Admin::GitHubUser
diff --git a/script/build_docker.sh b/script/build_docker.sh
index 52437389d54..55157c18c01 100755
--- a/script/build_docker.sh
+++ b/script/build_docker.sh
@@ -22,6 +22,8 @@ docker buildx build --cache-from=type=local,src=/tmp/.buildx-cache \
   --tag "$DOCKER_TAG" \
   --build-arg RUBYGEMS_VERSION="$RUBYGEMS_VERSION" \
   --build-arg REVISION="$GITHUB_SHA" \
+  --build-arg BUNDLE_WITH="$([ -n "${BUNDLE_PACKAGER__DEV}" ] && echo "avo")" \
+  --secret id=BUNDLE_PACKAGER__DEV \
   .
 
 # This is a ruby script we run to ensure that all dependencies are configured properly in
diff --git a/script/dev b/script/dev
index 73576e5911e..2406a5181c6 100755
--- a/script/dev
+++ b/script/dev
@@ -2,7 +2,7 @@
 
 export GITHUB_KEY="op://bq25xfqpafelzdxwqu3mdq6rza/zsq3oitss3rbo4njqpjfd5r5cm/GITHUB_KEY"
 export GITHUB_SECRET="op://bq25xfqpafelzdxwqu3mdq6rza/zsq3oitss3rbo4njqpjfd5r5cm/GITHUB_SECRET"
-export AVO_LICENSE_KEY="op://bq25xfqpafelzdxwqu3mdq6rza/netp2leghd7zqdxlkp5asy67d4/license key"
+export AVO_LICENSE_KEY="op://bq25xfqpafelzdxwqu3mdq6rza/y32yshzph7shehubizpzphv6oe/license key"
 export DATADOG_CSP_API_KEY="op://bq25xfqpafelzdxwqu3mdq6rza/eisktguwm3pcfkwm7avqamdnxq/credential"
 export HOOK_RELAY_ACCOUNT_ID="op://bq25xfqpafelzdxwqu3mdq6rza/s3fs2zznjssijxouugddmwnuma/username"
 export HOOK_RELAY_HOOK_ID="op://bq25xfqpafelzdxwqu3mdq6rza/s3fs2zznjssijxouugddmwnuma/credential"
diff --git a/script/update-rubygems b/script/update-rubygems
index b71245fc401..fe2677126c5 100755
--- a/script/update-rubygems
+++ b/script/update-rubygems
@@ -73,5 +73,6 @@ end
 
 sub_yaml ".github/workflows/docker.yml", %w[jobs * env RUBY_VERSION], ruby_version.inspect
 sub_yaml ".github/workflows/test.yml", %w[jobs * strategy matrix ruby_version 0], ruby_version.inspect
+sub_yaml ".github/workflows/test.yml", %w[jobs * strategy matrix include * ruby_version], ruby_version.inspect
 
 system("bundle", "update", "--bundler=#{bundler_version}", exception: true)
diff --git a/test/integration/avo/gem_name_reservations_controller_test.rb b/test/integration/avo/gem_name_reservations_controller_test.rb
index 58abc37dacb..57574ab3731 100644
--- a/test/integration/avo/gem_name_reservations_controller_test.rb
+++ b/test/integration/avo/gem_name_reservations_controller_test.rb
@@ -10,8 +10,14 @@ class Avo::GemNameReservationsControllerTest < ActionDispatch::IntegrationTest
     get avo.resources_gem_name_reservations_path
 
     assert_response :success
+  end
+
+  test "resource search_query scope" do
+    requires_avo_pro
+
+    admin_sign_in_as create(:admin_github_user, :is_admin)
+    create(:gem_name_reservation, name: "hello")
 
-    # test resource search_query scope
     get avo.avo_api_search_path(q: "hello")
 
     assert_response :success
diff --git a/test/policies/admin/avo_policies_test.rb b/test/policies/admin/avo_policies_test.rb
deleted file mode 100644
index e03ee0e9cc0..00000000000
--- a/test/policies/admin/avo_policies_test.rb
+++ /dev/null
@@ -1,35 +0,0 @@
-require "test_helper"
-
-class Admin::AvoPoliciesTest < AdminPolicyTestCase
-  def test_association_methods_defined
-    resources = Avo::App.init_resources
-    association_actions = %w[create attach detach destroy edit show view]
-
-    aggregate_assertions do
-      resources.each do |resource|
-        policy =
-          if resource.authorization_policy
-            resource.authorization_policy.new(nil, resource)
-          else
-            policy!(nil, resource)
-          end
-
-        refute_nil policy
-
-        aggregate_assertions policy.class.name do
-          resource.fields.each do |field|
-            aggregate_assertions field.id do
-              case field
-              when Avo::Fields::HasBaseField
-
-                association_actions.each do |action|
-                  assert_respond_to policy, :"#{action}_#{field.id}?"
-                end
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end
diff --git a/test/policies/admin/github_user_policy_test.rb b/test/policies/admin/github_user_policy_test.rb
index 88eed2da631..0bcc86b9fc4 100644
--- a/test/policies/admin/github_user_policy_test.rb
+++ b/test/policies/admin/github_user_policy_test.rb
@@ -2,7 +2,7 @@
 
 class Admin::GitHubUserPolicyTest < AdminPolicyTestCase
   def policy_class
-    Admin::GitHubUserPolicy
+    Admin::Admin::GitHubUserPolicy
   end
 
   setup do
diff --git a/test/policies/admin/oidc/api_key_role_policy_test.rb b/test/policies/admin/oidc/api_key_role_policy_test.rb
index 41861431aab..917abd3d3ea 100644
--- a/test/policies/admin/oidc/api_key_role_policy_test.rb
+++ b/test/policies/admin/oidc/api_key_role_policy_test.rb
@@ -28,13 +28,13 @@ def test_avo_show
   end
 
   def test_avo_create
-    assert_authorizes @admin, OIDC::ApiKeyRole, :avo_create?
+    refute_authorizes @admin, OIDC::ApiKeyRole, :avo_create?
 
     refute_authorizes @non_admin, OIDC::ApiKeyRole, :avo_create?
   end
 
   def test_avo_update
-    assert_authorizes @admin, @api_key_role, :avo_update?
+    refute_authorizes @admin, @api_key_role, :avo_update?
 
     refute_authorizes @non_admin, @api_key_role, :avo_update?
   end
diff --git a/test/system/avo/manual_changes_test.rb b/test/system/avo/manual_changes_test.rb
index 9db82895c35..0180c51cb7c 100644
--- a/test/system/avo/manual_changes_test.rb
+++ b/test/system/avo/manual_changes_test.rb
@@ -111,9 +111,8 @@ class Avo::ManualChangesSystemTest < ApplicationSystemTestCase
 
     page.assert_title(/^#{log_ticket.to_param}/)
 
-    accept_alert("Are you sure?") do
-      click_on "Delete"
-    end
+    click_on "Delete"
+    click_on "Yes, I'm sure"
 
     page.assert_text "Record destroyed"
 
diff --git a/test/system/avo/oidc_api_key_roles_test.rb b/test/system/avo/oidc_api_key_roles_test.rb
deleted file mode 100644
index 23f14311153..00000000000
--- a/test/system/avo/oidc_api_key_roles_test.rb
+++ /dev/null
@@ -1,58 +0,0 @@
-require "application_system_test_case"
-
-class Avo::OIDCApiKeyRolesSystemTest < ApplicationSystemTestCase
-  make_my_diffs_pretty!
-
-  test "manually changing roles" do
-    admin_user = create(:admin_github_user, :is_admin)
-    avo_sign_in_as admin_user
-
-    provider = create(:oidc_provider)
-    user = create(:user)
-
-    visit avo.resources_oidc_api_key_roles_path
-    click_on "Create new OIDC api key role"
-
-    select provider.issuer, from: "oidc_api_key_role_oidc_provider_id"
-    find_field(id: "oidc_api_key_role_user_id").click
-    send_keys user.display_handle
-    find("li", text: user.display_handle).click
-    fill_in "Name", with: "Role"
-    fill_in "Valid for", with: "PT15M"
-    fill_in "Comment", with: "A nice long comment"
-
-    click_on "Save"
-
-    page.assert_text "can't be blank"
-    page.assert_text "Access policy can't be blank"
-
-    assert_field "oidc_api_key_role_oidc_provider_id", with: provider.id
-    assert_field "oidc_api_key_role_user_id", with: user.display_handle
-    assert_field "Name", with: "Role"
-    assert_field "Valid for", with: "PT15M"
-
-    find("div[data-field-id='scopes'] tags").click
-    send_keys "push_rubygem", :enter
-    fill_in "Comment", with: "A nice long comment"
-
-    click_on "Add another Statement"
-    click_on "Add another Condition"
-
-    click_on "Save"
-
-    fill_in "oidc_api_key_role_access_policy_statements_0__principal_oidc", with: provider.issuer
-    select "String Matches", from: "oidc_api_key_role_access_policy_statements_0__conditions_0__operator"
-    fill_in "oidc_api_key_role_access_policy_statements_0__conditions_0__claim", with: "sub"
-    fill_in "oidc_api_key_role_access_policy_statements_0__conditions_0__value", with: "sub-value"
-    fill_in "Comment", with: "A nice long comment"
-
-    click_on "Save"
-
-    page.assert_text "Role"
-
-    role = provider.api_key_roles.sole
-
-    assert_equal "string_matches", role.access_policy.statements[0].conditions[0].operator
-    assert_equal OIDC::ApiKeyPermissions.new(valid_for: 15.minutes, gems: [], scopes: ["push_rubygem"]), role.api_key_permissions
-  end
-end
diff --git a/test/system/avo/rubygems_test.rb b/test/system/avo/rubygems_test.rb
index 1b42ed7206c..e9d9dda8c00 100644
--- a/test/system/avo/rubygems_test.rb
+++ b/test/system/avo/rubygems_test.rb
@@ -228,6 +228,8 @@ class Avo::RubygemsSystemTest < ApplicationSystemTestCase
   end
 
   test "add owner" do
+    requires_avo_pro # for search
+
     admin_user = create(:admin_github_user, :is_admin)
     avo_sign_in_as admin_user
 
@@ -248,7 +250,8 @@ class Avo::RubygemsSystemTest < ApplicationSystemTestCase
     page.assert_text "Must supply a sufficiently detailed comment"
 
     fill_in "Comment", with: "A nice long comment"
-    find_field("New owner").click
+    find_field("New owner").click(delay: 0.05)
+    find("form[role='search'] input").click
     send_keys new_owner.email
     find("li", text: new_owner.handle).click
 
diff --git a/test/system/avo/users_test.rb b/test/system/avo/users_test.rb
index 0c8d6b6a015..19a99118c28 100644
--- a/test/system/avo/users_test.rb
+++ b/test/system/avo/users_test.rb
@@ -607,7 +607,7 @@ class Avo::UsersSystemTest < ApplicationSystemTestCase
         },
         "fields" => { "email" => "gem-user-001@example.com" },
         "arguments" => {},
-        "models" => nil
+        "models" => []
       },
       audit.audited_changes
     )
diff --git a/test/system/avo/versions_test.rb b/test/system/avo/versions_test.rb
index 1e7842843a9..75a868ad56f 100644
--- a/test/system/avo/versions_test.rb
+++ b/test/system/avo/versions_test.rb
@@ -125,7 +125,6 @@ class Avo::VersionsSystemTest < ApplicationSystemTestCase
     visit avo.resources_version_path(version)
 
     click_button "Actions"
-
     click_on "Run version post-write job"
 
     fill_in "Comment", with: "A nice long comment"
diff --git a/test/test_helper.rb b/test/test_helper.rb
index f381d4f6743..4d08b5d0cc0 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -39,7 +39,7 @@
 
 # setup license early since some tests are testing Avo outside of requests
 # and license is set with first request
-Avo::App.license = Avo::Licensing::LicenseManager.new(Avo::Licensing::HQ.new.response).license
+Avo::Current.license = Avo::Licensing::LicenseManager.new(Avo::Licensing::HQ.new.response).license
 
 WebMock.disable_net_connect!(
   allow_localhost: true,
@@ -49,12 +49,6 @@
   ]
 )
 WebMock.globally_stub_request(:after_local_stubs) do |request|
-  avo_request_pattern = WebMock::RequestPattern.new(:post, "https://avohq.io/api/v1/licenses/check")
-  if avo_request_pattern.matches?(request)
-    { status: 200, body: { id: :pro, valid: true, payload: {} }.to_json,
-      headers: { "Content-Type" => "application/json" } }
-  end
-
   if WebMock::RequestPattern.new(:get, Addressable::Template.new("https://secure.gravatar.com/avatar/{hash}.png?d=404&r=PG&s={size}")).matches?(request)
     { status: 404, body: "", headers: {} }
   end
@@ -117,6 +111,16 @@ def requires_toxiproxy
     skip("Toxiproxy is not running, but was required for this test.")
   end
 
+  def requires_avo_pro
+    return if Avo.configuration.license == "advanced" && defined?(Avo::Pro)
+
+    if ActiveRecord::Type::Boolean.new.cast(ENV["REQUIRE_AVO_PRO"])
+      raise "REQUIRE_AVO_PRO is set but Avo::Pro is missing in #{Rails.env}." \
+            "\nRAILS_GROUPS=#{ENV['RAILS_GROUPS'].inspect}\nAvo.license=#{Avo.license.inspect}"
+    end
+    skip "avo pro is not present but was required for this test"
+  end
+
   def assert_changed(object, *attributes)
     original_attributes = attributes.index_with { |a| object.send(a) }
     yield if block_given?
@@ -261,6 +265,8 @@ class SystemTest < ActionDispatch::IntegrationTest
 
 class AdminPolicyTestCase < ActiveSupport::TestCase
   def setup
+    requires_avo_pro
+
     @authorization_client = Admin::AuthorizationClient.new
   end
 
diff --git a/test/unit/avo/actions/base_action_test.rb b/test/unit/avo/actions/base_action_test.rb
index fd5f46600a5..ff803c1da39 100644
--- a/test/unit/avo/actions/base_action_test.rb
+++ b/test/unit/avo/actions/base_action_test.rb
@@ -1,24 +1,24 @@
 require "test_helper"
 
 class BaseActionTest < ActiveSupport::TestCase
-  class DestroyerAction < BaseAction
-    class ActionHandler < ActionHandler
-      def handle_model(model)
+  class DestroyerAction < Avo::Actions::ApplicationAction
+    class ActionHandler < Avo::Actions::ActionHandler
+      def handle_record(model)
         model.destroy!
       end
     end
   end
 
-  class EmptyAction < BaseAction
-    class ActionHandler < ActionHandler
-      def handle_model(model)
+  class EmptyAction < Avo::Actions::ApplicationAction
+    class ActionHandler < Avo::Actions::ActionHandler
+      def handle_record(model)
       end
     end
   end
 
-  class WebHookCreateAction < BaseAction
-    class ActionHandler < BaseAction::ActionHandler
-      def handle_model(user)
+  class WebHookCreateAction < Avo::Actions::ApplicationAction
+    class ActionHandler < Avo::Actions::ActionHandler
+      def handle_record(user)
         user.web_hooks.create(url: "https://example.com/path")
       end
     end
@@ -31,8 +31,7 @@ def handle_model(user)
     @avo = mock
     @view_context.stubs(:avo).returns(@avo)
     @avo.stubs(:resources_audit_path).returns("resources_audit_path")
-
-    ::Avo::App.init request: nil, context: nil, current_user: nil, view_context: @view_context, params: {}
+    Avo::Current.stubs(:view_context).returns(@view_context)
   end
 
   test "handles errors" do
@@ -41,7 +40,7 @@ def each
         raise "Cannot enumerate"
       end
     end.new
-    action = BaseAction.new
+    action = EmptyAction.new
 
     args = {
       fields: {
@@ -49,13 +48,14 @@ def each
       },
       current_user: create(:admin_github_user, :is_admin),
       resource: nil,
-      models: raises_on_each
+      records: raises_on_each,
+      query: nil
     }
 
     action.handle(**args)
 
     assert_equal [{ type: :error, body: "Cannot enumerate" }], action.response[:messages]
-    assert action.response[:keep_modal_open]
+    assert_equal :keep_modal_open, action.response[:type]
   end
 
   test "tracks deletions" do
@@ -69,7 +69,8 @@ def each
       },
       current_user: admin,
       resource: nil,
-      models: [webhook]
+      records: [webhook],
+      query: nil
     }
 
     action.handle(**args)
@@ -115,7 +116,8 @@ def each
       },
       current_user: admin,
       resource: nil,
-      models: [user]
+      records: [user],
+      query: nil
     }
 
     action.handle(**args)
@@ -152,7 +154,8 @@ def each
       },
       current_user: admin,
       resource: nil,
-      models: [user]
+      records: [user],
+      query: nil
     }
 
     action.handle(**args)
diff --git a/test/unit/avo/actions/unblock_user_test.rb b/test/unit/avo/actions/unblock_user_test.rb
index 1d59f31b487..1bbfb015599 100644
--- a/test/unit/avo/actions/unblock_user_test.rb
+++ b/test/unit/avo/actions/unblock_user_test.rb
@@ -4,18 +4,19 @@ class UnblockUserTest < ActiveSupport::TestCase
   setup do
     @user = create(:user, :blocked)
     @current_user = create(:admin_github_user, :is_admin)
-    @resource = UserResource.new.hydrate(model: @user)
-    @action = UnblockUser.new(model: @user, resource: @resource, user: @current_user, view: :edit)
+    @resource = Avo::Resources::User.new.hydrate(record: @user)
+    @action = Avo::Actions::UnblockUser.new(record: @user, resource: @resource, user: @current_user, view: :edit)
   end
 
   should "unblock user" do
     args = {
       current_user: @current_user,
       resource: @resource,
-      models: [@user],
+      records: [@user],
       fields: {
         comment: "Unblocking incorrectly flagged user"
-      }
+      },
+      query: nil
     }
 
     @action.handle(**args)
@@ -29,13 +30,13 @@ class UnblockUserTest < ActiveSupport::TestCase
   should "ask for confirmation" do
     action_mock = Data.define(:record).new(record: @user)
 
-    assert_not_nil action_mock.instance_exec(&UnblockUser.message)
+    assert_not_nil action_mock.instance_exec(&Avo::Actions::UnblockUser.message)
   end
 
   should "be visible" do
     action_mock = Data.define(:current_user, :view, :record).new(current_user: @current_user, view: :show, record: @user)
 
-    assert action_mock.instance_exec(&UnblockUser.visible)
+    assert action_mock.instance_exec(&Avo::Actions::UnblockUser.visible)
   end
 
   context "when the user is not blocked" do
@@ -46,7 +47,7 @@ class UnblockUserTest < ActiveSupport::TestCase
     should "not be visible" do
       action_mock = Data.define(:current_user, :view, :record).new(current_user: @current_user, view: :show, record: @user)
 
-      refute action_mock.instance_exec(&UnblockUser.visible)
+      refute action_mock.instance_exec(&Avo::Actions::UnblockUser.visible)
     end
   end
 end

From 5414f2da8021ee9721d383c0c5519a85d9df8fa2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Oct 2024 00:48:00 +0000
Subject: [PATCH 281/381] Bump github/codeql-action from 3.26.12 to 3.26.13
 (#5119)

---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 9ef36f5d78e..b79b2449d67 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
+        uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
+        uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
+        uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index c066180547b..625190ec904 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
+        uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
         with:
           sarif_file: results.sarif

From 5fa8c563877ffab985abb806e73860706110e52e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Oct 2024 00:48:16 +0000
Subject: [PATCH 282/381] Bump actions/upload-artifact from 4.4.2 to 4.4.3
 (#5116)

---
 .github/workflows/lint.yml | 2 +-
 .github/workflows/test.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 4fe3dddb771..9a8daa4181c 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -60,7 +60,7 @@ jobs:
         env:
           ENVIRONMENT: "${{ matrix.environment }}"
           REVISION: "${{ github.sha }}"
-      - uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 # v4.4.2
+      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: "${{ matrix.environment }}.rendered.yaml"
           path: "config/deploy/${{ matrix.environment }}.rendered.yaml"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c12b8342938..dbf6d6e0070 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -64,7 +64,7 @@ jobs:
 
       - name: Save capybara screenshots
         if: ${{ failure() && steps.test-all.outcome == 'failure' }}
-        uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 # v4.4.2
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: capybara-screenshots-${{ matrix.tests.name }}-${{ matrix.rubygems.name }}
           path: tmp/capybara

From b47561930f974df68ed8cc8759ca8ef2e7609cee Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Oct 2024 14:07:10 +0000
Subject: [PATCH 283/381] Bump pghero from 3.6.0 to 3.6.1

Bumps [pghero](https://github.com/ankane/pghero) from 3.6.0 to 3.6.1.
- [Changelog](https://github.com/ankane/pghero/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/pghero/compare/v3.6.0...v3.6.1)

---
updated-dependencies:
- dependency-name: pghero
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index c2a8f9a4f77..bf0ae5d903a 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -561,7 +561,7 @@ GEM
     pg (1.5.8)
     pg_query (5.1.0)
       google-protobuf (>= 3.22.3)
-    pghero (3.6.0)
+    pghero (3.6.1)
       activerecord (>= 6.1)
     phlex (1.10.2)
     phlex-rails (1.2.1)
@@ -1221,7 +1221,7 @@ CHECKSUMS
   parser (3.3.5.0) sha256=f30ebb71b7830c2e7cdc4b2b0e0ec2234900e3fca3fe2fba47f78be759181ab3
   pg (1.5.8) sha256=efd71939dd1d6d9f0b434dc61dee6ef64f1d2bfcd3c177598a8797c27e654f37
   pg_query (5.1.0) sha256=b7f7f47c864f08ccbed46a8244906fb6ee77ee344fd27250717963928c93145d
-  pghero (3.6.0) sha256=cad9cb865f99ff40bb5ba47d3dae20d06be06ac8ea6b01172f6a8ccc85671109
+  pghero (3.6.1) sha256=e6d4f6ec3979d4828dafcd1eaa4214e70279fe2502b9fe5bd632d8333aa79cd4
   phlex (1.10.2) sha256=49dca7df081258f937be5e4ee0a81b11743f2b4fea25ac7537912b9c9344b1e6
   phlex-rails (1.2.1) sha256=1d80709c02114cda869951d22bfca189b5f208d1eb89f2e6fafbe3c0240a822f
   pp (0.5.0) sha256=f8f40bc2ba9e1ab351b9458151da3a89f46034f7f599a8e0a06abb9b9f4411dd

From acc13f152998aef59cf333a19036db086625fbf2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Oct 2024 14:08:46 +0000
Subject: [PATCH 284/381] Bump strong_migrations from 2.0.0 to 2.0.1

Bumps [strong_migrations](https://github.com/ankane/strong_migrations) from 2.0.0 to 2.0.1.
- [Changelog](https://github.com/ankane/strong_migrations/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/strong_migrations/compare/v2.0.0...v2.0.1)

---
updated-dependencies:
- dependency-name: strong_migrations
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index c2a8f9a4f77..f87bd3a3f43 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -798,7 +798,7 @@ GEM
     stimulus-rails (1.3.4)
       railties (>= 6.0.0)
     stringio (3.1.1)
-    strong_migrations (2.0.0)
+    strong_migrations (2.0.1)
       activerecord (>= 6.1)
     swd (2.0.3)
       activesupport (>= 3)
@@ -1315,7 +1315,7 @@ CHECKSUMS
   statsd-instrument (3.9.2) sha256=56c70080fb73fed02d9ce26bbf573850b16739ae4252ca508e855dfcfb08db86
   stimulus-rails (1.3.4) sha256=765676ffa1f33af64ce026d26b48e8ffb2e0b94e0f50e9119e11d6107d67cb06
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
-  strong_migrations (2.0.0) sha256=88750f294403e18ec674eda6901f2fc195f553ed6a7928c52e8a3f5b57ff501d
+  strong_migrations (2.0.1) sha256=86ed89bb62ff1861240ab4628a2500ef50cd8bbf03d4c8f7368fda2dd94636b9
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
   tailwindcss-rails (2.7.9) sha256=227a80aecdc25465646e501b5b992dcde98799e9d58c44938b61ab8b62cccdb9
   tailwindcss-rails (2.7.9-aarch64-linux) sha256=e445c0761bcdc8fab423f35a9c6f2791ca73e46ef558a0e02601c9a2cf83dcb3

From 0e3f10c3996100b624b9677c1a3075afb80b4c2c Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Tue, 15 Oct 2024 14:04:34 -0700
Subject: [PATCH 285/381] Implements new design on static pages controller
 (#5108)

hammy.html.erb template implements new design on static pages controller
---
 app/assets/config/manifest.js                 |   1 +
 .../stylesheets/application.tailwind.css      |   7 +-
 app/assets/stylesheets/hammy.css              |  11 +
 app/controllers/application_controller.rb     |   9 +
 app/controllers/dashboards_controller.rb      |   2 +
 app/controllers/pages_controller.rb           |   3 +
 app/helpers/application_helper.rb             |  14 +-
 app/helpers/prose_helper.rb                   |   7 +
 .../controllers/autocomplete_controller.js    |   9 +-
 .../controllers/dialog_controller.js          |  26 ++
 .../controllers/reveal_controller.js          |  46 ++++
 .../controllers/reveal_search_controller.js   |  19 ++
 app/views/components/button_component.rb      |  89 +++++++
 app/views/components/card_component.rb        |  43 +++
 app/views/dashboards/show.html.erb            |   3 +-
 app/views/layouts/_breadcrumbs.html.erb       |  25 ++
 app/views/layouts/_search.html.erb            |   5 +-
 app/views/layouts/_session.html.erb           |  51 ++++
 app/views/layouts/hammy.html.erb              | 244 ++++++++++++++++++
 app/views/pages/about.html.erb                |  27 +-
 app/views/pages/data.html.erb                 |  25 +-
 app/views/pages/download.html.erb             |  42 +--
 app/views/pages/faq.html.erb                  |   7 -
 app/views/pages/migrate.html.erb              |   8 -
 app/views/pages/security.html.erb             |   4 +-
 app/views/pages/sponsors.html.erb             |  13 +-
 config/application.rb                         |   2 +-
 config/importmap.rb                           |   2 +
 config/locales/de.yml                         |  20 +-
 config/locales/en.yml                         |  16 +-
 config/locales/es.yml                         |  20 +-
 config/locales/fr.yml                         |  21 +-
 config/locales/ja.yml                         |  16 +-
 config/locales/nl.yml                         |  21 +-
 config/locales/pt-BR.yml                      |  16 +-
 config/locales/zh-CN.yml                      |  17 +-
 config/locales/zh-TW.yml                      |  17 +-
 config/tailwind.config.js                     | 212 ++++++++++++---
 public/images/icons.svg                       | 117 +++++++++
 test/policies/rubygem_policy_test.rb          |   8 +-
 .../@stimulus-components--dialog.js           |   2 +
 .../@stimulus-components--reveal.js           |   2 +
 42 files changed, 1065 insertions(+), 184 deletions(-)
 create mode 100644 app/assets/stylesheets/hammy.css
 create mode 100644 app/helpers/prose_helper.rb
 create mode 100644 app/javascript/controllers/dialog_controller.js
 create mode 100644 app/javascript/controllers/reveal_controller.js
 create mode 100644 app/javascript/controllers/reveal_search_controller.js
 create mode 100644 app/views/components/button_component.rb
 create mode 100644 app/views/components/card_component.rb
 create mode 100644 app/views/layouts/_breadcrumbs.html.erb
 create mode 100644 app/views/layouts/_session.html.erb
 create mode 100644 app/views/layouts/hammy.html.erb
 delete mode 100644 app/views/pages/faq.html.erb
 delete mode 100644 app/views/pages/migrate.html.erb
 create mode 100644 public/images/icons.svg
 create mode 100644 vendor/javascript/@stimulus-components--dialog.js
 create mode 100644 vendor/javascript/@stimulus-components--reveal.js

diff --git a/app/assets/config/manifest.js b/app/assets/config/manifest.js
index 2b38b4b8101..c0134c6bbde 100644
--- a/app/assets/config/manifest.js
+++ b/app/assets/config/manifest.js
@@ -1,4 +1,5 @@
 //= link application.css
+//= link hammy.css
 //= link_tree ../../../vendor/assets/images
 //= link_tree ../builds
 //= link_tree ../../javascript .js
diff --git a/app/assets/stylesheets/application.tailwind.css b/app/assets/stylesheets/application.tailwind.css
index f575b6d8902..9a9e22c1a76 100644
--- a/app/assets/stylesheets/application.tailwind.css
+++ b/app/assets/stylesheets/application.tailwind.css
@@ -1,7 +1,5 @@
 @config "../../../config/tailwind.config.js";
 @tailwind base;
-@tailwind components;
-@tailwind utilities;
 
 @layer base {
   @font-face {
@@ -9,6 +7,9 @@
     font-style: normal;
     font-weight: 400;
     font-display: swap;
-    src: url(/fonts/Roboto.woff2) format('woff2');
   }
+
 }
+
+@tailwind components;
+@tailwind utilities;
diff --git a/app/assets/stylesheets/hammy.css b/app/assets/stylesheets/hammy.css
new file mode 100644
index 00000000000..e54d84913b6
--- /dev/null
+++ b/app/assets/stylesheets/hammy.css
@@ -0,0 +1,11 @@
+/*
+ * This is a manifest file that'll automatically include all the stylesheets available in this directory
+ * and any sub-directories. You're free to add application-wide styles to this file and they'll appear at
+ * the top of the compiled file, but it's generally better to create a new file per style scope.
+ *= require_self
+*/
+
+/* Default browser style adds a max width that is hard to override with tailwind directly */
+dialog:modal {
+  max-width: 100vw;
+}
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index d017ae5a988..65861579447 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -62,6 +62,15 @@ def self.http_basic_authenticate_with(**options)
     super
   end
 
+  def breadcrumbs
+    @breadcrumbs ||= []
+  end
+  helper_method :breadcrumbs
+
+  def add_breadcrumb(name, link = nil)
+    breadcrumbs << [name, link]
+  end
+
   protected
 
   def http_basic_authentication_options_valid?(**options)
diff --git a/app/controllers/dashboards_controller.rb b/app/controllers/dashboards_controller.rb
index 79e8b999ce6..b4da09e50a0 100644
--- a/app/controllers/dashboards_controller.rb
+++ b/app/controllers/dashboards_controller.rb
@@ -5,6 +5,8 @@ class DashboardsController < ApplicationController
   before_action :redirect_to_settings_strong_mfa_required, if: :mfa_required_weak_level_enabled?
 
   def show
+    add_breadcrumb t("breadcrumbs.dashboard"), dashboard_path
+
     respond_to do |format|
       format.html do
         @my_gems         = current_user.rubygems.with_versions.by_name.preload(:most_recent_version)
diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb
index 767ce234925..c47d16291c4 100644
--- a/app/controllers/pages_controller.rb
+++ b/app/controllers/pages_controller.rb
@@ -1,7 +1,10 @@
 class PagesController < ApplicationController
   before_action :find_page
 
+  layout "hammy"
+
   def show
+    add_breadcrumb t("pages.#{@page}.title")
     render @page
   end
 
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index c2dac569d41..0e650d61de3 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -75,7 +75,7 @@ def flash_message(name, msg)
     msg
   end
 
-  def rubygem_search_field(home: false)
+  def rubygem_search_field(**kwargs)
     data = {
       autocomplete_target: "query",
       action: %w[
@@ -89,17 +89,21 @@ def rubygem_search_field(home: false)
         blur->autocomplete#hide
       ].join(" ")
     }
-    data[:nav_target] = "search" unless home
+    aria = { autocomplete: "list" }
+
+    data.merge!(kwargs.delete(:data) || {})
+    aria.merge!(kwargs.delete(:aria) || {})
 
     search_field_tag(
       :query,
       params[:query],
       placeholder: t("layouts.application.header.search_gem_html"),
       autofocus: current_page?(root_url),
-      class: home ? "home__search" : "header__search",
+      class: kwargs[:class],
       autocomplete: "off",
-      aria: { autocomplete: "list" },
-      data: data
+      aria:,
+      data:,
+      **kwargs
     )
   end
 end
diff --git a/app/helpers/prose_helper.rb b/app/helpers/prose_helper.rb
new file mode 100644
index 00000000000..17db0dd216a
--- /dev/null
+++ b/app/helpers/prose_helper.rb
@@ -0,0 +1,7 @@
+module ProseHelper
+  def prose(&)
+    base = "prose prose-neutral dark:prose-invert prose-lg lg:prose-xl max-w-prose mx-auto"
+    styles = "prose-headings:font-semibold"
+    tag.div class: "#{base} #{styles}", &
+  end
+end
diff --git a/app/javascript/controllers/autocomplete_controller.js b/app/javascript/controllers/autocomplete_controller.js
index a840f4eb1d1..c933cd6df2b 100644
--- a/app/javascript/controllers/autocomplete_controller.js
+++ b/app/javascript/controllers/autocomplete_controller.js
@@ -14,6 +14,7 @@ export default class extends Controller {
   disconnect() { clear() }
 
   clear() {
+    this.suggestionsTarget.classList.add('hidden');
     this.suggestionsTarget.innerHTML = ""
     this.suggestionsTarget.removeAttribute('tabindex');
     this.suggestionsTarget.removeAttribute('aria-activedescendant');
@@ -25,12 +26,14 @@ export default class extends Controller {
   }
 
   next() {
+    if (this.suggestLength === 0) return;
     this.indexNumber++;
     if (this.indexNumber >= this.suggestLength) this.indexNumber = 0;
     this.focusItem(this.itemTargets[this.indexNumber]);
   }
 
   prev() {
+    if (this.suggestLength === 0) return;
     this.indexNumber--;
     if (this.indexNumber < 0) this.indexNumber = this.suggestLength - 1;
     this.focusItem(this.itemTargets[this.indexNumber]);
@@ -78,6 +81,7 @@ export default class extends Controller {
     items.forEach((item, idx) => this.appendItem(item, idx));
     this.suggestionsTarget.setAttribute('tabindex', 0);
     this.suggestionsTarget.setAttribute('role', 'listbox');
+    this.suggestionsTarget.classList.remove('hidden');
 
     this.suggestLength = items.length;
     this.indexNumber = -1;
@@ -92,8 +96,9 @@ export default class extends Controller {
   }
 
   focusItem(el, change = true) {
-    this.itemTargets.forEach(el => el.classList.remove(this.selectedClass))
-    el.classList.add(this.selectedClass);
+    if (!el) { return; }
+    this.itemTargets.forEach(el => el.classList.remove(...this.selectedClasses))
+    el.classList.add(...this.selectedClasses);
     this.suggestionsTarget.setAttribute('aria-activedescendant', el.id);
     if (change) {
       this.queryTarget.value = el.textContent;
diff --git a/app/javascript/controllers/dialog_controller.js b/app/javascript/controllers/dialog_controller.js
new file mode 100644
index 00000000000..b5e615109ad
--- /dev/null
+++ b/app/javascript/controllers/dialog_controller.js
@@ -0,0 +1,26 @@
+import Dialog from '@stimulus-components/dialog'
+
+export default class extends Dialog {
+  static targets = ["dialog", "button"]
+
+  connect() {
+    super.connect()
+    this.setAriaExpanded('false')
+  }
+
+  open() {
+    super.open()
+    this.setAriaExpanded('true')
+  }
+
+  close() {
+    super.close()
+    this.setAriaExpanded('false')
+  }
+
+  setAriaExpanded(expanded) {
+    if (this.hasButtonTarget) {
+      this.buttonTarget.setAttribute('aria-expanded', expanded)
+    }
+  }
+}
diff --git a/app/javascript/controllers/reveal_controller.js b/app/javascript/controllers/reveal_controller.js
new file mode 100644
index 00000000000..42abc59f821
--- /dev/null
+++ b/app/javascript/controllers/reveal_controller.js
@@ -0,0 +1,46 @@
+import Reveal from '@stimulus-components/reveal'
+
+export default class extends Reveal {
+  static targets = ["item", "toggle", "button"]
+  static classes = ["hidden", "toggle"]
+
+  connect() {
+    super.connect()
+    if (this.hasButtonTarget) {
+      this.buttonTarget.ariaExpanded = false
+    }
+  }
+
+  toggle() {
+    super.toggle()
+    if (this.hasButtonTarget) {
+      this.setAriaExpanded(this.buttonTarget.ariaExpanded === "true" ? "false" : "true")
+    }
+    if (this.hasToggleTarget && this.hasToggleClass) {
+      this.toggleClasses.forEach((className) => {
+        this.toggleTarget.classList.toggle(className)
+      })
+    }
+  }
+
+  show() {
+    super.show()
+    if (this.hasToggleTarget && this.hasToggleClass) {
+      this.toggleTarget.classList.add(...this.toggleClasses)
+    }
+  }
+
+  hide() {
+    super.hide()
+    this.setAriaExpanded('false')
+    if (this.hasToggleTarget && this.hasToggleClass) {
+      this.toggleTarget.classList.add(...this.toggleClasses)
+    }
+  }
+
+  setAriaExpanded(expanded) {
+    if (this.hasButtonTarget) {
+      this.buttonTarget.setAttribute('aria-expanded', expanded)
+    }
+  }
+}
diff --git a/app/javascript/controllers/reveal_search_controller.js b/app/javascript/controllers/reveal_search_controller.js
new file mode 100644
index 00000000000..683c1a73cdb
--- /dev/null
+++ b/app/javascript/controllers/reveal_search_controller.js
@@ -0,0 +1,19 @@
+import Reveal from './reveal_controller'
+
+export default class extends Reveal {
+  static targets = ["item", "toggle", "button", "input"]
+
+  // There's nothing here because this is just a copy of the reveal controller
+  // with a different name. This saves us from a name conflict in the header.
+  toggle() {
+    super.toggle()
+    if (!this.itemTarget.classList.contains("hidden")) {
+      this.inputTarget.focus()  // Auto focus the input when revealed
+    }
+  }
+
+  open() {
+    super.open()
+    this.inputTarget.focus()
+  }
+}
diff --git a/app/views/components/button_component.rb b/app/views/components/button_component.rb
new file mode 100644
index 00000000000..ddc94ae15bd
--- /dev/null
+++ b/app/views/components/button_component.rb
@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+class ButtonComponent < ApplicationComponent
+  include Phlex::Rails::Helpers::LinkTo
+  include Phlex::Rails::Helpers::ButtonTo
+
+  attr_reader :text, :href, :type, :options, :color_css, :size_css
+
+  def initialize(text = nil, href: nil, type: :button, color: :primary, outline: false, size: :large, **options) # rubocop:disable Metrics/ParameterLists
+    super()
+    @text = text
+    @href = href
+    @type = type
+    @options = options
+    @options[:name] ||= nil
+    @color_css = button_color(color, outline)
+    @size_css = button_size(size)
+  end
+
+  def view_template(&)
+    css = "text-nowrap font-semibold no-underline " \
+          "rounded inline-flex border-box " \
+          "justify-content-center items-center hover:shadow-md " \
+          "transition duration-200 ease-in-out focus:outline-none " \
+          "#{color_css} #{size_css} #{options.delete(:class)}"
+
+    if type == :link
+      link_to text, href, class: css, **options, &
+    elsif href
+      button_to text, href, class: css, **options, &
+    else
+      button(class: css, type:, **options, &)
+    end
+  end
+
+  private
+
+  def button_color(color, outline)
+    color = color.to_sym
+    color = :orange if color == :primary
+    color = :orange2 if color == :secondary
+    @color_css = outline ? OUTLINE_BUTTON_COLOR[color] : FILL_BUTTON_COLOR[color]
+  end
+
+  def button_size(size)
+    case size
+    when :small # 36px height
+      "px-4 py-3 h-9 min-h-9 text-b3"
+    else # :large, 44px height
+      "px-4 py-3 h-12 min-h-12 text-b2" \
+    end
+  end
+
+  FILL_BUTTON_COLOR = {
+    orange:    "text-white bg-orange-500 hover:bg-orange-600 active:bg-orange-600 " \
+               "dark:bg-orange-500 dark:hover:bg-orange-700 dark:active:bg-orange-700",
+    orange2:   "text-neutral-800 bg-orange-200 hover:bg-orange-300 active:bg-orange-300 " \
+               "dark:text-white dark:bg-orange-800 dark:hover:bg-orange-900 dark:active:bg-orange-900",
+    yellow:    "text-neutral-800 bg-yellow-500 hover:bg-yellow-600 active:bg-yellow-600 " \
+               "dark:text-white dark:bg-yellow-500 dark:hover:bg-yellow-900 dark:active:bg-yellow-900",
+    blue:      "text-white bg-blue-500 hover:bg-blue-600 active:bg-blue-600 " \
+               "dark:bg-blue-500 dark:hover:bg-blue-700 dark:active:bg-blue-700",
+    green:     "text-white bg-green-500 hover:bg-green-600 active:bg-green-600 " \
+               "dark:bg-green-500 dark:hover:bg-green-700 dark:active:bg-green-700",
+    red:       "text-white bg-red-500 hover:bg-red-600 active:bg-red-600 " \
+               "dark:bg-red-500 dark:hover:bg-red-700 dark:active:bg-red-700",
+    neutral:   "text-white bg-neutral-700 hover:bg-neutral-600 active:bg-neutral-600 " \
+               "dark:bg-neutral-700 dark:hover:bg-neutral-700 dark:active:bg-neutral-700"
+  }.freeze
+
+  # rubocop:disable Layout/LineLength
+  OUTLINE_BUTTON_COLOR = {
+    orange:    "border-2 border-orange-500 text-orange-500 hover:border-orange-600 hover:text-orange-600 active:border-orange-600 active:text-orange-600 " \
+               "dark:border-orange-500 dark:text-orange-500 dark:hover:border-orange-700 dark:hover:text-orange-700 dark:active:border-orange-700 dark:active:text-orange-700",
+    orange2:   "border-2 border-orange-200 text-orange-200 hover:border-orange-300 hover:text-orange-300 active:border-orange-300 active:text-orange-300 " \
+               "dark:border-orange-800 dark:text-orange-800 dark:hover:border-orange-900 dark:hover:text-orange-900 dark:active:border-orange-900 dark:active:text-orange-900",
+    yellow:    "border-2 border-yellow-500 text-yellow-500 hover:border-yellow-600 hover:text-yellow-600 active:border-yellow-600 active:text-yellow-600 " \
+               "dark:border-yellow-500 dark:text-yellow-500 dark:hover:border-yellow-900 dark:hover:text-yellow-900 dark:active:border-yellow-900 dark:active:text-yellow-900",
+    blue:      "border-2 border-blue-500 text-blue-500 hover:border-blue-600 hover:text-blue-600 active:border-blue-600 active:text-blue-600 " \
+               "dark:border-blue-500 dark:text-blue-500 dark:hover:border-blue-700 dark:hover:text-blue-700 dark:active:border-blue-700 dark:active:text-blue-700",
+    green:     "border-2 border-green-500 text-green-500 hover:border-green-600 hover:text-green-600 active:border-green-600 active:text-green-600 " \
+               "dark:border-green-500 dark:text-green-500 dark:hover:border-green-700 dark:hover:text-green-700 dark:active:border-green-700 dark:active:text-green-700",
+    red:       "border-2 border-red-500 text-red-500 hover:border-red-600 hover:text-red-600 active:border-red-600 active:text-red-600 " \
+               "dark:border-red-500 dark:text-red-500 dark:hover:border-red-700 dark:hover:text-red-700 dark:active:border-red-700 dark:active:text-red-700",
+    neutral:   "border-2 border-neutral-700 text-neutral-700 hover:border-neutral-600 hover:text-neutral-600 active:border-neutral-600 active:text-neutral-600 " \
+               "dark:border-neutral-700 dark:text-neutral-700 dark:hover:border-neutral-700 dark:hover:text-neutral-700 dark:active:border-neutral-700 dark:active:text-neutral-700"
+  }.freeze
+  # rubocop:enable Layout/LineLength
+end
diff --git a/app/views/components/card_component.rb b/app/views/components/card_component.rb
new file mode 100644
index 00000000000..5b4211122ca
--- /dev/null
+++ b/app/views/components/card_component.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+class CardComponent < ApplicationComponent
+  def view_template(&)
+    color = "bg-white dark:bg-black border border-neutral-400 dark:border-neutral-800 rounded-md shadow text-neutral-900 dark:text-neutral-100"
+    box = "w-full px-4 py-6 md:p-10"
+    article(**classes(color, box), &)
+  end
+
+  def head(title, icon: nil, url: nil, count: nil)
+    div(class: "flex justify-between items-center mb-8") do
+      h3(class: "flex items-center space-x-2 text-lg") do
+        render_icon(icon) if icon
+        span(class: "font-semibold") { title }
+        span(class: "font-light text-neutral-600") { count } if count
+      end
+
+      a(href: url, class: "text-sm text-orange-500 hover:underline") { t("view_all") } if url
+    end
+  end
+
+  def with_list(items, &)
+    ul(class: "mx-6 my-8") do
+      items.each do |item|
+        li(class: "flex justify-between items-center py-3 px-4 rounded-md border border-white dark:border-neutral-850 hover:border-neutral-700") do
+          yield(item)
+        end
+      end
+    end
+  end
+
+  def with_content(&)
+    div(class: "space-y-4", &)
+  end
+
+  private
+
+  def render_icon(name, width: 32, height: 32)
+    svg(class: "fill-orange", width:, height:) do
+      "<use href=\"/images/icons.svg##{name}\"/>".html_safe # rubocop:disable Rails/OutputSafety
+    end
+  end
+end
diff --git a/app/views/dashboards/show.html.erb b/app/views/dashboards/show.html.erb
index 49b2b76c30a..0912ab5cb0b 100644
--- a/app/views/dashboards/show.html.erb
+++ b/app/views/dashboards/show.html.erb
@@ -38,8 +38,7 @@
       <% if @my_gems.empty? %>
         <div class="t-body push--bottom">
           <p>
-            <%= t('.no_owned_html', :creating_link => link_to(t('.creating_link_text'), "https://guides.rubygems.org/make-your-own-gem/"),
-                                    :migrating_link => link_to(t('.migrating_link_text'), page_path("migrate"))) %>
+            <%= t('.no_owned_html', :creating_link => link_to(t('.creating_link_text'), "https://guides.rubygems.org/make-your-own-gem/")) %>
           </p>
         </div>
       <% else %>
diff --git a/app/views/layouts/_breadcrumbs.html.erb b/app/views/layouts/_breadcrumbs.html.erb
new file mode 100644
index 00000000000..151bafbe074
--- /dev/null
+++ b/app/views/layouts/_breadcrumbs.html.erb
@@ -0,0 +1,25 @@
+<div class="clear-both w-full bg-neutral-050 dark:bg-neutral-950 px-8 py-1 text-neutral-800 dark:text-white">
+  <div class="max-w-screen-xl mx-auto flex items-center">
+    <nav class="flex justify-start items-center text-b2" aria-label="Breadcrumb">
+      <!-- Home breadcrumb -->
+      <%= link_to root_path, class: "inline-block p-1 -ml-1 hover:text-neutral-600 dark:hover:text-neutral-400", title: t("breadcrumbs.home"), aria: { label: t("breadcrumbs.home") } do %>
+        <svg class="fill-current" height="24" width="24" role="graphics-symbol">
+          <title><%= t('breadcrumbs.home') %></title>
+          <use href="/images/icons.svg#house-siding"/>
+        </svg>
+      <% end %>
+
+      <% breadcrumbs.each do |name, link| %>
+        <svg class="fill-neutral-600 dark:fill-neutral-700 h-6 w-6" height="24" width="24" role="graphics-symbol" aria-hidden="true">
+          <use href="/images/icons.svg#chevron-right"/>
+        </svg>
+        <% if link %>
+          <%= link_to name, link, class: "inline-block p-1 hover:text-neutral-600 dark:hover:text-neutral-400" %>
+        <% else %>
+          <!-- Current page -->
+          <span class="inline-block p-1 text-black dark:text-white font-semibold" aria-current="page"><%= name %></span>
+        <% end %>
+      <% end %>
+    </nav>
+  </div>
+</div>
diff --git a/app/views/layouts/_search.html.erb b/app/views/layouts/_search.html.erb
index c711f56a75f..b5bf61009f5 100644
--- a/app/views/layouts/_search.html.erb
+++ b/app/views/layouts/_search.html.erb
@@ -1,7 +1,10 @@
 <% home = current_page?(root_path) || current_page?(advanced_search_path) %>
 <div class="<%= home ? "home__search-wrap" : "header__search-wrap" %>" role="search">
   <%= form_tag search_path, method: :get, data: { controller: "autocomplete", autocomplete_selected_class: "selected", } do %>
-    <%= rubygem_search_field(home: home) %>
+    <%= rubygem_search_field(
+      class: (home ? "home__search" : "header__search"),
+      data: (home ? nil : { nav_target: "search" }),
+    ) %>
 
     <ul class="suggest-list" role="listbox" data-autocomplete-target="suggestions"></ul>
 
diff --git a/app/views/layouts/_session.html.erb b/app/views/layouts/_session.html.erb
new file mode 100644
index 00000000000..761b0e83587
--- /dev/null
+++ b/app/views/layouts/_session.html.erb
@@ -0,0 +1,51 @@
+<div class="ml-3 flex text-neutral-900 dark:text-white hover:text-black dark:hover:text-neutral-400" data-controller="dialog">
+  <% if signed_in? %>
+    <button data-action="dialog#open" data-dialog-target="button">
+      <%= avatar 64, "user_gravatar", theme: :dark, class: "h-9 w-9 rounded" %>
+    </button>
+  <% else %>
+    <div class="hidden md:flex text-nowrap">
+      <%= render ButtonComponent.new t('sign_in'), type: :link, href: sign_in_path, color: :secondary, size: :small %>
+      <% if Clearance.configuration.allow_sign_up? %>
+        <%= render ButtonComponent.new t('sign_up'), type: :link, href: sign_up_path, color: :primary, size: :small, class: "ml-3" %>
+      <% end %>
+    </div>
+
+    <%= link_to sign_up_path, class: "-mr-1 p-1 md:hidden" do %>
+      <svg width="28" height="28" class="h-7 w-7 fill-current"><use href="/images/icons.svg#profile"/></svg>
+    <% end %>
+  <% end %>
+
+  <dialog
+    data-dialog-target="dialog" data-action="click->dialog#backdropClose"
+    class="fixed m-0 inset-0 py-16 px-8 z-50 w-full h-full max-w-screen max-h-screen bg-white bg-opacity-20 p-0 ems-start justify-center sm:justify-right"
+  >
+    <div class="max-w-screen-xl mx-auto flex items-center relative">
+      <!-- Dialog content -->
+      <div
+        class="w-full sm:absolute sm:top-0 sm:right-0 sm:max-w-sm bg-white dark:bg-black rounded-lg shadow-xl shadow-black/10 max-h-[90vh] overflow-y-auto dark:border dark:border-neutral-800
+        flex flex-col px-4 py-4 text-b2 text-left text-neutral-900 dark:text-white"
+      >
+        <!-- Dialog header -->
+        <div class="flex justify-between items-center">
+          <h2 class="flex h-7 lg:h-8 lg:mb-0 items-center space-x-1 text-orange text-b1">
+            <svg class="w-6 h-6 fill-current" width="32" height="32" role="graphics-symbol" aria-label="RubyGems Home"><use href="/images/icons.svg#logo"/></svg>
+            <span class="text-h5 text-orange">RubyGems</span>
+          <h2>
+
+          <button data-action="dialog#close" class="h-8 w-8 items-center justify-center outline-none">
+            <svg class="w-6 h-6 fill-current" width="24" height="24" role="graphics-symbol" aria-label="Close profile modal"><use href="/images/icons.svg#close"/></svg>
+          </button>
+        </div>
+
+        <!-- Authenticated user content -->
+        <nav class="flex flex-col py-6 text-left text-b2 text-neutral-900 dark:text-white border-b border-neutral-400 dark:border-neutral-800">
+          <%= link_to t('layouts.application.header.profile'), dashboard_path, class: "px-6 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
+          <%= link_to t('layouts.application.header.edit_profile'), edit_profile_path, class: "px-6 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
+          <%= link_to t('layouts.application.header.settings'), edit_settings_path, class: "px-6 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
+        </nav>
+        <%= link_to t('layouts.application.header.sign_out'), sign_out_path, method: :delete, class: "w-full my-8 px-4 py-2 text-b2 rounded border border-black dark:border-white bg-white dark:bg-black hover:bg-neutral-100 dark:hover:bg-neutral-800 text-black dark:text-white text-center" %>
+      </div>
+    </div>
+  </dialog>
+</div>
diff --git a/app/views/layouts/hammy.html.erb b/app/views/layouts/hammy.html.erb
new file mode 100644
index 00000000000..850f16647b3
--- /dev/null
+++ b/app/views/layouts/hammy.html.erb
@@ -0,0 +1,244 @@
+<!DOCTYPE html>
+<html lang="<%= I18n.locale %>">
+<head>
+  <title><%= page_title %></title>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0">
+  <meta name="google-site-verification" content="AuesbWQ9MCDMmC1lbDlw25RJzyqWOcDYpuaCjgPxEZY" />
+  <link rel="apple-touch-icon" href="/apple-touch-icons/apple-touch-icon.png" />
+  <% ["57x57", "72x72", "76x76", "114x114","120x120", "144x144", "152x152", "180x180"].each do |size| %>
+    <link rel="apple-touch-icon" sizes="<%= size %>" href="/apple-touch-icons/apple-touch-icon-<%= size %>.png" />
+  <% end %>
+  <link rel="mask-icon" href="/rubygems_logo.svg" color="#e9573f">
+  <link rel="fluid-icon" href="/fluid-icon.png"/>
+  <link rel="search" type="application/opensearchdescription+xml" title="<%=t :title %>" href="/opensearch.xml">
+  <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
+
+  <%= stylesheet_link_tag("hammy") %>
+  <%= stylesheet_link_tag("tailwind", "data-turbo-track": "reload") %>
+  <link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
+  <link href="https://fonts.googleapis.com/css2?family=Titillium+Web:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700&display=swap" rel="stylesheet" type="text/css">
+  <%= render "layouts/feeds" %>
+  <%= csrf_meta_tag %>
+  <%= yield :head %>
+  <%= javascript_importmap_tags %>
+</head>
+<body class="bg-white dark:bg-black">
+  <div class="min-h-screen flex flex-col">
+    <!-- Header -->
+    <header>
+      <!-- Header Nav -->
+      <div class="py-4 px-8 border-b border-neutral-400 dark:border-neutral-800">
+        <div class="flex flex-wrap justify-between max-w-screen-xl mx-auto" data-controller="reveal-search" data-reveal-search-toggle-class="bg-neutral-200 dark:bg-neutral-800 text-neutral-800 dark:text-neutral-200 border">
+          <!-- Menu button, Logo, desktop nav, mobile nav dialog -->
+          <div class="flex flex-row items-center xl:mr-auto" data-controller="dialog">
+            <!-- Mobile Menu Button -->
+            <button data-action="dialog#open" data-dialog-target="button" aria-label="Open menu" class="px-2 py-1 w-10 h-9 mr-3 items-center rounded text-white bg-orange hover:bg-orange-600 dark:bg-orange-600 dark:hover:bg-orange-700 lg:hidden focus:outline-none">
+              <svg width="24" height="24" class="fill-current" role="graphics-symbol"><use href="/images/icons.svg#menu"/></svg>
+            </button>
+
+            <!-- Logo -->
+            <%= link_to(root_path, title: "RubyGems", class: "flex h-8 items-center text-orange text-b1") do %>
+              <svg class="w-7 h-7 lg:w-8 lg:h-8 fill-current" width="32" height="32" role="graphics-symbol" aria-label="RubyGems Home"><use href="/images/icons.svg#logo"/></svg>
+              <span class="hidden sm:flex ml-1 text-h5 text-orange">RubyGems</span>
+            <% end %>
+
+            <!-- Desktop Navigation Links -->
+            <nav class="hidden lg:flex flex-row ml-7 items-center justify-end text-b2 text-neutral-800 dark:text-white leading-7">
+              <%= link_to t("layouts.application.footer.blog"), "https://blog.rubygems.org", class: "lowercase hover:text-neutral-600 dark:hover:text-neutral-400" %>
+              <%= link_to t("layouts.application.footer.statistics"), stats_path, class: "ml-7 lowercase hover:text-neutral-600 dark:hover:text-neutral-400" %>
+              <%= link_to t("layouts.application.footer.docs"), "https://guides.rubygems.org/command-reference/#gem-install", class: "ml-7 lowercase hover:text-neutral-600 dark:hover:text-neutral-400" %>
+              <!-- About links -->
+              <div class="flex relative ml-7" data-controller="dropdown">
+                <button data-action="dropdown#toggle click@window->dropdown#hide" class="flex items-center text-neutral-900 dark:text-white hover:text-neutral-600 dark:hover:text-neutral-400 focus:outline-none lowercase">
+                  <span><%= t("layouts.application.footer.about") %></span>
+                  <svg width="24" height="24" class="fill-current"><use href="/images/icons.svg#arrow-drop-down"/></svg>
+                </button>
+
+                <!-- About Dropdown Menu -->
+                <div data-dropdown-target="menu" class="z-50 hidden absolute -left-4 top-8 bg-white dark:bg-black border border-neutral-200 dark:border-neutral-800 rounded shadow-lg text-b2 text-neutral-700 dark:text-neutral-300 divide-y divide-neutral-200 dark:divide-neutral-800">
+                  <%= link_to t('title'), page_path("about"), data: { reveal_target: "item" }, class: "block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
+                  <%= link_to t('layouts.application.footer.status'), "https://status.rubygems.org", data: { reveal_target: "item" }, class: "block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
+                  <%= link_to t('layouts.application.footer.data'), page_path("data"), data: { reveal_target: "item" }, class: "block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
+                  <%= link_to t('layouts.application.footer.security'), page_path("security"), data: { reveal_target: "item" }, class: "block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
+                  <%= mail_to "support@rubygems.org", t('layouts.application.footer.help'), data: { reveal_target: "item" }, class: "block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
+                </div>
+              </div>
+              <!-- Language Selector -->
+              <div class="flex relative ml-5" data-controller="dropdown">
+                <button data-action="dropdown#toggle click@window->dropdown#hide" class="flex items-center text-neutral-900 dark:text-white hover:text-neutral-600 dark:hover:text-neutral-400 focus:outline-none">
+                  <svg width="20" height="20" class="fill-current"><use href="/images/icons.svg#language"/></svg>
+                  <span class="ml-1 text-b3 uppercase"><%= I18n.locale %></span>
+                  <svg width="24" height="24" class="fill-current"><use href="/images/icons.svg#arrow-drop-down"/></svg>
+                </button>
+
+                <!-- Language Dropdown Menu -->
+                <div data-dropdown-target="menu" class="z-50 hidden absolute flex-row -left-4 top-8 bg-white dark:bg-black border border-neutral-200 dark:border-neutral-800 rounded shadow-lg text-b2 text-neutral-700 dark:text-neutral-300 divide-y divide-neutral-200 dark:divide-neutral-800">
+                  <% I18n.available_locales.each do |language| %>
+                    <%= link_to I18n.t(:locale_name, locale: language), url_for(locale: language, only_path: true), class: "block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" %>
+                  <% end %>
+                </div>
+              </div>
+            </nav>
+
+            <!-- Mobile Left Navigation Menu -->
+            <dialog
+              data-dialog-target="dialog" data-action="click->dialog#backdropClose"
+              role="dialog" aria-modal="true"
+              class="fixed left-0 top-0 h-full w-screen max-h-full max-w-screen bg-white bg-opacity-20 z-50 overflow-hidden">
+              <div class="h-full w-72 bg-white dark:bg-black overflow-y-auto border-r border-neutral-400 dark:border-neutral-800 shadow-[5px_0px_9px_3px_rgba(0,0,0,0.10)]">
+                <!-- Mobile nav header -->
+                <div class="flex flex-row items-center px-8 py-4 border-b border-neutral-400 dark:border-neutral-800">
+                  <!-- Close Menu Button -->
+                  <button data-action="dialog#close" aria-label="Close menu" class="px-2 py-1 w-10 h-9 mr-3 rounded text-white bg-orange dark:bg-orange-600 hover:bg-orange-700 dark:hover:bg-orange-700 focus:outline-none items-center">
+                    <svg width="24" height="24" class="fill-current"><use href="/images/icons.svg#close"/></svg>
+                  </button>
+                  <!-- Logo -->
+                  <%= link_to(root_path, title: "RubyGems", class: "flex h-8 items-center text-orange text-b1") do %>
+                    <svg class="w-7 h-7 lg:w-8 lg:h-8 fill-current" width="32" height="32" role="graphics-symbol" aria-label="RubyGems Home"><use href="/images/icons.svg#logo"/></svg>
+                    <span class="ml-1 text-h5 lg:text-h4 text-orange">RubyGems</span>
+                  <% end %>
+                </div>
+
+                <!-- Mobile nav links -->
+                <nav class="flex flex-col py-6 text-left text-b2 text-neutral-900 dark:text-white">
+                  <%= link_to t("layouts.application.footer.blog"), "https://blog.rubygems.org", class: "px-8 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
+                  <%= link_to t("layouts.application.footer.statistics"), stats_path, class: "px-8 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
+                  <%= link_to t("layouts.application.footer.docs"), "https://guides.rubygems.org/command-reference/#gem-install", class: "px-8 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
+
+                  <!-- About links expand -->
+                  <div data-controller="reveal" data-reveal-toggle-class="rotate-180" class="flex flex-col">
+                    <button class="flex items-center px-8 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800 focus:outline-none justify-between" data-action="reveal#toggle" data-reveal-target="button">
+                      <span><%= t("layouts.application.footer.about") %></span>
+                      <svg width="24" height="24" class="fill-current transition-transform transform" data-reveal-target="toggle"><use href="/images/icons.svg#keyboard-arrow-down"/></svg>
+                    </button>
+
+                    <%= link_to t('title'), page_path("about"), data: { reveal_target: "item" }, class: "hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
+                    <%= link_to t('layouts.application.footer.status'), "https://status.rubygems.org", data: { reveal_target: "item" }, class: "hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
+                    <%= link_to t('layouts.application.footer.data'), page_path("data"), data: { reveal_target: "item" }, class: "hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
+                    <%= link_to t('layouts.application.footer.security'), page_path("security"), data: { reveal_target: "item" }, class: "hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
+                    <%= mail_to "support@rubygems.org", t('layouts.application.footer.help'), data: { reveal_target: "item" }, class: "mb-4 hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
+                  </div>
+
+                  <!-- Mobile Language Selector -->
+                  <div class="flex flex-col" data-controller="reveal" data-reveal-toggle-class="rotate-180">
+                    <button class="flex items-center px-8 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800 focus:outline-none justify-between" data-action="reveal#toggle" data-reveal-target="button">
+                      <span class="flex items-center">
+                        <svg width="24" height="24" class="fill-current"><use href="/images/icons.svg#language"/></svg>
+                        <span class="mx-2 text-b2 uppercase"><%= I18n.locale %></span>
+                      </span>
+                      <svg width="24" height="24" class="fill-current transition-transform transform" data-reveal-target="toggle"><use href="/images/icons.svg#keyboard-arrow-down"/></svg>
+                    </button>
+
+                    <% I18n.available_locales.each do |language| %>
+                      <%= link_to I18n.t(:locale_name, locale: language), url_for(locale: language, only_path: true), data: { reveal_target: "item" }, class: "hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800 text-nowrap" %>
+                    <% end %>
+                  </div>
+                </nav>
+              </div>
+            </dialog>
+          </div>
+
+          <div class="ml-auto flex flex-row items-center xl:ml-0 xl:order-3">
+            <!-- Search button -->
+            <button type="button" data-action="reveal-search#toggle" data-reveal-search-target="toggle" aria-label="Open search" class="flex xl:hidden h-9 w-9 box-border text-neutral-800 dark:text-white hover:text-neutral-600 dark:hover:text-neutral-400 items-center justify-center rounded border-neutral-300 dark:border-neutral-700">
+              <svg width="24" height="24" class="h-6 w-6 fill-current"><use href="/images/icons.svg#search"/></svg>
+            </button>
+
+            <!-- Profile -->
+            <%= render "layouts/session" %>
+          </div>
+
+          <!-- Search Bar -->
+          <div data-reveal-search-target="item" class="hidden pt-4 w-full items-center xl:flex xl:pt-0 xl:w-72 xl:order-2" role="search">
+            <%= form_tag(search_path, method: :get, data: { controller: "autocomplete", autocomplete_selected_class: "bg-neutral-100 dark:bg-neutral-800", reveal_target: "item" }, class: "relative w-full items-center", role: "search") do %>
+              <%= rubygem_search_field(data: { reveal_search_target: "input" }, class: "w-full md h-9 pr-12 bg-neutral-200 dark:bg-neutral-800 text-neutral-800 dark:text-neutral-200 rounded border-neutral-300 dark:border-neutral-700 box-border outline-none focus:ring-0 focus:border-neutral-500") %>
+
+              <ul role="listbox" data-autocomplete-target="suggestions" class="hidden absolute z-40 start-0 mt-2 w-full bg-white dark:bg-black text-b2 text-neutral-800 dark:text-neutral-200 border border-neutral-200 dark:border-neutral-800 rounded shadow-md divide-y divide-neutral-200 dark:divide-neutral-800"></ul>
+
+              <template id="suggestion" data-autocomplete-target="template">
+                <li class="block px-4 py-2 hover:bg-neutral-100 dark:hover:bg-neutral-800" role="option" tabindex="-1" data-autocomplete-target="item" data-action="click->autocomplete#choose mouseover->autocomplete#highlight"></li>
+              </template>
+
+              <%= label_tag :query, id: "querylabel" do %>
+                <span class="hidden"><%= t('layouts.application.header.search_gem_html') %></span>
+              <% end %>
+
+              <button type="submit" id="search_submit" aria-labelledby="querylabel" class="absolute end-[1px] top-[1px] p-[5px] text-neutral-900 dark:text-white focus:outline-none border-l border-neutral-300 dark:border-neutral-700 hover:text-neutral-600 dark:hover:text-neutral-400 rounded-r">
+                <svg width="24" height="24" class="h-6 w-6 fill-current"><use href="/images/icons.svg#search"/></svg>
+              </button>
+            <% end %>
+          </div>
+        </div>
+      </div>
+
+      <!-- Breadcrumbs -->
+      <%= render "layouts/breadcrumbs" %>
+    </header>
+
+    <!-- Content -->
+    <div class="flex-1 w-full px-8 py-6 flex-col bg-neutral-050 dark:bg-neutral-950 text-neutral-950 dark:text-neutral-050 text-b2 items-center inline-flex">
+      <div class="max-w-screen-xl w-full mx-auto mb-12 md:mb-16 lg:mb-28">
+        <!-- New design notice -->
+        <p class="flex flex-row items-center bg-green-200 dark:bg-green-900 text-neutral-800 dark:text-neutral-200 p-4 mb-10 rounded border border-green-500 text-b2">
+          <svg class="flex-none fill-green-500 mr-2 h-6 w-6" height="24" width="24">
+            <use href="/images/icons.svg#toast"/>
+          </svg>
+          <span class="align-middle">
+            Design Under Construction.
+            <a href="https://blog.rubygems.org/2024/10/15/our-new-design.html" class="text-green-500 dark:text-green-400 text-nowrap">Learn more</a>
+          </span>
+        </p>
+
+        <%= yield %>
+      </div>
+    </div>
+
+      <!-- Footer -->
+    <footer>
+      <div class="w-full px-8 py-8 bg-orange-100 dark:bg-orange-950 text-neutral-800 dark:text-neutral-200 flex-col items-center">
+        <!-- Footer Nav -->
+        <div class="max-w-screen-xl mx-auto flex flex-col md:flex-row justify-between">
+          <nav class="mb-4 md:mb-0 justify-start">
+            <ul class="flex flex-col md:flex-row md:space-x-8 text-b1 md:text-b2">
+              <li><%= link_to t("layouts.application.footer.about"), page_path("about"), class: "hover:text-neutral-600" %></li>
+              <li><%= link_to t("layouts.application.footer.docs"), "https://guides.rubygems.org/command-reference/#gem-install", class: "hover:text-neutral-600" %></li>
+              <li><%= link_to t("layouts.application.footer.status"), "https://status.rubygems.org", class: "hover:text-neutral-600" %></li>
+              <li><%= link_to t("layouts.application.footer.security"), page_path("security"), class: "hover:text-neutral-600" %></li>
+              <li><%= mail_to "support@rubygems.org", t('layouts.application.footer.help'), class: "hover:text-neutral-600" %></li>
+            </ul>
+          </nav>
+          <div class="flex space-x-4">
+            <a href="https://github.com/rubygems/rubygems.org" class="">
+              <svg width="24" height="24" class="fill-current"><use href="/images/icons.svg#github"/></svg>
+            </a>
+            <%# <a href="" class=""><svg width="24" height="24" class="fill-current"><use href="/images/icons.svg#mastodon"/></svg></a>
+            <a href="#" class=""><svg width="24" height="24" class="fill-current"><use href="/images/icons.svg#x-twitter"/></svg></a> %>
+          </div>
+        </div>
+      </div>
+
+      <div class="w-full px-6 bg-orange-200 dark:bg-orange-900 text-neutral-900 dark:text-neutral-100">
+        <!-- Supported By -->
+        <div class="flex flex-col lg:flex-row max-w-screen-xl mx-auto py-6 items-center justify-between">
+          <!-- RubyGems.org is supported by -->
+          <p class="mb-6 lg:mb-0 lg:mr-14 lg:w-52 text-b2 leading-6 text-balance">
+            <%= t("layouts.application.footer.supported_by_html") %>
+          </p>
+
+          <!-- Supporter Icons -->
+          <div class="w-full lg:grow mx-auto grid grid-cols-3 gap-6 justify-items-center md:flex md:items-center md:justify-between">
+            <a href="https://rubycentral.org/" class="p-1"><svg width="60" height="60" class="fill-current"><use href="/images/icons.svg#ruby-central"/></svg></a>
+            <a href="https://dnsimple.link/resolving-rubygems" class="p-1"><svg width="60" height="60" class="fill-current"><use href="/images/icons.svg#dnsimple"/></svg></a>
+            <a href="https://www.datadoghq.com/" class="p-1"><svg width="60" height="60" class="fill-current"><use href="/images/icons.svg#datadog"/></svg></a>
+            <a href="https://www.fastly.com/" class="p-1"><svg width="60" height="60" class="fill-current"><use href="/images/icons.svg#fastly"/></svg></a>
+            <a href="https://www.honeybadger.io/" class="p-1"><svg width="60" height="60" class="fill-current"><use href="/images/icons.svg#honeybadger"/></svg></a>
+            <a href="https://domainr.com/" class="p-1"><svg width="60" height="60" class="fill-current"><use href="/images/icons.svg#domainr"/></svg></a>
+            <a href="https://mend.io/" class="col-start-2 p-1"><svg width="60" height="60" class="fill-current"><use href="/images/icons.svg#mend-io"/></svg></a>
+          </div>
+        </div>
+      </div>
+    </footer>
+  </div>
+</body>
+</html>
diff --git a/app/views/pages/about.html.erb b/app/views/pages/about.html.erb
index 115142f8cad..7078e3097d1 100644
--- a/app/views/pages/about.html.erb
+++ b/app/views/pages/about.html.erb
@@ -1,11 +1,11 @@
 <% @title = t('.title') %>
 
-<div class="l-colspan t-body">
+<%= prose do %>
   <p><%= t '.purpose.header', :site => t('title') %></p>
-  <ol class="t-numbered-items">
-    <li class="t-numbered-item"><%= t '.purpose.better_api' %></li>
-    <li class="t-numbered-item"><%= t '.purpose.transparent_pages' %></li>
-    <li class="t-numbered-item"><%= t '.purpose.enable_community' %></li>
+  <ol class="list-decimal">
+    <li><%= t '.purpose.better_api' %></li>
+    <li><%= t '.purpose.transparent_pages' %></li>
+    <li><%= t '.purpose.enable_community' %></li>
   </ol>
   <p>
     <%= t('.founding_html', :founder => link_to('Nick Quaranto', 'https://twitter.com/qrush'),
@@ -28,16 +28,9 @@
                              ) %>
   </p>
 
-  <div class="hide-assets">
-    <h2 class="about__assets__heading"><%= t('.logo_header') %></h2>
-    <p><%= t('.logo_details') %></p>
-    <div class="about__assets-wrap">
-      <div class="about__assets">
-        <svg class="about__asset" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 200 200" enable-background="new 0 0 200 200"><g fill="#ffffff"><path d="M68.8 69.9l-.1-.1-22.2 22.2 53.9 53.8 22.2-22.1 31.7-31.7-22.2-22.2v-.1h-63.4zM100.2 10.6l-78.5 45v90l78.5 45 78.5-45v-90l-78.5-45zm63.5 126.4l-63.5 36.6-63.5-36.6v-73l63.5-36.6 63.5 36.6v73z"/></g></svg>
-        <svg class="about__asset" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 200 200" enable-background="new 0 0 200 200"><g fill="#141c22"><path d="M68.8 69.9l-.1-.1-22.2 22.2 53.9 53.8 22.2-22.1 31.7-31.7-22.2-22.2v-.1h-63.4zM100.2 10.6l-78.5 45v90l78.5 45 78.5-45v-90l-78.5-45zm63.5 126.4l-63.5 36.6-63.5-36.6v-73l63.5-36.6 63.5 36.6v73z"/></g></svg>
-        <svg class="about__asset" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 200 200" enable-background="new 0 0 200 200"><g fill="#e9573f"><path d="M68.8 69.9l-.1-.1-22.2 22.2 53.9 53.8 22.2-22.1 31.7-31.7-22.2-22.2v-.1h-63.4zM100.2 10.6l-78.5 45v90l78.5 45 78.5-45v-90l-78.5-45zm63.5 126.4l-63.5 36.6-63.5-36.6v-73l63.5-36.6 63.5 36.6v73z"/></g></svg>
-      </div>
-      <a href="/logos.zip" download="RubyGems Assets.zip" class="about__assets__download" data-icon=">"><%= t('rubygems.aside.links.download') %></a>
-    </div>
+  <h2 class="about__assets__heading"><%= t('.logo_header') %></h2>
+  <p><%= t('.logo_details') %></p>
+  <div class="about__assets-wrap">
+    <%= render ButtonComponent.new t('rubygems.aside.links.download'), type: :link, href: "/logos.zip" %>
   </div>
-</div>
+<% end %>
diff --git a/app/views/pages/data.html.erb b/app/views/pages/data.html.erb
index 87e7d71e94e..951fd6581be 100644
--- a/app/views/pages/data.html.erb
+++ b/app/views/pages/data.html.erb
@@ -1,12 +1,19 @@
 <% @title = t('.title') %>
 
-<div class="t-body" id="data-dump">
-  <p>We provide weekly dumps of the RubyGems.org PostgreSQL data. This dump is sanitized, removing all user information.</p>
-  <p>The <a href="https://github.com/rubygems/rubygems.org/tree/master/script/load-pg-dump">load-pg-dump</a> script is
-    available as an example of how to to download and load the most recent weekly dump.</p>
-  <ul data-controller="dump">
-    <template data-dump-target="template">
-      <li><a href="#"></a></li>
-    </template>
-  </ul>
+<div class="flex flex-col space-y-10 max-w-3xl mx-auto" id="data-dump">
+  <%= render CardComponent.new do |c| %>
+    <%= c.head("PostgreSQL Data", icon: :history) %>
+    <%= c.with_content do |user| %>
+      <%= prose do %>
+        <p>We provide weekly dumps of the RubyGems.org PostgreSQL data. This dump is sanitized, removing all user information.</p>
+        <p>The <a href="https://github.com/rubygems/rubygems.org/tree/master/script/load-pg-dump" class="text-orange">load-pg-dump</a> script is
+          available as an example of how to to download and load the most recent weekly dump.</p>
+      <% end %>
+      <ul data-controller="dump">
+        <template data-dump-target="template">
+          <li><a href="#" class="flex -mx-4 p-4 hover:bg-neutral-100 dark:hover:bg-neutral-800 lg:rounded"></a></li>
+        </template>
+      </ul>
+    <% end %>
+  <% end %>
 </div>
diff --git a/app/views/pages/download.html.erb b/app/views/pages/download.html.erb
index 0cecaa6c9db..23184c1ecd5 100644
--- a/app/views/pages/download.html.erb
+++ b/app/views/pages/download.html.erb
@@ -1,30 +1,32 @@
 <% @title = t('.title') %>
 <% @subtitle = subtitle %>
 
-<div class="l-colspan t-body">
+<%= prose do %>
+  <h2><%= @title %></h2>
   <p>
-    RubyGems is a package management framework for Ruby. Download the latest version here:
-  </p>
-  <div id="formats" class="download__formats">
-    <%= link_to "tgz", "https://rubygems.org/rubygems/rubygems-#{version_number}.tgz", class: "download__format" %>
-    <%= link_to "zip", "https://rubygems.org/rubygems/rubygems-#{version_number}.zip", class: "download__format" %>
-    <%= link_to "gem", "https://rubygems.org/gems/rubygems-update-#{version_number}.gem", class: "download__format" %>
-    <%= link_to "git", "https://github.com/rubygems/rubygems", class: "download__format" %>
-  </div>
-  <p>
-  Or, to upgrade to the latest RubyGems:
+    RubyGems is a package management framework for Ruby.
+    <br>
+    Upgrade to the latest RubyGems at the command line:
   </p>
   <pre><code>$ gem update --system</code></pre>
   <p>
-    You might be running into some bug that prevents you from upgrading rubygems the standard way. In that case, you can try upgrading manually:
+    If you run into problems that prevent you from upgrading rubygems the standard way, you can try upgrading manually:
   </p>
   <ol class="manual">
-    <li><%=link_to "Download from above", "#formats" %></li>
-    <li>Unpack into a directory and <code>cd</code> there</li>
-    <li>Install with: <code>ruby setup.rb</code></li>
+    <li>Download the latest version</li>
+    <li>Unpack and <code>cd</code> into the unpacked directory</li>
+    <li>Install with:
+    <pre><code>ruby setup.rb</code></pre>
+    </li>
+    <li>
+      For more details and other options, run: <code>ruby setup.rb --help</code>
+    </li>
   </ol>
-  <p>
-  For more details and other options, see:
-  </p>
-  <pre><code>ruby setup.rb --help</code></pre>
-</div>
+  <h4>Download the latest version</h4>
+  <div id="formats" class="flex flex-row space-x-6">
+    <%= render ButtonComponent.new "tgz", type: :link, href: "https://rubygems.org/rubygems/rubygems-#{version_number}.tgz" %>
+    <%= render ButtonComponent.new "zip", type: :link, href: "https://rubygems.org/rubygems/rubygems-#{version_number}.zip" %>
+    <%= render ButtonComponent.new "gem", type: :link, href: "https://rubygems.org/gems/rubygems-update-#{version_number}.gem" %>
+    <%= render ButtonComponent.new "git", type: :link, href: "https://github.com/rubygems/rubygems" %>
+  </div>
+<% end %>
diff --git a/app/views/pages/faq.html.erb b/app/views/pages/faq.html.erb
deleted file mode 100644
index ab8e903c4df..00000000000
--- a/app/views/pages/faq.html.erb
+++ /dev/null
@@ -1,7 +0,0 @@
-<% @title = t('.title') %>
-
-<div class="t-body">
-  <p>
-    <%= link_to "This page has been moved onto #{t(:title)}’s new support site.", "https://help.rubygems.org/kb/gemcutter/faq" %>
-  </p>
-</div>
diff --git a/app/views/pages/migrate.html.erb b/app/views/pages/migrate.html.erb
deleted file mode 100644
index aac2e406081..00000000000
--- a/app/views/pages/migrate.html.erb
+++ /dev/null
@@ -1,8 +0,0 @@
-<% @title = t('.title') %>
-
-<div class="l-colspan t-body">
-  <p>
-    <code>gem migrate</code> has been deprecated, all of the RubyForge accounts and ownerships have been transferred over to Gemcutter.
-  </p>
-  <p>If you’re having problems with your gems and pushing, <%= mail_to "support@rubygems.org", "please open a support request" %>.</p>
-</div>
diff --git a/app/views/pages/security.html.erb b/app/views/pages/security.html.erb
index e7731de0096..2955948a383 100644
--- a/app/views/pages/security.html.erb
+++ b/app/views/pages/security.html.erb
@@ -1,6 +1,6 @@
 <% @title = t('.title') %>
 
-<div class="l-colspan t-body">
+<%= prose do %>
   <p>
     Found a security issue with RubyGems or RubyGems.org?
     Please follow these steps to report it.
@@ -131,4 +131,4 @@
       security@rubygems.org</a> or <a href="https://github.com/rubygems/rubygems.org/issues">
       open an issue on GitHub</a>. Thanks!
   </p>
-</div>
+<% end %>
diff --git a/app/views/pages/sponsors.html.erb b/app/views/pages/sponsors.html.erb
index 7d93b9c5096..05b78bf813e 100644
--- a/app/views/pages/sponsors.html.erb
+++ b/app/views/pages/sponsors.html.erb
@@ -1,6 +1,6 @@
 <% @title = t('.title') %>
 
-<div class="l-colspan t-body">
+<%= prose do %>
   <p>
     RubyGems.org is made possible by support from the Ruby community. These companies provide the servers and developers that create the public infrastructure of the Ruby programming language.
   </p>
@@ -8,10 +8,11 @@
   <h2><a href="https://rubycentral.org">Ruby Central</a></h2>
   <p>
     Ruby Central, Inc. is a nonprofit 501(c)3 organization dedicated to the support and advocacy of the worldwide Ruby community. They organize the annual RubyConf and RailsConf as opportunities for Rubyists to collaborate and network. As part of those conferences, Ruby Central also operates the Opportunity Scholarship program to consistently bring new people into the tech community and to provide them with a comfortable, welcoming environment to explore our community and its events.
-    <br><br>
+  </p>
+  <p>
     They also fund and operate the Ruby Central Community Grant, underwriting events or open source projects that benefit the Ruby community, and they fund the ongoing server costs associated with running RubyGems.org.
 
-    You can support Ruby Central by attending or [sponsoring](sponsors@rubycentral.org) a conference, or by [joining as a supporting member](https://rubycentral.org/#/portal/signup).
+    You can support Ruby Central by attending or <a href="mailto:sponsors@rubycentral.org">contacting Ruby Central</a> about sponsoring a conference, or by <a href="https://rubycentral.org/#/portal/signup">joining as a supporting member</a>.
   </p>
 
   <h2><a href="https://fastly.com">Fastly</a></h2>
@@ -21,16 +22,12 @@
     Fastly provides the RubyGems.org content delivery network, allowing Ruby developers all over the world to download gems from nearby servers around the world.
   </p>
 
-  <hr>
-
   <h3><a href="https://1password.com">1Password</a></h3>
   <p>A password manager, digital vault, form filler and secure digital wallet. 1Password remembers all your passwords for you to help keep account information safe.</p>
 
-  <hr>
-
   <h3><a href="https://avohq.io">Avo</a></h3>
   <p>
     Avo is a custom Content Management System for Ruby on Rails that saves developers and teams months of development time. It's built on modern technologies and provides all the necessary hooks to ensure developers ship the best experiences to their customers.<br><br>
     Avo enables the RubyGems.org team to quickly build internal tools with limited resources.
   </p>
-</div>
+<% end %>
diff --git a/config/application.rb b/config/application.rb
index e70ccf8ded6..c6955202e86 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -114,6 +114,6 @@ def self.config
   ENABLE_DEVELOPMENT_ADMIN_LOG_IN = Rails.env.local?
   MAIL_SENDER = "RubyGems.org <no-reply@mailer.rubygems.org>".freeze
   PAGES = %w[
-    about data download faq migrate security sponsors
+    about data download security sponsors
   ].freeze
 end
diff --git a/config/importmap.rb b/config/importmap.rb
index 4897472eefb..681e27fe7b1 100644
--- a/config/importmap.rb
+++ b/config/importmap.rb
@@ -11,6 +11,8 @@
 pin "@hotwired/stimulus-loading", to: "stimulus-loading.js"
 pin_all_from "app/javascript/controllers", under: "controllers"
 pin "@stimulus-components/clipboard", to: "@stimulus-components--clipboard.js" # @5.0.0
+pin "@stimulus-components/dialog", to: "@stimulus-components--dialog.js" # @1.0.1
+pin "@stimulus-components/reveal", to: "@stimulus-components--reveal.js" # @5.0.0
 
 # vendored and adapted from https://github.com/mdo/github-buttons/blob/master/src/js.js
 pin "github-buttons"
diff --git a/config/locales/de.yml b/config/locales/de.yml
index 6a2a3412b72..99cbcaa4cb2 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -215,7 +215,7 @@ de:
       mine: Meine Gems
       my_subscriptions: Abonnements
       no_owned_html: Du hast noch keine Gems gepusht. Schau doch vielleicht die Dokumentation
-        auf %{creating_link} an und %{migrating_link} ein Gem from RubyForge.
+        auf %{creating_link}.
       no_subscriptions_html: Du hast noch keine Gems abonniert. Besuche %{gem_link}
         um das Gem zu abonnieren!
       title: Dashboard
@@ -248,6 +248,7 @@ de:
         blog: Blog
         contribute: Beitragen
         data: Daten
+        docs: Dokumentation
         designed_by: Design von
         discussion_forum: Diskussion
         gems_served_by: Gems angeboten von
@@ -262,6 +263,9 @@ de:
         statistics: Statistiken
         status: Status
         supported_by: Unterstützt von
+        supported_by_html: |
+          <a href="https://rubygems.org" class="font-semibold">RubyGems.org</a>
+          wird unterstützt von
         tested_by:
         tracking_by: Getrackt von
         uptime: Betriebszeit
@@ -269,14 +273,20 @@ de:
         secured_by:
         looking_for_maintainers:
       header:
+        profile: Profil
         dashboard: Dashboard
-        settings:
-        edit_profile:
+        settings: Einstellungen
+        edit_profile: Profil bearbeiten
         search_gem_html: Suche Gems&hellip;
         sign_in: Anmelden
         sign_out: Abmelden
         sign_up: Registrieren
       mfa_banner_html:
+  breadcrumbs:
+    home:
+    dashboard: Dashboard
+    settings:
+    org_name: 'Organisation: %{name}'
   mailer:
     confirm_your_email: Bitte bestätigen Sie Ihre E-Mail-Adresse mit dem Link, der
       an Ihre E-Mail gesendet wurde.
@@ -486,10 +496,6 @@ de:
       title: RubyGems.org Data Dumps
     download:
       title: Download RubyGems
-    faq:
-      title: FAQ
-    migrate:
-      title: Migrate gems
     security:
       title: Security
     sponsors:
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 83681e23319..3505362a1ee 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -204,7 +204,7 @@ en:
       migrating_link_text: migrating
       mine: My Gems
       my_subscriptions: Subscriptions
-      no_owned_html: You haven't pushed any gems yet. Perhaps check out the guides on %{creating_link} a gem or %{migrating_link} a gem from RubyForge.
+      no_owned_html: You haven't pushed any gems yet. Perhaps check out the guide on %{creating_link} a gem.
       no_subscriptions_html: You're not subscribed to any gems yet. Visit a %{gem_link} to subscribe to one!
       title: Dashboard
   dependencies:
@@ -234,6 +234,7 @@ en:
         blog: Blog
         contribute: Contribute
         data: Data
+        docs: Docs
         designed_by: Designed by
         discussion_forum: Discuss
         gems_served_by: Gems served by
@@ -248,6 +249,9 @@ en:
         statistics: Stats
         status: Status
         supported_by: Supported by
+        supported_by_html: |
+          <a href="https://rubygems.org" class="font-semibold">RubyGems.org</a>
+          is supported by
         tested_by: Tested by
         tracking_by: Tracking by
         uptime: Uptime
@@ -255,6 +259,7 @@ en:
         secured_by: Secured by
         looking_for_maintainers: maintainers wanted
       header:
+        profile: Profile
         dashboard: Dashboard
         settings: Settings
         edit_profile: Edit profile
@@ -263,6 +268,11 @@ en:
         sign_out: Sign out
         sign_up: Sign up
       mfa_banner_html: 🎉 We now support security devices! Improve your account security by <a href="/settings/edit#security-device">setting up</a> a new device. [Learn more](link to blog post)!
+  breadcrumbs:
+    home: Home
+    dashboard: Dashboard
+    settings: Settings
+    org_name: "Org: %{name}"
   mailer:
     confirm_your_email: Please confirm your email address with the link sent to your email.
     confirmation_subject: Please confirm your email address with %{host}
@@ -418,10 +428,6 @@ en:
       title: RubyGems.org Data Dumps
     download:
       title: Download RubyGems
-    faq:
-      title: FAQ
-    migrate:
-      title: Migrate gems
     security:
       title: Security
     sponsors:
diff --git a/config/locales/es.yml b/config/locales/es.yml
index fa9b7be388f..0cdf6d09ede 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -213,8 +213,8 @@ es:
       migrating_link_text: migrar
       mine: Mis Gemas
       my_subscriptions: Suscripciones
-      no_owned_html: Todavía no publicaste ninguna gema. Prueba a ver las guías sobre
-        cómo %{creating_link} o %{migrating_link} una gema en rubygems.org.
+      no_owned_html: Todavía no publicaste ninguna gema. Prueba a ver la guía sobre
+        cómo %{creating_link}.
       no_subscriptions_html: Aún no te suscribiste a ninguna gema. ¡Visita la %{gem_link}
         para suscribirte!
       title: Dashboard
@@ -247,6 +247,7 @@ es:
         blog: Blog
         contribute: Contribuye
         data: Datos
+        docs: Documentación
         designed_by: Diseñado por
         discussion_forum: Foro de Discusión
         gems_served_by: Distribuida por
@@ -261,6 +262,9 @@ es:
         statistics: Estadísticas
         status: Estado
         supported_by: Con el apoyo de
+        supported_by_html: |
+          <a href="https://rubygems.org" class="font-semibold">RubyGems.org</a>
+          es respaldado por
         tested_by: Probado por
         tracking_by: Seguimiento con
         uptime: Uptime
@@ -268,14 +272,20 @@ es:
         secured_by: Protegido por
         looking_for_maintainers: Se buscan mantenedores/as
       header:
+        profile: Perfil
         dashboard: Dashboard
         settings: Configuración
-        edit_profile: Editar perfil
+        edit_profile: Editar
         search_gem_html: Buscar gemas&hellip;
         sign_in: Acceso
         sign_out: Salir
         sign_up: Registro
       mfa_banner_html:
+  breadcrumbs:
+    home:
+    dashboard: Dashboard
+    settings: Configuración
+    org_name: 'Org: %{name}'
   mailer:
     confirm_your_email: Por favor confirma tu dirección de correo con el enlace enviado.
     confirmation_subject: Por favor confirma tu dirección de correo con %{host}
@@ -474,10 +484,6 @@ es:
       title: Volcado de datos de RubyGems.org
     download:
       title: Descargar RubyGems
-    faq:
-      title: Preguntas Frecuentes
-    migrate:
-      title: Migrar Gemas
     security:
       title: Seguridad
     sponsors:
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index fb7fbccf6e1..00af532b78b 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -205,8 +205,7 @@ fr:
       migrating_link_text: migration
       mine: Mes Gems
       my_subscriptions: Abonnements
-      no_owned_html: Vous n'avez pas encore publié de gem. Vous pouvez vérifier les
-        guides de %{creating_link} ou de %{migrating_link} de gems depuis RubyForge.
+      no_owned_html: Vous n'avez pas encore publié de gem. Vous pouvez vérifier le guide de %{creating_link}.
       no_subscriptions_html: Vous n'avez pas encore d'abonnements. Visitez %{gem_link}
         pour vous y abonner !
       title: Dashboard
@@ -239,6 +238,7 @@ fr:
         blog: Blog
         contribute: Contribuer
         data: Données
+        docs: Documentation
         designed_by: Design par
         discussion_forum: Discussions
         gems_served_by: Gems mis à disposition par
@@ -253,6 +253,9 @@ fr:
         statistics: Stats
         status: Statut
         supported_by: Soutenu par
+        supported_by_html: |
+          <a href="https://rubygems.org" class="font-semibold">RubyGems.org</a>
+          <br class="hidden lg:block"> est soutenu par
         tested_by: Testé par
         tracking_by: Tracking par
         uptime: Uptime
@@ -260,14 +263,20 @@ fr:
         secured_by:
         looking_for_maintainers:
       header:
+        profile: Profil
         dashboard: Dashboard
-        settings:
-        edit_profile:
+        settings: Paramètres
+        edit_profile: Modifier le profil
         search_gem_html: Recherche de Gems&hellip;
         sign_in: Connexion
         sign_out: Déconnexion
         sign_up: Inscription
       mfa_banner_html:
+  breadcrumbs:
+    home:
+    dashboard: Dashboard
+    settings: Paramètres
+    org_name: 'Org: %{name}'
   mailer:
     confirm_your_email: Veuillez confirmer votre adresse email avec le lien qui vous
       a été envoyé par email.
@@ -439,10 +448,6 @@ fr:
       title:
     download:
       title:
-    faq:
-      title:
-    migrate:
-      title:
     security:
       title:
     sponsors:
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index 93c1aa92fc4..38ed4411d37 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -198,7 +198,7 @@ ja:
       migrating_link_text: 移行
       mine: 自分のgem
       my_subscriptions: 購読
-      no_owned_html: まだgemを公開していません。よろしければgemの%{creating_link}またはRubyForgeからの%{migrating_link}ガイドをご覧ください。
+      no_owned_html: まだgemを公開していません。よろしければgemの%{creating_link}ガイドをご覧ください。
       no_subscriptions_html: まだgemを購読していません。%{gem_link}から何か購読してみてください。
       title: ダッシュボード
   dependencies:
@@ -228,6 +228,7 @@ ja:
         blog: ブログ
         contribute: 貢献
         data: データ
+        docs: ドキュメント
         designed_by: 設計
         discussion_forum: 議論
         gems_served_by: gemの提供
@@ -242,6 +243,9 @@ ja:
         statistics: 統計
         status: 状態
         supported_by: 協賛
+        supported_by_html: |
+          <a href="https://rubygems.org" class="font-semibold">RubyGems.org</a>
+          は以下から支援を受けています
         tested_by: テスト
         tracking_by: 追跡
         uptime: 稼働時間
@@ -249,6 +253,7 @@ ja:
         secured_by: セキュリティ
         looking_for_maintainers: メンテナの募集
       header:
+        profile: プロフィール
         dashboard: ダッシュボード
         settings: 設定
         edit_profile: プロフィールを編集
@@ -258,6 +263,11 @@ ja:
         sign_up: 新規登録
       mfa_banner_html: "\U0001F389 セキュリティ機器に対応しました！新しい機器を<a href=\"/settings/edit#security-device\">設定</a>してアカウントのセキュリティを向上しましょう。[詳細はこちら](link
         to blog post)！"
+  breadcrumbs:
+    home:
+    dashboard: ダッシュボード
+    settings: 設定
+    org_name: 組織：%{name}
   mailer:
     confirm_your_email: Eメールに送信されたリンクからEメールアドレスを確認してください。
     confirmation_subject: "%{host}に登録されたメールアドレスを確認してください"
@@ -419,10 +429,6 @@ ja:
       title: RubyGems.orgのデータのダンプ
     download:
       title: RubyGemsをダウンロード
-    faq:
-      title: FAQ
-    migrate:
-      title: gemを移行する
     security:
       title: セキュリティ
     sponsors:
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index 936e48a5b04..4f4b37e7eef 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -198,8 +198,7 @@ nl:
       mine: Mijn Gems
       my_subscriptions: Mijn abonnementen
       no_owned_html: Je hebt nog geen gems gepubliceerd. Bekijk de instructies voor
-        het %{creating_link} van een gem of het  %{migrating_link} van een gem vanaf
-        RubyForge.
+        het %{creating_link} van een gem.
       no_subscriptions_html: Je bent nog niet geabonneerd op een of meerdere gems.
         Bezoek een %{gem_link} en abonneer je erop.
       title: Dashboard
@@ -231,6 +230,7 @@ nl:
         blog: Blog
         contribute: Bijdragen
         data: Data
+        docs: Documentatie
         designed_by: Ontwerp
         discussion_forum: Forum
         gems_served_by:
@@ -245,6 +245,9 @@ nl:
         statistics: Statistieken
         status: Status
         supported_by: Ondersteuning
+        supported_by_html: |
+          <a href="https://rubygems.org" class="font-semibold">RubyGems.org</a>
+          <br class="hidden lg:block"> wordt ondersteund door
         tested_by: Getest door
         tracking_by: Tracking
         uptime: Uptime
@@ -252,14 +255,20 @@ nl:
         secured_by:
         looking_for_maintainers:
       header:
+        profile: Profiel
         dashboard: Dashboard
-        settings:
-        edit_profile:
+        settings: Instellingen
+        edit_profile: Wijzig profiel
         search_gem_html: Gems Zoeken&hellip;
         sign_in: Inloggen
         sign_out: Uitloggen
         sign_up: Registreren
       mfa_banner_html:
+  breadcrumbs:
+    home:
+    dashboard: Dashboard
+    settings:
+    org_name: 'Organisatie: %{name}'
   mailer:
     confirm_your_email:
     confirmation_subject:
@@ -425,10 +434,6 @@ nl:
       title:
     download:
       title:
-    faq:
-      title:
-    migrate:
-      title:
     security:
       title:
     sponsors:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index a98589a5caa..eea45da4011 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -205,7 +205,7 @@ pt-BR:
       mine: Minhas Gems
       my_subscriptions: Observando
       no_owned_html: Você ainda não enviou nenhuma gem. Verifique os guias sobre %{creating_link}
-        uma gem ou %{migrating_link} uma gem do RubyForge.
+        uma gem.
       no_subscriptions_html: Você ainda não está observando nenhuma gem. Visite uma
         %{gem_link} para poder observá-la!
       title: Painel de Controle
@@ -236,6 +236,7 @@ pt-BR:
         blog: Blog
         contribute: Como Contribuir
         data: Dump de Dados
+        docs: Documentação
         designed_by: Design
         discussion_forum: Fóruns
         gems_served_by: Provisionamento
@@ -250,6 +251,9 @@ pt-BR:
         statistics: Estatísticas
         status: Status
         supported_by: Patrocínio
+        supported_by_html: |
+          <a href="https://rubygems.org" class="font-semibold">RubyGems.org</a>
+          <br class="hidden lg:block"> é apoiado por
         tested_by: Testado por
         tracking_by: Coleta de Dados
         uptime: Uptime
@@ -257,6 +261,7 @@ pt-BR:
         secured_by:
         looking_for_maintainers:
       header:
+        profile: Perfil
         dashboard: Painel de Controle
         settings: Configurações da Conta
         edit_profile: Editar Perfil
@@ -265,6 +270,11 @@ pt-BR:
         sign_out: Sair
         sign_up: Cadastrar
       mfa_banner_html:
+  breadcrumbs:
+    home:
+    dashboard: Painel de Controle
+    settings: Configurações da Conta
+    org_name: 'Org: %{name}'
   mailer:
     confirm_your_email: Por favor, confirme seu endereço de email através do link
       que enviamos para o seu endereço de email.
@@ -436,10 +446,6 @@ pt-BR:
       title:
     download:
       title:
-    faq:
-      title:
-    migrate:
-      title:
     security:
       title:
     sponsors:
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index c8c9b2c2b23..844c74d6fc2 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -199,8 +199,7 @@ zh-CN:
       migrating_link_text: 迁移
       mine: 我的 Gem
       my_subscriptions: 订阅
-      no_owned_html: 您还没有发布过任何 Gem。可以看看 %{creating_link} 指南，或从 RubyForge %{migrating_link}
-        一个 Gem。
+      no_owned_html: 您还没有发布过任何 Gem。可以看看 %{creating_link} 指南。
       no_subscriptions_html: 您没有订阅任何 Gem，访问 %{gem_link} 订阅一个！
       title: 仪表盘
   dependencies:
@@ -230,6 +229,7 @@ zh-CN:
         blog: 博客
         contribute: 贡献
         data: 数据
+        docs: 文档
         designed_by: 设计
         discussion_forum: 讨论
         gems_served_by: 服务
@@ -244,6 +244,9 @@ zh-CN:
         statistics: 统计
         status: 状态
         supported_by: 支持
+        supported_by_html: |
+          <a href="https://rubygems.org" class="font-semibold">RubyGems.org</a>
+          <br class="hidden lg:block"> 由以下支持
         tested_by: 测试
         tracking_by: 追踪
         uptime: 服务运行时间
@@ -251,6 +254,7 @@ zh-CN:
         secured_by: 安全保护
         looking_for_maintainers: 招募维护者
       header:
+        profile: 个人信息
         dashboard: 仪表盘
         settings: 设置
         edit_profile: 编辑个人信息
@@ -259,6 +263,11 @@ zh-CN:
         sign_out: 退出
         sign_up: 注册
       mfa_banner_html:
+  breadcrumbs:
+    home:
+    dashboard: 仪表盘
+    settings: 设置
+    org_name: 组织：%{name}
   mailer:
     confirm_your_email: 请在发送到您的邮件中点击链接，确认您的邮箱地址。
     confirmation_subject: 请确认您的邮箱地址
@@ -427,10 +436,6 @@ zh-CN:
       title: RubyGems.org 数据转储
     download:
       title: 下载 RubyGems
-    faq:
-      title: 常问问题
-    migrate:
-      title: 迁移 Gem
     security:
       title: 安全
     sponsors:
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index 38c6ad49a77..59158187eb3 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -198,8 +198,7 @@ zh-TW:
       migrating_link_text: Gem 轉移
       mine: 我的 Gems
       my_subscriptions: 我的訂閱
-      no_owned_html: 您尚未發佈任何 Gem。可以閱讀 %{creating_link} 教學，或參考 %{migrating_link} 教學來將您的
-        Gem 從 RubyForge 遷移過來。
+      no_owned_html: 您尚未發佈任何 Gem。可以閱讀 %{creating_link} 教學。
       no_subscriptions_html: 您還沒有訂閱過 Gem，前往 %{gem_link} 來訂閱！
       title: 控制台
   dependencies:
@@ -229,6 +228,7 @@ zh-TW:
         blog: 部落格
         contribute: 貢獻
         data: 資料
+        docs: 文件
         designed_by: 設計
         discussion_forum: 討論群組
         gems_served_by: 服務
@@ -243,6 +243,9 @@ zh-TW:
         statistics: 統計
         status: 狀態
         supported_by: 支持
+        supported_by_html: |
+          <a href="https://rubygems.org" class="font-semibold">RubyGems.org</a>
+          <br class="hidden lg:block"> 由以下支持
         tested_by: 測試
         tracking_by: 追蹤
         uptime: 上線時間
@@ -250,6 +253,7 @@ zh-TW:
         secured_by:
         looking_for_maintainers: 徵求維護者
       header:
+        profile: 個人檔案
         dashboard: 儀表板
         settings: 設定
         edit_profile: 編輯個人檔案
@@ -258,6 +262,11 @@ zh-TW:
         sign_out: 登出
         sign_up: 註冊
       mfa_banner_html: "\U0001F389 我們現在支援安全裝置了！<a href=\"/settings/edit#security-device\">設定</a>新的裝置來提升您的帳號安全。[了解詳情](部落格文章連結)！"
+  breadcrumbs:
+    home:
+    dashboard:
+    settings:
+    org_name: 組織：%{name}
   mailer:
     confirm_your_email: 已寄送連結，請點擊連結來確認您的電子郵件地址。
     confirmation_subject: "%{host} 電子郵件地址確認"
@@ -421,10 +430,6 @@ zh-TW:
       title:
     download:
       title: 下載 RubyGems
-    faq:
-      title: 常見問題
-    migrate:
-      title: 轉移 Gems
     security:
       title: 安全性
     sponsors:
diff --git a/config/tailwind.config.js b/config/tailwind.config.js
index 664dbdb8c31..b0ee5019caf 100644
--- a/config/tailwind.config.js
+++ b/config/tailwind.config.js
@@ -13,37 +13,41 @@ module.exports = {
   ],
   theme: {
     extend: {
+      screens: {
+        'sm': '480px' // Below this is a phone in portrait mode
+      },
       fontFamily: {
         sans: ['"Titillium Web"', ...defaultTheme.fontFamily.sans],
         mono: ['"Fira Code"', ...defaultTheme.fontFamily.mono],
       },
       fontSize: {
-        lg:   ['1.4375rem', '2.156rem'], /* Base/01 23px, 34.5px */
-        base: ['1.1875rem', '1.781rem'], /* Base/02 19px, 28.5px */
-        sm:   ['1.0000rem', '1.500rem'], /* Base/03 16px, 24px */
-        xs:   ['0.8750rem', '1.313rem'], /* Base/04 14px, 21px */
+        lg:   ['1.4375rem', '2.156rem'], // Base/01 23px, 34.5px
+        base: ['1.1875rem', '1.781rem'], // Base/02 19px, 28.5px
+        sm:   ['1.0000rem', '1.500rem'], // Base/03 16px, 24px
+        xs:   ['0.8750rem', '1.313rem'], // Base/04 14px, 21px
 
-        d1: ['3.1875rem', '3.825rem'], /* Display/01 51px, 61.2px */
-        d2: ['2.9375rem', '3.525rem'], /* Display/02 47px, 56.4px */
-        d3: ['2.6875rem', '3.225rem'], /* Display/03 43px, 51.6px */
-        h1: ['2.4375rem', '2.925rem'], /* Header/01 39px, 46.8px */
-        h2: ['2.1875rem', '2.625rem'], /* Header/02 35px, 42px */
-        h3: ['1.9375rem', '2.325rem'], /* Header/03 31px, 37.2px */
-        h4: ['1.6875rem', '2.025rem'], /* Header/04 27px, 32.4px */
-        b1: ['1.4375rem', '2.156rem'], /* Base/01 23px, 34.5px */
-        b2: ['1.1875rem', '1.781rem'], /* Base/02 19px, 28.5px */
-        b3: ['1.0000rem', '1.500rem'], /* Base/03 16px, 24px */
-        b4: ['0.8750rem', '1.313rem'], /* Base/04 14px, 21px */
-        c1: ['1.6875rem', '2.025rem'], /* Code/01 27px, 32.4px */
-        c2: ['1.4375rem', '1.725rem'], /* Code/02 23px, 27.6px */
-        c3: ['1.1250rem', '1.350rem'], /* Code/03 18px, 21.6px */
-        c4: ['1.0000rem', '1.200rem'], /* Code/04 16px, 19.2px */
+        d1: ['3.1875rem', '3.825rem'], // Display/01 51px, 61.2px
+        d2: ['2.9375rem', '3.525rem'], // Display/02 47px, 56.4px
+        d3: ['2.6875rem', '3.225rem'], // Display/03 43px, 51.6px
+        h1: ['2.4375rem', '2.925rem'], // Header/01 39px, 46.8px
+        h2: ['2.1875rem', '2.625rem'], // Header/02 35px, 42px
+        h3: ['1.8750rem', '2.325rem'], // Header/03 31px, 37.2px
+        h4: ['1.6875rem', '2.025rem'], // Header/04 27px, 32.4px
+        b1: ['1.4375rem', '2.156rem'], // Base/01 23px, 34.5px
+        b2: ['1.1875rem', '1.781rem'], // Base/02 19px, 28.5px
+        b3: ['1.0000rem', '1.500rem'], // Base/03 16px, 24px
+        b4: ['0.8750rem', '1.313rem'], // Base/04 14px, 21px
+        c1: ['1.6875rem', '2.025rem'], // Code/01 27px, 32.4px
+        c2: ['1.4375rem', '1.725rem'], // Code/02 23px, 27.6px
+        c3: ['1.1250rem', '1.350rem'], // Code/03 18px, 21.6px
+        c4: ['1.0000rem', '1.200rem'], // Code/04 16px, 19.2px
       },
       colors: {
         transparent: 'transparent',
         current: 'currentColor',
-        'white': '#ffffff',
-        'red': {
+        'white': '#FFFFFF',
+        'black': '#000000',
+        'red': { // Warn / Failure
           100: '#FFEEF1',
           200: '#FFC4CD',
           300: '#FF9CB0',
@@ -54,18 +58,20 @@ module.exports = {
           800: '#730012',
           900: '#58000A',
         },
-        'orange': {
+        'orange': { // Primary
           100: '#FFF0EC',
-          200: '#FFD0C5',
+          200: '#FFC6AD',
           300: '#FFA983',
           400: '#FF7539',
           500: '#F74C27',
-          600: '#E54523',
+          DEFAULT: '#F74C27', // 500 brand primary
+          600: '#E04300',
           700: '#AD2F14',
           800: '#761A05',
-          900: '#631200',
+          900: '#581A0C',
+          950: '#3A1007',
         },
-        'yellow': {
+        'yellow': { // Alert
           100: '#FFFBF7',
           200: '#FFF4EA',
           300: '#FFE4BB',
@@ -76,7 +82,7 @@ module.exports = {
           800: '#7A4E0C',
           900: '#4D2E00',
         },
-        'green': {
+        'green': { // Success
           100: '#F1FFFE',
           200: '#E1FFFC',
           300: '#C9FFF9',
@@ -87,7 +93,7 @@ module.exports = {
           800: '#004F56',
           900: '#00373B',
         },
-        'blue': {
+        'blue': { // Info
           100: '#F3F9FF',
           200: '#E1F1FF',
           300: '#92C0F4',
@@ -97,21 +103,149 @@ module.exports = {
           700: '#3F699A',
           800: '#234C7D',
           900: '#113765',
+          950: '#06264C',
         },
         'neutral': {
+          // WHITE
+          // Light
+          //   background (general)
+          //   secondary search bar background
+          // Dark
+          //   primary text
+          //   primary icons
           '000': '#FFFFFF',
+
+          // neutral-050
+          // Light
+          //   work canvas
+          //   form input
+          // Dark (not used)
           '050': '#FBFBFB',
-          '100': '#F6F6F6',
-          '200': '#EEEEEE',
-          '300': '#E2E2E2',
-          '400': '#D5D5D5',
-          '500': '#C3C5C7',
-          '600': '#969CA7',
-          '700': '#636B79',
-          '800': '#454C59',
-          '850': '#2F3643',
-          '900': '#13181F',
-          '950': '#191E26',
+
+          // neutral-100
+          // Light
+          //   primary search bar bg
+          // Dark (not used)
+          '100': '#EEF1F3',
+
+          // neutral-200
+          // Light
+          //   tab hover
+          //   pagination hover
+          //   neutral toasts
+          //   neutral badges
+          //   neutral labels (dropdown)
+          //   low performance indicators
+          // Dark
+          //   primary text hover
+          '200': '#E3E7EA',
+
+          // neutral-300
+          // Light
+          //   disabled buttons
+          //   disabled form input
+          //   list dividing line
+          //   tab dividing line
+          //   outside line default
+          //     search bar
+          //     dropdown
+          //     chips
+          // Dark (not used)
+          '300': '#D7DEE3',
+
+          // neutral-400
+          // Light (not used)
+          // Dark
+          //   secondary text
+          //     disabled button text
+          //     inactive search bar
+          //     nav breadcrumbs
+          //   secondary icons
+          '400': '#C6CED5',
+
+          // neutral-500
+          // Light
+          //   outside stroke
+          //     general containers
+          //     neutral toasts
+          //   outside stroke active states
+          //     search bar
+          //     drop downs
+          //     chips
+          // Dark (not used)
+          '500': '#AEB8C1',
+
+          // neutral-600
+          // Light
+          //   secondary text
+          //     disabled button text
+          //     inactive search bar
+          //     nav breadcrumbs
+          //     search result gem description captions
+          //     text counters [  Gems  4  ]
+          //     sort by - not active
+          //   secondary icons
+          // Dark
+          //   secondary text
+          //     search result gem description captions
+          //     text counters [  Gems  4  ]
+          //     sort by - not active
+          //
+          '600': '#6C7583',
+
+          // neutral-700
+          // Light (not used)
+          // Dark
+          //   disabled buttons
+          //   disabled form input
+          //   list dividing line
+          //   tab dividing line
+          //   outside line default
+          //     search bar
+          //     dropdown
+          //     chips
+          //   outside stroke
+          //     general containers
+          //     neutral toasts
+          //   outside stroke active states
+          //     search bar
+          //     drop downs
+          //     chips
+          '700': '#434B59',
+
+          // neutral-800
+          // Light
+          //   primary text
+          //   primary icons
+          // Dark
+          //   tab hover
+          //   pagination hover
+          //   neutral toasts
+          //   neutral badges
+          //   neutral labels (dropdown)
+          //   low performance indicators
+          '800': '#333A45',
+
+          // neutral-900
+          // Light (not used)
+          // Dark
+          //   primary search bar background
+          '900': '#222831',
+
+          // neutral-950
+          // Light (not used)
+          // Dark
+          //   work canvas
+          //   form input
+          '950': '#16191E',
+
+          // BLACK
+          // Light
+          //   primary text hover
+          // Dark
+          //   background (general)
+          //   secondary search bar background
+          '1000': '#000000',
         },
       },
     },
diff --git a/public/images/icons.svg b/public/images/icons.svg
new file mode 100644
index 00000000000..321ab50e6af
--- /dev/null
+++ b/public/images/icons.svg
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="utf-8"?>
+<svg xmlns="http://www.w3.org/2000/svg">
+  <defs>
+    <symbol viewBox="0 0 32 32" id="logo">
+      <path d="M10.4 10.5l-3.9 4L16 24l9.6-9.5-3.9-4H10.4ZM16 29 4.7 22.5V9.5L16 3 27.3 9.5v13L16 29ZM2 8V24l14 8 14-8V8L16 0 2 8Z"/>
+    </symbol>
+
+    <!-- Material icons -->
+    <symbol id="arrow-circle-right" viewBox="0 0 24 24" enable-background="new 0 0 24 24">
+      <g>
+        <rect fill="none" height="24" width="24"/>
+        <rect fill="none" height="24" width="24"/>
+      </g>
+      <g>
+        <path d="M22,12c0-5.52-4.48-10-10-10C6.48,2,2,6.48,2,12s4.48,10,10,10C17.52,22,22,17.52,22,12z M12,14.79V13H9 c-0.55,0-1-0.45-1-1s0.45-1,1-1h3V9.21c0-0.45,0.54-0.67,0.85-0.35l2.79,2.79c0.2,0.2,0.2,0.51,0,0.71l-2.79,2.79 C12.54,15.46,12,15.24,12,14.79z"/>
+      </g>
+    </symbol>
+    <symbol id="arrow-drop-down" viewBox="0 0 24 24">
+      <path d="M0 0h24v24H0V0z" fill="none"/>
+      <path d="M8.71 11.71l2.59 2.59c.39.39 1.02.39 1.41 0l2.59-2.59c.63-.63.18-1.71-.71-1.71H9.41c-.89 0-1.33 1.08-.7 1.71z"/>
+    </symbol>
+    <symbol id="chevron-right" viewBox="0 0 960 1147"><path d="M518 576L355 413q-8-8-8.5-20.5T355 371q9-9 21-9t21 9l180 180q5 5 7.5 11.5T587 576q0 7-2.5 13.5T577 601L397 781q-8 8-20.5 8.5T355 781q-9-9-9-21t9-21l163-163z"/></symbol>
+    <symbol id="close" viewBox="0 0 24 24">
+      <path d="M0 0h24v24H0V0z" fill="none"/>
+      <path d="M18.3 5.71c-.39-.39-1.02-.39-1.41 0L12 10.59 7.11 5.7c-.39-.39-1.02-.39-1.41 0-.39.39-.39 1.02 0 1.41L10.59 12 5.7 16.89c-.39.39-.39 1.02 0 1.41.39.39 1.02.39 1.41 0L12 13.41l4.89 4.89c.39.39 1.02.39 1.41 0 .39-.39.39-1.02 0-1.41L13.41 12l4.89-4.89c.38-.38.38-1.02 0-1.4z"/>
+    </symbol>
+    <symbol id="error" viewBox="0 0 24 24">
+      <path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm0 11c-.55 0-1-.45-1-1V8c0-.55.45-1 1-1s1 .45 1 1v4c0 .55-.45 1-1 1zm1 4h-2v-2h2v2z"/>
+    </symbol>
+    <symbol id="content-copy" viewBox="0 0 24 24" enable-background="new 0 0 24 24">
+      <g>
+        <rect fill="none" height="24" width="24"/>
+      </g>
+      <g>
+        <path d="M15,20H5V7c0-0.55-0.45-1-1-1h0C3.45,6,3,6.45,3,7v13c0,1.1,0.9,2,2,2h10c0.55,0,1-0.45,1-1v0C16,20.45,15.55,20,15,20z M20,16V4c0-1.1-0.9-2-2-2H9C7.9,2,7,2.9,7,4v12c0,1.1,0.9,2,2,2h9C19.1,18,20,17.1,20,16z M18,16H9V4h9V16z"/>
+      </g>
+    </symbol>
+    <symbol id="history" viewBox="0 0 24 24">
+      <path d="M0 0h24v24H0V0z" fill="none"/>
+      <path d="M13.26 3C8.17 2.86 4 6.95 4 12H2.21c-.45 0-.67.54-.35.85l2.79 2.8c.2.2.51.2.71 0l2.79-2.8c.31-.31.09-.85-.36-.85H6c0-3.9 3.18-7.05 7.1-7 3.72.05 6.85 3.18 6.9 6.9.05 3.91-3.1 7.1-7 7.1-1.61 0-3.1-.55-4.28-1.48-.4-.31-.96-.28-1.32.08-.42.42-.39 1.13.08 1.49C9 20.29 10.91 21 13 21c5.05 0 9.14-4.17 9-9.26-.13-4.69-4.05-8.61-8.74-8.74zm-.51 5c-.41 0-.75.34-.75.75v3.68c0 .35.19.68.49.86l3.12 1.85c.36.21.82.09 1.03-.26.21-.36.09-.82-.26-1.03l-2.88-1.71v-3.4c0-.4-.34-.74-.75-.74z"/>
+    </symbol>
+    <symbol id="house-siding" viewBox="0 0 960 1147"><path d="M274 796v90q0 13-8.5 21.5T244 916q-13 0-21.5-8.5T214 886V512l-94 71q-11 7-22.5 6T78 577q-7-10-6-22t12-20l352-266q10-7 21-10.5t23-3.5q12 0 23 3.5t21 10.5l352 266q10 8 12 20t-6 22q-8 11-19.5 12t-22.5-6l-93-71v374q0 13-9 21.5t-21 8.5q-13 0-21.5-8.5T687 886v-90H274zm0-215h413v-96H274v96zm0 155h413v-95H274v95zm54-311h304L480 312 328 425z"/></symbol>
+
+    <symbol id="keyboard-arrow-down" viewBox="0 0 24 24">
+      <path d="M8.12 9.29L12 13.17l3.88-3.88c.39-.39 1.02-.39 1.41 0 .39.39.39 1.02 0 1.41l-4.59 4.59c-.39.39-1.02.39-1.41 0L6.7 10.7c-.39-.39-.39-1.02 0-1.41.39-.38 1.03-.39 1.42 0z"/>
+    </symbol>
+    <symbol id="keyboard-arrow-up" viewBox="0 0 24 24">
+      <path d="M8.12 14.71L12 10.83l3.88 3.88c.39.39 1.02.39 1.41 0 .39-.39.39-1.02 0-1.41L12.7 8.71c-.39-.39-1.02-.39-1.41 0L6.7 13.3c-.39.39-.39 1.02 0 1.41.39.38 1.03.39 1.42 0z"/>
+    </symbol>
+    <symbol id="language" viewBox="0 0 24 24">
+      <path d="M0 0h24v24H0V0z" fill="none"/>
+      <path d="M11.99 2C6.47 2 2 6.48 2 12s4.47 10 9.99 10C17.52 22 22 17.52 22 12S17.52 2 11.99 2zm6.93 6h-2.95c-.32-1.25-.78-2.45-1.38-3.56 1.84.63 3.37 1.91 4.33 3.56zM12 4.04c.83 1.2 1.48 2.53 1.91 3.96h-3.82c.43-1.43 1.08-2.76 1.91-3.96zM4.26 14C4.1 13.36 4 12.69 4 12s.1-1.36.26-2h3.38c-.08.66-.14 1.32-.14 2s.06 1.34.14 2H4.26zm.82 2h2.95c.32 1.25.78 2.45 1.38 3.56-1.84-.63-3.37-1.9-4.33-3.56zm2.95-8H5.08c.96-1.66 2.49-2.93 4.33-3.56C8.81 5.55 8.35 6.75 8.03 8zM12 19.96c-.83-1.2-1.48-2.53-1.91-3.96h3.82c-.43 1.43-1.08 2.76-1.91 3.96zM14.34 14H9.66c-.09-.66-.16-1.32-.16-2s.07-1.35.16-2h4.68c.09.65.16 1.32.16 2s-.07 1.34-.16 2zm.25 5.56c.6-1.11 1.06-2.31 1.38-3.56h2.95c-.96 1.65-2.49 2.93-4.33 3.56zM16.36 14c.08-.66.14-1.32.14-2s-.06-1.34-.14-2h3.38c.16.64.26 1.31.26 2s-.1 1.36-.26 2h-3.38z"/>
+    </symbol>
+    <symbol id="menu" viewBox="0 0 24 24">
+      <path d="M0 0h24v24H0V0z" fill="none"/>
+      <path d="M4 18h16c.55 0 1-.45 1-1s-.45-1-1-1H4c-.55 0-1 .45-1 1s.45 1 1 1zm0-5h16c.55 0 1-.45 1-1s-.45-1-1-1H4c-.55 0-1 .45-1 1s.45 1 1 1zM3 7c0 .55.45 1 1 1h16c.55 0 1-.45 1-1s-.45-1-1-1H4c-.55 0-1 .45-1 1z"/>
+    </symbol>
+    <symbol id="search" viewBox="0 0 24 24">
+      <path d="M9.7 14.1c-1.3 0-2.4-.4-3.3-1.3-.9-.9-1.3-2-1.3-3.3s.4-2.4 1.3-3.3c.9-.9 2-1.3 3.3-1.3 1.3 0 2.4.4 3.3 1.3.9.9 1.3 2 1.3 3.3s-.4 2.4-1.3 3.3c-.9.9-2 1.3-3.3 1.3Zm0 1.5c.7 0 1.4-.1 2-.3.7-.3 1.2-.6 1.7-1l5.8 5.8c.1.1.3.2.5.2s.4-.1.5-.2c.2-.2.3-.4.2-.6 0-.2 0-.4-.2-.5l-5.7-5.8c.4-.4.7-1 .9-1.7.3-.6.4-1.3.4-2 0-1.7-.6-3.2-1.8-4.3C12.8 4 11.4 3.4 9.7 3.4 8 3.4 6.5 4 5.3 5.2 4.2 6.3 3.6 7.8 3.6 9.5s.6 3.2 1.7 4.3C6.5 15 8 15.6 9.7 15.6Z"/>
+    </symbol>
+    <symbol id="settings" viewBox="0 0 24 24" enable-background="new 0 0 24 24">
+      <rect fill="none" height="24" width="24"/>
+      <path d="M19.5,12c0-0.23-0.01-0.45-0.03-0.68l1.86-1.41c0.4-0.3,0.51-0.86,0.26-1.3l-1.87-3.23c-0.25-0.44-0.79-0.62-1.25-0.42 l-2.15,0.91c-0.37-0.26-0.76-0.49-1.17-0.68l-0.29-2.31C14.8,2.38,14.37,2,13.87,2h-3.73C9.63,2,9.2,2.38,9.14,2.88L8.85,5.19 c-0.41,0.19-0.8,0.42-1.17,0.68L5.53,4.96c-0.46-0.2-1-0.02-1.25,0.42L2.41,8.62c-0.25,0.44-0.14,0.99,0.26,1.3l1.86,1.41 C4.51,11.55,4.5,11.77,4.5,12s0.01,0.45,0.03,0.68l-1.86,1.41c-0.4,0.3-0.51,0.86-0.26,1.3l1.87,3.23c0.25,0.44,0.79,0.62,1.25,0.42 l2.15-0.91c0.37,0.26,0.76,0.49,1.17,0.68l0.29,2.31C9.2,21.62,9.63,22,10.13,22h3.73c0.5,0,0.93-0.38,0.99-0.88l0.29-2.31 c0.41-0.19,0.8-0.42,1.17-0.68l2.15,0.91c0.46,0.2,1,0.02,1.25-0.42l1.87-3.23c0.25-0.44,0.14-0.99-0.26-1.3l-1.86-1.41 C19.49,12.45,19.5,12.23,19.5,12z M12.04,15.5c-1.93,0-3.5-1.57-3.5-3.5s1.57-3.5,3.5-3.5s3.5,1.57,3.5,3.5S13.97,15.5,12.04,15.5z"/>
+    </symbol>
+    <symbol id="tune" viewBox="0 0 24 24">
+      <path d="M0 0h24v24H0V0z" fill="none"/>
+      <path d="M3 18c0 .55.45 1 1 1h5v-2H4c-.55 0-1 .45-1 1zM3 6c0 .55.45 1 1 1h9V5H4c-.55 0-1 .45-1 1zm10 14v-1h7c.55 0 1-.45 1-1s-.45-1-1-1h-7v-1c0-.55-.45-1-1-1s-1 .45-1 1v4c0 .55.45 1 1 1s1-.45 1-1zM7 10v1H4c-.55 0-1 .45-1 1s.45 1 1 1h3v1c0 .55.45 1 1 1s1-.45 1-1v-4c0-.55-.45-1-1-1s-1 .45-1 1zm14 2c0-.55-.45-1-1-1h-9v2h9c.55 0 1-.45 1-1zm-5-3c.55 0 1-.45 1-1V7h3c.55 0 1-.45 1-1s-.45-1-1-1h-3V4c0-.55-.45-1-1-1s-1 .45-1 1v4c0 .55.45 1 1 1z"/>
+    </symbol>
+    <symbol id="warning" viewBox="0 0 24 24">
+      <path d="M4.47 21h15.06c1.54 0 2.5-1.67 1.73-3L13.73 4.99c-.77-1.33-2.69-1.33-3.46 0L2.74 18c-.77 1.33.19 3 1.73 3zM12 14c-.55 0-1-.45-1-1v-2c0-.55.45-1 1-1s1 .45 1 1v2c0 .55-.45 1-1 1zm1 4h-2v-2h2v2z"/>
+    </symbol>
+
+    <symbol viewBox="0 0 24 24" id="profile">
+      <path d="M2.1 20.5A14.2 14.2 90 016.5 17.6C8.2 16.9 10 16.5 12 16.5 13.9 16.5 15.8 16.9 17.4 17.6A14.2 14.2 90 0121.9 20.5V2.6A.4.4 90 0021.7 2.3.4.4 90 0021.4 2.1H2.6A.4.4 90 002.3 2.3.4.4 90 002.1 2.6V20.5ZM12 14.4C13.3 14.4 14.4 14 15.2 13.1S16.6 11.1 16.6 9.8C16.6 8.5 16.1 7.5 15.2 6.6S13.3 5.2 12 5.2C10.7 5.2 9.6 5.7 8.7 6.6S7.4 8.5 7.4 9.8C7.4 11.1 7.9 12.2 8.7 13.1S10.7 14.4 12 14.4ZM2.6 24C1.8 24 1.2 23.7.7 23.3.2 22.8 0 22.2 0 21.4V2.6C0 1.8.2 1.2.7.7 1.2.2 1.8 0 2.6 0H21.4C22.2 0 22.8.2 23.3.7 23.7 1.2 24 1.8 24 2.6V21.4C24 22.2 23.7 22.8 23.3 23.3 22.8 23.7 22.2 24 21.4 24H2.6ZM3.8 21.9H20.2C19 20.8 17.7 20 16.3 19.4A12 12 90 0012 18.6C10.6 18.6 9.1 18.9 7.7 19.4 6.3 20 4.9 20.8 3.8 21.9ZM12 12.3A2.4 2.4 90 0110.3 11.6 2.4 2.4 90 019.5 9.8C9.5 9.1 9.8 8.6 10.3 8.1A2.4 2.4 90 0112 7.3C12.7 7.3 13.3 7.6 13.7 8.1 14.2 8.6 14.5 9.1 14.5 9.8 14.5 10.5 14.2 11.1 13.7 11.6A2.4 2.4 90 0112 12.3Z"/>
+    </symbol>
+    <symbol viewBox="0 0 32 32" id="toast">
+      <path fill-rule="evenodd" clip-rule="evenodd" d="M16 30a14 14 0 1 0 0-28 14 14 0 0 0 0 28Zm0 2a16 16 0 1 0 0-32 16 16 0 0 0 0 32ZM8 16a1 1 0 0 0 1 1h11.586l-4.294 4.293a1.001 1.001 0 0 0 1.416 1.416l6-6a1 1 0 0 0 0-1.416l-6-6a1.002 1.002 0 0 0-1.416 1.416l4.294 4.292H9a1 1 0 0 0-1 1Z"/>
+    </symbol>
+    <symbol viewBox="0 0 24 24" id="history">
+      <path d="M12 23.9c-2.8 0-5.3-.9-7.4-2.6-2.1-1.7-3.5-3.9-4.1-6.6a.9.9 90 01.1-.8 1 1 90 01.7-.4 1.1 1.1 90 01.8.2c.2.2.4.4.5.7.5 2.2 1.7 3.9 3.4 5.3 1.8 1.4 3.8 2.1 6 2.1 2.7 0 5-1 6.9-2.9s2.9-4.2 2.9-6.9-1-5-2.9-6.9C17 3.2 14.7 2.2 12 2.2a9.4 9.4 90 00-4.3 1A10.6 10.6 90 004.2 6h2.6c.3 0 .5.1.7.3a1 1 90 01.3.7 1 1 90 01-.3.7 1 1 90 01-.7.3H2a1.2 1.2 90 01-.9-.4 1.2 1.2 90 01-.4-.9V2.1c0-.3.1-.5.3-.7a1 1 90 01.7-.3c.3 0 .5.1.7.3a1 1 90 01.3.7v2.3A11.9 11.9 90 017 1.2a11.7 11.7 90 015-1.1 11.6 11.6 90 014.6.9c1.4.6 2.7 1.5 3.8 2.5a12.1 12.1 90 012.5 3.8 11.6 11.6 90 01.9 4.6c0 1.7-.3 3.2-.9 4.6a12 12 90 01-2.5 3.8 12 12 90 01-3.8 2.5 11.6 11.6 90 01-4.6.9Zm1.1-12.3 3.8 3.9a1 1 90 01.3.7 1 1 90 01-.3.7 1 1 90 01-.7.3 1 1 90 01-.7-.3l-4.1-4.1a1.3 1.3 90 01-.4-.9V6.1c0-.3.1-.5.3-.7a1 1 90 01.7-.3c.3 0 .5.1.7.3a1 1 90 01.3.7v5.5Z"/>
+    </symbol>
+    <symbol viewBox="0 0 60 60" id="ruby-central">
+      <path fill-rule="evenodd" clip-rule="evenodd" d="M9.362 11.513a9.603 9.603 0 0 1 9.604-9.604h21.131a9.605 9.605 0 0 1 9.605 9.604v21.131a9.606 9.606 0 0 1-9.605 9.605h-21.13a9.605 9.605 0 0 1-9.605-9.605v-21.13ZM44.33 21.886c0 8.063-6.537 14.6-14.6 14.6s-14.599-6.537-14.599-14.6 6.536-14.6 14.6-14.6 14.599 6.537 14.599 14.6ZM27.164 13.05c-.984 0-1.92.418-2.577 1.149L21.4 17.742a3.467 3.467 0 0 0-.1 4.518l5.916 7.196a3.467 3.467 0 0 0 5.354 0l5.916-7.196a3.467 3.467 0 0 0-.1-4.518l-3.187-3.544a3.467 3.467 0 0 0-2.577-1.15h-5.458ZM26.591 16a.77.77 0 0 1 .573-.254h5.458c.219 0 .426.093.573.254l3.186 3.545a.77.77 0 0 1 .022 1.004l-5.915 7.197a.77.77 0 0 1-1.19 0l-5.915-7.197a.77.77 0 0 1 .022-1.004L26.591 16Zm32.113 40.033c.05.049.108.074.178.074h.868a.24.24 0 0 0 .177-.074.238.238 0 0 0 .073-.177v-6.917a.24.24 0 0 0-.073-.18.243.243 0 0 0-.177-.072h-.868a.245.245 0 0 0-.178.073.246.246 0 0 0-.073.179v6.917c0 .07.025.13.073.177Zm-4.164.178c-.361 0-.689-.07-.982-.209a1.907 1.907 0 0 1-.7-.576 1.403 1.403 0 0 1-.25-.814 1.365 1.365 0 0 1 .584-1.16c.397-.293.92-.488 1.568-.585l1.432-.21v-.218c0-.293-.073-.52-.22-.68-.146-.16-.397-.24-.752-.24a1.112 1.112 0 0 0-.617.156.91.91 0 0 0-.345.398.266.266 0 0 1-.24.135h-.826c-.076 0-.135-.02-.177-.062a.256.256 0 0 1-.053-.168 1.062 1.062 0 0 1 .137-.407c.083-.16.216-.314.397-.46.18-.153.414-.282.7-.386.286-.105.63-.157 1.034-.157.44 0 .808.055 1.109.167a1.862 1.862 0 0 1 .73.428c.182.181.314.395.398.638.083.243.125.501.125.773v3.282a.24.24 0 0 1-.073.177.243.243 0 0 1-.177.074h-.847a.258.258 0 0 1-.189-.074.267.267 0 0 1-.062-.177v-.408a1.655 1.655 0 0 1-.366.376 2.124 2.124 0 0 1-.565.283 2.533 2.533 0 0 1-.773.104Zm.356-.993c.244 0 .463-.052.658-.156a1.08 1.08 0 0 0 .47-.48c.119-.224.178-.503.178-.837v-.22l-1.045.167c-.41.063-.717.164-.92.303-.2.14-.303.31-.303.513a.61.61 0 0 0 .137.397.95.95 0 0 0 .365.24c.146.048.3.073.46.073Zm-5.827.815a.243.243 0 0 0 .177.074h.909c.077 0 .14-.025.188-.074a.243.243 0 0 0 .074-.177v-2.873c0-.328.09-.586.272-.774.187-.188.449-.283.783-.283h.815c.077 0 .136-.023.178-.073a.243.243 0 0 0 .073-.178v-.752a.243.243 0 0 0-.073-.177.222.222 0 0 0-.178-.073h-.428c-.335 0-.63.06-.889.177a1.579 1.579 0 0 0-.617.513v-.43a.237.237 0 0 0-.083-.187.243.243 0 0 0-.177-.073h-.847a.25.25 0 0 0-.25.26v4.923c0 .07.023.13.073.177Zm-1.774.074c-.418 0-.77-.074-1.056-.22a1.4 1.4 0 0 1-.637-.648c-.14-.292-.21-.654-.21-1.086V51.78h-.825a.243.243 0 0 1-.178-.073.246.246 0 0 1-.073-.179v-.606c0-.07.025-.129.073-.177a.243.243 0 0 1 .178-.073h.825v-1.734c0-.071.021-.13.064-.18a.256.256 0 0 1 .187-.072h.846a.246.246 0 0 1 .251.252v1.734h1.307c.07 0 .13.024.178.073a.243.243 0 0 1 .073.177v.606c0 .07-.025.13-.073.179a.243.243 0 0 1-.178.073H46.74v2.268c0 .285.05.507.147.668.105.16.283.24.533.24h.722c.07 0 .127.025.177.074a.243.243 0 0 1 .073.177v.648a.24.24 0 0 1-.073.177.245.245 0 0 1-.177.074h-.847Zm-8.542-.074a.243.243 0 0 0 .177.074h.92a.24.24 0 0 0 .178-.074.238.238 0 0 0 .073-.177V52.98c0-.403.108-.72.324-.95.216-.23.505-.346.867-.346.377 0 .662.116.857.345.202.23.304.548.304.951v2.875c0 .07.024.13.072.177.05.049.108.074.179.074h.918c.071 0 .13-.025.179-.074a.243.243 0 0 0 .073-.177v-2.937c0-.488-.088-.906-.262-1.253a1.844 1.844 0 0 0-.72-.806 2.053 2.053 0 0 0-1.108-.292c-.418 0-.77.076-1.056.23a2.18 2.18 0 0 0-.69.554v-.429a.243.243 0 0 0-.072-.177.24.24 0 0 0-.178-.073h-.858a.238.238 0 0 0-.177.073.243.243 0 0 0-.073.177v4.933c0 .07.024.13.073.177Zm-3.443.178c-.774 0-1.387-.223-1.84-.67-.453-.445-.696-1.079-.73-1.9a2.545 2.545 0 0 1-.012-.263c0-.111.004-.198.011-.26.027-.523.147-.976.355-1.36.216-.382.513-.675.889-.877.376-.208.818-.313 1.327-.313.563 0 1.037.118 1.42.355.384.23.674.554.869.972.194.411.291.888.291 1.431v.22a.238.238 0 0 1-.073.178.253.253 0 0 1-.187.073h-3.47v.083c.007.244.052.47.136.68a1.233 1.233 0 0 0 .387.49c.174.126.38.19.616.19a1.3 1.3 0 0 0 .491-.084 1.293 1.293 0 0 0 .502-.397c.063-.085.111-.133.146-.147a.407.407 0 0 1 .177-.03h.9c.069 0 .125.02.167.061a.174.174 0 0 1 .063.157c-.007.111-.067.248-.179.408a1.938 1.938 0 0 1-.459.47 2.71 2.71 0 0 1-.763.386 3.322 3.322 0 0 1-1.034.147Zm-1.15-3.292h2.309v-.03c0-.273-.045-.51-.135-.712a1.12 1.12 0 0 0-.397-.48 1.082 1.082 0 0 0-.627-.178 1.08 1.08 0 0 0-.627.178 1.112 1.112 0 0 0-.397.48 1.838 1.838 0 0 0-.126.711v.031Zm-6.727 2.958c.453.223 1.003.334 1.65.334.475 0 .9-.062 1.275-.187a3.02 3.02 0 0 0 .962-.513c.265-.222.47-.48.617-.773a2.222 2.222 0 0 0 .23-.951.17.17 0 0 0-.063-.157.211.211 0 0 0-.157-.063h-.993a.313.313 0 0 0-.187.052c-.05.035-.085.102-.106.199-.11.453-.303.767-.574.94-.272.168-.61.251-1.013.251-.467 0-.84-.129-1.119-.386-.279-.265-.428-.697-.449-1.295a24.37 24.37 0 0 1 0-1.757c.021-.6.17-1.028.45-1.284.277-.266.651-.398 1.118-.398.403 0 .74.084 1.013.251.271.166.464.48.574.94a.354.354 0 0 0 .106.198.313.313 0 0 0 .187.054h.993a.211.211 0 0 0 .157-.064.171.171 0 0 0 .063-.156 2.218 2.218 0 0 0-.847-1.714 2.898 2.898 0 0 0-.962-.523 4.018 4.018 0 0 0-1.274-.188c-.64 0-1.188.115-1.641.345a2.408 2.408 0 0 0-1.034.972c-.237.425-.37.93-.397 1.515a37.886 37.886 0 0 0 0 1.86c.027.593.16 1.102.397 1.526.237.418.578.742 1.024.972Zm-7.801 2.216a.2.2 0 0 1-.147-.064.199.199 0 0 1-.063-.146V57.8a.474.474 0 0 1 .042-.083l.816-1.934-2.007-4.734a.482.482 0 0 1-.041-.147.25.25 0 0 1 .073-.156.196.196 0 0 1 .156-.073h.847c.083 0 .146.02.187.063a.424.424 0 0 1 .095.135l1.39 3.417 1.43-3.417a.314.314 0 0 1 .095-.135c.042-.042.104-.063.189-.063h.835a.2.2 0 0 1 .147.063.186.186 0 0 1 .073.145.468.468 0 0 1-.042.168l-2.957 6.845a.417.417 0 0 1-.105.135c-.041.043-.105.064-.188.064h-.825Zm-4.87-2.09c.272.138.61.208 1.013.208.37 0 .69-.058.962-.178.272-.125.498-.299.68-.522.18-.222.32-.484.417-.783a3.8 3.8 0 0 0 .168-1.003 6.92 6.92 0 0 0 .01-.335c0-.105-.004-.22-.01-.345a3.348 3.348 0 0 0-.158-.972 2.281 2.281 0 0 0-.428-.784 1.828 1.828 0 0 0-.679-.533 2.278 2.278 0 0 0-.962-.188 2.123 2.123 0 0 0-.96.199 1.983 1.983 0 0 0-.648.491v-2.32a.246.246 0 0 0-.074-.178.223.223 0 0 0-.177-.073h-.889a.243.243 0 0 0-.177.073.246.246 0 0 0-.074.179v6.917c0 .07.025.13.074.177a.243.243 0 0 0 .177.074h.826a.22.22 0 0 0 .177-.074.238.238 0 0 0 .073-.177v-.386c.175.216.394.393.66.532Zm1.327-1.098c-.167.126-.4.188-.7.188-.285 0-.519-.066-.7-.198a1.197 1.197 0 0 1-.387-.502 2.28 2.28 0 0 1-.135-.637 6.72 6.72 0 0 1 0-.805c.006-.21.055-.408.146-.595a1.2 1.2 0 0 1 .397-.482c.174-.125.4-.187.68-.187.298 0 .532.065.7.198a1 1 0 0 1 .354.502c.077.208.122.438.137.69.013.208.013.417 0 .627a2.39 2.39 0 0 1-.137.689 1.065 1.065 0 0 1-.355.512ZM8.603 56.21c-.425 0-.794-.094-1.108-.282a1.93 1.93 0 0 1-.71-.815 2.912 2.912 0 0 1-.25-1.254v-2.937c0-.07.023-.129.073-.177a.238.238 0 0 1 .177-.073h.92a.22.22 0 0 1 .177.073.243.243 0 0 1 .073.177v2.874c0 .864.38 1.296 1.139 1.296.362 0 .648-.116.857-.345.216-.23.324-.547.324-.951v-2.874c0-.07.024-.129.074-.177a.238.238 0 0 1 .177-.073h.92c.07 0 .129.023.177.073a.243.243 0 0 1 .074.177v4.933c0 .07-.025.13-.074.177a.243.243 0 0 1-.177.074h-.847a.258.258 0 0 1-.188-.074.267.267 0 0 1-.062-.177v-.428a2.031 2.031 0 0 1-.7.574c-.28.14-.627.209-1.046.209Zm-8.53-.178c.05.05.109.074.178.074h.951c.077 0 .136-.024.177-.074a.238.238 0 0 0 .074-.177v-2.509h1.453l1.348 2.478a.84.84 0 0 0 .147.187c.062.064.152.095.27.095h.952a.199.199 0 0 0 .145-.062.197.197 0 0 0 .074-.158.252.252 0 0 0-.031-.114l-1.526-2.665a2.12 2.12 0 0 0 1.014-.742c.257-.342.386-.77.386-1.285 0-.746-.243-1.315-.73-1.704-.489-.39-1.154-.585-1.997-.585H.251a.238.238 0 0 0-.177.073.253.253 0 0 0-.074.188v6.803c0 .07.025.13.074.177Zm2.853-3.866H1.453V49.95h1.473c.432 0 .75.102.952.303.209.196.313.467.313.816s-.104.62-.313.815c-.21.188-.526.282-.952.282Z"/>
+    </symbol>
+    <symbol viewBox="0 0 60 60" id="dnsimple">
+      <path fill-rule="evenodd" clip-rule="evenodd" d="M6.175 24.787a3.92 3.92 0 0 0-.843.075v2.802c-.392-.151-.844-.226-1.446-.226-2.139 0-3.887 1.461-3.887 3.811 0 2.41 1.597 3.736 3.947 3.736 1.16 0 2.35-.316 3.088-.708v-9.415a4.242 4.242 0 0 0-.859-.075Zm-2.259 8.707c-1.296 0-2.184-.874-2.184-2.275 0-1.386.949-2.275 2.214-2.275.512 0 .979.061 1.386.317v4.007a3.742 3.742 0 0 1-1.416.226Zm8.421-6.086c-1.537 0-2.787.602-3.42 1.13v6.221c.286.06.573.075.844.075.286 0 .587-.015.858-.075v-5.393c.332-.196.919-.391 1.582-.391 1.1 0 1.732.497 1.732 1.807v3.977c.302.06.573.075.859.075.271 0 .573-.015.859-.075v-4.384c0-1.641-1.01-2.967-3.314-2.967ZM19.974 35c1.958 0 3.103-.904 3.103-2.395 0-1.416-1.129-1.943-2.681-2.184-1.22-.196-1.537-.422-1.537-.889 0-.452.392-.738 1.296-.738.859 0 1.597.256 2.094.542.346-.271.572-.693.648-1.22-.467-.332-1.386-.693-2.682-.693-1.808 0-2.998.904-2.998 2.229 0 1.507 1.206 1.974 2.471 2.17 1.28.195 1.687.467 1.687.949 0 .482-.361.858-1.371.858-1.13 0-1.762-.391-2.199-.708-.362.226-.648.633-.783 1.175.406.347 1.355.904 2.952.904Zm5.483-8.451a1.09 1.09 0 0 0 1.085-1.084 1.09 1.09 0 0 0-1.085-1.085c-.617 0-1.114.482-1.114 1.085 0 .602.497 1.084 1.114 1.084Zm0 8.285c.287 0 .573-.015.844-.075v-7.125a4.01 4.01 0 0 0-.844-.075c-.286 0-.572.015-.858.075v7.125c.286.06.587.075.858.075Zm10.892-7.426c-.964 0-1.838.376-2.426.828-.527-.512-1.31-.828-2.335-.828-1.491 0-2.786.633-3.359 1.13v6.221c.286.06.573.075.844.075.286 0 .587-.015.858-.075v-5.393a2.92 2.92 0 0 1 1.462-.391c1.16 0 1.596.738 1.596 1.762v4.022c.287.06.573.075.874.075.271 0 .573-.015.844-.075v-4.534c0-.226-.03-.452-.076-.663.347-.286.829-.587 1.522-.587 1.16 0 1.612.738 1.612 1.762v4.022c.271.06.557.075.858.075.272 0 .573-.015.844-.075v-4.534c0-1.552-1.055-2.817-3.118-2.817Zm8.134.015c-1.355 0-2.485.527-3.178 1.1v9.023c.301.06.572.075.858.075.287 0 .573-.015.844-.075v-2.772c.452.151.934.211 1.537.211 1.988 0 3.781-1.401 3.781-3.811 0-2.471-1.657-3.751-3.842-3.751Zm-.06 6.041c-.557 0-1.009-.091-1.416-.287v-3.841a2.842 2.842 0 0 1 1.401-.346c1.311 0 2.199.828 2.199 2.199 0 1.416-.888 2.275-2.184 2.275Zm6.312 1.37c.286 0 .587-.015.859-.075v-9.882a4.308 4.308 0 0 0-.874-.075c-.286 0-.573.015-.844.075v9.882c.301.06.588.075.859.075Zm9.264-4.187c0-1.913-1.356-3.224-3.269-3.224-2.033 0-3.585 1.597-3.585 3.811 0 2.335 1.537 3.751 3.676 3.751 1.431 0 2.365-.527 2.967-1.009a1.76 1.76 0 0 0-.738-1.16c-.467.331-1.069.738-2.109.738-1.19 0-1.913-.723-2.048-1.898h5.046c.045-.392.06-.633.06-1.009Zm-5.091-.121c.12-.979.768-1.717 1.822-1.717 1.16.015 1.597.874 1.597 1.717h-3.419Z"/>
+    </symbol>
+    <symbol viewBox="0 0 60 60" id="datadog">
+      <path d="M58.339 56.312v2.096c-.384.101-.728.15-1.03.15-2.034 0-3.05-1.075-3.05-3.224 0-1.986 1.078-2.978 3.233-2.978.898 0 1.735.167 2.51.503v-1.505c-.775-.29-1.653-.438-2.636-.438-3.221 0-4.834 1.471-4.834 4.418 0 3.109 1.584 4.666 4.751 4.666 1.09 0 1.995-.159 2.718-.476V54.84h-2.686l-.561 1.473h1.585Zm-11.376 2.245c1.807 0 2.71-1.041 2.71-3.124 0-2.051-.903-3.078-2.71-3.078-1.854 0-2.78 1.027-2.78 3.078 0 2.083.926 3.124 2.78 3.124Zm-4.508-3.086c0-3.038 1.504-4.555 4.508-4.555 2.957 0 4.436 1.517 4.436 4.555 0 3.02-1.479 4.529-4.436 4.529-2.871 0-4.373-1.51-4.508-4.53Zm-7.56 3.024h1.978c1.86 0 2.793-1.094 2.793-3.282 0-1.864-.932-2.794-2.793-2.794h-1.978v6.076Zm2.229 1.44h-3.89V50.98h3.89c2.803 0 4.205 1.412 4.205 4.233 0 3.148-1.402 4.723-4.205 4.723Zm-12.777 0h-1.709l3.81-8.955h1.79l3.89 8.956H30.34l-1.13-2.443h-2.874l.57-1.44h1.865L27.3 52.69l-2.954 7.246Zm-7.665-8.955h6.81v1.44h-2.574v7.516h-1.661V52.42h-2.575v-1.44ZM9.84 59.936H8.133l3.81-8.956h1.787l3.892 8.956h-1.789l-1.13-2.443H11.83l.571-1.44h1.864l-1.47-3.363-2.954 7.246Zm-8.176-1.441H3.64c1.863 0 2.792-1.094 2.792-3.282 0-1.864-.93-2.794-2.792-2.794H1.665v6.076Zm2.227 1.44H.002V50.98h3.89c2.803 0 4.206 1.412 4.206 4.233 0 3.148-1.403 4.723-4.206 4.723ZM29.864 14.47c.32-.304-1.597-.704-3.085.31-1.097.75-1.132 2.354-.082 3.264.105.09.192.154.273.206a9.513 9.513 0 0 1 2.767-.816c.223-.248.482-.686.417-1.477-.087-1.075-.902-.905-.29-1.486Zm10.065 5.833c-.18-.1-1.03-.06-1.627.01-1.137.135-2.364.529-2.633.739-.49.378-.268 1.037.095 1.307 1.012.757 1.9 1.264 2.838 1.14.575-.075 1.082-.986 1.442-1.813.245-.569.245-1.183-.115-1.383Zm-3.882-6.725c-.066.15-.169.248-.015.734l.01.028.025.063.064.146c.278.569.584 1.105 1.095 1.38.133-.023.269-.038.41-.045.481-.021.784.055.976.159a2.14 2.14 0 0 0 .01-.442c-.038-.721.142-1.947-1.243-2.592-.523-.242-1.257-.168-1.5.136a.634.634 0 0 1 .115.025c.37.128.12.256.053.408Zm14.266 9.879-1.194.227L46.828.002 7.77 4.53l4.812 39.046 4.571-.664c-.364-.52-.932-1.152-1.904-1.959-1.346-1.118-.87-3.018-.076-4.218 1.05-2.027 6.464-4.603 6.158-7.843-.11-1.178-.297-2.712-1.391-3.763-.04.436.033.856.033.856s-.45-.572-.673-1.354c-.222-.3-.396-.395-.633-.795-.168.463-.146 1-.146 1s-.368-.868-.426-1.6c-.219.327-.274.95-.274.95s-.477-1.368-.368-2.105c-.218-.642-.863-1.914-.681-4.807 1.192.835 3.816.637 4.838-.87.34-.499.573-1.86-.168-4.546-.477-1.721-1.656-4.284-2.117-5.257l-.054.04c.242.783.742 2.425.933 3.222.58 2.415.736 3.256.464 4.37-.232.968-.788 1.601-2.196 2.309-1.409.71-3.279-1.018-3.397-1.114-1.368-1.09-2.426-2.869-2.544-3.733-.123-.946.544-1.514.882-2.287a8.6 8.6 0 0 0-1.02.383s.642-.664 1.432-1.238a8.26 8.26 0 0 0 .864-.641c-.5-.009-.904.005-.904.005s.832-.45 1.695-.777c-.63-.029-1.236-.005-1.236-.005s1.858-.832 3.328-1.442c1.009-.414 1.995-.291 2.55.51.727 1.05 1.49 1.62 3.11 1.973.995-.44 1.297-.667 2.545-1.007 1.1-1.21 1.963-1.366 1.963-1.366s-.427.393-.542 1.01c.623-.491 1.306-.902 1.306-.902s-.264.327-.51.846l.057.085c.728-.436 1.583-.78 1.583-.78s-.244.31-.531.709c.548-.005 1.66.023 2.092.072 2.55.056 3.078-2.722 4.056-3.07 1.225-.438 1.773-.702 3.86 1.348 1.79 1.76 3.19 4.91 2.495 5.615-.583.586-1.732-.228-3.005-1.816a6.865 6.865 0 0 1-1.42-3.097 3.043 3.043 0 0 0-.984-1.684s.453 1.012.453 1.904c0 .488.061 2.31.843 3.332-.078.15-.114.74-.2.853-.908-1.099-2.861-1.885-3.178-2.117 1.076.883 3.553 2.911 4.504 4.855.9 1.838.37 3.523.825 3.96.129.125 1.935 2.374 2.282 3.504.607 1.97.036 4.04-.757 5.324l-2.214.345c-.324-.09-.543-.135-.834-.303.161-.283.48-.99.483-1.136l-.125-.219c-.69.976-1.844 1.924-2.803 2.469-1.256.712-2.702.602-3.644.31-2.673-.824-5.202-2.63-5.81-3.105 0 0-.02.379.095.464.674.76 2.218 2.135 3.71 3.094l-3.181.35 1.504 11.712c-.666.096-.77.143-1.5.247-.644-2.274-1.875-3.758-3.22-4.622-1.186-.763-2.823-.935-4.39-.624l-.1.116c1.089-.113 2.374.044 3.695.88 1.297.82 2.341 2.938 2.726 4.212.493 1.63.832 3.372-.493 5.22-.942 1.313-3.695 2.038-5.918.468.594.955 1.396 1.737 2.477 1.884 1.605.218 3.129-.061 4.176-1.137.895-.92 1.37-2.845 1.245-4.872l1.417-.205.511 3.637 23.449-2.823-1.913-18.66ZM27.86 28.834l2.951-.406c.477.215.81.297 1.382.442.89.232 1.924.455 3.451-.314.356-.177 1.096-.854 1.395-1.24l12.087-2.193 1.233 14.924-20.708 3.732-1.79-14.945Zm17.149 4.953-3.96-2.611-3.301 5.517-3.842-1.123-3.382 5.161.174 1.625 18.388-3.388-1.07-11.489-3.007 6.308Z"/>
+    </symbol>
+    <symbol viewBox="0 0 60 60" id="fastly">
+      <path d="M40.845 36.419h4.699v-2.393h-1.558V18.379h-3.141v18.04ZM.008 34.026h1.6v-7.55h-1.6v-2.078l1.6-.263v-2.103c0-2.546.554-3.653 3.797-3.653.698 0 1.533.103 2.264.24l-.434 2.561a6.106 6.106 0 0 0-1.047-.093c-1.141 0-1.43.11-1.43 1.234v1.822h2.375v2.342H4.758v7.55h1.584v2.393H.016v-2.402H.008Zm39.228-.757c-.494.102-.92.093-1.235.102-1.294.034-1.183-.391-1.183-1.617v-5.278h2.469v-2.342h-2.469V18.38h-3.15v14.029c0 2.759.681 4.01 3.644 4.01.698 0 1.668-.18 2.392-.34l-.468-2.81Zm19.563.775c.664 0 1.2.528 1.2 1.192 0 .663-.536 1.183-1.2 1.183a1.186 1.186 0 0 1-1.101-.728 1.186 1.186 0 0 1-.091-.456c0-.672.536-1.191 1.192-1.191Zm0 2.187a1 1 0 0 0 .996-1.004.99.99 0 0 0-.996-.987.983.983 0 0 0-.996.987c0 .553.451 1.004.996 1.004Zm.221-.417-.238-.348h-.17v.349h-.264v-1.167h.485c.29 0 .468.145.468.4 0 .188-.094.315-.247.366l.29.4h-.324Zm-.409-.587h.214c.118 0 .204-.05.204-.179 0-.119-.085-.17-.196-.17h-.222v.349Zm-28.868-8.76v-.417c-.953-.17-1.897-.179-2.409-.179-1.464 0-1.642.775-1.642 1.2 0 .597.204.92 1.787 1.27 2.324.518 4.648 1.063 4.648 3.94 0 2.733-1.405 4.138-4.358 4.138-1.975 0-3.899-.426-5.364-.8v-2.35h2.384v.418c1.03.195 2.103.178 2.665.178 1.566 0 1.813-.843 1.813-1.285 0-.622-.451-.92-1.916-1.218-2.758-.468-4.954-1.413-4.954-4.214 0-2.656 1.78-3.695 4.733-3.695 2.001 0 3.525.307 4.989.682v2.332h-2.376Zm-14.752 1.882-1.158 1.012a.616.616 0 0 0-.639 1.014.616.616 0 0 0 1.033-.299.617.617 0 0 0-.02-.34l1.022-1.14-.238-.248Z"/>
+      <path d="M20.068 23.47h-3.15v.886a6.38 6.38 0 0 0-2.12-.792v-1.073h.383v-.8h-3.167v.8h.384v1.081a6.48 6.48 0 0 0-5.261 6.368 6.469 6.469 0 0 0 1.899 4.588 6.48 6.48 0 0 0 4.587 1.9c1.209 0 2.35-.333 3.32-.912l.562.911h3.329v-3.15h-.766V23.47Zm-3.116 6.657a3.343 3.343 0 0 1-3.15 3.142v-.375h-.375v.375a3.332 3.332 0 0 1-3.124-3.15h.375v-.374h-.375a3.342 3.342 0 0 1 3.124-3.124v.374h.375v-.375a3.333 3.333 0 0 1 3.15 3.141h-.375v.375h.375v-.009Zm36.555-5.992h6.495v2.34h-1.549l-3.984 9.8c-1.141 2.749-3.013 5.345-5.874 5.345-.698 0-1.635-.076-2.282-.23l.281-2.86c.418.076.962.128 1.243.128 1.328 0 2.818-.818 3.286-2.248l-4.035-9.935h-1.55v-2.341h6.496v2.341h-1.549l2.29 5.627 2.29-5.627h-1.55v-2.341h-.008Z"/>
+    </symbol>
+    <symbol viewBox="0 0 60 60" id="honeybadger">
+      <path fill-rule="evenodd" clip-rule="evenodd" d="m37.902 14.22 7.608 7.607-15.506 15.507-1.687-1.687-2.292 2.29 2.451 2.452a2.161 2.161 0 0 0 3.056 0l17.034-17.034a2.16 2.16 0 0 0 0-3.055l-9.3-9.298-1.364 3.218Zm-.284-4.866-1.364 3.218-2.87-2.87 2.291-2.29 1.943 1.942Zm-3.47-3.472-2.616-2.615a2.161 2.161 0 0 0-3.056 0L11.444 20.3a2.161 2.161 0 0 0 0 3.055l9.984 9.984 1.462-3.119-8.391-8.393L30.004 6.323l1.853 1.85 2.29-2.29ZM23.051 34.964l1.462-3.12 2.276 2.275-2.293 2.29-1.445-1.445Z"/>
+      <path d="M39.405 5.158c.232-.546-.459-1.013-.879-.592L19.967 23.125h7.56l-6.016 14.81c-.221.547.466 1.003.882.586L40.49 20.424h-7.561l6.476-15.266Z"/>
+      <path fill-rule="evenodd" clip-rule="evenodd" d="m5.662 57.367 1.744-11.959H5.465l-.715 4.864H2.989l.715-4.864H1.762L.004 57.367h1.941l.78-5.308h1.762l-.78 5.308h1.955Zm3.62-2.397c1.942 0 2.705-.82 3.107-3.75.375-2.783-.276-3.697-2.08-3.697-1.913 0-2.732.941-3.078 3.804-.36 2.81.374 3.643 2.052 3.643Zm.196-1.371c-.486 0-.611-.47-.348-2.285.25-1.882.486-2.432 1.04-2.432.486 0 .583.442.333 2.298-.249 1.84-.486 2.419-1.025 2.419Zm5.672-5.323c.43-.404 1.054-.753 1.608-.753 1.124 0 1.513.766 1.318 2.11l-.777 5.175h-1.803l.736-4.972c.068-.484-.028-.727-.388-.727-.278 0-.541.243-.707.404l-.778 5.295h-1.802l1.04-7.124h1.526l.027.592Zm22.967-.592-.21.525a1.545 1.545 0 0 0-1.33-.686c-1.318 0-2.122 1.05-2.455 3.83-.333 2.756.306 3.617 1.345 3.617.624 0 1.11-.296 1.47-.712l.014.55h1.665l1.053-7.124h-1.552Zm-1.056 5.39c-.151.19-.442.39-.692.39-.445 0-.583-.417-.347-2.15.25-1.841.513-2.272.956-2.272.265 0 .486.188.611.39l-.528 3.643Zm8.558-7.666-1.387 9.4h-1.65l-.015-.55c-.36.43-.86.712-1.47.712-1.04 0-1.692-.86-1.344-3.617.333-2.78 1.122-3.83 2.454-3.83.514 0 .915.215 1.206.552l.403-2.667h1.803Zm-3.967 5.906c-.249 1.733-.097 2.15.347 2.15.236 0 .541-.2.693-.39l.527-3.642c-.125-.202-.36-.39-.61-.39-.444 0-.707.43-.957 2.272Zm-15.81 6.05h21.502a2.584 2.584 0 0 0 2.559-2.223l1.054-7.457h-1.553l-.166.538c-.278-.39-.75-.699-1.262-.699-1.4 0-2.164.766-2.552 3.75-.374 2.715.236 3.548 1.332 3.548.554 0 1.067-.24 1.413-.644l-.055.51c-.149.639-.804 1.145-1.882 1.145H26.71c-.255.603-.503 1.09-.797 1.45l-.07.082Zm21.842-4.02c-.444 0-.61-.39-.374-2.084.236-1.774.513-2.218.97-2.218.25 0 .473.188.596.377l-.512 3.535c-.152.188-.445.39-.68.39Zm7.461.994c-.734.43-1.498.632-2.164.632-1.553 0-2.26-1.344-1.955-3.63.36-2.741 1.387-3.817 3.148-3.817 1.096 0 1.775.565 1.775 1.56 0 1.33-.749 2.782-3.189 3.226 0 .072.004.126.008.174.003.04.005.079.005.12.013.552.306.848.791.848.333 0 .72-.108 1.276-.363l.305 1.25Zm-1.18-5.484c-.428 0-.818.645-1.053 2.07a1.557 1.557 0 0 0 1.414-1.546c0-.323-.11-.524-.36-.524Zm3.46 5.954.734-4.879c.36-.322.763-.497 1.165-.497.112 0 .208 0 .32.013l.36-1.733a.932.932 0 0 0-.568-.189c-.528 0-.985.418-1.318 1.009l-.027-.848h-1.415l-1.055 7.124h1.804Zm-34.924-.47c-.736.43-1.498.632-2.164.632-1.553 0-2.26-1.344-1.954-3.63.36-2.741 1.385-3.817 3.146-3.817 1.097 0 1.776.565 1.776 1.56 0 1.33-.749 2.782-3.189 3.226 0 .072.004.126.007.174.003.04.006.079.006.12.015.552.305.848.791.848.333 0 .721-.108 1.275-.363l.306 1.25Zm-1.18-5.484c-.429 0-.817.645-1.052 2.07a1.557 1.557 0 0 0 1.413-1.546c0-.323-.11-.524-.36-.524Zm9.85 6.116c1.58 0 2.19-1.25 2.524-4.167.318-2.608-.195-3.28-1.29-3.28-.554 0-1.04.23-1.47.565l.36-2.482h-1.802l-1.346 9.202h1.637l.166-.537c.236.39.666.7 1.22.7Zm-.347-1.506a.675.675 0 0 1-.624-.39l.541-3.655c.208-.215.484-.377.749-.377.416 0 .499.416.319 1.828-.166 1.681-.444 2.594-.985 2.594Zm-5.516-.59 1.566-5.19h1.859L25.96 54.89c-.764 1.962-1.193 2.474-2.4 2.474H6.626l.225-1.532h16.414c.557 0 .864-.387.864-.89l-.624-7.258h1.956l-.153 5.19Z"/>
+    </symbol>
+    <symbol viewBox="0 0 60 60" id="domainr">
+      <path d="M30.02 0a22.501 22.501 0 0 1 15.899 6.582A22.515 22.515 0 0 1 52.5 22.473c0 5.96-2.378 11.676-6.582 15.89a22.5 22.5 0 0 1-15.899 6.583H10.236a.733.733 0 0 1-.626-.35.887.887 0 0 1-.11-.354c0-.125.025-.25.086-.361l1.152-2.306a.959.959 0 0 1 .883-.537H30.02a18.57 18.57 0 0 0 18.57-18.565A18.57 18.57 0 0 0 30.02 3.91H14.048a.409.409 0 0 0-.184.046.466.466 0 0 0-.135.129.309.309 0 0 0-.049.179c-.012.064.012.126.037.184l1.066 2.12a.429.429 0 0 0 .184.199c.074.049.16.073.258.073H30.02a15.64 15.64 0 0 1 15.641 15.634A15.647 15.647 0 0 1 30.02 38.106H13.656a.733.733 0 0 1-.626-.35.887.887 0 0 1-.11-.352.75.75 0 0 1 .086-.363l4.572-9.145a.96.96 0 0 1 .87-.538H30.02a4.89 4.89 0 0 0 4.89-4.885 4.89 4.89 0 0 0-4.89-4.885h-9.132a.405.405 0 0 0-.184.047.466.466 0 0 0-.135.129.309.309 0 0 0-.049.179c-.012.062.012.125.037.182l1.066 2.121c.037.08.098.15.172.199a.525.525 0 0 0 .27.073h7.955c.527 0 1.017.206 1.385.573.368.367.576.864.576 1.382 0 .518-.208 1.015-.576 1.382a1.949 1.949 0 0 1-1.385.572h-10.1a.999.999 0 0 1-.515-.147 1.054 1.054 0 0 1-.356-.39l-4.584-9.145a.735.735 0 0 1-.074-.362c0-.126.037-.248.11-.356a.671.671 0 0 1 .258-.256.744.744 0 0 1 .368-.092H30.02a8.81 8.81 0 0 1 6.227 2.576 8.82 8.82 0 0 1 2.574 6.218 8.819 8.819 0 0 1-2.574 6.218 8.809 8.809 0 0 1-6.227 2.576h-9.426a.503.503 0 0 0-.442.274l-1.066 2.12a.462.462 0 0 0-.037.183.32.32 0 0 0 .061.178.29.29 0 0 0 .135.13c.05.03.11.046.172.046H30.02a11.75 11.75 0 0 0 8.299-3.435 11.743 11.743 0 0 0 3.432-8.29 11.743 11.743 0 0 0-3.432-8.291 11.75 11.75 0 0 0-8.299-3.434H13.08a.999.999 0 0 1-.515-.147 1.053 1.053 0 0 1-.356-.39L7.625 1.065A.735.735 0 0 1 7.55.703a.62.62 0 0 1 .11-.354.757.757 0 0 1 .258-.256.745.745 0 0 1 .368-.094H30.02ZM6.423 59.86h-2.17l.013-1.39h2.157c.638 0 1.153-.137 1.582-.412.429-.274.747-.668.968-1.18.208-.511.319-1.122.319-1.83v-.55c0-.55-.062-1.037-.184-1.46a3.019 3.019 0 0 0-.54-1.068 2.397 2.397 0 0 0-.882-.657 3.022 3.022 0 0 0-1.201-.223H4.217v-1.398h2.268c.674 0 1.299.114 1.85.343a4.016 4.016 0 0 1 1.447.97c.417.424.723.932.944 1.522.22.592.33 1.253.33 1.984v.538c0 .73-.11 1.391-.33 1.983a4.233 4.233 0 0 1-.944 1.521c-.404.42-.895.743-1.459.971-.564.225-1.2.336-1.9.336Zm-1.2-10.168V59.86H3.468V49.692h1.753Zm7.109 6.474v-.161c0-.544.073-1.05.233-1.515.159-.47.392-.878.686-1.222a3.16 3.16 0 0 1 1.103-.81 3.62 3.62 0 0 1 1.483-.293c.552 0 1.042.098 1.471.293.442.19.81.46 1.116.81.306.344.527.751.686 1.222.16.466.246.97.246 1.515v.16c0 .546-.086 1.051-.246 1.516-.159.465-.38.872-.686 1.222a3.27 3.27 0 0 1-1.103.81A3.58 3.58 0 0 1 15.85 60a3.74 3.74 0 0 1-1.496-.287 3.27 3.27 0 0 1-1.103-.81 3.783 3.783 0 0 1-.686-1.222 4.64 4.64 0 0 1-.233-1.515Zm1.68-.161v.16c0 .34.036.661.097.964.074.303.184.569.331.797.147.228.343.407.576.537.233.13.515.196.834.196.306 0 .576-.065.809-.196.233-.13.417-.31.576-.537.147-.228.257-.494.319-.797a4.07 4.07 0 0 0 .11-.963v-.161c0-.335-.037-.652-.11-.95a2.173 2.173 0 0 0-.331-.803 1.59 1.59 0 0 0-.576-.544 1.554 1.554 0 0 0-.81-.202c-.318 0-.6.067-.833.202-.22.13-.417.311-.564.544s-.257.501-.33.803a4.706 4.706 0 0 0-.099.95Zm8.433-2.165v6.02h-1.68v-7.556h1.581l.099 1.536Zm-.27 1.963-.576-.008c0-.52.061-1.002.196-1.445.135-.442.319-.826.576-1.152.245-.331.564-.584.932-.761.38-.182.809-.272 1.311-.272.343 0 .65.051.944.153.282.098.527.254.748.468.208.215.368.49.478.824.122.336.184.74.184 1.215v5.035h-1.692v-4.888c0-.368-.049-.656-.16-.866a.973.973 0 0 0-.465-.447 1.73 1.73 0 0 0-.723-.14c-.319 0-.589.061-.81.182-.22.12-.404.286-.539.496-.134.21-.245.451-.306.726a4.033 4.033 0 0 0-.098.88Zm4.682-.448-.784.176c0-.456.061-.888.184-1.292a3.4 3.4 0 0 1 .564-1.075c.257-.313.564-.557.931-.733a2.854 2.854 0 0 1 1.263-.266c.392 0 .735.054 1.03.16.318.103.576.266.784.49.22.222.38.513.49.872.11.354.172.782.172 1.285v4.888h-1.692v-4.896c0-.38-.06-.676-.171-.886a.836.836 0 0 0-.454-.433 1.884 1.884 0 0 0-.723-.126c-.257 0-.49.05-.686.147a1.383 1.383 0 0 0-.503.399 1.839 1.839 0 0 0-.306.578c-.062.22-.099.457-.099.712Zm10.628 2.99v-3.604c0-.27-.049-.502-.147-.698a1.066 1.066 0 0 0-.454-.454 1.526 1.526 0 0 0-.735-.16c-.282 0-.515.046-.711.14a1.206 1.206 0 0 0-.478.377.91.91 0 0 0-.16.537h-1.679c0-.298.074-.586.22-.866.148-.28.356-.528.626-.748.27-.218.6-.39.98-.516s.81-.188 1.288-.188c.564 0 1.079.095 1.508.286.44.19.796.48 1.041.866.258.381.38.862.38 1.438v3.36c0 .344.025.653.074.928.049.27.123.505.22.706v.111H37.73a2.797 2.797 0 0 1-.184-.691 4.8 4.8 0 0 1-.06-.824Zm.233-3.08.025 1.04h-1.214c-.306 0-.588.031-.821.091a1.69 1.69 0 0 0-.6.251c-.148.112-.27.248-.356.406-.074.158-.11.337-.11.537 0 .201.048.385.134.552.098.163.233.291.405.384.183.094.404.14.662.14a1.835 1.835 0 0 0 1.507-.734c.147-.208.233-.407.245-.593l.54.747a2.3 2.3 0 0 1-.282.615c-.135.219-.319.427-.54.628a2.616 2.616 0 0 1-1.801.67 2.92 2.92 0 0 1-1.324-.293 2.395 2.395 0 0 1-.907-.803 2.067 2.067 0 0 1-.331-1.152c0-.4.073-.754.233-1.062.147-.311.367-.572.661-.782a3.338 3.338 0 0 1 1.091-.474c.43-.112.92-.168 1.471-.168h1.312Zm5.014-2.96v7.555H41.04v-7.556h1.692ZM40.93 50.32c0-.256.085-.468.245-.635.184-.173.417-.259.723-.259.294 0 .527.086.699.259a.848.848 0 0 1 .257.635c0 .251-.086.46-.257.629-.172.168-.405.251-.699.251-.306 0-.54-.083-.723-.251a.883.883 0 0 1-.245-.629Zm5.307 3.596v5.943h-1.679v-7.556h1.594l.085 1.613Zm-.294 1.886-.54-.008c0-.534.074-1.026.221-1.473.148-.446.356-.831.613-1.152.27-.321.576-.568.944-.74a2.82 2.82 0 0 1 1.238-.265c.356 0 .687.051.98.153.295.098.553.258.76.482.222.224.38.514.491.874.11.353.172.788.172 1.305v4.881H49.13v-4.888c0-.363-.061-.65-.16-.86a.946.946 0 0 0-.453-.453 1.711 1.711 0 0 0-.735-.14 1.59 1.59 0 0 0-.772.182 1.74 1.74 0 0 0-.589.496c-.147.21-.27.451-.355.726a2.938 2.938 0 0 0-.123.88Zm8.287-2.06v6.117h-1.692v-7.556h1.606l.086 1.438Zm2.304-1.488-.012 1.564a4.306 4.306 0 0 0-.687-.055c-.282 0-.539.042-.76.125a1.418 1.418 0 0 0-.882.894 2.574 2.574 0 0 0-.147.72l-.38.028c0-.476.049-.915.135-1.32a3.48 3.48 0 0 1 .429-1.068c.183-.308.429-.548.71-.72.282-.173.613-.258.993-.258a2.13 2.13 0 0 1 .601.09Z"/>
+    </symbol>
+    <symbol viewBox="0 0 60 60" id="mend-io">
+      <path d="M43.39 27.355c-2.24 5.173-7.39 8.79-13.39 8.79-.25 0-.49-.006-.73-.018-7.72-.38-13.87-6.763-13.87-14.58 0-1.31.18-2.576.5-3.78.33-.352.79-.57 1.31-.57.99 0 1.81.818 1.81 1.824v.587c0 .01-.01.02-.01.028v4.44a3.33 3.33 0 0 0 3.32 3.331 3.33 3.33 0 0 0 3.32-3.331v-3.582c0-.012-.01-.022-.01-.035v-1.438c0-1.006.81-1.825 1.81-1.825s1.81.82 1.81 1.825v5.055c0 1.837 1.49 3.331 3.31 3.331a3.33 3.33 0 0 0 3.32-3.331V19.02c0-1.006.81-1.825 1.81-1.825.99 0 1.8.82 1.8 1.825v5.055a3.33 3.33 0 0 0 3.32 3.331c.19 0 .38-.02.57-.052Z"/>
+      <path d="M44.59 21.55c0 1.322-.18 2.598-.5 3.818v.006c-.01.002-.01.005-.01.005v.002c-.33.32-.77.52-1.27.52-.99 0-1.8-.819-1.8-1.824v-5.055a3.331 3.331 0 0 0-3.32-3.332c-1.83 0-3.31 1.496-3.31 3.333v5.055c0 1.006-.81 1.825-1.81 1.825s-1.81-.82-1.81-1.825v-5.055c0-1.837-1.48-3.333-3.31-3.333a3.331 3.331 0 0 0-3.32 3.333v5.055c0 1.006-.81 1.825-1.8 1.825-1 0-1.81-.82-1.81-1.825v-5.055c0-1.836-1.49-3.33-3.31-3.332h-.01c-.2 0-.4.021-.6.057C18.85 10.573 24 6.956 30 6.956c.07 0 .15 0 .23.002 7.95.126 14.36 6.61 14.36 14.594M.11 52.772a.408.408 0 0 1-.11-.289v-7.528c0-.117.04-.214.11-.289a.4.4 0 0 1 .29-.111h1.75c.11 0 .21.038.28.111a.38.38 0 0 1 .12.289v.544c.24-.32.57-.584.98-.792.41-.209.87-.313 1.39-.313 1.17 0 1.98.459 2.43 1.378.26-.406.61-.737 1.07-.994.46-.256.95-.384 1.48-.384.87 0 1.58.296 2.13.89.55.592.83 1.476.83 2.651v4.548c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121H10.6a.421.421 0 0 1-.3-.112.376.376 0 0 1-.12-.289v-4.436c0-.534-.11-.918-.32-1.154-.22-.234-.52-.352-.89-.352-.35 0-.63.12-.85.36-.23.241-.34.623-.34 1.146v4.436c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121H5.52a.414.414 0 0 1-.29-.112.408.408 0 0 1-.11-.289v-4.436c0-.523-.11-.905-.34-1.146a1.15 1.15 0 0 0-.87-.36c-.36 0-.63.12-.86.36-.23.241-.35.617-.35 1.129v4.453c0 .107-.03.2-.11.28a.367.367 0 0 1-.29.121H.4a.382.382 0 0 1-.29-.112Zm15.07-.768c-.74-.694-1.13-1.703-1.16-3.028v-.56c.05-1.26.44-2.246 1.18-2.955.74-.71 1.74-1.066 2.99-1.066.91 0 1.67.185 2.3.553.62.368 1.09.873 1.41 1.513.31.641.47 1.378.47 2.211v.384c0 .107-.04.199-.11.28-.08.08-.17.12-.29.12h-5.13v.112c.02.502.15.908.37 1.217.23.31.55.464.98.464.27 0 .48-.056.66-.168.17-.112.32-.248.46-.408.1-.117.17-.19.23-.216.06-.026.15-.04.28-.04h1.99c.09 0 .18.029.25.088s.1.136.1.232c0 .278-.16.598-.47.961-.32.364-.77.678-1.37.945-.6.267-1.3.4-2.12.4-1.28 0-2.29-.347-3.02-1.041v.002Zm4.37-4.133v-.031c0-.523-.12-.938-.36-1.241-.24-.305-.57-.457-1-.457-.43 0-.75.152-.99.457-.24.303-.36.718-.36 1.241v.031h2.71Zm4.1 4.901a.408.408 0 0 1-.11-.289v-7.528c0-.117.04-.214.11-.289a.418.418 0 0 1 .29-.111h1.85c.11 0 .21.038.29.111a.38.38 0 0 1 .12.289v.608c.29-.352.66-.635 1.11-.849.46-.214.97-.32 1.55-.32.94 0 1.7.318 2.29.954.59.635.88 1.524.88 2.666v4.469c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121h-2.02c-.1 0-.2-.04-.28-.121a.383.383 0 0 1-.12-.28v-4.372c0-.503-.12-.89-.37-1.162-.24-.273-.59-.408-1.05-.408-.46 0-.8.135-1.06.408-.26.272-.38.659-.38 1.162v4.372c0 .107-.04.2-.12.28a.36.36 0 0 1-.28.121h-2.01a.414.414 0 0 1-.29-.112Zm10.53-.712c-.58-.657-.9-1.583-.95-2.78l-.02-.561.02-.577c.04-1.153.36-2.066.95-2.739.59-.672 1.41-1.009 2.44-1.009.97 0 1.76.316 2.36.945v-3.428a.382.382 0 0 1 .4-.4h1.95c.12 0 .21.038.29.112.07.075.11.171.11.288v10.572c0 .106-.04.199-.11.279a.382.382 0 0 1-.29.121h-1.81c-.11 0-.2-.04-.28-.121a.383.383 0 0 1-.12-.279v-.514c-.59.715-1.42 1.073-2.5 1.073s-1.86-.328-2.44-.985v.003Zm4.4-1.618c.23-.305.36-.696.4-1.177.01-.139.01-.342.01-.608 0-.267 0-.454-.01-.593-.03-.437-.16-.8-.4-1.089-.25-.288-.61-.433-1.08-.433-.5 0-.86.15-1.08.448-.22.3-.34.711-.37 1.234-.02.107-.02.272-.02.497 0 .224 0 .389.02.496.03.523.15.934.37 1.234.22.299.58.448 1.08.448.51 0 .84-.152 1.08-.457Zm9.06-7.2c-.08-.075-.11-.17-.11-.288v-1.442c0-.117.03-.214.11-.288a.382.382 0 0 1 .29-.112h1.92c.12 0 .21.038.29.112.07.074.11.171.11.288v1.442c0 .117-.04.213-.11.288a.397.397 0 0 1-.29.112h-1.92a.382.382 0 0 1-.29-.112Zm.02 9.53a.376.376 0 0 1-.12-.288v-7.529c0-.117.04-.213.12-.288a.374.374 0 0 1 .28-.112h1.89c.12 0 .22.038.29.112a.37.37 0 0 1 .11.288v7.529c0 .106-.03.199-.11.28a.37.37 0 0 1-.29.12h-1.89a.374.374 0 0 1-.28-.112Zm5.02-.672c-.72-.631-1.11-1.517-1.17-2.659-.01-.139-.02-.379-.02-.721 0-.341.01-.581.02-.72.06-1.131.46-2.015 1.2-2.651.74-.636 1.74-.954 3.03-.954 1.28 0 2.3.318 3.04.954.74.636 1.14 1.519 1.2 2.651.01.139.02.379.02.72 0 .342-.01.583-.02.721-.06 1.142-.45 2.028-1.17 2.659-.71.63-1.74.944-3.07.944-1.34 0-2.35-.314-3.06-.944Zm4.1-1.433c.22-.284.35-.719.38-1.305.01-.107.02-.32.02-.642 0-.321-.01-.533-.02-.641-.03-.577-.16-1.008-.39-1.297-.23-.289-.57-.433-1.03-.433-.89 0-1.36.577-1.41 1.73l-.02.641.02.642c.02.588.14 1.023.37 1.305.23.283.58.424 1.04.424.46 0 .81-.141 1.04-.424Zm-12.16 2.217a1.45 1.45 0 1 0 0-2.9 1.45 1.45 0 0 0 0 2.9Z"/>
+    </symbol>
+    <symbol viewBox="0 0 24 24" id="github">
+      <path d="M12 0c6.63 0 12 5.37 12 12a12.024 12.024 0 0 1-8.175 11.385c-.6.12-.825-.255-.825-.57 0-.405.015-1.695.015-3.3 0-1.125-.375-1.845-.81-2.22 2.67-.3 5.475-1.32 5.475-5.925 0-1.32-.465-2.385-1.23-3.225.12-.3.54-1.53-.12-3.18 0 0-1.005-.33-3.3 1.23-.96-.27-1.98-.405-3-.405s-2.04.135-3 .405c-2.295-1.545-3.3-1.23-3.3-1.23-.66 1.65-.24 2.88-.12 3.18-.765.84-1.23 1.92-1.23 3.225 0 4.59 2.79 5.625 5.46 5.925-.345.3-.66.825-.765 1.605-.69.315-2.415.825-3.495-.99-.225-.36-.9-1.245-1.845-1.23-1.005.015-.405.57.015.795.51.285 1.095 1.35 1.23 1.695.24.675 1.02 1.965 4.035 1.41 0 1.005.015 1.95.015 2.235 0 .315-.225.675-.825.57A11.995 11.995 0 0 1 0 12C0 5.37 5.37 0 12 0Z"/>
+    </symbol>
+    <symbol viewBox="0 0 24 24" id="mastodon">
+      <path d="M23.193 7.879c0-5.207-3.411-6.732-3.411-6.732C18.062.357 15.109.025 12.04 0h-.076c-3.068.025-6.019.357-7.74 1.147 0 0-3.411 1.526-3.411 6.732 0 1.191-.023 2.617.015 4.129.123 5.092.933 10.111 5.641 11.356 2.171.575 4.034.695 5.534.613 2.722-.152 4.249-.972 4.249-.972l-.09-1.975s-1.945.614-4.129.539c-2.165-.075-4.448-.233-4.799-2.891a5.626 5.626 0 0 1-.048-.745s2.124.519 4.817.643c1.646.076 3.19-.096 4.759-.283 3.007-.359 5.625-2.211 5.954-3.905.52-2.668.477-6.509.477-6.509Zm-4.023 6.709h-2.498v-6.12c0-1.289-.542-1.944-1.628-1.944-1.2 0-1.802.777-1.802 2.312v3.35H10.76v-3.35c0-1.535-.601-2.312-1.803-2.312-1.086 0-1.628.655-1.628 1.944v6.12H4.832V8.284c0-1.289.327-2.313.987-3.07.68-.757 1.569-1.146 2.674-1.146 1.278 0 2.247.491 2.886 1.473L12 6.585l.623-1.044c.64-.982 1.609-1.473 2.887-1.473 1.104 0 1.994.389 2.674 1.146.658.757.986 1.781.986 3.07v6.304Z"/>
+    </symbol>
+    <symbol viewBox="0 0 24 24" id="x-twitter">
+      <path d="M14.286 10.664 23.222.5h-2.117l-7.763 8.824L7.147.5H0l9.37 13.344L0 24.5h2.117l8.192-9.319 6.544 9.32H24M2.88 2.061h3.253l14.97 20.953H17.85"/>
+    </symbol>
+  </defs>
+</svg>
diff --git a/test/policies/rubygem_policy_test.rb b/test/policies/rubygem_policy_test.rb
index 40b29b2041e..97c0e982d26 100644
--- a/test/policies/rubygem_policy_test.rb
+++ b/test/policies/rubygem_policy_test.rb
@@ -48,10 +48,12 @@ def policy!(user)
       refute_authorized @user, :request_ownership?
     end
 
-    should "be false if the gem has a version newer than 1 year" do
-      create(:version, rubygem: @rubygem, created_at: 11.months.ago)
+    context "when the gem has a version newer than 1 year" do
+      should "be false" do
+        create(:version, rubygem: @rubygem, created_at: 11.months.ago)
 
-      refute_authorized @user, :request_ownership?
+        refute_authorized @user, :request_ownership?
+      end
     end
 
     should "be true if the gem's latest version is older than 1 year and less than 10,000 downloads" do
diff --git a/vendor/javascript/@stimulus-components--dialog.js b/vendor/javascript/@stimulus-components--dialog.js
new file mode 100644
index 00000000000..6c877875fa9
--- /dev/null
+++ b/vendor/javascript/@stimulus-components--dialog.js
@@ -0,0 +1,2 @@
+import{Controller as e}from"@hotwired/stimulus";const t=class _Dialog extends e{initialize(){this.forceClose=this.forceClose.bind(this)}connect(){this.openValue&&this.open(),document.addEventListener("turbo:before-render",this.forceClose)}disconnect(){document.removeEventListener("turbo:before-render",this.forceClose)}open(){this.dialogTarget.showModal()}close(){this.dialogTarget.setAttribute("closing",""),Promise.all(this.dialogTarget.getAnimations().map((e=>e.finished))).then((()=>{this.dialogTarget.removeAttribute("closing"),this.dialogTarget.close()}))}backdropClose(e){e.target===this.dialogTarget&&this.close()}forceClose(){this.dialogTarget.close()}};t.targets=["dialog"],t.values={open:{type:Boolean,default:!1}};let o=t;export{o as default};
+
diff --git a/vendor/javascript/@stimulus-components--reveal.js b/vendor/javascript/@stimulus-components--reveal.js
new file mode 100644
index 00000000000..91615312192
--- /dev/null
+++ b/vendor/javascript/@stimulus-components--reveal.js
@@ -0,0 +1,2 @@
+import{Controller as s}from"@hotwired/stimulus";const t=class _Reveal extends s{connect(){this.class=this.hasHiddenClass?this.hiddenClass:"hidden"}toggle(){this.itemTargets.forEach((s=>{s.classList.toggle(this.class)}))}show(){this.itemTargets.forEach((s=>{s.classList.remove(this.class)}))}hide(){this.itemTargets.forEach((s=>{s.classList.add(this.class)}))}};t.targets=["item"],t.classes=["hidden"];let e=t;export{e as default};
+

From 2c8b2c60cbbf49449e3d875cf0f7c86395f94505 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Tue, 15 Oct 2024 15:10:16 -0700
Subject: [PATCH 286/381] Only link to sign up path when sign ups allowed
 (#5128)

Fixes a no method error

---------

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
Co-authored-by: Martin Emde <martinemde@users.noreply.github.com>
---
 app/views/layouts/_session.html.erb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/views/layouts/_session.html.erb b/app/views/layouts/_session.html.erb
index 761b0e83587..a5975f422da 100644
--- a/app/views/layouts/_session.html.erb
+++ b/app/views/layouts/_session.html.erb
@@ -11,7 +11,8 @@
       <% end %>
     </div>
 
-    <%= link_to sign_up_path, class: "-mr-1 p-1 md:hidden" do %>
+    <% sign_in_sign_up_path = Clearance.configuration.allow_sign_up? ? sign_up_path : sign_in_path %>
+    <%= link_to sign_in_sign_up_path, class: "-mr-1 p-1 md:hidden" do %>
       <svg width="28" height="28" class="h-7 w-7 fill-current"><use href="/images/icons.svg#profile"/></svg>
     <% end %>
   <% end %>

From 72520aad9358ac1bf004efcdb894c3a62fca01bb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Oct 2024 23:49:35 +0000
Subject: [PATCH 287/381] Bump actionmailer from 7.2.1 to 7.2.1.1

Bumps [actionmailer](https://github.com/rails/rails) from 7.2.1 to 7.2.1.1.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.2.1.1/actionmailer/CHANGELOG.md)
- [Commits](https://github.com/rails/rails/compare/v7.2.1...v7.2.1.1)

---
updated-dependencies:
- dependency-name: actionmailer
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 136 +++++++++++++++++++++++++--------------------------
 1 file changed, 68 insertions(+), 68 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index c2a8f9a4f77..1fc5860b045 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -29,29 +29,29 @@ GEM
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.2.1)
-      actionpack (= 7.2.1)
-      activesupport (= 7.2.1)
+    actioncable (7.2.1.1)
+      actionpack (= 7.2.1.1)
+      activesupport (= 7.2.1.1)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
       zeitwerk (~> 2.6)
-    actionmailbox (7.2.1)
-      actionpack (= 7.2.1)
-      activejob (= 7.2.1)
-      activerecord (= 7.2.1)
-      activestorage (= 7.2.1)
-      activesupport (= 7.2.1)
+    actionmailbox (7.2.1.1)
+      actionpack (= 7.2.1.1)
+      activejob (= 7.2.1.1)
+      activerecord (= 7.2.1.1)
+      activestorage (= 7.2.1.1)
+      activesupport (= 7.2.1.1)
       mail (>= 2.8.0)
-    actionmailer (7.2.1)
-      actionpack (= 7.2.1)
-      actionview (= 7.2.1)
-      activejob (= 7.2.1)
-      activesupport (= 7.2.1)
+    actionmailer (7.2.1.1)
+      actionpack (= 7.2.1.1)
+      actionview (= 7.2.1.1)
+      activejob (= 7.2.1.1)
+      activesupport (= 7.2.1.1)
       mail (>= 2.8.0)
       rails-dom-testing (~> 2.2)
-    actionpack (7.2.1)
-      actionview (= 7.2.1)
-      activesupport (= 7.2.1)
+    actionpack (7.2.1.1)
+      actionview (= 7.2.1.1)
+      activesupport (= 7.2.1.1)
       nokogiri (>= 1.8.5)
       racc
       rack (>= 2.2.4, < 3.2)
@@ -60,15 +60,15 @@ GEM
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
       useragent (~> 0.16)
-    actiontext (7.2.1)
-      actionpack (= 7.2.1)
-      activerecord (= 7.2.1)
-      activestorage (= 7.2.1)
-      activesupport (= 7.2.1)
+    actiontext (7.2.1.1)
+      actionpack (= 7.2.1.1)
+      activerecord (= 7.2.1.1)
+      activestorage (= 7.2.1.1)
+      activesupport (= 7.2.1.1)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.2.1)
-      activesupport (= 7.2.1)
+    actionview (7.2.1.1)
+      activesupport (= 7.2.1.1)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
@@ -76,22 +76,22 @@ GEM
     active_link_to (1.0.5)
       actionpack
       addressable
-    activejob (7.2.1)
-      activesupport (= 7.2.1)
+    activejob (7.2.1.1)
+      activesupport (= 7.2.1.1)
       globalid (>= 0.3.6)
-    activemodel (7.2.1)
-      activesupport (= 7.2.1)
-    activerecord (7.2.1)
-      activemodel (= 7.2.1)
-      activesupport (= 7.2.1)
+    activemodel (7.2.1.1)
+      activesupport (= 7.2.1.1)
+    activerecord (7.2.1.1)
+      activemodel (= 7.2.1.1)
+      activesupport (= 7.2.1.1)
       timeout (>= 0.4.0)
-    activestorage (7.2.1)
-      actionpack (= 7.2.1)
-      activejob (= 7.2.1)
-      activerecord (= 7.2.1)
-      activesupport (= 7.2.1)
+    activestorage (7.2.1.1)
+      actionpack (= 7.2.1.1)
+      activejob (= 7.2.1.1)
+      activerecord (= 7.2.1.1)
+      activesupport (= 7.2.1.1)
       marcel (~> 1.0)
-    activesupport (7.2.1)
+    activesupport (7.2.1.1)
       base64
       bigdecimal
       concurrent-ruby (~> 1.0, >= 1.3.1)
@@ -487,7 +487,7 @@ GEM
     mutex_m (0.2.0)
     net-http (0.4.1)
       uri
-    net-imap (0.4.15)
+    net-imap (0.4.17)
       date
       net-protocol
     net-pop (0.1.2)
@@ -609,20 +609,20 @@ GEM
     rackup (2.1.0)
       rack (>= 3)
       webrick (~> 1.8)
-    rails (7.2.1)
-      actioncable (= 7.2.1)
-      actionmailbox (= 7.2.1)
-      actionmailer (= 7.2.1)
-      actionpack (= 7.2.1)
-      actiontext (= 7.2.1)
-      actionview (= 7.2.1)
-      activejob (= 7.2.1)
-      activemodel (= 7.2.1)
-      activerecord (= 7.2.1)
-      activestorage (= 7.2.1)
-      activesupport (= 7.2.1)
+    rails (7.2.1.1)
+      actioncable (= 7.2.1.1)
+      actionmailbox (= 7.2.1.1)
+      actionmailer (= 7.2.1.1)
+      actionpack (= 7.2.1.1)
+      actiontext (= 7.2.1.1)
+      actionview (= 7.2.1.1)
+      activejob (= 7.2.1.1)
+      activemodel (= 7.2.1.1)
+      activerecord (= 7.2.1.1)
+      activestorage (= 7.2.1.1)
+      activesupport (= 7.2.1.1)
       bundler (>= 1.15.0)
-      railties (= 7.2.1)
+      railties (= 7.2.1.1)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
@@ -646,9 +646,9 @@ GEM
       rack
       railties (>= 5.1)
       semantic_logger (~> 4.16)
-    railties (7.2.1)
-      actionpack (= 7.2.1)
-      activesupport (= 7.2.1)
+    railties (7.2.1.1)
+      actionpack (= 7.2.1.1)
+      activesupport (= 7.2.1.1)
       irb (~> 1.13)
       rackup (>= 1.0.0)
       rake (>= 12.2)
@@ -1013,18 +1013,18 @@ DEPENDENCIES
   xml-simple (~> 1.1)
 
 CHECKSUMS
-  actioncable (7.2.1) sha256=b409c96b0acc90abe6aa8fd9656eaff0980c1b36c9e22b8f7c490a46eafc2204
-  actionmailbox (7.2.1) sha256=09c20d0bcb769a6521d22cb8987e2d1d8335b58610957a6c615c85e6743adf89
-  actionmailer (7.2.1) sha256=e4853a32c84105066e64d900ee1025ef075893ee3c51de3a3bc59a6e09586e56
-  actionpack (7.2.1) sha256=260b80acc720123f23eb2b106b04d2de7d8cf0492d4eeb2dfa7afc8be36dcaad
-  actiontext (7.2.1) sha256=1257a2384373188039fc35d46946e757014710361a4af4481e37b510ac7d7d79
-  actionview (7.2.1) sha256=d1f8f4df2bff842a03e2a6e86275e4d73e70c654159617ad4abbe7c6b2aed4f4
+  actioncable (7.2.1.1) sha256=56a57b5a3615cabe754d6cf6ad4ab7a2aa10209638a94b56598311c411869980
+  actionmailbox (7.2.1.1) sha256=839f3b406f049a9dafd8e00695282025e2e1d9d7caafc852fd6156609d262346
+  actionmailer (7.2.1.1) sha256=95aeb7eb76dc0a90917c7a3a7ad3e01464a43bf81d6c51022045ae4c7fdc627b
+  actionpack (7.2.1.1) sha256=a7c1654012de62713252459eb15f3918f7aa119d906a15f74e76a0ed4e8e5bc7
+  actiontext (7.2.1.1) sha256=66675be781ea2a75c1958698c4083742608696e1116a9935602a6caba90305d5
+  actionview (7.2.1.1) sha256=a0136e499a54eb394d97a9fc6960a2b2920ddd55911f94b09cbe7b9295cd90c9
   active_link_to (1.0.5) sha256=4830847b3d14589df1e9fc62038ceec015257fce975ec1c2a77836c461b139ba
-  activejob (7.2.1) sha256=eb145f5aaf8276f37b9e4e9f72f3d56b1733172b4be680e836c765f2e6a3c503
-  activemodel (7.2.1) sha256=7b24e3927122b99c4623f07607a1d0f1cfd598f9dc5077e70178536dd6663348
-  activerecord (7.2.1) sha256=b58a26b9337594f2639cafcc443f4d28d786289f5b5b07b810e8251eeace533c
-  activestorage (7.2.1) sha256=e5d6746aa9e5d92fff9d214fad782b6a7189bc080d319c0b196e3dfa1595a676
-  activesupport (7.2.1) sha256=7557fa077a592a4f36f7ddacf4d9d71c34aff69ed20236b8a61c22d567da8c24
+  activejob (7.2.1.1) sha256=27cd7e7c52a1355d90761212b32614249a0ea0164bccec1fb5a15ef26e47da28
+  activemodel (7.2.1.1) sha256=315d5d2e3d3a5f850a9bea0a69d175bdbf3c5a06a98014006dde73dc83dc4603
+  activerecord (7.2.1.1) sha256=c124a4e4ddfa93e7f198bfdb464dcb8cc5908c89e9c22ec4248ec52ce719aa6b
+  activestorage (7.2.1.1) sha256=f699a54809413424c7aafcb7a0fa4a2ea56366e0e92603bc80d51168d5ac6bbb
+  activesupport (7.2.1.1) sha256=bd4c1b0e5f758c8ccd16250f43b32925e33521e3c0d77c1574588f0d02f83bb2
   addressable (2.8.7) sha256=462986537cf3735ab5f3c0f557f14155d778f4b43ea4f485a9deb9c8f7c58232
   aes_key_wrap (1.1.0) sha256=b935f4756b37375895db45669e79dfcdc0f7901e12d4e08974d5540c8e0776a5
   aggregate_assertions (0.2.0) sha256=9bc51a48323a8e7b82f47cc38d48132817247345e5a8713686c9d65b25daca9e
@@ -1193,7 +1193,7 @@ CHECKSUMS
   multipart-post (2.4.1) sha256=9872d03a8e552020ca096adadbf5e3cb1cd1cdd6acd3c161136b8a5737cdb4a8
   mutex_m (0.2.0) sha256=b6ef0c6c842ede846f2ec0ade9e266b1a9dac0bc151682b04835e8ebd54840d5
   net-http (0.4.1) sha256=a96efc5ea18bcb9715e24dda4159d10f67ff0345c8a980d04630028055b2c282
-  net-imap (0.4.15) sha256=e468121d50cfcf82b7bbcee823d352bbb62ba8add963daa0c08d21680d83b53d
+  net-imap (0.4.17) sha256=127bcaf2ccd40503b8fc6e1f4c122485d6e9feeb90dd49e4618e5ffbc8741598
   net-pop (0.1.2) sha256=848b4e982013c15b2f0382792268763b748cce91c9e91e36b0f27ed26420dff3
   net-protocol (0.2.2) sha256=aa73e0cba6a125369de9837b8d8ef82a61849360eba0521900e2c3713aa162a8
   net-smtp (0.5.0) sha256=5fc0415e6ea1cc0b3dfea7270438ec22b278ca8d524986a3ae4e5ae8d087b42a
@@ -1244,14 +1244,14 @@ CHECKSUMS
   rack-session (2.0.0) sha256=db04b2063e180369192a9046b4559af311990af38c6a93d4c600cee4eb6d4e81
   rack-test (2.1.0) sha256=0c61fc61904049d691922ea4bb99e28004ed3f43aa5cfd495024cc345f125dfb
   rackup (2.1.0) sha256=6ecb884a581990332e45ee17bdfdc14ccbee46c2f710ae1566019907869a6c4d
-  rails (7.2.1) sha256=fd5684e5d007220960666a3a8b31a57cd1c8cd7f60d88cb40e28e95f1911b705
+  rails (7.2.1.1) sha256=79dbdb6feebf78c1172b643a273a4b1c6c8a18e101a4bb1c838be611a3cdcae7
   rails-controller-testing (1.0.5) sha256=741448db59366073e86fc965ba403f881c636b79a2c39a48d0486f2607182e94
   rails-dom-testing (2.2.0) sha256=e515712e48df1f687a1d7c380fd7b07b8558faa26464474da64183a7426fa93b
   rails-erd (1.7.2) sha256=0b17d0fba25d319d8da8af7a3e5e2149d02d6187cc7351e8be43423f07c48bcd
   rails-html-sanitizer (1.6.0) sha256=86e9f19d2e6748890dcc2633c8945ca45baa08a1df9d8c215ce17b3b0afaa4de
   rails-i18n (7.0.9) sha256=c184db80a7c7bf21c14e0e400fe9e27c4c20312f019aaff5b364a82858dc1369
   rails_semantic_logger (4.17.0) sha256=cc10cca01491736596cd5ab40b52b3bbf98338d9d1f5a7916b2be10231615047
-  railties (7.2.1) sha256=4b6ad279bbfb9228d7e7fbc8df562a8f5d4910e179b957d801fcec176d548463
+  railties (7.2.1.1) sha256=16ac9ddd079b8e8c4c3386234512c301ab7a302bce3cbe0560ac44cec7d88453
   rainbow (3.1.1) sha256=039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a
   rake (13.2.1) sha256=46cb38dae65d7d74b6020a4ac9d48afed8eb8149c040eccf0523bec91907059d
   ransack (4.2.1) sha256=e0f688c6ef35abe0bad3cf5afc1b050f36a819bdd56eb454c955c63cdd1bef40

From d38032af27572c60af6ada585adf0c91b1aef1fc Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Tue, 15 Oct 2024 16:54:42 -0700
Subject: [PATCH 288/381] Use correct importmap name for reveal_controller
 (#5129)

---
 app/javascript/controllers/reveal_search_controller.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/javascript/controllers/reveal_search_controller.js b/app/javascript/controllers/reveal_search_controller.js
index 683c1a73cdb..fb3a3ea3356 100644
--- a/app/javascript/controllers/reveal_search_controller.js
+++ b/app/javascript/controllers/reveal_search_controller.js
@@ -1,4 +1,4 @@
-import Reveal from './reveal_controller'
+import Reveal from 'controllers/reveal_controller'
 
 export default class extends Reveal {
   static targets = ["item", "toggle", "button", "input"]

From 6fc92b5efa5700bdb168e7e54ad0e033d1fce5b8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Oct 2024 14:51:26 +0000
Subject: [PATCH 289/381] Bump derailed_benchmarks from 2.2.0 to 2.2.1 (#5133)

---
 Gemfile.lock | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index dfaafac7c6a..04f5de893dd 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -231,12 +231,12 @@ GEM
       msgpack
     date (3.3.4)
     debase-ruby_core_source (3.3.1)
-    derailed_benchmarks (2.2.0)
+    derailed_benchmarks (2.2.1)
       base64
       benchmark-ips (~> 2)
       bigdecimal
       drb
-      get_process_mem (~> 0)
+      get_process_mem
       heapy (~> 0)
       logger
       memory_profiler (>= 0, < 2)
@@ -303,7 +303,8 @@ GEM
       raabro (~> 1.4)
     gem_server_conformance (0.1.4)
       rspec (~> 3.0)
-    get_process_mem (0.2.7)
+    get_process_mem (1.0.0)
+      bigdecimal (>= 2.0)
       ffi (~> 1.0)
     globalid (1.2.1)
       activesupport (>= 6.1)
@@ -1085,7 +1086,7 @@ CHECKSUMS
   datadog-ci (1.7.0) sha256=41c064e2c26cfc63fb6767522e5a99fa43ec017be4b2fddfce1ff9073bb6c385
   date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
   debase-ruby_core_source (3.3.1) sha256=ed904cae290edf0cf274ad707f8981bf1cefad8081e78d4bb71be2a483bc2c08
-  derailed_benchmarks (2.2.0) sha256=3e1a117c4366414faa909dc4276fae05a7e85b208302492d92da779c171d493d
+  derailed_benchmarks (2.2.1) sha256=654280664fded41c9cd8fc27fc0fcfaf096023afab90eb4ac1185ba70c5d4439
   diff-lcs (1.5.1) sha256=273223dfb40685548436d32b4733aa67351769c7dea621da7d9dd4813e63ddfe
   discard (1.3.0) sha256=55218997ca4dc11f0594f1bb2d1196c4a959ceb562f1ab6490130233598dda67
   docile (1.4.1) sha256=96159be799bfa73cdb721b840e9802126e4e03dfc26863db73647204c727f21e
@@ -1117,7 +1118,7 @@ CHECKSUMS
   ffi-compiler (1.3.2) sha256=a94f3d81d12caf5c5d4ecf13980a70d0aeaa72268f3b9cc13358bcc6509184a0
   fugit (1.11.1) sha256=e89485e7be22226d8e9c6da411664d0660284b4b1c08cacb540f505907869868
   gem_server_conformance (0.1.4) sha256=ee404d5405eabcb6f7ab440d2193177375481a77bfa0ec3106165dd6c8e733bb
-  get_process_mem (0.2.7) sha256=4afd3c3641dd6a817c09806c7d6d509d8a9984512ac38dea8b917426bbf77eba
+  get_process_mem (1.0.0) sha256=d54024f3bcbf776a4d6e0155ec2b21bc3ba44e2fd158c4c00c80aa8a36e0b4aa
   globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9
   good_job (3.99.1) sha256=7d3869d8a8ee8ef7048fee5d746f41c21987b7822c20038a2f773036bef0830a
   google-protobuf (4.28.2) sha256=6841bb4566bc33fc2d59b4dd28bfd9308fc528545f21722e9f6e6fa566289c29

From fead1450f397b0b3a3df89870c183c6b47ff6f79 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Oct 2024 10:52:46 -0700
Subject: [PATCH 290/381] Bump tailwindcss-rails from 2.7.9 to 3.0.0 (#5134)

---
 Gemfile      |  2 +-
 Gemfile.lock | 29 ++++++++++++++---------------
 2 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/Gemfile b/Gemfile
index 05a1df3e233..bd51ff6c55c 100644
--- a/Gemfile
+++ b/Gemfile
@@ -93,7 +93,7 @@ gem "local_time", "~> 3.0"
 gem "better_html", "~> 2.1"
 
 group :assets, :development do
-  gem "tailwindcss-rails", "~> 2.7"
+  gem "tailwindcss-rails", "~> 3.0"
 end
 
 group :assets do
diff --git a/Gemfile.lock b/Gemfile.lock
index 04f5de893dd..7f395e60d76 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -806,16 +806,14 @@ GEM
       attr_required (>= 0.0.5)
       faraday (~> 2.0)
       faraday-follow_redirects
-    tailwindcss-rails (2.7.9)
-      railties (>= 7.0.0)
-    tailwindcss-rails (2.7.9-aarch64-linux)
-      railties (>= 7.0.0)
-    tailwindcss-rails (2.7.9-arm64-darwin)
-      railties (>= 7.0.0)
-    tailwindcss-rails (2.7.9-x86_64-darwin)
-      railties (>= 7.0.0)
-    tailwindcss-rails (2.7.9-x86_64-linux)
+    tailwindcss-rails (3.0.0)
       railties (>= 7.0.0)
+      tailwindcss-ruby
+    tailwindcss-ruby (3.4.14)
+    tailwindcss-ruby (3.4.14-aarch64-linux)
+    tailwindcss-ruby (3.4.14-arm64-darwin)
+    tailwindcss-ruby (3.4.14-x86_64-darwin)
+    tailwindcss-ruby (3.4.14-x86_64-linux)
     terser (1.2.4)
       execjs (>= 0.3.0, < 3)
     thor (1.3.2)
@@ -1001,7 +999,7 @@ DEPENDENCIES
   statsd-instrument (~> 3.9)
   stimulus-rails (~> 1.3)
   strong_migrations (~> 2.0)
-  tailwindcss-rails (~> 2.7)
+  tailwindcss-rails (~> 3.0)
   terser (~> 1.2)
   timescaledb (~> 0.3)
   toxiproxy (~> 2.0)
@@ -1318,11 +1316,12 @@ CHECKSUMS
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
   strong_migrations (2.0.1) sha256=86ed89bb62ff1861240ab4628a2500ef50cd8bbf03d4c8f7368fda2dd94636b9
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
-  tailwindcss-rails (2.7.9) sha256=227a80aecdc25465646e501b5b992dcde98799e9d58c44938b61ab8b62cccdb9
-  tailwindcss-rails (2.7.9-aarch64-linux) sha256=e445c0761bcdc8fab423f35a9c6f2791ca73e46ef558a0e02601c9a2cf83dcb3
-  tailwindcss-rails (2.7.9-arm64-darwin) sha256=9fd0e0f45e6695bf09c9275170d81ba47fdf6af4b7b6352d97467b7bb8e019f5
-  tailwindcss-rails (2.7.9-x86_64-darwin) sha256=55a361c43ff8a65209e6d46f4d7dd901badb3b8a26ab603991789a2e5f4f79a9
-  tailwindcss-rails (2.7.9-x86_64-linux) sha256=6ac0523506cb122e3e26bb07c2f6e150542530d0d13d8a4e8466ed7a69fbfce2
+  tailwindcss-rails (3.0.0) sha256=ee9e5956411968fa445d2bb514c8fb70b239ca2e6f2d5bae06b161e2bee19446
+  tailwindcss-ruby (3.4.14) sha256=80e0eb4f369ca48c00b688f88730c5fefe2ea9821f16f03a86dd2a6bf56dda3a
+  tailwindcss-ruby (3.4.14-aarch64-linux) sha256=e4d15a6c8d06cf0c1f45e2582836c92be718e9bc9025067af282816b6336575f
+  tailwindcss-ruby (3.4.14-arm64-darwin) sha256=439ea278878d42b40f775db3783b8fd7d25fa969fd8c11f42436ba064752ae3a
+  tailwindcss-ruby (3.4.14-x86_64-darwin) sha256=add1f6c63cfb7851557323ef7bc7ed49d927ba610b4b363d1066389232ade3ef
+  tailwindcss-ruby (3.4.14-x86_64-linux) sha256=c23dec24cb855d748750e8f4bca1b048a1e617f381e81336c8ab65ede7e84d5c
   terser (1.2.4) sha256=c85f46e0fcdeef4a52639cbb6dd6b359bf0151d035206b072366e7dac379cc83
   thor (1.3.2) sha256=eef0293b9e24158ccad7ab383ae83534b7ad4ed99c09f96f1a6b036550abbeda
   tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c

From 711e5f232ae187f7b5301b960ac02b1f6f074411 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Oct 2024 14:04:07 +0000
Subject: [PATCH 291/381] Bump launchdarkly-server-sdk from 8.7.1 to 8.8.0

Bumps [launchdarkly-server-sdk](https://github.com/launchdarkly/ruby-server-sdk) from 8.7.1 to 8.8.0.
- [Release notes](https://github.com/launchdarkly/ruby-server-sdk/releases)
- [Changelog](https://github.com/launchdarkly/ruby-server-sdk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/launchdarkly/ruby-server-sdk/compare/8.7.1...8.8.0)

---
updated-dependencies:
- dependency-name: launchdarkly-server-sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index bd51ff6c55c..9ad5bf93ffc 100644
--- a/Gemfile
+++ b/Gemfile
@@ -21,7 +21,7 @@ gem "gravtastic", "~> 3.2"
 gem "honeybadger", "~> 5.5.1", require: false # see https://github.com/rubygems/rubygems.org/pull/4598
 gem "http_accept_language", "~> 2.1"
 gem "kaminari", "~> 1.2"
-gem "launchdarkly-server-sdk", "~> 8.7"
+gem "launchdarkly-server-sdk", "~> 8.8"
 gem "mail", "~> 2.8"
 gem "octokit", "~> 9.1"
 gem "omniauth-github", "~> 2.0"
diff --git a/Gemfile.lock b/Gemfile.lock
index 7f395e60d76..fe2882ea6ca 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -388,7 +388,7 @@ GEM
       kaminari-core (= 1.2.2)
     kaminari-core (1.2.2)
     language_server-protocol (3.17.0.3)
-    launchdarkly-server-sdk (8.7.1)
+    launchdarkly-server-sdk (8.8.0)
       concurrent-ruby (~> 1.1)
       http (>= 4.4.0, < 6.0.0)
       json (~> 2.3)
@@ -934,7 +934,7 @@ DEPENDENCIES
   http_accept_language (~> 2.1)
   importmap-rails (~> 2.0)
   kaminari (~> 1.2)
-  launchdarkly-server-sdk (~> 8.7)
+  launchdarkly-server-sdk (~> 8.8)
   launchy (~> 3.0)
   letter_opener (~> 1.10)
   letter_opener_web (~> 3.0)
@@ -1151,7 +1151,7 @@ CHECKSUMS
   kaminari-activerecord (1.2.2) sha256=0dd3a67bab356a356f36b3b7236bcb81cef313095365befe8e98057dd2472430
   kaminari-core (1.2.2) sha256=3bd26fec7370645af40ca73b9426a448d09b8a8ba7afa9ba3c3e0d39cdbb83ff
   language_server-protocol (3.17.0.3) sha256=3d5c58c02f44a20d972957a9febe386d7e7468ab3900ce6bd2b563dd910c6b3f
-  launchdarkly-server-sdk (8.7.1) sha256=38361f8f548a917bccf52844ad9cf666c67a4b02a647d4b582766f8725986533
+  launchdarkly-server-sdk (8.8.0) sha256=75f05c3eb2b38a62bfa2f08697ac22fe9eaa2069bcd9a2ed1cb0d66584139283
   launchy (3.0.1) sha256=b7fa60bda0197cf57614e271a250a8ca1f6a34ab889a3c73f67ec5d57c8a7f2c
   ld-eventsource (2.2.2) sha256=5ea087a6f06bbd8e325d2c1aaead50f37f13d025b952985739e9380a78a96beb
   letter_opener (1.10.0) sha256=2ff33f2e3b5c3c26d1959be54b395c086ca6d44826e8bf41a14ff96fdf1bdbb2

From c026b391daee5e4290933f72585e0fc10e7abe3c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Oct 2024 14:05:08 +0000
Subject: [PATCH 292/381] Bump datadog-ci from 1.7.0 to 1.8.0

Bumps [datadog-ci](https://github.com/DataDog/datadog-ci-rb) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/DataDog/datadog-ci-rb/releases)
- [Changelog](https://github.com/DataDog/datadog-ci-rb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/DataDog/datadog-ci-rb/compare/v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: datadog-ci
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Gemfile b/Gemfile
index bd51ff6c55c..1bfd568bbc7 100644
--- a/Gemfile
+++ b/Gemfile
@@ -134,7 +134,7 @@ group :development do
 end
 
 group :test do
-  gem "datadog-ci", "~> 1.7"
+  gem "datadog-ci", "~> 1.8"
   gem "minitest", "~> 5.25", require: false
   gem "minitest-retry", "~> 0.2.3"
   gem "capybara", "~> 3.40"
diff --git a/Gemfile.lock b/Gemfile.lock
index 7f395e60d76..894d59c3d28 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -226,8 +226,8 @@ GEM
       libdatadog (~> 12.0.0.1.0)
       libddwaf (~> 1.14.0.0.0)
       msgpack
-    datadog-ci (1.7.0)
-      datadog (~> 2.3)
+    datadog-ci (1.8.0)
+      datadog (~> 2.4)
       msgpack
     date (3.3.4)
     debase-ruby_core_source (3.3.1)
@@ -913,7 +913,7 @@ DEPENDENCIES
   dalli (~> 3.2)
   dartsass-sprockets (~> 3.1)
   datadog (~> 2.4)
-  datadog-ci (~> 1.7)
+  datadog-ci (~> 1.8)
   derailed_benchmarks (~> 2.2)
   discard (~> 1.3)
   dogstatsd-ruby (~> 5.6)
@@ -1081,7 +1081,7 @@ CHECKSUMS
   dalli (3.2.8) sha256=2e63595084d91fae2655514a02c5d4fc0f16c0799893794abe23bf628bebaaa5
   dartsass-sprockets (3.1.0) sha256=c238ec9f7f496489ac5a7813cd1f83d1e077a1826921acefc7e290a521b7a20a
   datadog (2.4.0) sha256=3d30038eecb59cb7960cbb9e5eb32ee029b6516203698b4d4454b01688ca0aab
-  datadog-ci (1.7.0) sha256=41c064e2c26cfc63fb6767522e5a99fa43ec017be4b2fddfce1ff9073bb6c385
+  datadog-ci (1.8.0) sha256=5ff949b80ebb4f44566c243839e8235f4bf723143dd93e102ff34d798abbe115
   date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
   debase-ruby_core_source (3.3.1) sha256=ed904cae290edf0cf274ad707f8981bf1cefad8081e78d4bb71be2a483bc2c08
   derailed_benchmarks (2.2.1) sha256=654280664fded41c9cd8fc27fc0fcfaf096023afab90eb4ac1185ba70c5d4439

From 678d32383205c508f030b966c01db702188faef3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Oct 2024 14:07:32 +0000
Subject: [PATCH 293/381] Bump aws-sdk-s3 from 1.167.0 to 1.168.0

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.167.0 to 1.168.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Gemfile b/Gemfile
index bd51ff6c55c..2507cd52e08 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,7 +5,7 @@ ruby file: ".ruby-version"
 gem "rails", "~> 7.2.1"
 gem "rails-i18n", "~> 7.0"
 
-gem "aws-sdk-s3", "~> 1.167"
+gem "aws-sdk-s3", "~> 1.168"
 gem "aws-sdk-sqs", "~> 1.86"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
diff --git a/Gemfile.lock b/Gemfile.lock
index 7f395e60d76..fc08f865d33 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -137,7 +137,7 @@ GEM
       zeitwerk
     awrence (1.2.1)
     aws-eventstream (1.3.0)
-    aws-partitions (1.983.0)
+    aws-partitions (1.991.0)
     aws-sdk-core (3.209.1)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
@@ -146,7 +146,7 @@ GEM
     aws-sdk-kms (1.94.0)
       aws-sdk-core (~> 3, >= 3.207.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.167.0)
+    aws-sdk-s3 (1.168.0)
       aws-sdk-core (~> 3, >= 3.207.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
@@ -898,7 +898,7 @@ DEPENDENCIES
   avo (~> 3.13)
   avo-advanced (~> 3.13)!
   avo_upgrade (~> 0.1.1)
-  aws-sdk-s3 (~> 1.167)
+  aws-sdk-s3 (~> 1.168)
   aws-sdk-sqs (~> 1.86)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
@@ -1043,10 +1043,10 @@ CHECKSUMS
   avo_upgrade (0.1.1) sha256=8d841083b9956392f5c8fe195f25bec0d139e3646d276f8a59e66b7d2e9ebf30
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
-  aws-partitions (1.983.0) sha256=eb3ab086749ca426e735a50bd1ea669a4b7bc52be3c119a772bd277cc906bb11
+  aws-partitions (1.991.0) sha256=8f906feb6ab5f9d73674fde92d98038386c5ce9def590e6598f7cde6e9a3d930
   aws-sdk-core (3.209.1) sha256=18cfb211d37d70a3131743ba02a785668beefacebed9827829af5922deb9b91a
   aws-sdk-kms (1.94.0) sha256=b0c623199f1f46bd82c1d1fa0feef105ab8cfc6bd2f643d71cd1c289e11a9da9
-  aws-sdk-s3 (1.167.0) sha256=a6aab762b07f4d6c7c4e9e98ea8ec5b12b49be3849f29483ecd9a821702096ce
+  aws-sdk-s3 (1.168.0) sha256=09e7d5e7fba9afe1028ad7aaf89a2037da55664078a0116a32f4bccb2161c9ab
   aws-sdk-sqs (1.86.0) sha256=defa5bd65679c8877c335cb5f46462620fa10c42115cdcc58333f1ddee9a0715
   aws-sigv4 (1.10.0) sha256=159b113dc93f9fa5a13603a8bd09eab54a9a0e8f98e606b47f1cee504780df9c
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507

From 991722b505c273512b2de6b0224047b42cdb337d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Oct 2024 14:09:45 +0000
Subject: [PATCH 294/381] Bump chartkick from 5.1.0 to 5.1.1

Bumps [chartkick](https://github.com/ankane/chartkick) from 5.1.0 to 5.1.1.
- [Changelog](https://github.com/ankane/chartkick/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/chartkick/compare/v5.1.0...v5.1.1)

---
updated-dependencies:
- dependency-name: chartkick
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 7f395e60d76..62810345073 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -188,7 +188,7 @@ GEM
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
     cbor (0.5.9.8)
-    chartkick (5.1.0)
+    chartkick (5.1.1)
     childprocess (5.0.0)
     choice (0.2.0)
     chunky_png (1.4.0)
@@ -1064,7 +1064,7 @@ CHECKSUMS
   byebug (11.1.3) sha256=2485944d2bb21283c593d562f9ae1019bf80002143cc3a255aaffd4e9cf4a35b
   capybara (3.40.0) sha256=42dba720578ea1ca65fd7a41d163dd368502c191804558f6e0f71b391054aeef
   cbor (0.5.9.8) sha256=9ee097fc58d9bc5e406d112cd2d4e112c7354ec16f8b6ff34e4732c1e44b4eb7
-  chartkick (5.1.0) sha256=8f04a522ca5c55dea298fbd10b585c62aa3f3a206944bf6f96d6e1f17be60760
+  chartkick (5.1.1) sha256=936b215a991fe638fc1c4b998495c9bf92b58df6f7d411e06517ef93b063e7f2
   childprocess (5.0.0) sha256=0746b7ab1d6c68156e64a3767631d7124121516192c0492929a7f0af7310d835
   choice (0.2.0) sha256=a19617f7dfd4921b38a85d0616446620de685a113ec6d1ecc85bdb67bf38c974
   chunky_png (1.4.0) sha256=89d5b31b55c0cf4da3cf89a2b4ebc3178d8abe8cbaf116a1dba95668502fdcfe

From 3cb740f19c0f1be6c94c9e3f92ffe4e4c71b3f01 Mon Sep 17 00:00:00 2001
From: Colby Swandale <996377+colby-swandale@users.noreply.github.com>
Date: Fri, 18 Oct 2024 19:16:22 +1100
Subject: [PATCH 295/381] Update the Avo license for v3

---
 config/deploy/production/secrets.ejson | 2 +-
 config/deploy/staging/secrets.ejson    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/deploy/production/secrets.ejson b/config/deploy/production/secrets.ejson
index 23e4cd93c0b..8826939da3e 100644
--- a/config/deploy/production/secrets.ejson
+++ b/config/deploy/production/secrets.ejson
@@ -22,7 +22,7 @@
         "client_id": "EJ[1:YVJ0VwGrcSYWmu7lQOJPUdkXYI5VBgGXLla1+Fo1eA8=:jnplUfdfAMq/te3PyIN3SejasXCukW/g:0LsAhlffVl+6W4k5sRLWpew4D8ohT5ym3Ou+O1CsZgd/fvu16YWRpgvX345ewip0]",
         "github_key": "EJ[1:dz+xczzzSxiEdCK5nfz6u2RkBOEeeOTlMD2eWIHTAg8=:3ZtgHbbvis6EJ5UymIZBWPwc+Zvf722/:gcsPiEVuVZIitCZ3t2216Jn5re2vBTyN7FElhowCKpQUglwU]",
         "github_secret": "EJ[1:dz+xczzzSxiEdCK5nfz6u2RkBOEeeOTlMD2eWIHTAg8=:3bGij9eYVzE6mJ4XmIT/QBBRmnCi9nMs:8jcKV1Hl8TYTMQaQ8SV+agQ6c9UA9lb1DHKy2J/W//gdlJ2r/r4qlKeI/zoWMX2e461aB1Dx7XQ=]",
-        "avo_license_key": "EJ[1:6oWEkRT4PhQJLxAVEt3F66gOvAd2bB/J7cF+DpFv4Gk=:atX3EOd7BdoSBqJFPaqASO6/u6R2MLlR:G4TyGlkc1EZWpUJ0mQTS9Bw1O5V9Hww3DZtV+MQuDg9pzw8n7frV+GQek4wDqI29QLk0Kg==]",
+        "avo_license_key": "EJ[1:vHG/UgXm5H2xr/ExsZdTi7Lep9NzpQkKXFUlNb9FOVU=:dRDXtqaYSBhiY5cuHJutRa8R2ZUUE8h3:+xyDjGvAJmtwxHdMcGQ21GDRnVagGG009JSw]",
         "datadog_csp_api_key": "EJ[1:MJLOVnheQZD8mqT8Q5xlN8u6Qd9eH4sbO1kcsg/TTR4=:0eAj1g7msiS86qexeMNsWU+1vy3pXSKK:4YT1qDTiBirwkNsbNdhN90lPlF51qiMNChue7uMpEYuAiKTI3TnwOWJd7sk0PmARVsIn]",
         "hook_relay_account_id": "EJ[1:Px+UVqbFzeNGqkAlgQ9Vz00tXWKza1XmLLHD/iQT5wM=:JsT1PTsSpMaxE0FV7ODyJ5E1FQAzv9v/:tMUgIFIUJH+WhT+kHS5pne5Uw9qvdLqLd2aAfJ9EehzIYpH6Bl6EQg==]",
         "hook_relay_hook_id": "EJ[1:Px+UVqbFzeNGqkAlgQ9Vz00tXWKza1XmLLHD/iQT5wM=:Vt1tMd8/9ZhSHL80yrWIWUy2wMOh8Iqt:MUwOcVrjWl7i8RRNg68Sb/Fa+RYsLL54yc+adRK84i5jWWa9fmSgRg==]",
diff --git a/config/deploy/staging/secrets.ejson b/config/deploy/staging/secrets.ejson
index ed0a20bd927..4efe779d58d 100644
--- a/config/deploy/staging/secrets.ejson
+++ b/config/deploy/staging/secrets.ejson
@@ -22,7 +22,7 @@
         "client_id": "EJ[1:G3QtTGP/Pf0HRv8+b6zf3xI3TmNiOPmidA24ZSgQgjU=:AZtoluRkpeCK96i3FxPgamAkAlwRuTKq:NrpTfXVR1rAA0UyJzYVmCvJvQ5lr/VLyAoHDz0IY0cmC0aJLO8HWKsAYWq3T4w2D]",
         "github_key": "EJ[1:w54WPX1mXZxgJoUu4zPMVMd5zCWl0rbbfuyqcvJOP1o=:XX+D9g9OUcALhAK1aRB5uK4hmUOhmq+a:kEEf22rN2vnyXE2I5me5Fc+2rCu070VA8IpcsbeJ8Xh/3261]",
         "github_secret": "EJ[1:w54WPX1mXZxgJoUu4zPMVMd5zCWl0rbbfuyqcvJOP1o=:0aEWndKlt5UpeGXSNfX8jWtc5UqnKk1g:MmBDQQEzb9tUaxVIL7bUUBbg2/UvhyvbnHcvlfqWztdSVHAFuvGe+tVtHjEdCdMzrJzG5d6UVBo=]",
-        "avo_license_key": "EJ[1:TD6sa+BG2xSLyZddF8CUdq8egeXQfz1oeMaSD/DV/z8=:iXP5X+kGqtPPjluF93iyxTRiwA4sq5ch:My9uCrd+KqROpd1l3x8HgQYvi/gRs+FBQ41IdmqouwbVJBRipuHotXYGHBcqOtvFwpk1/w==]",
+        "avo_license_key": "EJ[1:xcimfAiJn0jrCDMpC+0kpX0WGUO3QxTcjfZSV8/zMBg=:Kkeih5DzMjlewV8GjD+iBOhQHinGXswy:hDpP9A4MhyRLAAoAmekw9soIdVHWso4TClPK]",
         "datadog_csp_api_key": "EJ[1:M1xidXJHz2i/vKthLOnwYbEnkFjYneq+d6Ryj6TXdFQ=:fxMZfI3MptOYF/hXcrnrWK/SDTU1SzZC:Gn807pB1wSTTNIyTJ5cpGCvN5+vplIZUxi/a8/s+UFDJE52zeM5KyhvmK6f0J8mDa2vh]",
         "hook_relay_account_id": "EJ[1:JT93bSSDxXR0tIyvuhE4hVVEav3DdVDYtCuhLTlwwUw=:OUkdjS28VFFsXWnK0c2zBubgen83JLIZ:r9s3A3e3UuNrYRelD3HzIKsNvEGlGhvKmZayZt7wZGHrxB+yTb8gQQ==]",
         "hook_relay_hook_id": "EJ[1:JT93bSSDxXR0tIyvuhE4hVVEav3DdVDYtCuhLTlwwUw=:n1YqUGXM5FdcwoAJjIXXgHxWqiF/voeL:sj7Gbn405v2hw4CKkU6N7Fhgb3J/5RnrAZpp+Xcn61ZTNJq0qFXBiA==]",

From c256cbf6325d9e49978c5b13457e5e8fdb6ead33 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Oct 2024 12:54:30 -0700
Subject: [PATCH 296/381] Bump datadog-ci from 1.8.0 to 1.8.1 (#5146)

Bumps [datadog-ci](https://github.com/DataDog/datadog-ci-rb) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/DataDog/datadog-ci-rb/releases)
- [Changelog](https://github.com/DataDog/datadog-ci-rb/blob/main/CHANGELOG.md)
- [Commits](https://github.com/DataDog/datadog-ci-rb/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: datadog-ci
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index c760101bfbc..4ee3d61e151 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -226,7 +226,7 @@ GEM
       libdatadog (~> 12.0.0.1.0)
       libddwaf (~> 1.14.0.0.0)
       msgpack
-    datadog-ci (1.8.0)
+    datadog-ci (1.8.1)
       datadog (~> 2.4)
       msgpack
     date (3.3.4)
@@ -1081,7 +1081,7 @@ CHECKSUMS
   dalli (3.2.8) sha256=2e63595084d91fae2655514a02c5d4fc0f16c0799893794abe23bf628bebaaa5
   dartsass-sprockets (3.1.0) sha256=c238ec9f7f496489ac5a7813cd1f83d1e077a1826921acefc7e290a521b7a20a
   datadog (2.4.0) sha256=3d30038eecb59cb7960cbb9e5eb32ee029b6516203698b4d4454b01688ca0aab
-  datadog-ci (1.8.0) sha256=5ff949b80ebb4f44566c243839e8235f4bf723143dd93e102ff34d798abbe115
+  datadog-ci (1.8.1) sha256=c461acd83d36b5894716ea7b1c207fd4b7fa103994c0773e3936a68da4dfa594
   date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
   debase-ruby_core_source (3.3.1) sha256=ed904cae290edf0cf274ad707f8981bf1cefad8081e78d4bb71be2a483bc2c08
   derailed_benchmarks (2.2.1) sha256=654280664fded41c9cd8fc27fc0fcfaf096023afab90eb4ac1185ba70c5d4439

From 8ccded01cad419033d28a759b9473e030c8fb342 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Oct 2024 12:55:14 -0700
Subject: [PATCH 297/381] Bump ruby/setup-ruby from 1.196.0 to 1.197.0 (#5144)

Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.196.0 to 1.197.0.
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/f26937343756480a8cb3ae1f623b9c8d89ed6984...7bae1d00b5db9166f4f0fc47985a3a5702cb58f0)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/lint.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 9a8daa4181c..16637b31aaa 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
-      - uses: ruby/setup-ruby@f26937343756480a8cb3ae1f623b9c8d89ed6984 # v1.196.0
+      - uses: ruby/setup-ruby@7bae1d00b5db9166f4f0fc47985a3a5702cb58f0 # v1.197.0
         with:
           bundler-cache: true
       - name: Rubocop
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
-      - uses: ruby/setup-ruby@f26937343756480a8cb3ae1f623b9c8d89ed6984 # v1.196.0
+      - uses: ruby/setup-ruby@7bae1d00b5db9166f4f0fc47985a3a5702cb58f0 # v1.197.0
         with:
           bundler-cache: true
       - name: Brakeman
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
-      - uses: ruby/setup-ruby@f26937343756480a8cb3ae1f623b9c8d89ed6984 # v1.196.0
+      - uses: ruby/setup-ruby@7bae1d00b5db9166f4f0fc47985a3a5702cb58f0 # v1.197.0
         with:
           bundler-cache: true
       - name: Importmap Verify
@@ -51,7 +51,7 @@ jobs:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
-      - uses: ruby/setup-ruby@f26937343756480a8cb3ae1f623b9c8d89ed6984 # v1.196.0
+      - uses: ruby/setup-ruby@7bae1d00b5db9166f4f0fc47985a3a5702cb58f0 # v1.197.0
         with:
           bundler-cache: true
       - name: krane render

From 0d42fbcf97891faa40d3c4b416d2e7272963af1c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Oct 2024 01:24:21 +0000
Subject: [PATCH 298/381] Bump octokit from 9.1.0 to 9.2.0

Bumps [octokit](https://github.com/octokit/octokit.rb) from 9.1.0 to 9.2.0.
- [Release notes](https://github.com/octokit/octokit.rb/releases)
- [Changelog](https://github.com/octokit/octokit.rb/blob/main/RELEASE.md)
- [Commits](https://github.com/octokit/octokit.rb/compare/v9.1.0...v9.2.0)

---
updated-dependencies:
- dependency-name: octokit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 42058e9afb3..e75c7722a0c 100644
--- a/Gemfile
+++ b/Gemfile
@@ -23,7 +23,7 @@ gem "http_accept_language", "~> 2.1"
 gem "kaminari", "~> 1.2"
 gem "launchdarkly-server-sdk", "~> 8.8"
 gem "mail", "~> 2.8"
-gem "octokit", "~> 9.1"
+gem "octokit", "~> 9.2"
 gem "omniauth-github", "~> 2.0"
 gem "omniauth", "~> 2.1"
 gem "omniauth-rails_csrf_protection", "~> 1.0"
diff --git a/Gemfile.lock b/Gemfile.lock
index 4ee3d61e151..1718ab56717 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -517,7 +517,7 @@ GEM
       snaky_hash (~> 2.0)
       version_gem (~> 1.1)
     observer (0.1.2)
-    octokit (9.1.0)
+    octokit (9.2.0)
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
     omniauth (2.1.2)
@@ -950,7 +950,7 @@ DEPENDENCIES
   minitest-retry (~> 0.2.3)
   mocha (~> 2.4)
   observer (~> 0.1.2)
-  octokit (~> 9.1)
+  octokit (~> 9.2)
   omniauth (~> 2.1)
   omniauth-github (~> 2.0)
   omniauth-rails_csrf_protection (~> 1.0)
@@ -1204,7 +1204,7 @@ CHECKSUMS
   nokogiri (1.16.7-x86_64-linux) sha256=9e1e428641d5942af877c60b418c71163560e9feb4a5c4015f3230a8b86a40f6
   oauth2 (2.0.9) sha256=b21f9defcf52dc1610e0dfab4c868342173dcd707fd15c777d9f4f04e153f7fb
   observer (0.1.2) sha256=d8a3107131ba661138d748e7be3dbafc0d82e732fffba9fccb3d7829880950ac
-  octokit (9.1.0) sha256=7849a659d2722c629181f48d1d7e567c9539f1a85c9676144dbdbfc6ce288253
+  octokit (9.2.0) sha256=4fa47ff35ce654127edf2c836ab9269bcc8829f5542dc1e86871f697ce7f4316
   omniauth (2.1.2) sha256=def03277298b8f8a5d3ff16cdb2eb5edb9bffed60ee7dda24cc0c89b3ae6a0ce
   omniauth-github (2.0.1) sha256=8ff8e70ac6d6db9d52485eef52cfa894938c941496e66b52b5e2773ade3ccad4
   omniauth-oauth2 (1.8.0) sha256=b2f8e9559cc7e2d4efba57607691d6d2b634b879fc5b5b6ccfefa3da85089e78

From 576bbe554b24ecf9a67edc508a3dcb13dee737d2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 21 Oct 2024 08:07:10 -0700
Subject: [PATCH 299/381] Bump aws-sdk-sqs from 1.86.0 to 1.87.0 (#5148)

Bumps [aws-sdk-sqs](https://github.com/aws/aws-sdk-ruby) from 1.86.0 to 1.87.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-sqs/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-sqs
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 18 +++++++++---------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/Gemfile b/Gemfile
index e75c7722a0c..7887acd12f0 100644
--- a/Gemfile
+++ b/Gemfile
@@ -6,7 +6,7 @@ gem "rails", "~> 7.2.1"
 gem "rails-i18n", "~> 7.0"
 
 gem "aws-sdk-s3", "~> 1.168"
-gem "aws-sdk-sqs", "~> 1.86"
+gem "aws-sdk-sqs", "~> 1.87"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
 gem "dalli", "~> 3.2"
diff --git a/Gemfile.lock b/Gemfile.lock
index 1718ab56717..14c2313eb0d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -137,10 +137,10 @@ GEM
       zeitwerk
     awrence (1.2.1)
     aws-eventstream (1.3.0)
-    aws-partitions (1.991.0)
-    aws-sdk-core (3.209.1)
+    aws-partitions (1.992.0)
+    aws-sdk-core (3.210.0)
       aws-eventstream (~> 1, >= 1.3.0)
-      aws-partitions (~> 1, >= 1.651.0)
+      aws-partitions (~> 1, >= 1.992.0)
       aws-sigv4 (~> 1.9)
       jmespath (~> 1, >= 1.6.1)
     aws-sdk-kms (1.94.0)
@@ -150,8 +150,8 @@ GEM
       aws-sdk-core (~> 3, >= 3.207.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
-    aws-sdk-sqs (1.86.0)
-      aws-sdk-core (~> 3, >= 3.207.0)
+    aws-sdk-sqs (1.87.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
     aws-sigv4 (1.10.0)
       aws-eventstream (~> 1, >= 1.0.2)
@@ -899,7 +899,7 @@ DEPENDENCIES
   avo-advanced (~> 3.13)!
   avo_upgrade (~> 0.1.1)
   aws-sdk-s3 (~> 1.168)
-  aws-sdk-sqs (~> 1.86)
+  aws-sdk-sqs (~> 1.87)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
   bootsnap (~> 1.18)
@@ -1043,11 +1043,11 @@ CHECKSUMS
   avo_upgrade (0.1.1) sha256=8d841083b9956392f5c8fe195f25bec0d139e3646d276f8a59e66b7d2e9ebf30
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
-  aws-partitions (1.991.0) sha256=8f906feb6ab5f9d73674fde92d98038386c5ce9def590e6598f7cde6e9a3d930
-  aws-sdk-core (3.209.1) sha256=18cfb211d37d70a3131743ba02a785668beefacebed9827829af5922deb9b91a
+  aws-partitions (1.992.0) sha256=16942dbcbb8a9f54fdcc114fca03e228ae170dc215d011f3d9b45acae35cdb37
+  aws-sdk-core (3.210.0) sha256=3b84ffe42686194d36254206f2e6f65df8f2273cc000810b5173c0e833507652
   aws-sdk-kms (1.94.0) sha256=b0c623199f1f46bd82c1d1fa0feef105ab8cfc6bd2f643d71cd1c289e11a9da9
   aws-sdk-s3 (1.168.0) sha256=09e7d5e7fba9afe1028ad7aaf89a2037da55664078a0116a32f4bccb2161c9ab
-  aws-sdk-sqs (1.86.0) sha256=defa5bd65679c8877c335cb5f46462620fa10c42115cdcc58333f1ddee9a0715
+  aws-sdk-sqs (1.87.0) sha256=709defdc401bb52e6895266b50248b4b8f8a614ec8d512e21f1c0f2ab8f6ae78
   aws-sigv4 (1.10.0) sha256=159b113dc93f9fa5a13603a8bd09eab54a9a0e8f98e606b47f1cee504780df9c
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507
   bcrypt (3.1.20) sha256=8410f8c7b3ed54a3c00cd2456bf13917d695117f033218e2483b2e40b0784099

From b2590e888e4169af98c229cd68e030d77461701b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 21 Oct 2024 15:10:28 +0000
Subject: [PATCH 300/381] Bump brakeman from 6.2.1 to 6.2.2 (#5147)

Bumps [brakeman](https://github.com/presidentbeef/brakeman) from 6.2.1 to 6.2.2.
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v6.2.1...v6.2.2)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 14c2313eb0d..97f3c3032ca 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -173,7 +173,7 @@ GEM
       msgpack
     bootsnap (1.18.4)
       msgpack (~> 1.2)
-    brakeman (6.2.1)
+    brakeman (6.2.2)
       racc
     browser (6.0.0)
     builder (3.3.0)
@@ -1058,7 +1058,7 @@ CHECKSUMS
   bitarray (1.2.0) sha256=7f9f31fadbd87bf51544cf13058e81cd6ec408ff40f127902cef3d6767b23f11
   bloomer (1.0.0) sha256=57a0d3a78628db9a92c6723f06c67697e420abcdb05aa757c6dfae607251d272
   bootsnap (1.18.4) sha256=ac4c42af397f7ee15521820198daeff545e4c360d2772c601fbdc2c07d92af55
-  brakeman (6.2.1) sha256=862e709caa1abf00dd0c47045682404c349f64876c7be74a8e6a4d6be5f61a1d
+  brakeman (6.2.2) sha256=d502d653699f4d451b21225ff4d19a9ec9345d23eaab5576e246185ffd7bf618
   browser (6.0.0) sha256=0399f0f12c925e529aa995b096a3824384e00ea2c7241fbb4b707d2a25e87920
   builder (3.3.0) sha256=497918d2f9dca528fdca4b88d84e4ef4387256d984b8154e9d5d3fe5a9c8835f
   byebug (11.1.3) sha256=2485944d2bb21283c593d562f9ae1019bf80002143cc3a255aaffd4e9cf4a35b

From e082da40625fe6dda0b756457be94afe79e0b593 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 21 Oct 2024 15:16:02 +0000
Subject: [PATCH 301/381] Bump aws-sdk-s3 from 1.168.0 to 1.169.0 (#5149)

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.168.0 to 1.169.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Gemfile b/Gemfile
index 7887acd12f0..f73d93a6d6a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,7 +5,7 @@ ruby file: ".ruby-version"
 gem "rails", "~> 7.2.1"
 gem "rails-i18n", "~> 7.0"
 
-gem "aws-sdk-s3", "~> 1.168"
+gem "aws-sdk-s3", "~> 1.169"
 gem "aws-sdk-sqs", "~> 1.87"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.8"
diff --git a/Gemfile.lock b/Gemfile.lock
index 97f3c3032ca..32a5243382c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -143,11 +143,11 @@ GEM
       aws-partitions (~> 1, >= 1.992.0)
       aws-sigv4 (~> 1.9)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.94.0)
-      aws-sdk-core (~> 3, >= 3.207.0)
+    aws-sdk-kms (1.95.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.168.0)
-      aws-sdk-core (~> 3, >= 3.207.0)
+    aws-sdk-s3 (1.169.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
     aws-sdk-sqs (1.87.0)
@@ -898,7 +898,7 @@ DEPENDENCIES
   avo (~> 3.13)
   avo-advanced (~> 3.13)!
   avo_upgrade (~> 0.1.1)
-  aws-sdk-s3 (~> 1.168)
+  aws-sdk-s3 (~> 1.169)
   aws-sdk-sqs (~> 1.87)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
@@ -1045,8 +1045,8 @@ CHECKSUMS
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
   aws-partitions (1.992.0) sha256=16942dbcbb8a9f54fdcc114fca03e228ae170dc215d011f3d9b45acae35cdb37
   aws-sdk-core (3.210.0) sha256=3b84ffe42686194d36254206f2e6f65df8f2273cc000810b5173c0e833507652
-  aws-sdk-kms (1.94.0) sha256=b0c623199f1f46bd82c1d1fa0feef105ab8cfc6bd2f643d71cd1c289e11a9da9
-  aws-sdk-s3 (1.168.0) sha256=09e7d5e7fba9afe1028ad7aaf89a2037da55664078a0116a32f4bccb2161c9ab
+  aws-sdk-kms (1.95.0) sha256=2ae508c642ddc59baa1296229108e9601a2fa00e57cf7a2153c9488f0587fd5e
+  aws-sdk-s3 (1.169.0) sha256=3ff3f5cff2b097acaac600721effa0a86d5ee09d048be0b71f7186d4d24cceca
   aws-sdk-sqs (1.87.0) sha256=709defdc401bb52e6895266b50248b4b8f8a614ec8d512e21f1c0f2ab8f6ae78
   aws-sigv4 (1.10.0) sha256=159b113dc93f9fa5a13603a8bd09eab54a9a0e8f98e606b47f1cee504780df9c
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507

From f54069ca2c95753bc35587c35712eb06f00464f4 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Mon, 21 Oct 2024 11:26:17 -0700
Subject: [PATCH 302/381] Remove dry-initializer dep (#5123)

Switch fully to literal, which avo is now using

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 Gemfile                                                     | 1 -
 Gemfile.lock                                                | 3 ---
 app/views/components/events/table_component.rb              | 4 ++--
 app/views/components/events/table_details_component.rb      | 4 ++--
 app/views/components/oidc/api_key_role/table_component.rb   | 4 ++--
 .../components/oidc/id_token/key_value_pairs_component.rb   | 4 ++--
 app/views/components/oidc/id_token/table_component.rb       | 4 ++--
 .../oidc/trusted_publisher/github_action/form_component.rb  | 4 ++--
 .../oidc/trusted_publisher/github_action/table_component.rb | 4 ++--
 app/views/oidc/id_tokens/show_view.rb                       | 4 ++--
 app/views/oidc/pending_trusted_publishers/index_view.rb     | 4 ++--
 app/views/oidc/pending_trusted_publishers/new_view.rb       | 4 ++--
 app/views/oidc/rubygem_trusted_publishers/index_view.rb     | 6 +++---
 app/views/oidc/rubygem_trusted_publishers/new_view.rb       | 4 ++--
 app/views/profiles/security_events_view.rb                  | 4 ++--
 app/views/rubygems/security_events_view.rb                  | 6 +++---
 .../github_action/form_component_preview.rb                 | 6 +++---
 17 files changed, 33 insertions(+), 37 deletions(-)

diff --git a/Gemfile b/Gemfile
index f73d93a6d6a..7dd49896903 100644
--- a/Gemfile
+++ b/Gemfile
@@ -68,7 +68,6 @@ gem "view_component", "~> 3.14.0"
 gem "pundit", "~> 2.4"
 gem "chartkick", "~> 5.1"
 gem "groupdate", "~> 6.5"
-gem "dry-initializer", "~> 3.1"
 
 group :avo, optional: true do
   source "https://packager.dev/avo-hq/" do
diff --git a/Gemfile.lock b/Gemfile.lock
index 32a5243382c..26378ef380c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -260,7 +260,6 @@ GEM
       dotenv (= 3.1.4)
       railties (>= 6.1)
     drb (2.2.1)
-    dry-initializer (3.1.1)
     email_validator (2.2.4)
       activemodel
     erubi (1.13.0)
@@ -918,7 +917,6 @@ DEPENDENCIES
   discard (~> 1.3)
   dogstatsd-ruby (~> 5.6)
   dotenv-rails (~> 3.1)
-  dry-initializer (~> 3.1)
   factory_bot_rails (~> 6.4)
   faraday (~> 2.12)
   faraday-multipart (~> 1.0)
@@ -1093,7 +1091,6 @@ CHECKSUMS
   dotenv (3.1.4) sha256=6dc502e718ea0d3542673345da05c7a69039840898e251757adb3405d2b35629
   dotenv-rails (3.1.4) sha256=a7d75f6ab3cc7f1b28e7deb0462efb155878e4e87ce3cc6e42ce35bea61c6fe4
   drb (2.2.1) sha256=e9d472bf785f558b96b25358bae115646da0dbfd45107ad858b0bc0d935cb340
-  dry-initializer (3.1.1) sha256=4d267dea367ccabe498b259c62b909b99d577d6db547d9510561999403546dec
   email_validator (2.2.4) sha256=5ab238095bec7aef9389f230e9e0c64c5081cdf91f19d6c5cecee0a93af20604
   erubi (1.13.0) sha256=fca61b47daefd865d0fb50d168634f27ad40181867445badf6427c459c33cd62
   et-orbi (1.2.11) sha256=d26e868cc21db88280a9ec1a50aa3da5d267eb9b2037ba7b831d6c2731f5df64
diff --git a/app/views/components/events/table_component.rb b/app/views/components/events/table_component.rb
index e6955d33857..56bf86d57b0 100644
--- a/app/views/components/events/table_component.rb
+++ b/app/views/components/events/table_component.rb
@@ -12,9 +12,9 @@ class Events::TableComponent < ApplicationComponent
   register_value_helper :page_entries_info
   register_value_helper :paginate
 
-  extend Dry::Initializer
+  extend Literal::Properties
 
-  option :security_events
+  prop :security_events, _Union(ActiveRecord::Relation, Array), reader: :private
 
   def view_template
     header(class: "gems__header push--s") do
diff --git a/app/views/components/events/table_details_component.rb b/app/views/components/events/table_details_component.rb
index c97cf39ae79..d3d8db5f1ab 100644
--- a/app/views/components/events/table_details_component.rb
+++ b/app/views/components/events/table_details_component.rb
@@ -1,7 +1,7 @@
 class Events::TableDetailsComponent < ApplicationComponent
-  extend Dry::Initializer
+  extend Literal::Properties
 
-  option :event
+  prop :event, _Any, reader: :private
   delegate :additional, :rubygem, to: :event
 
   def view_template
diff --git a/app/views/components/oidc/api_key_role/table_component.rb b/app/views/components/oidc/api_key_role/table_component.rb
index dce49298fb9..53dd5e64a52 100644
--- a/app/views/components/oidc/api_key_role/table_component.rb
+++ b/app/views/components/oidc/api_key_role/table_component.rb
@@ -2,9 +2,9 @@
 
 class OIDC::ApiKeyRole::TableComponent < ApplicationComponent
   include Phlex::Rails::Helpers::LinkTo
-  extend Dry::Initializer
+  extend Literal::Properties
 
-  option :api_key_roles
+  prop :api_key_roles, _Any, reader: :private
 
   def view_template
     table(class: "t-body") do
diff --git a/app/views/components/oidc/id_token/key_value_pairs_component.rb b/app/views/components/oidc/id_token/key_value_pairs_component.rb
index ed71fe2d19f..51c6ef0c1a3 100644
--- a/app/views/components/oidc/id_token/key_value_pairs_component.rb
+++ b/app/views/components/oidc/id_token/key_value_pairs_component.rb
@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
 class OIDC::IdToken::KeyValuePairsComponent < ApplicationComponent
-  extend Dry::Initializer
-  option :pairs
+  extend Literal::Properties
+  prop :pairs, _Any, reader: :private
 
   def view_template
     dl(class: "t-body provider_attributes full-width overflow-wrap") do
diff --git a/app/views/components/oidc/id_token/table_component.rb b/app/views/components/oidc/id_token/table_component.rb
index da8b45b90a0..a59ee0c8549 100644
--- a/app/views/components/oidc/id_token/table_component.rb
+++ b/app/views/components/oidc/id_token/table_component.rb
@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
 class OIDC::IdToken::TableComponent < ApplicationComponent
-  extend Dry::Initializer
-  option :id_tokens
+  extend Literal::Properties
+  prop :id_tokens, _Any, reader: :private
 
   include Phlex::Rails::Helpers::TimeTag
   include Phlex::Rails::Helpers::LinkToUnlessCurrent
diff --git a/app/views/components/oidc/trusted_publisher/github_action/form_component.rb b/app/views/components/oidc/trusted_publisher/github_action/form_component.rb
index 677f57c0a45..34fa0f5fb05 100644
--- a/app/views/components/oidc/trusted_publisher/github_action/form_component.rb
+++ b/app/views/components/oidc/trusted_publisher/github_action/form_component.rb
@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
 class OIDC::TrustedPublisher::GitHubAction::FormComponent < ApplicationComponent
-  extend Dry::Initializer
+  extend Literal::Properties
 
-  option :github_action_form
+  prop :github_action_form, _Any, reader: :private
 
   def view_template
     github_action_form.fields_for :trusted_publisher do |trusted_publisher_form|
diff --git a/app/views/components/oidc/trusted_publisher/github_action/table_component.rb b/app/views/components/oidc/trusted_publisher/github_action/table_component.rb
index 9174f2d1602..be63e206bdd 100644
--- a/app/views/components/oidc/trusted_publisher/github_action/table_component.rb
+++ b/app/views/components/oidc/trusted_publisher/github_action/table_component.rb
@@ -1,7 +1,7 @@
 class OIDC::TrustedPublisher::GitHubAction::TableComponent < ApplicationComponent
-  extend Dry::Initializer
+  extend Literal::Properties
 
-  option :github_action
+  prop :github_action, _Any, reader: :private
 
   def view_template
     dl(class: "tw-flex tw-flex-col sm:tw-grid sm:tw-grid-cols-2 tw-items-baseline tw-gap-4 full-width overflow-wrap") do
diff --git a/app/views/oidc/id_tokens/show_view.rb b/app/views/oidc/id_tokens/show_view.rb
index 995222b359d..a11162e281f 100644
--- a/app/views/oidc/id_tokens/show_view.rb
+++ b/app/views/oidc/id_tokens/show_view.rb
@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
 class OIDC::IdTokens::ShowView < ApplicationView
-  extend Dry::Initializer
+  extend Literal::Properties
   include Phlex::Rails::Helpers::TimeTag
   include Phlex::Rails::Helpers::LinkTo
 
-  option :id_token
+  prop :id_token, OIDC::IdToken, reader: :private
 
   def view_template # rubocop:disable Metrics/AbcSize
     self.title = t(".title")
diff --git a/app/views/oidc/pending_trusted_publishers/index_view.rb b/app/views/oidc/pending_trusted_publishers/index_view.rb
index 60343a55cd9..ed8239fa0a4 100644
--- a/app/views/oidc/pending_trusted_publishers/index_view.rb
+++ b/app/views/oidc/pending_trusted_publishers/index_view.rb
@@ -5,9 +5,9 @@ class OIDC::PendingTrustedPublishers::IndexView < ApplicationView
   include Phlex::Rails::Helpers::ContentFor
   include Phlex::Rails::Helpers::DistanceOfTimeInWordsToNow
   include Phlex::Rails::Helpers::LinkTo
-  extend Dry::Initializer
+  extend Literal::Properties
 
-  option :trusted_publishers
+  prop :trusted_publishers, _Any, reader: :private
 
   def view_template
     title_content
diff --git a/app/views/oidc/pending_trusted_publishers/new_view.rb b/app/views/oidc/pending_trusted_publishers/new_view.rb
index e9485d61e4a..2a573de4ec5 100644
--- a/app/views/oidc/pending_trusted_publishers/new_view.rb
+++ b/app/views/oidc/pending_trusted_publishers/new_view.rb
@@ -6,9 +6,9 @@ class OIDC::PendingTrustedPublishers::NewView < ApplicationView
   include Phlex::Rails::Helpers::OptionsForSelect
   include Phlex::Rails::Helpers::FormWith
 
-  extend Dry::Initializer
+  extend Literal::Properties
 
-  option :pending_trusted_publisher
+  prop :pending_trusted_publisher, OIDC::PendingTrustedPublisher, reader: :private
 
   def view_template
     self.title = t(".title")
diff --git a/app/views/oidc/rubygem_trusted_publishers/index_view.rb b/app/views/oidc/rubygem_trusted_publishers/index_view.rb
index 3619836663f..bd4ac10c09e 100644
--- a/app/views/oidc/rubygem_trusted_publishers/index_view.rb
+++ b/app/views/oidc/rubygem_trusted_publishers/index_view.rb
@@ -5,10 +5,10 @@ class OIDC::RubygemTrustedPublishers::IndexView < ApplicationView
   include Phlex::Rails::Helpers::LinkTo
   include Phlex::Rails::Helpers::ContentFor
   include OIDC::RubygemTrustedPublishers::Concerns::Title
-  extend Dry::Initializer
+  extend Literal::Properties
 
-  option :rubygem
-  option :trusted_publishers
+  prop :rubygem, Rubygem, reader: :private
+  prop :trusted_publishers, _Any, reader: :private
 
   def view_template
     title_content
diff --git a/app/views/oidc/rubygem_trusted_publishers/new_view.rb b/app/views/oidc/rubygem_trusted_publishers/new_view.rb
index f4280aa771a..5d207a9fdc2 100644
--- a/app/views/oidc/rubygem_trusted_publishers/new_view.rb
+++ b/app/views/oidc/rubygem_trusted_publishers/new_view.rb
@@ -8,9 +8,9 @@ class OIDC::RubygemTrustedPublishers::NewView < ApplicationView
   include Phlex::Rails::Helpers::SelectTag
   include OIDC::RubygemTrustedPublishers::Concerns::Title
 
-  extend Dry::Initializer
+  extend Literal::Properties
 
-  option :rubygem_trusted_publisher
+  prop :rubygem_trusted_publisher, OIDC::RubygemTrustedPublisher, reader: :private
 
   def view_template
     title_content
diff --git a/app/views/profiles/security_events_view.rb b/app/views/profiles/security_events_view.rb
index 31e4f133609..aad7a7fe957 100644
--- a/app/views/profiles/security_events_view.rb
+++ b/app/views/profiles/security_events_view.rb
@@ -6,9 +6,9 @@ class Profiles::SecurityEventsView < ApplicationView
   include Phlex::Rails::Helpers::DistanceOfTimeInWordsToNow
   include Phlex::Rails::Helpers::TimeTag
   include Phlex::Rails::Helpers::LinkTo
-  extend Dry::Initializer
+  extend Literal::Properties
 
-  option :security_events
+  prop :security_events, _Any, reader: :private
 
   def view_template
     title_content
diff --git a/app/views/rubygems/security_events_view.rb b/app/views/rubygems/security_events_view.rb
index 79c2e01bd71..9d0b387a3f9 100644
--- a/app/views/rubygems/security_events_view.rb
+++ b/app/views/rubygems/security_events_view.rb
@@ -4,10 +4,10 @@ class Rubygems::SecurityEventsView < ApplicationView
   include Phlex::Rails::Helpers::ButtonTo
   include Phlex::Rails::Helpers::ContentFor
   include Phlex::Rails::Helpers::LinkTo
-  extend Dry::Initializer
+  extend Literal::Properties
 
-  option :rubygem
-  option :security_events
+  prop :rubygem, Rubygem, reader: :private
+  prop :security_events, _Any, reader: :private
 
   def view_template
     title_content
diff --git a/test/components/previews/oidc/trusted_publisher/github_action/form_component_preview.rb b/test/components/previews/oidc/trusted_publisher/github_action/form_component_preview.rb
index c02271a38fe..af54a967d96 100644
--- a/test/components/previews/oidc/trusted_publisher/github_action/form_component_preview.rb
+++ b/test/components/previews/oidc/trusted_publisher/github_action/form_component_preview.rb
@@ -9,11 +9,11 @@ def default(factory: :oidc_rubygem_trusted_publisher, environment: nil, reposito
   class Wrapper < Phlex::HTML
     include Phlex::Rails::Helpers::FormWith
 
-    extend Dry::Initializer
-    option :form_object
+    extend Literal::Properties
+    prop :form_object, _Any
 
     def view_template
-      form_with(model: form_object, url: "/") do |github_action_form|
+      form_with(model: @form_object, url: "/") do |github_action_form|
         render OIDC::TrustedPublisher::GitHubAction::FormComponent.new(github_action_form:)
         github_action_form.submit class: "form__submit", disabled: true
       end

From 03721c4afdc23060b105620e76a287cd0728e846 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Mon, 21 Oct 2024 12:23:40 -0700
Subject: [PATCH 303/381] Fix admin login with same-site: strict cookies
 (#5150)

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 config/initializers/omniauth.rb | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index a41c0d6777e..0bacd8f5845 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -11,3 +11,20 @@
 
 OmniAuth::AuthenticityTokenProtection.default_options(key: "csrf.token", authenticity_param: "_csrf")
 OmniAuth.config.logger = SemanticLogger[OmniAuth]
+
+class FailureEndpoint < OmniAuth::FailureEndpoint
+  # ensures that same-site: strict cookies are available for csrf validation
+  def call
+    if env["omniauth.error.type"] == :csrf_detected && env["HTTP_SEC_FETCH_SITE"] == "cross-site"
+      request = Rack::Request.new(env)
+      # avoid overwriting the (real) session cookie
+      request.session.options[:skip] = true
+      # redirect to the same path, but with a meta refresh to avoid the browser treating the request as cross-site
+      [303, {}, ["<!DOCTYPE html><html><head><meta http-equiv='refresh' content='0; #{request.fullpath}' /></head></html>"]]
+    else
+      super
+    end
+  end
+end
+
+OmniAuth.config.on_failure = FailureEndpoint

From ae5136dd1eeafb54e0cfa675acaeeeb26924e91a Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Mon, 21 Oct 2024 12:31:10 -0700
Subject: [PATCH 304/381] Load avo-advanced in k8s deployment (#5151)

* Load avo-advanced in k8s deployment

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

* Move avo license check to authenticate, which is after the license has been set

It is not yet set when computing context

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

---------

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 config/deploy/web.yaml.erb |  2 ++
 config/initializers/avo.rb | 11 +++++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/config/deploy/web.yaml.erb b/config/deploy/web.yaml.erb
index ba6c2c32020..f4eb62f7944 100644
--- a/config/deploy/web.yaml.erb
+++ b/config/deploy/web.yaml.erb
@@ -61,6 +61,8 @@ spec:
             value: "<%= environment %>"
           - name: ENV
             value: "<%= environment %>"
+          - name: RAILS_GROUPS
+            value: "avo"
           - name: WEB_CONCURRENCY
             value: "<%= environment == 'production' ? 8 : 2 %>"
           - name: RAILS_MAX_THREADS
diff --git a/config/initializers/avo.rb b/config/initializers/avo.rb
index 4c606c90b2d..a7c018b0454 100644
--- a/config/initializers/avo.rb
+++ b/config/initializers/avo.rb
@@ -12,15 +12,18 @@
   ## == Set the context ==
   config.set_context do
     # Return a context object that gets evaluated in Avo::ApplicationController
-
-    if !Rails.env.local? && !(Avo.license.valid? && Avo.license.advanced?)
-      raise "Avo::Pro is missing in #{Rails.env}. RAILS_GROUPS=#{ENV['RAILS_GROUPS'].inspect} Avo.license=#{Avo.license.inspect}"
-    end
   end
 
   ## == Authentication ==
   config.current_user_method = :admin_user
   config.authenticate_with do
+    if !Rails.env.local? && !(Avo.license.valid? && Avo.license.advanced?)
+      raise "Avo::Pro is missing in #{Rails.env}." \
+            "\nRails.groups=#{Rails.groups.inspect}" \
+            "\nAvo.license=#{Avo.license.inspect}" \
+            "\nAvo.configuration.license=#{Avo.configuration.license.inspect}"
+    end
+
     redirect_to '/' unless _current_user&.valid?
     Current.user = begin
       User.security_user

From cc6b8c1b542a1e20b18f821da27c6c10bbf557c5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 21 Oct 2024 15:00:37 -0700
Subject: [PATCH 305/381] Bump importmap-rails from 2.0.1 to 2.0.3 (#5098)

* Bump importmap-rails from 2.0.1 to 2.0.2

Bumps [importmap-rails](https://github.com/rails/importmap-rails) from 2.0.1 to 2.0.2.
- [Release notes](https://github.com/rails/importmap-rails/releases)
- [Commits](https://github.com/rails/importmap-rails/compare/v2.0.1...v2.0.2)

---
updated-dependencies:
- dependency-name: importmap-rails
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update importmap vendored javascript with new comment

Add `rake importmap:pristine` to redownload and add comment.
Fix importmap's incomplete semver regex that loses prereleases.
The regex used is from semver.org.

Change `rake importmap:verify` to discard the comment when comparing
content of vendored javascript files.
Add VERBOSE to importmap:verify to diagnose problems.

* don't include the regex for now

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Martin Emde <me@martinemde.com>
Co-authored-by: Martin Emde <martinemde@users.noreply.github.com>
---
 Gemfile.lock                                  |  4 +-
 config/importmap.rb                           |  5 +-
 lib/tasks/helpers/importmap_helper.rb         | 49 +++++++++++++------
 lib/tasks/importmap.rake                      | 28 ++++++++++-
 vendor/javascript/@hotwired--stimulus.js      |  4 ++
 vendor/javascript/@rails--ujs.js              |  2 +
 .../@stimulus-components--clipboard.js        |  2 +
 vendor/javascript/jquery.js                   |  2 +
 vendor/javascript/local-time.js               |  2 +
 .../javascript/stimulus-rails-nested-form.js  |  2 +
 10 files changed, 77 insertions(+), 23 deletions(-)
 create mode 100644 vendor/javascript/@hotwired--stimulus.js

diff --git a/Gemfile.lock b/Gemfile.lock
index 26378ef380c..bad2873687d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -351,7 +351,7 @@ GEM
     http_accept_language (2.1.1)
     i18n (1.14.6)
       concurrent-ruby (~> 1.0)
-    importmap-rails (2.0.1)
+    importmap-rails (2.0.3)
       actionpack (>= 6.0.0)
       activesupport (>= 6.0.0)
       railties (>= 6.0.0)
@@ -1134,7 +1134,7 @@ CHECKSUMS
   http-form_data (2.3.0) sha256=cc4eeb1361d9876821e31d7b1cf0b68f1cf874b201d27903480479d86448a5f3
   http_accept_language (2.1.1) sha256=0043f0d55a148cf45b604dbdd197cb36437133e990016c68c892d49dbea31634
   i18n (1.14.6) sha256=dc229a74f5d181f09942dd60ab5d6e667f7392c4ee826f35096db36d1fe3614c
-  importmap-rails (2.0.1) sha256=e739a6e70c09f797688c6983fa79567ec1edc9becc30d55b3f7cc897b1825586
+  importmap-rails (2.0.3) sha256=c56764941f9b637791fb87123b38f206f27cc55ef03cb19894f1994184e98cc8
   inline_svg (1.10.0) sha256=5b652934236fd9f8adc61f3fd6e208b7ca3282698b19f28659971da84bf9a10f
   io-console (0.7.2) sha256=f0dccff252f877a4f60d04a4dc6b442b185ebffb4b320ab69212a92b48a7a221
   irb (1.14.1) sha256=5975003b58d36efaf492380baa982ceedf5aed36967a4d5b40996bc5c66e80f8
diff --git a/config/importmap.rb b/config/importmap.rb
index 681e27fe7b1..17e88c72ed7 100644
--- a/config/importmap.rb
+++ b/config/importmap.rb
@@ -1,12 +1,11 @@
 # Pin npm packages by running ./bin/importmap
 
 pin "jquery" # @3.7.1
-pin "@rails/ujs", to: "@rails--ujs.js" # @7.1.3
+pin "@rails/ujs", to: "@rails--ujs.js" # @7.1.3-4
 pin "application"
 pin_all_from "app/javascript/src", under: "src"
 
-# stimulus.min.js is a compiled asset from stimulus-rails gem
-pin "@hotwired/stimulus", to: "stimulus.min.js"
+pin "@hotwired/stimulus", to: "@hotwired--stimulus.js" # @3.2.2
 # stimulus-loading.js is a compiled asset only available from stimulus-rails gem
 pin "@hotwired/stimulus-loading", to: "stimulus-loading.js"
 pin_all_from "app/javascript/controllers", under: "controllers"
diff --git a/lib/tasks/helpers/importmap_helper.rb b/lib/tasks/helpers/importmap_helper.rb
index 861bcc589ca..7c95a909829 100644
--- a/lib/tasks/helpers/importmap_helper.rb
+++ b/lib/tasks/helpers/importmap_helper.rb
@@ -9,43 +9,60 @@ class Packager < Importmap::Packager
     self.endpoint = URI("https://api.jspm.io/generate")
 
     # Copied from https://github.com/rails/importmap-rails/pull/237
-    def verify(package, url)
+    def verify(package, url, verbose: false)
       ensure_vendor_directory_exists
 
-      return unless vendored_package_path(package).file?
-      verify_vendored_package(package, url)
+      unless vendored_package_path(package).file?
+        raise ImportmapHelper::VerifyError, "Pinned #{package}#{extract_package_version_from(url)} does not exist in vendor/javascript"
+      end
+      verify_vendored_package(package, url, verbose:)
     end
 
-    def verify_vendored_package(package, url)
+    def verify_vendored_package(package, url, verbose: false)
       vendored_body = vendored_package_path(package).read.strip
-      remote_body = load_package_file(package, url).strip
+      vendored_body = vendored_body.lines[2..].join if vendored_body.start_with?("//") # remove the importmap-rails comment
+      remote_body = load_package_file(url).strip
 
       return true if vendored_body == remote_body
 
-      raise ImportmapHelper::VerifyError, "Vendored #{package}#{extract_package_version_from(url)} does not match remote #{url}"
+      verbose_error = verbose ? verbose_diff(remote_body, vendored_body) : " (run with VERBOSE=true for diff)"
+      raise ImportmapHelper::VerifyError, "Vendored #{package}#{extract_package_version_from(url)} does not match remote #{url}#{verbose_error}"
     end
 
-    def load_package_file(package, url)
+    def load_package_file(url)
       response = Net::HTTP.get_response(URI(url))
 
       if response.code == "200"
-        format_vendored_package(package, url, response.body)
+        format_vendored_package(response.body)
       else
         handle_failure_response(response)
       end
     end
 
-    def format_vendored_package(package, url, source)
-      formatted = +""
-      if Gem::Version.new(Importmap::VERSION) > Gem::Version.new("2.0.1")
-        formatted.concat "// #{package}#{extract_package_version_from(url)} downloaded from #{url}\n\n"
+    def format_vendored_package(source)
+      remove_sourcemap_comment_from(source).force_encoding("UTF-8")
+    end
+
+    def save_vendored_package(package, url, source)
+      File.open(vendored_package_path(package), "w+") do |vendored_package|
+        vendored_package.write "// #{package}#{extract_package_version_from(url)} downloaded from #{url}\n\n"
+
+        vendored_package.write remove_sourcemap_comment_from(source).force_encoding("UTF-8")
       end
-      formatted.concat remove_sourcemap_comment_from(source).force_encoding("UTF-8")
-      formatted
     end
 
-    def save_vendored_package(package, _url, source)
-      File.write(vendored_package_path(package), source)
+    def verbose_diff(remote_body, vendored_body)
+      require "diff/lcs"
+      diffs = Diff::LCS.sdiff(remote_body.split("\n"), vendored_body.split("\n"))
+      out = "\n\nDiff:\n- Remote\n+ Vendored\n\n"
+      out + diffs.map do |diff|
+        case diff.action
+        when "-" then "- #{diff.old_element}"
+        when "!" then "- #{diff.old_element}\n+ #{diff.new_element}"
+        when "+" then "+ #{diff.new_element}"
+        when "=" then "  #{diff.old_element}"
+        end
+      end.join("\n")
     end
 
     public :vendored_package_path
diff --git a/lib/tasks/importmap.rake b/lib/tasks/importmap.rake
index e941b84d6c2..fc80ce2e0cd 100644
--- a/lib/tasks/importmap.rake
+++ b/lib/tasks/importmap.rake
@@ -6,6 +6,7 @@ require "tasks/helpers/importmap_helper"
 namespace :importmap do
   desc "Verify downloaded packages in vendor/javascript"
   task :verify do # rubocop:disable Rails/RakeEnvironment
+    options = { env: "production", from: "jspm.io" }
     all_files = Rails.root.glob("vendor/javascript/*.js").map { |p| p.relative_path_from(Rails.root) }
     all_files.delete(Pathname.new("vendor/javascript/github-buttons.js")) || raise("importmap:verify expected github-buttons.js not found")
     all_files.delete(Pathname.new("vendor/javascript/webauthn-json.js")) || raise("importmap:verify expected webauthn-json.js not found")
@@ -20,10 +21,10 @@ namespace :importmap do
 
     packager = ImportmapHelper::Packager.new
 
-    if (imports = packager.import(*packages, env: "production", from: "jspm.io"))
+    if (imports = packager.import(*packages, env: options[:env], from: options[:from]))
       imports.each do |package, url|
         puts %(Verifying "#{package}" download from #{url})
-        packager.verify(package, url)
+        packager.verify(package, url, verbose: ENV["VERBOSE"])
         path = packager.vendored_package_path(package)
         puts %(Verified  "#{package}" at #{path})
         all_files.delete path
@@ -45,4 +46,27 @@ namespace :importmap do
       exit 1
     end
   end
+
+  desc "Re-download all packages in the importmap with the same versions"
+  task pristine: :environment do
+    options = { env: "production", from: "jspm.io" }
+    npm = Importmap::Npm.new(Rails.root.join("config/importmap.rb"))
+
+    packages = npm.packages_with_versions.map do |p, v|
+      v.blank? ? p : [p, v].join("@")
+    end
+
+    puts "Downloading pristine packages from #{options[:from]} to vendor/javascript"
+
+    packager = ImportmapHelper::Packager.new
+
+    if (imports = packager.import(*packages, env: options[:env], from: options[:from]))
+      imports.each do |package, url|
+        puts %(Downloading pinned "#{package}" to #{packager.vendor_path}/#{package}.js from #{url})
+        packager.download(package, url)
+      end
+    else
+      puts "Couldn't find any packages in #{packages.inspect} on #{options[:from]}"
+    end
+  end
 end
diff --git a/vendor/javascript/@hotwired--stimulus.js b/vendor/javascript/@hotwired--stimulus.js
new file mode 100644
index 00000000000..07dd4a6cc36
--- /dev/null
+++ b/vendor/javascript/@hotwired--stimulus.js
@@ -0,0 +1,4 @@
+// @hotwired/stimulus@3.2.2 downloaded from https://ga.jspm.io/npm:@hotwired/stimulus@3.2.2/dist/stimulus.js
+
+class EventListener{constructor(e,t,r){this.eventTarget=e;this.eventName=t;this.eventOptions=r;this.unorderedBindings=new Set}connect(){this.eventTarget.addEventListener(this.eventName,this,this.eventOptions)}disconnect(){this.eventTarget.removeEventListener(this.eventName,this,this.eventOptions)}bindingConnected(e){this.unorderedBindings.add(e)}bindingDisconnected(e){this.unorderedBindings.delete(e)}handleEvent(e){const t=extendEvent(e);for(const e of this.bindings){if(t.immediatePropagationStopped)break;e.handleEvent(t)}}hasBindings(){return this.unorderedBindings.size>0}get bindings(){return Array.from(this.unorderedBindings).sort(((e,t)=>{const r=e.index,s=t.index;return r<s?-1:r>s?1:0}))}}function extendEvent(e){if("immediatePropagationStopped"in e)return e;{const{stopImmediatePropagation:t}=e;return Object.assign(e,{immediatePropagationStopped:false,stopImmediatePropagation(){this.immediatePropagationStopped=true;t.call(this)}})}}class Dispatcher{constructor(e){this.application=e;this.eventListenerMaps=new Map;this.started=false}start(){if(!this.started){this.started=true;this.eventListeners.forEach((e=>e.connect()))}}stop(){if(this.started){this.started=false;this.eventListeners.forEach((e=>e.disconnect()))}}get eventListeners(){return Array.from(this.eventListenerMaps.values()).reduce(((e,t)=>e.concat(Array.from(t.values()))),[])}bindingConnected(e){this.fetchEventListenerForBinding(e).bindingConnected(e)}bindingDisconnected(e,t=false){this.fetchEventListenerForBinding(e).bindingDisconnected(e);t&&this.clearEventListenersForBinding(e)}handleError(e,t,r={}){this.application.handleError(e,`Error ${t}`,r)}clearEventListenersForBinding(e){const t=this.fetchEventListenerForBinding(e);if(!t.hasBindings()){t.disconnect();this.removeMappedEventListenerFor(e)}}removeMappedEventListenerFor(e){const{eventTarget:t,eventName:r,eventOptions:s}=e;const n=this.fetchEventListenerMapForEventTarget(t);const i=this.cacheKey(r,s);n.delete(i);0==n.size&&this.eventListenerMaps.delete(t)}fetchEventListenerForBinding(e){const{eventTarget:t,eventName:r,eventOptions:s}=e;return this.fetchEventListener(t,r,s)}fetchEventListener(e,t,r){const s=this.fetchEventListenerMapForEventTarget(e);const n=this.cacheKey(t,r);let i=s.get(n);if(!i){i=this.createEventListener(e,t,r);s.set(n,i)}return i}createEventListener(e,t,r){const s=new EventListener(e,t,r);this.started&&s.connect();return s}fetchEventListenerMapForEventTarget(e){let t=this.eventListenerMaps.get(e);if(!t){t=new Map;this.eventListenerMaps.set(e,t)}return t}cacheKey(e,t){const r=[e];Object.keys(t).sort().forEach((e=>{r.push(`${t[e]?"":"!"}${e}`)}));return r.join(":")}}const e={stop({event:e,value:t}){t&&e.stopPropagation();return true},prevent({event:e,value:t}){t&&e.preventDefault();return true},self({event:e,value:t,element:r}){return!t||r===e.target}};const t=/^(?:(?:([^.]+?)\+)?(.+?)(?:\.(.+?))?(?:@(window|document))?->)?(.+?)(?:#([^:]+?))(?::(.+))?$/;function parseActionDescriptorString(e){const r=e.trim();const s=r.match(t)||[];let n=s[2];let i=s[3];if(i&&!["keydown","keyup","keypress"].includes(n)){n+=`.${i}`;i=""}return{eventTarget:parseEventTarget(s[4]),eventName:n,eventOptions:s[7]?parseEventOptions(s[7]):{},identifier:s[5],methodName:s[6],keyFilter:s[1]||i}}function parseEventTarget(e){return"window"==e?window:"document"==e?document:void 0}function parseEventOptions(e){return e.split(":").reduce(((e,t)=>Object.assign(e,{[t.replace(/^!/,"")]:!/^!/.test(t)})),{})}function stringifyEventTarget(e){return e==window?"window":e==document?"document":void 0}function camelize(e){return e.replace(/(?:[_-])([a-z0-9])/g,((e,t)=>t.toUpperCase()))}function namespaceCamelize(e){return camelize(e.replace(/--/g,"-").replace(/__/g,"_"))}function capitalize(e){return e.charAt(0).toUpperCase()+e.slice(1)}function dasherize(e){return e.replace(/([A-Z])/g,((e,t)=>`-${t.toLowerCase()}`))}function tokenize(e){return e.match(/[^\s]+/g)||[]}function isSomething(e){return null!==e&&void 0!==e}function hasProperty(e,t){return Object.prototype.hasOwnProperty.call(e,t)}const r=["meta","ctrl","alt","shift"];class Action{constructor(e,t,r,s){this.element=e;this.index=t;this.eventTarget=r.eventTarget||e;this.eventName=r.eventName||getDefaultEventNameForElement(e)||error("missing event name");this.eventOptions=r.eventOptions||{};this.identifier=r.identifier||error("missing identifier");this.methodName=r.methodName||error("missing method name");this.keyFilter=r.keyFilter||"";this.schema=s}static forToken(e,t){return new this(e.element,e.index,parseActionDescriptorString(e.content),t)}toString(){const e=this.keyFilter?`.${this.keyFilter}`:"";const t=this.eventTargetName?`@${this.eventTargetName}`:"";return`${this.eventName}${e}${t}->${this.identifier}#${this.methodName}`}shouldIgnoreKeyboardEvent(e){if(!this.keyFilter)return false;const t=this.keyFilter.split("+");if(this.keyFilterDissatisfied(e,t))return true;const s=t.filter((e=>!r.includes(e)))[0];if(!s)return false;hasProperty(this.keyMappings,s)||error(`contains unknown key filter: ${this.keyFilter}`);return this.keyMappings[s].toLowerCase()!==e.key.toLowerCase()}shouldIgnoreMouseEvent(e){if(!this.keyFilter)return false;const t=[this.keyFilter];return!!this.keyFilterDissatisfied(e,t)}get params(){const e={};const t=new RegExp(`^data-${this.identifier}-(.+)-param$`,"i");for(const{name:r,value:s}of Array.from(this.element.attributes)){const n=r.match(t);const i=n&&n[1];i&&(e[camelize(i)]=typecast(s))}return e}get eventTargetName(){return stringifyEventTarget(this.eventTarget)}get keyMappings(){return this.schema.keyMappings}keyFilterDissatisfied(e,t){const[s,n,i,o]=r.map((e=>t.includes(e)));return e.metaKey!==s||e.ctrlKey!==n||e.altKey!==i||e.shiftKey!==o}}const s={a:()=>"click",button:()=>"click",form:()=>"submit",details:()=>"toggle",input:e=>"submit"==e.getAttribute("type")?"click":"input",select:()=>"change",textarea:()=>"input"};function getDefaultEventNameForElement(e){const t=e.tagName.toLowerCase();if(t in s)return s[t](e)}function error(e){throw new Error(e)}function typecast(e){try{return JSON.parse(e)}catch(t){return e}}class Binding{constructor(e,t){this.context=e;this.action=t}get index(){return this.action.index}get eventTarget(){return this.action.eventTarget}get eventOptions(){return this.action.eventOptions}get identifier(){return this.context.identifier}handleEvent(e){const t=this.prepareActionEvent(e);this.willBeInvokedByEvent(e)&&this.applyEventModifiers(t)&&this.invokeWithEvent(t)}get eventName(){return this.action.eventName}get method(){const e=this.controller[this.methodName];if("function"==typeof e)return e;throw new Error(`Action "${this.action}" references undefined method "${this.methodName}"`)}applyEventModifiers(e){const{element:t}=this.action;const{actionDescriptorFilters:r}=this.context.application;const{controller:s}=this.context;let n=true;for(const[i,o]of Object.entries(this.eventOptions))if(i in r){const c=r[i];n=n&&c({name:i,value:o,event:e,element:t,controller:s})}return n}prepareActionEvent(e){return Object.assign(e,{params:this.action.params})}invokeWithEvent(e){const{target:t,currentTarget:r}=e;try{this.method.call(this.controller,e);this.context.logDebugActivity(this.methodName,{event:e,target:t,currentTarget:r,action:this.methodName})}catch(t){const{identifier:r,controller:s,element:n,index:i}=this;const o={identifier:r,controller:s,element:n,index:i,event:e};this.context.handleError(t,`invoking action "${this.action}"`,o)}}willBeInvokedByEvent(e){const t=e.target;return!(e instanceof KeyboardEvent&&this.action.shouldIgnoreKeyboardEvent(e))&&(!(e instanceof MouseEvent&&this.action.shouldIgnoreMouseEvent(e))&&(this.element===t||(t instanceof Element&&this.element.contains(t)?this.scope.containsElement(t):this.scope.containsElement(this.action.element))))}get controller(){return this.context.controller}get methodName(){return this.action.methodName}get element(){return this.scope.element}get scope(){return this.context.scope}}class ElementObserver{constructor(e,t){this.mutationObserverInit={attributes:true,childList:true,subtree:true};this.element=e;this.started=false;this.delegate=t;this.elements=new Set;this.mutationObserver=new MutationObserver((e=>this.processMutations(e)))}start(){if(!this.started){this.started=true;this.mutationObserver.observe(this.element,this.mutationObserverInit);this.refresh()}}pause(e){if(this.started){this.mutationObserver.disconnect();this.started=false}e();if(!this.started){this.mutationObserver.observe(this.element,this.mutationObserverInit);this.started=true}}stop(){if(this.started){this.mutationObserver.takeRecords();this.mutationObserver.disconnect();this.started=false}}refresh(){if(this.started){const e=new Set(this.matchElementsInTree());for(const t of Array.from(this.elements))e.has(t)||this.removeElement(t);for(const t of Array.from(e))this.addElement(t)}}processMutations(e){if(this.started)for(const t of e)this.processMutation(t)}processMutation(e){if("attributes"==e.type)this.processAttributeChange(e.target,e.attributeName);else if("childList"==e.type){this.processRemovedNodes(e.removedNodes);this.processAddedNodes(e.addedNodes)}}processAttributeChange(e,t){this.elements.has(e)?this.delegate.elementAttributeChanged&&this.matchElement(e)?this.delegate.elementAttributeChanged(e,t):this.removeElement(e):this.matchElement(e)&&this.addElement(e)}processRemovedNodes(e){for(const t of Array.from(e)){const e=this.elementFromNode(t);e&&this.processTree(e,this.removeElement)}}processAddedNodes(e){for(const t of Array.from(e)){const e=this.elementFromNode(t);e&&this.elementIsActive(e)&&this.processTree(e,this.addElement)}}matchElement(e){return this.delegate.matchElement(e)}matchElementsInTree(e=this.element){return this.delegate.matchElementsInTree(e)}processTree(e,t){for(const r of this.matchElementsInTree(e))t.call(this,r)}elementFromNode(e){if(e.nodeType==Node.ELEMENT_NODE)return e}elementIsActive(e){return e.isConnected==this.element.isConnected&&this.element.contains(e)}addElement(e){if(!this.elements.has(e)&&this.elementIsActive(e)){this.elements.add(e);this.delegate.elementMatched&&this.delegate.elementMatched(e)}}removeElement(e){if(this.elements.has(e)){this.elements.delete(e);this.delegate.elementUnmatched&&this.delegate.elementUnmatched(e)}}}class AttributeObserver{constructor(e,t,r){this.attributeName=t;this.delegate=r;this.elementObserver=new ElementObserver(e,this)}get element(){return this.elementObserver.element}get selector(){return`[${this.attributeName}]`}start(){this.elementObserver.start()}pause(e){this.elementObserver.pause(e)}stop(){this.elementObserver.stop()}refresh(){this.elementObserver.refresh()}get started(){return this.elementObserver.started}matchElement(e){return e.hasAttribute(this.attributeName)}matchElementsInTree(e){const t=this.matchElement(e)?[e]:[];const r=Array.from(e.querySelectorAll(this.selector));return t.concat(r)}elementMatched(e){this.delegate.elementMatchedAttribute&&this.delegate.elementMatchedAttribute(e,this.attributeName)}elementUnmatched(e){this.delegate.elementUnmatchedAttribute&&this.delegate.elementUnmatchedAttribute(e,this.attributeName)}elementAttributeChanged(e,t){this.delegate.elementAttributeValueChanged&&this.attributeName==t&&this.delegate.elementAttributeValueChanged(e,t)}}function add(e,t,r){fetch(e,t).add(r)}function del(e,t,r){fetch(e,t).delete(r);prune(e,t)}function fetch(e,t){let r=e.get(t);if(!r){r=new Set;e.set(t,r)}return r}function prune(e,t){const r=e.get(t);null!=r&&0==r.size&&e.delete(t)}class Multimap{constructor(){this.valuesByKey=new Map}get keys(){return Array.from(this.valuesByKey.keys())}get values(){const e=Array.from(this.valuesByKey.values());return e.reduce(((e,t)=>e.concat(Array.from(t))),[])}get size(){const e=Array.from(this.valuesByKey.values());return e.reduce(((e,t)=>e+t.size),0)}add(e,t){add(this.valuesByKey,e,t)}delete(e,t){del(this.valuesByKey,e,t)}has(e,t){const r=this.valuesByKey.get(e);return null!=r&&r.has(t)}hasKey(e){return this.valuesByKey.has(e)}hasValue(e){const t=Array.from(this.valuesByKey.values());return t.some((t=>t.has(e)))}getValuesForKey(e){const t=this.valuesByKey.get(e);return t?Array.from(t):[]}getKeysForValue(e){return Array.from(this.valuesByKey).filter((([t,r])=>r.has(e))).map((([e,t])=>e))}}class IndexedMultimap extends Multimap{constructor(){super();this.keysByValue=new Map}get values(){return Array.from(this.keysByValue.keys())}add(e,t){super.add(e,t);add(this.keysByValue,t,e)}delete(e,t){super.delete(e,t);del(this.keysByValue,t,e)}hasValue(e){return this.keysByValue.has(e)}getKeysForValue(e){const t=this.keysByValue.get(e);return t?Array.from(t):[]}}class SelectorObserver{constructor(e,t,r,s){this._selector=t;this.details=s;this.elementObserver=new ElementObserver(e,this);this.delegate=r;this.matchesByElement=new Multimap}get started(){return this.elementObserver.started}get selector(){return this._selector}set selector(e){this._selector=e;this.refresh()}start(){this.elementObserver.start()}pause(e){this.elementObserver.pause(e)}stop(){this.elementObserver.stop()}refresh(){this.elementObserver.refresh()}get element(){return this.elementObserver.element}matchElement(e){const{selector:t}=this;if(t){const r=e.matches(t);return this.delegate.selectorMatchElement?r&&this.delegate.selectorMatchElement(e,this.details):r}return false}matchElementsInTree(e){const{selector:t}=this;if(t){const r=this.matchElement(e)?[e]:[];const s=Array.from(e.querySelectorAll(t)).filter((e=>this.matchElement(e)));return r.concat(s)}return[]}elementMatched(e){const{selector:t}=this;t&&this.selectorMatched(e,t)}elementUnmatched(e){const t=this.matchesByElement.getKeysForValue(e);for(const r of t)this.selectorUnmatched(e,r)}elementAttributeChanged(e,t){const{selector:r}=this;if(r){const t=this.matchElement(e);const s=this.matchesByElement.has(r,e);t&&!s?this.selectorMatched(e,r):!t&&s&&this.selectorUnmatched(e,r)}}selectorMatched(e,t){this.delegate.selectorMatched(e,t,this.details);this.matchesByElement.add(t,e)}selectorUnmatched(e,t){this.delegate.selectorUnmatched(e,t,this.details);this.matchesByElement.delete(t,e)}}class StringMapObserver{constructor(e,t){this.element=e;this.delegate=t;this.started=false;this.stringMap=new Map;this.mutationObserver=new MutationObserver((e=>this.processMutations(e)))}start(){if(!this.started){this.started=true;this.mutationObserver.observe(this.element,{attributes:true,attributeOldValue:true});this.refresh()}}stop(){if(this.started){this.mutationObserver.takeRecords();this.mutationObserver.disconnect();this.started=false}}refresh(){if(this.started)for(const e of this.knownAttributeNames)this.refreshAttribute(e,null)}processMutations(e){if(this.started)for(const t of e)this.processMutation(t)}processMutation(e){const t=e.attributeName;t&&this.refreshAttribute(t,e.oldValue)}refreshAttribute(e,t){const r=this.delegate.getStringMapKeyForAttribute(e);if(null!=r){this.stringMap.has(e)||this.stringMapKeyAdded(r,e);const s=this.element.getAttribute(e);this.stringMap.get(e)!=s&&this.stringMapValueChanged(s,r,t);if(null==s){const t=this.stringMap.get(e);this.stringMap.delete(e);t&&this.stringMapKeyRemoved(r,e,t)}else this.stringMap.set(e,s)}}stringMapKeyAdded(e,t){this.delegate.stringMapKeyAdded&&this.delegate.stringMapKeyAdded(e,t)}stringMapValueChanged(e,t,r){this.delegate.stringMapValueChanged&&this.delegate.stringMapValueChanged(e,t,r)}stringMapKeyRemoved(e,t,r){this.delegate.stringMapKeyRemoved&&this.delegate.stringMapKeyRemoved(e,t,r)}get knownAttributeNames(){return Array.from(new Set(this.currentAttributeNames.concat(this.recordedAttributeNames)))}get currentAttributeNames(){return Array.from(this.element.attributes).map((e=>e.name))}get recordedAttributeNames(){return Array.from(this.stringMap.keys())}}class TokenListObserver{constructor(e,t,r){this.attributeObserver=new AttributeObserver(e,t,this);this.delegate=r;this.tokensByElement=new Multimap}get started(){return this.attributeObserver.started}start(){this.attributeObserver.start()}pause(e){this.attributeObserver.pause(e)}stop(){this.attributeObserver.stop()}refresh(){this.attributeObserver.refresh()}get element(){return this.attributeObserver.element}get attributeName(){return this.attributeObserver.attributeName}elementMatchedAttribute(e){this.tokensMatched(this.readTokensForElement(e))}elementAttributeValueChanged(e){const[t,r]=this.refreshTokensForElement(e);this.tokensUnmatched(t);this.tokensMatched(r)}elementUnmatchedAttribute(e){this.tokensUnmatched(this.tokensByElement.getValuesForKey(e))}tokensMatched(e){e.forEach((e=>this.tokenMatched(e)))}tokensUnmatched(e){e.forEach((e=>this.tokenUnmatched(e)))}tokenMatched(e){this.delegate.tokenMatched(e);this.tokensByElement.add(e.element,e)}tokenUnmatched(e){this.delegate.tokenUnmatched(e);this.tokensByElement.delete(e.element,e)}refreshTokensForElement(e){const t=this.tokensByElement.getValuesForKey(e);const r=this.readTokensForElement(e);const s=zip(t,r).findIndex((([e,t])=>!tokensAreEqual(e,t)));return-1==s?[[],[]]:[t.slice(s),r.slice(s)]}readTokensForElement(e){const t=this.attributeName;const r=e.getAttribute(t)||"";return parseTokenString(r,e,t)}}function parseTokenString(e,t,r){return e.trim().split(/\s+/).filter((e=>e.length)).map(((e,s)=>({element:t,attributeName:r,content:e,index:s})))}function zip(e,t){const r=Math.max(e.length,t.length);return Array.from({length:r},((r,s)=>[e[s],t[s]]))}function tokensAreEqual(e,t){return e&&t&&e.index==t.index&&e.content==t.content}class ValueListObserver{constructor(e,t,r){this.tokenListObserver=new TokenListObserver(e,t,this);this.delegate=r;this.parseResultsByToken=new WeakMap;this.valuesByTokenByElement=new WeakMap}get started(){return this.tokenListObserver.started}start(){this.tokenListObserver.start()}stop(){this.tokenListObserver.stop()}refresh(){this.tokenListObserver.refresh()}get element(){return this.tokenListObserver.element}get attributeName(){return this.tokenListObserver.attributeName}tokenMatched(e){const{element:t}=e;const{value:r}=this.fetchParseResultForToken(e);if(r){this.fetchValuesByTokenForElement(t).set(e,r);this.delegate.elementMatchedValue(t,r)}}tokenUnmatched(e){const{element:t}=e;const{value:r}=this.fetchParseResultForToken(e);if(r){this.fetchValuesByTokenForElement(t).delete(e);this.delegate.elementUnmatchedValue(t,r)}}fetchParseResultForToken(e){let t=this.parseResultsByToken.get(e);if(!t){t=this.parseToken(e);this.parseResultsByToken.set(e,t)}return t}fetchValuesByTokenForElement(e){let t=this.valuesByTokenByElement.get(e);if(!t){t=new Map;this.valuesByTokenByElement.set(e,t)}return t}parseToken(e){try{const t=this.delegate.parseValueForToken(e);return{value:t}}catch(e){return{error:e}}}}class BindingObserver{constructor(e,t){this.context=e;this.delegate=t;this.bindingsByAction=new Map}start(){if(!this.valueListObserver){this.valueListObserver=new ValueListObserver(this.element,this.actionAttribute,this);this.valueListObserver.start()}}stop(){if(this.valueListObserver){this.valueListObserver.stop();delete this.valueListObserver;this.disconnectAllActions()}}get element(){return this.context.element}get identifier(){return this.context.identifier}get actionAttribute(){return this.schema.actionAttribute}get schema(){return this.context.schema}get bindings(){return Array.from(this.bindingsByAction.values())}connectAction(e){const t=new Binding(this.context,e);this.bindingsByAction.set(e,t);this.delegate.bindingConnected(t)}disconnectAction(e){const t=this.bindingsByAction.get(e);if(t){this.bindingsByAction.delete(e);this.delegate.bindingDisconnected(t)}}disconnectAllActions(){this.bindings.forEach((e=>this.delegate.bindingDisconnected(e,true)));this.bindingsByAction.clear()}parseValueForToken(e){const t=Action.forToken(e,this.schema);if(t.identifier==this.identifier)return t}elementMatchedValue(e,t){this.connectAction(t)}elementUnmatchedValue(e,t){this.disconnectAction(t)}}class ValueObserver{constructor(e,t){this.context=e;this.receiver=t;this.stringMapObserver=new StringMapObserver(this.element,this);this.valueDescriptorMap=this.controller.valueDescriptorMap}start(){this.stringMapObserver.start();this.invokeChangedCallbacksForDefaultValues()}stop(){this.stringMapObserver.stop()}get element(){return this.context.element}get controller(){return this.context.controller}getStringMapKeyForAttribute(e){if(e in this.valueDescriptorMap)return this.valueDescriptorMap[e].name}stringMapKeyAdded(e,t){const r=this.valueDescriptorMap[t];this.hasValue(e)||this.invokeChangedCallback(e,r.writer(this.receiver[e]),r.writer(r.defaultValue))}stringMapValueChanged(e,t,r){const s=this.valueDescriptorNameMap[t];if(null!==e){null===r&&(r=s.writer(s.defaultValue));this.invokeChangedCallback(t,e,r)}}stringMapKeyRemoved(e,t,r){const s=this.valueDescriptorNameMap[e];this.hasValue(e)?this.invokeChangedCallback(e,s.writer(this.receiver[e]),r):this.invokeChangedCallback(e,s.writer(s.defaultValue),r)}invokeChangedCallbacksForDefaultValues(){for(const{key:e,name:t,defaultValue:r,writer:s}of this.valueDescriptors)void 0==r||this.controller.data.has(e)||this.invokeChangedCallback(t,s(r),void 0)}invokeChangedCallback(e,t,r){const s=`${e}Changed`;const n=this.receiver[s];if("function"==typeof n){const s=this.valueDescriptorNameMap[e];try{const e=s.reader(t);let i=r;r&&(i=s.reader(r));n.call(this.receiver,e,i)}catch(e){e instanceof TypeError&&(e.message=`Stimulus Value "${this.context.identifier}.${s.name}" - ${e.message}`);throw e}}}get valueDescriptors(){const{valueDescriptorMap:e}=this;return Object.keys(e).map((t=>e[t]))}get valueDescriptorNameMap(){const e={};Object.keys(this.valueDescriptorMap).forEach((t=>{const r=this.valueDescriptorMap[t];e[r.name]=r}));return e}hasValue(e){const t=this.valueDescriptorNameMap[e];const r=`has${capitalize(t.name)}`;return this.receiver[r]}}class TargetObserver{constructor(e,t){this.context=e;this.delegate=t;this.targetsByName=new Multimap}start(){if(!this.tokenListObserver){this.tokenListObserver=new TokenListObserver(this.element,this.attributeName,this);this.tokenListObserver.start()}}stop(){if(this.tokenListObserver){this.disconnectAllTargets();this.tokenListObserver.stop();delete this.tokenListObserver}}tokenMatched({element:e,content:t}){this.scope.containsElement(e)&&this.connectTarget(e,t)}tokenUnmatched({element:e,content:t}){this.disconnectTarget(e,t)}connectTarget(e,t){var r;if(!this.targetsByName.has(t,e)){this.targetsByName.add(t,e);null===(r=this.tokenListObserver)||void 0===r?void 0:r.pause((()=>this.delegate.targetConnected(e,t)))}}disconnectTarget(e,t){var r;if(this.targetsByName.has(t,e)){this.targetsByName.delete(t,e);null===(r=this.tokenListObserver)||void 0===r?void 0:r.pause((()=>this.delegate.targetDisconnected(e,t)))}}disconnectAllTargets(){for(const e of this.targetsByName.keys)for(const t of this.targetsByName.getValuesForKey(e))this.disconnectTarget(t,e)}get attributeName(){return`data-${this.context.identifier}-target`}get element(){return this.context.element}get scope(){return this.context.scope}}function readInheritableStaticArrayValues(e,t){const r=getAncestorsForConstructor(e);return Array.from(r.reduce(((e,r)=>{getOwnStaticArrayValues(r,t).forEach((t=>e.add(t)));return e}),new Set))}function readInheritableStaticObjectPairs(e,t){const r=getAncestorsForConstructor(e);return r.reduce(((e,r)=>{e.push(...getOwnStaticObjectPairs(r,t));return e}),[])}function getAncestorsForConstructor(e){const t=[];while(e){t.push(e);e=Object.getPrototypeOf(e)}return t.reverse()}function getOwnStaticArrayValues(e,t){const r=e[t];return Array.isArray(r)?r:[]}function getOwnStaticObjectPairs(e,t){const r=e[t];return r?Object.keys(r).map((e=>[e,r[e]])):[]}class OutletObserver{constructor(e,t){this.started=false;this.context=e;this.delegate=t;this.outletsByName=new Multimap;this.outletElementsByName=new Multimap;this.selectorObserverMap=new Map;this.attributeObserverMap=new Map}start(){if(!this.started){this.outletDefinitions.forEach((e=>{this.setupSelectorObserverForOutlet(e);this.setupAttributeObserverForOutlet(e)}));this.started=true;this.dependentContexts.forEach((e=>e.refresh()))}}refresh(){this.selectorObserverMap.forEach((e=>e.refresh()));this.attributeObserverMap.forEach((e=>e.refresh()))}stop(){if(this.started){this.started=false;this.disconnectAllOutlets();this.stopSelectorObservers();this.stopAttributeObservers()}}stopSelectorObservers(){if(this.selectorObserverMap.size>0){this.selectorObserverMap.forEach((e=>e.stop()));this.selectorObserverMap.clear()}}stopAttributeObservers(){if(this.attributeObserverMap.size>0){this.attributeObserverMap.forEach((e=>e.stop()));this.attributeObserverMap.clear()}}selectorMatched(e,t,{outletName:r}){const s=this.getOutlet(e,r);s&&this.connectOutlet(s,e,r)}selectorUnmatched(e,t,{outletName:r}){const s=this.getOutletFromMap(e,r);s&&this.disconnectOutlet(s,e,r)}selectorMatchElement(e,{outletName:t}){const r=this.selector(t);const s=this.hasOutlet(e,t);const n=e.matches(`[${this.schema.controllerAttribute}~=${t}]`);return!!r&&(s&&n&&e.matches(r))}elementMatchedAttribute(e,t){const r=this.getOutletNameFromOutletAttributeName(t);r&&this.updateSelectorObserverForOutlet(r)}elementAttributeValueChanged(e,t){const r=this.getOutletNameFromOutletAttributeName(t);r&&this.updateSelectorObserverForOutlet(r)}elementUnmatchedAttribute(e,t){const r=this.getOutletNameFromOutletAttributeName(t);r&&this.updateSelectorObserverForOutlet(r)}connectOutlet(e,t,r){var s;if(!this.outletElementsByName.has(r,t)){this.outletsByName.add(r,e);this.outletElementsByName.add(r,t);null===(s=this.selectorObserverMap.get(r))||void 0===s?void 0:s.pause((()=>this.delegate.outletConnected(e,t,r)))}}disconnectOutlet(e,t,r){var s;if(this.outletElementsByName.has(r,t)){this.outletsByName.delete(r,e);this.outletElementsByName.delete(r,t);null===(s=this.selectorObserverMap.get(r))||void 0===s?void 0:s.pause((()=>this.delegate.outletDisconnected(e,t,r)))}}disconnectAllOutlets(){for(const e of this.outletElementsByName.keys)for(const t of this.outletElementsByName.getValuesForKey(e))for(const r of this.outletsByName.getValuesForKey(e))this.disconnectOutlet(r,t,e)}updateSelectorObserverForOutlet(e){const t=this.selectorObserverMap.get(e);t&&(t.selector=this.selector(e))}setupSelectorObserverForOutlet(e){const t=this.selector(e);const r=new SelectorObserver(document.body,t,this,{outletName:e});this.selectorObserverMap.set(e,r);r.start()}setupAttributeObserverForOutlet(e){const t=this.attributeNameForOutletName(e);const r=new AttributeObserver(this.scope.element,t,this);this.attributeObserverMap.set(e,r);r.start()}selector(e){return this.scope.outlets.getSelectorForOutletName(e)}attributeNameForOutletName(e){return this.scope.schema.outletAttributeForScope(this.identifier,e)}getOutletNameFromOutletAttributeName(e){return this.outletDefinitions.find((t=>this.attributeNameForOutletName(t)===e))}get outletDependencies(){const e=new Multimap;this.router.modules.forEach((t=>{const r=t.definition.controllerConstructor;const s=readInheritableStaticArrayValues(r,"outlets");s.forEach((r=>e.add(r,t.identifier)))}));return e}get outletDefinitions(){return this.outletDependencies.getKeysForValue(this.identifier)}get dependentControllerIdentifiers(){return this.outletDependencies.getValuesForKey(this.identifier)}get dependentContexts(){const e=this.dependentControllerIdentifiers;return this.router.contexts.filter((t=>e.includes(t.identifier)))}hasOutlet(e,t){return!!this.getOutlet(e,t)||!!this.getOutletFromMap(e,t)}getOutlet(e,t){return this.application.getControllerForElementAndIdentifier(e,t)}getOutletFromMap(e,t){return this.outletsByName.getValuesForKey(t).find((t=>t.element===e))}get scope(){return this.context.scope}get schema(){return this.context.schema}get identifier(){return this.context.identifier}get application(){return this.context.application}get router(){return this.application.router}}class Context{constructor(e,t){this.logDebugActivity=(e,t={})=>{const{identifier:r,controller:s,element:n}=this;t=Object.assign({identifier:r,controller:s,element:n},t);this.application.logDebugActivity(this.identifier,e,t)};this.module=e;this.scope=t;this.controller=new e.controllerConstructor(this);this.bindingObserver=new BindingObserver(this,this.dispatcher);this.valueObserver=new ValueObserver(this,this.controller);this.targetObserver=new TargetObserver(this,this);this.outletObserver=new OutletObserver(this,this);try{this.controller.initialize();this.logDebugActivity("initialize")}catch(e){this.handleError(e,"initializing controller")}}connect(){this.bindingObserver.start();this.valueObserver.start();this.targetObserver.start();this.outletObserver.start();try{this.controller.connect();this.logDebugActivity("connect")}catch(e){this.handleError(e,"connecting controller")}}refresh(){this.outletObserver.refresh()}disconnect(){try{this.controller.disconnect();this.logDebugActivity("disconnect")}catch(e){this.handleError(e,"disconnecting controller")}this.outletObserver.stop();this.targetObserver.stop();this.valueObserver.stop();this.bindingObserver.stop()}get application(){return this.module.application}get identifier(){return this.module.identifier}get schema(){return this.application.schema}get dispatcher(){return this.application.dispatcher}get element(){return this.scope.element}get parentElement(){return this.element.parentElement}handleError(e,t,r={}){const{identifier:s,controller:n,element:i}=this;r=Object.assign({identifier:s,controller:n,element:i},r);this.application.handleError(e,`Error ${t}`,r)}targetConnected(e,t){this.invokeControllerMethod(`${t}TargetConnected`,e)}targetDisconnected(e,t){this.invokeControllerMethod(`${t}TargetDisconnected`,e)}outletConnected(e,t,r){this.invokeControllerMethod(`${namespaceCamelize(r)}OutletConnected`,e,t)}outletDisconnected(e,t,r){this.invokeControllerMethod(`${namespaceCamelize(r)}OutletDisconnected`,e,t)}invokeControllerMethod(e,...t){const r=this.controller;"function"==typeof r[e]&&r[e](...t)}}function bless(e){return shadow(e,getBlessedProperties(e))}function shadow(e,t){const r=i(e);const s=getShadowProperties(e.prototype,t);Object.defineProperties(r.prototype,s);return r}function getBlessedProperties(e){const t=readInheritableStaticArrayValues(e,"blessings");return t.reduce(((t,r)=>{const s=r(e);for(const e in s){const r=t[e]||{};t[e]=Object.assign(r,s[e])}return t}),{})}function getShadowProperties(e,t){return n(t).reduce(((r,s)=>{const n=getShadowedDescriptor(e,t,s);n&&Object.assign(r,{[s]:n});return r}),{})}function getShadowedDescriptor(e,t,r){const s=Object.getOwnPropertyDescriptor(e,r);const n=s&&"value"in s;if(!n){const e=Object.getOwnPropertyDescriptor(t,r).value;if(s){e.get=s.get||e.get;e.set=s.set||e.set}return e}}const n=(()=>"function"==typeof Object.getOwnPropertySymbols?e=>[...Object.getOwnPropertyNames(e),...Object.getOwnPropertySymbols(e)]:Object.getOwnPropertyNames)();const i=(()=>{function extendWithReflect(e){function extended(){return Reflect.construct(e,arguments,new.target)}extended.prototype=Object.create(e.prototype,{constructor:{value:extended}});Reflect.setPrototypeOf(extended,e);return extended}function testReflectExtension(){const a=function(){this.a.call(this)};const e=extendWithReflect(a);e.prototype.a=function(){};return new e}try{testReflectExtension();return extendWithReflect}catch(e){return e=>class extended extends e{}}})();function blessDefinition(e){return{identifier:e.identifier,controllerConstructor:bless(e.controllerConstructor)}}class Module{constructor(e,t){this.application=e;this.definition=blessDefinition(t);this.contextsByScope=new WeakMap;this.connectedContexts=new Set}get identifier(){return this.definition.identifier}get controllerConstructor(){return this.definition.controllerConstructor}get contexts(){return Array.from(this.connectedContexts)}connectContextForScope(e){const t=this.fetchContextForScope(e);this.connectedContexts.add(t);t.connect()}disconnectContextForScope(e){const t=this.contextsByScope.get(e);if(t){this.connectedContexts.delete(t);t.disconnect()}}fetchContextForScope(e){let t=this.contextsByScope.get(e);if(!t){t=new Context(this,e);this.contextsByScope.set(e,t)}return t}}class ClassMap{constructor(e){this.scope=e}has(e){return this.data.has(this.getDataKey(e))}get(e){return this.getAll(e)[0]}getAll(e){const t=this.data.get(this.getDataKey(e))||"";return tokenize(t)}getAttributeName(e){return this.data.getAttributeNameForKey(this.getDataKey(e))}getDataKey(e){return`${e}-class`}get data(){return this.scope.data}}class DataMap{constructor(e){this.scope=e}get element(){return this.scope.element}get identifier(){return this.scope.identifier}get(e){const t=this.getAttributeNameForKey(e);return this.element.getAttribute(t)}set(e,t){const r=this.getAttributeNameForKey(e);this.element.setAttribute(r,t);return this.get(e)}has(e){const t=this.getAttributeNameForKey(e);return this.element.hasAttribute(t)}delete(e){if(this.has(e)){const t=this.getAttributeNameForKey(e);this.element.removeAttribute(t);return true}return false}getAttributeNameForKey(e){return`data-${this.identifier}-${dasherize(e)}`}}class Guide{constructor(e){this.warnedKeysByObject=new WeakMap;this.logger=e}warn(e,t,r){let s=this.warnedKeysByObject.get(e);if(!s){s=new Set;this.warnedKeysByObject.set(e,s)}if(!s.has(t)){s.add(t);this.logger.warn(r,e)}}}function attributeValueContainsToken(e,t){return`[${e}~="${t}"]`}class TargetSet{constructor(e){this.scope=e}get element(){return this.scope.element}get identifier(){return this.scope.identifier}get schema(){return this.scope.schema}has(e){return null!=this.find(e)}find(...e){return e.reduce(((e,t)=>e||this.findTarget(t)||this.findLegacyTarget(t)),void 0)}findAll(...e){return e.reduce(((e,t)=>[...e,...this.findAllTargets(t),...this.findAllLegacyTargets(t)]),[])}findTarget(e){const t=this.getSelectorForTargetName(e);return this.scope.findElement(t)}findAllTargets(e){const t=this.getSelectorForTargetName(e);return this.scope.findAllElements(t)}getSelectorForTargetName(e){const t=this.schema.targetAttributeForScope(this.identifier);return attributeValueContainsToken(t,e)}findLegacyTarget(e){const t=this.getLegacySelectorForTargetName(e);return this.deprecate(this.scope.findElement(t),e)}findAllLegacyTargets(e){const t=this.getLegacySelectorForTargetName(e);return this.scope.findAllElements(t).map((t=>this.deprecate(t,e)))}getLegacySelectorForTargetName(e){const t=`${this.identifier}.${e}`;return attributeValueContainsToken(this.schema.targetAttribute,t)}deprecate(e,t){if(e){const{identifier:r}=this;const s=this.schema.targetAttribute;const n=this.schema.targetAttributeForScope(r);this.guide.warn(e,`target:${t}`,`Please replace ${s}="${r}.${t}" with ${n}="${t}". The ${s} attribute is deprecated and will be removed in a future version of Stimulus.`)}return e}get guide(){return this.scope.guide}}class OutletSet{constructor(e,t){this.scope=e;this.controllerElement=t}get element(){return this.scope.element}get identifier(){return this.scope.identifier}get schema(){return this.scope.schema}has(e){return null!=this.find(e)}find(...e){return e.reduce(((e,t)=>e||this.findOutlet(t)),void 0)}findAll(...e){return e.reduce(((e,t)=>[...e,...this.findAllOutlets(t)]),[])}getSelectorForOutletName(e){const t=this.schema.outletAttributeForScope(this.identifier,e);return this.controllerElement.getAttribute(t)}findOutlet(e){const t=this.getSelectorForOutletName(e);if(t)return this.findElement(t,e)}findAllOutlets(e){const t=this.getSelectorForOutletName(e);return t?this.findAllElements(t,e):[]}findElement(e,t){const r=this.scope.queryElements(e);return r.filter((r=>this.matchesElement(r,e,t)))[0]}findAllElements(e,t){const r=this.scope.queryElements(e);return r.filter((r=>this.matchesElement(r,e,t)))}matchesElement(e,t,r){const s=e.getAttribute(this.scope.schema.controllerAttribute)||"";return e.matches(t)&&s.split(" ").includes(r)}}class Scope{constructor(e,t,r,s){this.targets=new TargetSet(this);this.classes=new ClassMap(this);this.data=new DataMap(this);this.containsElement=e=>e.closest(this.controllerSelector)===this.element;this.schema=e;this.element=t;this.identifier=r;this.guide=new Guide(s);this.outlets=new OutletSet(this.documentScope,t)}findElement(e){return this.element.matches(e)?this.element:this.queryElements(e).find(this.containsElement)}findAllElements(e){return[...this.element.matches(e)?[this.element]:[],...this.queryElements(e).filter(this.containsElement)]}queryElements(e){return Array.from(this.element.querySelectorAll(e))}get controllerSelector(){return attributeValueContainsToken(this.schema.controllerAttribute,this.identifier)}get isDocumentScope(){return this.element===document.documentElement}get documentScope(){return this.isDocumentScope?this:new Scope(this.schema,document.documentElement,this.identifier,this.guide.logger)}}class ScopeObserver{constructor(e,t,r){this.element=e;this.schema=t;this.delegate=r;this.valueListObserver=new ValueListObserver(this.element,this.controllerAttribute,this);this.scopesByIdentifierByElement=new WeakMap;this.scopeReferenceCounts=new WeakMap}start(){this.valueListObserver.start()}stop(){this.valueListObserver.stop()}get controllerAttribute(){return this.schema.controllerAttribute}parseValueForToken(e){const{element:t,content:r}=e;return this.parseValueForElementAndIdentifier(t,r)}parseValueForElementAndIdentifier(e,t){const r=this.fetchScopesByIdentifierForElement(e);let s=r.get(t);if(!s){s=this.delegate.createScopeForElementAndIdentifier(e,t);r.set(t,s)}return s}elementMatchedValue(e,t){const r=(this.scopeReferenceCounts.get(t)||0)+1;this.scopeReferenceCounts.set(t,r);1==r&&this.delegate.scopeConnected(t)}elementUnmatchedValue(e,t){const r=this.scopeReferenceCounts.get(t);if(r){this.scopeReferenceCounts.set(t,r-1);1==r&&this.delegate.scopeDisconnected(t)}}fetchScopesByIdentifierForElement(e){let t=this.scopesByIdentifierByElement.get(e);if(!t){t=new Map;this.scopesByIdentifierByElement.set(e,t)}return t}}class Router{constructor(e){this.application=e;this.scopeObserver=new ScopeObserver(this.element,this.schema,this);this.scopesByIdentifier=new Multimap;this.modulesByIdentifier=new Map}get element(){return this.application.element}get schema(){return this.application.schema}get logger(){return this.application.logger}get controllerAttribute(){return this.schema.controllerAttribute}get modules(){return Array.from(this.modulesByIdentifier.values())}get contexts(){return this.modules.reduce(((e,t)=>e.concat(t.contexts)),[])}start(){this.scopeObserver.start()}stop(){this.scopeObserver.stop()}loadDefinition(e){this.unloadIdentifier(e.identifier);const t=new Module(this.application,e);this.connectModule(t);const r=e.controllerConstructor.afterLoad;r&&r.call(e.controllerConstructor,e.identifier,this.application)}unloadIdentifier(e){const t=this.modulesByIdentifier.get(e);t&&this.disconnectModule(t)}getContextForElementAndIdentifier(e,t){const r=this.modulesByIdentifier.get(t);if(r)return r.contexts.find((t=>t.element==e))}proposeToConnectScopeForElementAndIdentifier(e,t){const r=this.scopeObserver.parseValueForElementAndIdentifier(e,t);r?this.scopeObserver.elementMatchedValue(r.element,r):console.error(`Couldn't find or create scope for identifier: "${t}" and element:`,e)}handleError(e,t,r){this.application.handleError(e,t,r)}createScopeForElementAndIdentifier(e,t){return new Scope(this.schema,e,t,this.logger)}scopeConnected(e){this.scopesByIdentifier.add(e.identifier,e);const t=this.modulesByIdentifier.get(e.identifier);t&&t.connectContextForScope(e)}scopeDisconnected(e){this.scopesByIdentifier.delete(e.identifier,e);const t=this.modulesByIdentifier.get(e.identifier);t&&t.disconnectContextForScope(e)}connectModule(e){this.modulesByIdentifier.set(e.identifier,e);const t=this.scopesByIdentifier.getValuesForKey(e.identifier);t.forEach((t=>e.connectContextForScope(t)))}disconnectModule(e){this.modulesByIdentifier.delete(e.identifier);const t=this.scopesByIdentifier.getValuesForKey(e.identifier);t.forEach((t=>e.disconnectContextForScope(t)))}}const o={controllerAttribute:"data-controller",actionAttribute:"data-action",targetAttribute:"data-target",targetAttributeForScope:e=>`data-${e}-target`,outletAttributeForScope:(e,t)=>`data-${e}-${t}-outlet`,keyMappings:Object.assign(Object.assign({enter:"Enter",tab:"Tab",esc:"Escape",space:" ",up:"ArrowUp",down:"ArrowDown",left:"ArrowLeft",right:"ArrowRight",home:"Home",end:"End",page_up:"PageUp",page_down:"PageDown"},objectFromEntries("abcdefghijklmnopqrstuvwxyz".split("").map((e=>[e,e])))),objectFromEntries("0123456789".split("").map((e=>[e,e]))))};function objectFromEntries(e){return e.reduce(((e,[t,r])=>Object.assign(Object.assign({},e),{[t]:r})),{})}class Application{constructor(t=document.documentElement,r=o){this.logger=console;this.debug=false;this.logDebugActivity=(e,t,r={})=>{this.debug&&this.logFormattedMessage(e,t,r)};this.element=t;this.schema=r;this.dispatcher=new Dispatcher(this);this.router=new Router(this);this.actionDescriptorFilters=Object.assign({},e)}static start(e,t){const r=new this(e,t);r.start();return r}async start(){await domReady();this.logDebugActivity("application","starting");this.dispatcher.start();this.router.start();this.logDebugActivity("application","start")}stop(){this.logDebugActivity("application","stopping");this.dispatcher.stop();this.router.stop();this.logDebugActivity("application","stop")}register(e,t){this.load({identifier:e,controllerConstructor:t})}registerActionOption(e,t){this.actionDescriptorFilters[e]=t}load(e,...t){const r=Array.isArray(e)?e:[e,...t];r.forEach((e=>{e.controllerConstructor.shouldLoad&&this.router.loadDefinition(e)}))}unload(e,...t){const r=Array.isArray(e)?e:[e,...t];r.forEach((e=>this.router.unloadIdentifier(e)))}get controllers(){return this.router.contexts.map((e=>e.controller))}getControllerForElementAndIdentifier(e,t){const r=this.router.getContextForElementAndIdentifier(e,t);return r?r.controller:null}handleError(e,t,r){var s;this.logger.error("%s\n\n%o\n\n%o",t,e,r);null===(s=window.onerror)||void 0===s?void 0:s.call(window,t,"",0,0,e)}logFormattedMessage(e,t,r={}){r=Object.assign({application:this},r);this.logger.groupCollapsed(`${e} #${t}`);this.logger.log("details:",Object.assign({},r));this.logger.groupEnd()}}function domReady(){return new Promise((e=>{"loading"==document.readyState?document.addEventListener("DOMContentLoaded",(()=>e())):e()}))}function ClassPropertiesBlessing(e){const t=readInheritableStaticArrayValues(e,"classes");return t.reduce(((e,t)=>Object.assign(e,propertiesForClassDefinition(t))),{})}function propertiesForClassDefinition(e){return{[`${e}Class`]:{get(){const{classes:t}=this;if(t.has(e))return t.get(e);{const r=t.getAttributeName(e);throw new Error(`Missing attribute "${r}"`)}}},[`${e}Classes`]:{get(){return this.classes.getAll(e)}},[`has${capitalize(e)}Class`]:{get(){return this.classes.has(e)}}}}function OutletPropertiesBlessing(e){const t=readInheritableStaticArrayValues(e,"outlets");return t.reduce(((e,t)=>Object.assign(e,propertiesForOutletDefinition(t))),{})}function getOutletController(e,t,r){return e.application.getControllerForElementAndIdentifier(t,r)}function getControllerAndEnsureConnectedScope(e,t,r){let s=getOutletController(e,t,r);if(s)return s;e.application.router.proposeToConnectScopeForElementAndIdentifier(t,r);s=getOutletController(e,t,r);return s||void 0}function propertiesForOutletDefinition(e){const t=namespaceCamelize(e);return{[`${t}Outlet`]:{get(){const t=this.outlets.find(e);const r=this.outlets.getSelectorForOutletName(e);if(t){const r=getControllerAndEnsureConnectedScope(this,t,e);if(r)return r;throw new Error(`The provided outlet element is missing an outlet controller "${e}" instance for host controller "${this.identifier}"`)}throw new Error(`Missing outlet element "${e}" for host controller "${this.identifier}". Stimulus couldn't find a matching outlet element using selector "${r}".`)}},[`${t}Outlets`]:{get(){const t=this.outlets.findAll(e);return t.length>0?t.map((t=>{const r=getControllerAndEnsureConnectedScope(this,t,e);if(r)return r;console.warn(`The provided outlet element is missing an outlet controller "${e}" instance for host controller "${this.identifier}"`,t)})).filter((e=>e)):[]}},[`${t}OutletElement`]:{get(){const t=this.outlets.find(e);const r=this.outlets.getSelectorForOutletName(e);if(t)return t;throw new Error(`Missing outlet element "${e}" for host controller "${this.identifier}". Stimulus couldn't find a matching outlet element using selector "${r}".`)}},[`${t}OutletElements`]:{get(){return this.outlets.findAll(e)}},[`has${capitalize(t)}Outlet`]:{get(){return this.outlets.has(e)}}}}function TargetPropertiesBlessing(e){const t=readInheritableStaticArrayValues(e,"targets");return t.reduce(((e,t)=>Object.assign(e,propertiesForTargetDefinition(t))),{})}function propertiesForTargetDefinition(e){return{[`${e}Target`]:{get(){const t=this.targets.find(e);if(t)return t;throw new Error(`Missing target element "${e}" for "${this.identifier}" controller`)}},[`${e}Targets`]:{get(){return this.targets.findAll(e)}},[`has${capitalize(e)}Target`]:{get(){return this.targets.has(e)}}}}function ValuePropertiesBlessing(e){const t=readInheritableStaticObjectPairs(e,"values");const r={valueDescriptorMap:{get(){return t.reduce(((e,t)=>{const r=parseValueDefinitionPair(t,this.identifier);const s=this.data.getAttributeNameForKey(r.key);return Object.assign(e,{[s]:r})}),{})}}};return t.reduce(((e,t)=>Object.assign(e,propertiesForValueDefinitionPair(t))),r)}function propertiesForValueDefinitionPair(e,t){const r=parseValueDefinitionPair(e,t);const{key:s,name:n,reader:i,writer:o}=r;return{[n]:{get(){const e=this.data.get(s);return null!==e?i(e):r.defaultValue},set(e){void 0===e?this.data.delete(s):this.data.set(s,o(e))}},[`has${capitalize(n)}`]:{get(){return this.data.has(s)||r.hasCustomDefaultValue}}}}function parseValueDefinitionPair([e,t],r){return valueDescriptorForTokenAndTypeDefinition({controller:r,token:e,typeDefinition:t})}function parseValueTypeConstant(e){switch(e){case Array:return"array";case Boolean:return"boolean";case Number:return"number";case Object:return"object";case String:return"string"}}function parseValueTypeDefault(e){switch(typeof e){case"boolean":return"boolean";case"number":return"number";case"string":return"string"}return Array.isArray(e)?"array":"[object Object]"===Object.prototype.toString.call(e)?"object":void 0}function parseValueTypeObject(e){const{controller:t,token:r,typeObject:s}=e;const n=isSomething(s.type);const i=isSomething(s.default);const o=n&&i;const c=n&&!i;const l=!n&&i;const h=parseValueTypeConstant(s.type);const u=parseValueTypeDefault(e.typeObject.default);if(c)return h;if(l)return u;if(h!==u){const e=t?`${t}.${r}`:r;throw new Error(`The specified default value for the Stimulus Value "${e}" must match the defined type "${h}". The provided default value of "${s.default}" is of type "${u}".`)}return o?h:void 0}function parseValueTypeDefinition(e){const{controller:t,token:r,typeDefinition:s}=e;const n={controller:t,token:r,typeObject:s};const i=parseValueTypeObject(n);const o=parseValueTypeDefault(s);const c=parseValueTypeConstant(s);const l=i||o||c;if(l)return l;const h=t?`${t}.${s}`:r;throw new Error(`Unknown value type "${h}" for "${r}" value`)}function defaultValueForDefinition(e){const t=parseValueTypeConstant(e);if(t)return c[t];const r=hasProperty(e,"default");const s=hasProperty(e,"type");const n=e;if(r)return n.default;if(s){const{type:e}=n;const t=parseValueTypeConstant(e);if(t)return c[t]}return e}function valueDescriptorForTokenAndTypeDefinition(e){const{token:t,typeDefinition:r}=e;const s=`${dasherize(t)}-value`;const n=parseValueTypeDefinition(e);return{type:n,key:s,name:camelize(s),get defaultValue(){return defaultValueForDefinition(r)},get hasCustomDefaultValue(){return void 0!==parseValueTypeDefault(r)},reader:l[n],writer:h[n]||h.default}}const c={get array(){return[]},boolean:false,number:0,get object(){return{}},string:""};const l={array(e){const t=JSON.parse(e);if(!Array.isArray(t))throw new TypeError(`expected value of type "array" but instead got value "${e}" of type "${parseValueTypeDefault(t)}"`);return t},boolean(e){return!("0"==e||"false"==String(e).toLowerCase())},number(e){return Number(e.replace(/_/g,""))},object(e){const t=JSON.parse(e);if(null===t||"object"!=typeof t||Array.isArray(t))throw new TypeError(`expected value of type "object" but instead got value "${e}" of type "${parseValueTypeDefault(t)}"`);return t},string(e){return e}};const h={default:writeString,array:writeJSON,object:writeJSON};function writeJSON(e){return JSON.stringify(e)}function writeString(e){return`${e}`}class Controller{constructor(e){this.context=e}static get shouldLoad(){return true}static afterLoad(e,t){}get application(){return this.context.application}get scope(){return this.context.scope}get element(){return this.scope.element}get identifier(){return this.scope.identifier}get targets(){return this.scope.targets}get outlets(){return this.scope.outlets}get classes(){return this.scope.classes}get data(){return this.scope.data}initialize(){}connect(){}disconnect(){}dispatch(e,{target:t=this.element,detail:r={},prefix:s=this.identifier,bubbles:n=true,cancelable:i=true}={}){const o=s?`${s}:${e}`:e;const c=new CustomEvent(o,{detail:r,bubbles:n,cancelable:i});t.dispatchEvent(c);return c}}Controller.blessings=[ClassPropertiesBlessing,TargetPropertiesBlessing,ValuePropertiesBlessing,OutletPropertiesBlessing];Controller.targets=[];Controller.outlets=[];Controller.values={};export{Application,AttributeObserver,Context,Controller,ElementObserver,IndexedMultimap,Multimap,SelectorObserver,StringMapObserver,TokenListObserver,ValueListObserver,add,o as defaultSchema,del,fetch,prune};
+
diff --git a/vendor/javascript/@rails--ujs.js b/vendor/javascript/@rails--ujs.js
index bb3135b1de5..57803d29178 100644
--- a/vendor/javascript/@rails--ujs.js
+++ b/vendor/javascript/@rails--ujs.js
@@ -1,2 +1,4 @@
+// @rails/ujs@7.1.3-4 downloaded from https://ga.jspm.io/npm:@rails/ujs@7.1.3-4/app/assets/javascripts/rails-ujs.esm.js
+
 const t="a[data-confirm], a[data-method], a[data-remote]:not([disabled]), a[data-disable-with], a[data-disable]";const e={selector:"button[data-remote]:not([form]), button[data-confirm]:not([form])",exclude:"form button"};const n="select[data-remote], input[data-remote], textarea[data-remote]";const o="form:not([data-turbo=true])";const a="form:not([data-turbo=true]) input[type=submit], form:not([data-turbo=true]) input[type=image], form:not([data-turbo=true]) button[type=submit], form:not([data-turbo=true]) button:not([type]), input[type=submit][form], input[type=image][form], button[type=submit][form], button[form]:not([type])";const r="input[data-disable-with]:enabled, button[data-disable-with]:enabled, textarea[data-disable-with]:enabled, input[data-disable]:enabled, button[data-disable]:enabled, textarea[data-disable]:enabled";const c="input[data-disable-with]:disabled, button[data-disable-with]:disabled, textarea[data-disable-with]:disabled, input[data-disable]:disabled, button[data-disable]:disabled, textarea[data-disable]:disabled";const s="input[name][type=file]:not([disabled])";const i="a[data-disable-with], a[data-disable]";const u="button[data-remote][data-disable-with], button[data-remote][data-disable]";let l=null;const loadCSPNonce=()=>{const t=document.querySelector("meta[name=csp-nonce]");return l=t&&t.content};const cspNonce=()=>l||loadCSPNonce();const d=Element.prototype.matches||Element.prototype.matchesSelector||Element.prototype.mozMatchesSelector||Element.prototype.msMatchesSelector||Element.prototype.oMatchesSelector||Element.prototype.webkitMatchesSelector;const matches=function(t,e){return e.exclude?d.call(t,e.selector)&&!d.call(t,e.exclude):d.call(t,e)};const m="_ujsData";const getData=(t,e)=>t[m]?t[m][e]:void 0;const setData=function(t,e,n){t[m]||(t[m]={});return t[m][e]=n};const $=t=>Array.prototype.slice.call(document.querySelectorAll(t));const isContentEditable=function(t){var e=false;do{if(t.isContentEditable){e=true;break}t=t.parentElement}while(t);return e};const csrfToken=()=>{const t=document.querySelector("meta[name=csrf-token]");return t&&t.content};const csrfParam=()=>{const t=document.querySelector("meta[name=csrf-param]");return t&&t.content};const CSRFProtection=t=>{const e=csrfToken();if(e)return t.setRequestHeader("X-CSRF-Token",e)};const refreshCSRFTokens=()=>{const t=csrfToken();const e=csrfParam();if(t&&e)return $('form input[name="'+e+'"]').forEach((e=>e.value=t))};const p={"*":"*/*",text:"text/plain",html:"text/html",xml:"application/xml, text/xml",json:"application/json, text/javascript",script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"};const ajax=t=>{t=prepareOptions(t);var e=createXHR(t,(function(){const n=processResponse(e.response!=null?e.response:e.responseText,e.getResponseHeader("Content-Type"));Math.floor(e.status/100)===2?typeof t.success==="function"&&t.success(n,e.statusText,e):typeof t.error==="function"&&t.error(n,e.statusText,e);return typeof t.complete==="function"?t.complete(e,e.statusText):void 0}));return!(t.beforeSend&&!t.beforeSend(e,t))&&(e.readyState===XMLHttpRequest.OPENED?e.send(t.data):void 0)};var prepareOptions=function(t){t.url=t.url||location.href;t.type=t.type.toUpperCase();t.type==="GET"&&t.data&&(t.url.indexOf("?")<0?t.url+="?"+t.data:t.url+="&"+t.data);t.dataType in p||(t.dataType="*");t.accept=p[t.dataType];t.dataType!=="*"&&(t.accept+=", */*; q=0.01");return t};var createXHR=function(t,e){const n=new XMLHttpRequest;n.open(t.type,t.url,true);n.setRequestHeader("Accept",t.accept);typeof t.data==="string"&&n.setRequestHeader("Content-Type","application/x-www-form-urlencoded; charset=UTF-8");if(!t.crossDomain){n.setRequestHeader("X-Requested-With","XMLHttpRequest");CSRFProtection(n)}n.withCredentials=!!t.withCredentials;n.onreadystatechange=function(){if(n.readyState===XMLHttpRequest.DONE)return e(n)};return n};var processResponse=function(t,e){if(typeof t==="string"&&typeof e==="string")if(e.match(/\bjson\b/))try{t=JSON.parse(t)}catch(t){}else if(e.match(/\b(?:java|ecma)script\b/)){const e=document.createElement("script");e.setAttribute("nonce",cspNonce());e.text=t;document.head.appendChild(e).parentNode.removeChild(e)}else if(e.match(/\b(xml|html|svg)\b/)){const n=new DOMParser;e=e.replace(/;.+/,"");try{t=n.parseFromString(t,e)}catch(t){}}return t};const href=t=>t.href;const isCrossDomain=function(t){const e=document.createElement("a");e.href=location.href;const n=document.createElement("a");try{n.href=t;return!((!n.protocol||n.protocol===":")&&!n.host||e.protocol+"//"+e.host===n.protocol+"//"+n.host)}catch(t){return true}};let f;let{CustomEvent:b}=window;if(typeof b!=="function"){b=function(t,e){const n=document.createEvent("CustomEvent");n.initCustomEvent(t,e.bubbles,e.cancelable,e.detail);return n};b.prototype=window.Event.prototype;({preventDefault:f}=b.prototype);b.prototype.preventDefault=function(){const t=f.call(this);this.cancelable&&!this.defaultPrevented&&Object.defineProperty(this,"defaultPrevented",{get(){return true}});return t}}const fire=(t,e,n)=>{const o=new b(e,{bubbles:true,cancelable:true,detail:n});t.dispatchEvent(o);return!o.defaultPrevented};const stopEverything=t=>{fire(t.target,"ujs:everythingStopped");t.preventDefault();t.stopPropagation();t.stopImmediatePropagation()};const delegate=(t,e,n,o)=>t.addEventListener(n,(function(t){let{target:n}=t;while(!!(n instanceof Element)&&!matches(n,e))n=n.parentNode;if(n instanceof Element&&o.call(n,t)===false){t.preventDefault();t.stopPropagation()}}));const toArray=t=>Array.prototype.slice.call(t);const serializeElement=(t,e)=>{let n=[t];matches(t,"form")&&(n=toArray(t.elements));const o=[];n.forEach((function(t){t.name&&!t.disabled&&(matches(t,"fieldset[disabled] *")||(matches(t,"select")?toArray(t.options).forEach((function(e){e.selected&&o.push({name:t.name,value:e.value})})):(t.checked||["radio","checkbox","submit"].indexOf(t.type)===-1)&&o.push({name:t.name,value:t.value})))}));e&&o.push(e);return o.map((function(t){return t.name?`${encodeURIComponent(t.name)}=${encodeURIComponent(t.value)}`:t})).join("&")};const formElements=(t,e)=>matches(t,"form")?toArray(t.elements).filter((t=>matches(t,e))):toArray(t.querySelectorAll(e));const handleConfirmWithRails=t=>function(e){allowAction(this,t)||stopEverything(e)};const confirm=(t,e)=>window.confirm(t);var allowAction=function(t,e){let n;const o=t.getAttribute("data-confirm");if(!o)return true;let a=false;if(fire(t,"confirm")){try{a=e.confirm(o,t)}catch(t){}n=fire(t,"confirm:complete",[a])}return a&&n};const handleDisabledElement=function(t){const e=this;e.disabled&&stopEverything(t)};const enableElement=t=>{let e;if(t instanceof Event){if(isXhrRedirect(t))return;e=t.target}else e=t;if(!isContentEditable(e))return matches(e,i)?enableLinkElement(e):matches(e,u)||matches(e,c)?enableFormElement(e):matches(e,o)?enableFormElements(e):void 0};const disableElement=t=>{const e=t instanceof Event?t.target:t;if(!isContentEditable(e))return matches(e,i)?disableLinkElement(e):matches(e,u)||matches(e,r)?disableFormElement(e):matches(e,o)?disableFormElements(e):void 0};var disableLinkElement=function(t){if(getData(t,"ujs:disabled"))return;const e=t.getAttribute("data-disable-with");if(e!=null){setData(t,"ujs:enable-with",t.innerHTML);t.innerHTML=e}t.addEventListener("click",stopEverything);return setData(t,"ujs:disabled",true)};var enableLinkElement=function(t){const e=getData(t,"ujs:enable-with");if(e!=null){t.innerHTML=e;setData(t,"ujs:enable-with",null)}t.removeEventListener("click",stopEverything);return setData(t,"ujs:disabled",null)};var disableFormElements=t=>formElements(t,r).forEach(disableFormElement);var disableFormElement=function(t){if(getData(t,"ujs:disabled"))return;const e=t.getAttribute("data-disable-with");if(e!=null)if(matches(t,"button")){setData(t,"ujs:enable-with",t.innerHTML);t.innerHTML=e}else{setData(t,"ujs:enable-with",t.value);t.value=e}t.disabled=true;return setData(t,"ujs:disabled",true)};var enableFormElements=t=>formElements(t,c).forEach((t=>enableFormElement(t)));var enableFormElement=function(t){const e=getData(t,"ujs:enable-with");if(e!=null){matches(t,"button")?t.innerHTML=e:t.value=e;setData(t,"ujs:enable-with",null)}t.disabled=false;return setData(t,"ujs:disabled",null)};var isXhrRedirect=function(t){const e=t.detail?t.detail[0]:void 0;return e&&e.getResponseHeader("X-Xhr-Redirect")};const handleMethodWithRails=t=>function(e){const n=this;const o=n.getAttribute("data-method");if(!o)return;if(isContentEditable(this))return;const a=t.href(n);const r=csrfToken();const c=csrfParam();const s=document.createElement("form");let i=`<input name='_method' value='${o}' type='hidden' />`;c&&r&&!isCrossDomain(a)&&(i+=`<input name='${c}' value='${r}' type='hidden' />`);i+='<input type="submit" />';s.method="post";s.action=a;s.target=n.target;s.innerHTML=i;s.style.display="none";document.body.appendChild(s);s.querySelector('[type="submit"]').click();stopEverything(e)};const isRemote=function(t){const e=t.getAttribute("data-remote");return e!=null&&e!=="false"};const handleRemoteWithRails=t=>function(a){let r,c,s;const i=this;if(!isRemote(i))return true;if(!fire(i,"ajax:before")){fire(i,"ajax:stopped");return false}if(isContentEditable(i)){fire(i,"ajax:stopped");return false}const u=i.getAttribute("data-with-credentials");const l=i.getAttribute("data-type")||"script";if(matches(i,o)){const t=getData(i,"ujs:submit-button");c=getData(i,"ujs:submit-button-formmethod")||i.getAttribute("method")||"get";s=getData(i,"ujs:submit-button-formaction")||i.getAttribute("action")||location.href;c.toUpperCase()==="GET"&&(s=s.replace(/\?.*$/,""));if(i.enctype==="multipart/form-data"){r=new FormData(i);t!=null&&r.append(t.name,t.value)}else r=serializeElement(i,t);setData(i,"ujs:submit-button",null);setData(i,"ujs:submit-button-formmethod",null);setData(i,"ujs:submit-button-formaction",null)}else if(matches(i,e)||matches(i,n)){c=i.getAttribute("data-method");s=i.getAttribute("data-url");r=serializeElement(i,i.getAttribute("data-params"))}else{c=i.getAttribute("data-method");s=t.href(i);r=i.getAttribute("data-params")}ajax({type:c||"GET",url:s,data:r,dataType:l,beforeSend(t,e){if(fire(i,"ajax:beforeSend",[t,e]))return fire(i,"ajax:send",[t]);fire(i,"ajax:stopped");return false},success(...t){return fire(i,"ajax:success",t)},error(...t){return fire(i,"ajax:error",t)},complete(...t){return fire(i,"ajax:complete",t)},crossDomain:isCrossDomain(s),withCredentials:u!=null&&u!=="false"});stopEverything(a)};const formSubmitButtonClick=function(t){const e=this;const{form:n}=e;if(n){e.name&&setData(n,"ujs:submit-button",{name:e.name,value:e.value});setData(n,"ujs:formnovalidate-button",e.formNoValidate);setData(n,"ujs:submit-button-formaction",e.getAttribute("formaction"));return setData(n,"ujs:submit-button-formmethod",e.getAttribute("formmethod"))}};const preventInsignificantClick=function(t){const e=this;const n=(e.getAttribute("data-method")||"GET").toUpperCase();const o=e.getAttribute("data-params");const a=t.metaKey||t.ctrlKey;const r=a&&n==="GET"&&!o;const c=t.button!=null&&t.button!==0;(c||r)&&t.stopImmediatePropagation()};const h={$:$,ajax:ajax,buttonClickSelector:e,buttonDisableSelector:u,confirm:confirm,cspNonce:cspNonce,csrfToken:csrfToken,csrfParam:csrfParam,CSRFProtection:CSRFProtection,delegate:delegate,disableElement:disableElement,enableElement:enableElement,fileInputSelector:s,fire:fire,formElements:formElements,formEnableSelector:c,formDisableSelector:r,formInputClickSelector:a,formSubmitButtonClick:formSubmitButtonClick,formSubmitSelector:o,getData:getData,handleDisabledElement:handleDisabledElement,href:href,inputChangeSelector:n,isCrossDomain:isCrossDomain,linkClickSelector:t,linkDisableSelector:i,loadCSPNonce:loadCSPNonce,matches:matches,preventInsignificantClick:preventInsignificantClick,refreshCSRFTokens:refreshCSRFTokens,serializeElement:serializeElement,setData:setData,stopEverything:stopEverything};const y=handleConfirmWithRails(h);h.handleConfirm=y;const j=handleMethodWithRails(h);h.handleMethod=j;const v=handleRemoteWithRails(h);h.handleRemote=v;const start=function(){if(window._rails_loaded)throw new Error("rails-ujs has already been loaded!");window.addEventListener("pageshow",(function(){$(c).forEach((function(t){getData(t,"ujs:disabled")&&enableElement(t)}));$(i).forEach((function(t){getData(t,"ujs:disabled")&&enableElement(t)}))}));delegate(document,i,"ajax:complete",enableElement);delegate(document,i,"ajax:stopped",enableElement);delegate(document,u,"ajax:complete",enableElement);delegate(document,u,"ajax:stopped",enableElement);delegate(document,t,"click",preventInsignificantClick);delegate(document,t,"click",handleDisabledElement);delegate(document,t,"click",y);delegate(document,t,"click",disableElement);delegate(document,t,"click",v);delegate(document,t,"click",j);delegate(document,e,"click",preventInsignificantClick);delegate(document,e,"click",handleDisabledElement);delegate(document,e,"click",y);delegate(document,e,"click",disableElement);delegate(document,e,"click",v);delegate(document,n,"change",handleDisabledElement);delegate(document,n,"change",y);delegate(document,n,"change",v);delegate(document,o,"submit",handleDisabledElement);delegate(document,o,"submit",y);delegate(document,o,"submit",v);delegate(document,o,"submit",(t=>setTimeout((()=>disableElement(t)),13)));delegate(document,o,"ajax:send",disableElement);delegate(document,o,"ajax:complete",enableElement);delegate(document,a,"click",preventInsignificantClick);delegate(document,a,"click",handleDisabledElement);delegate(document,a,"click",y);delegate(document,a,"click",formSubmitButtonClick);document.addEventListener("DOMContentLoaded",refreshCSRFTokens);document.addEventListener("DOMContentLoaded",loadCSPNonce);return window._rails_loaded=true};h.start=start;if(typeof jQuery!=="undefined"&&jQuery&&jQuery.ajax){if(jQuery.rails)throw new Error("If you load both jquery_ujs and rails-ujs, use rails-ujs only.");jQuery.rails=h;jQuery.ajaxPrefilter((function(t,e,n){if(!t.crossDomain)return CSRFProtection(n)}))}export{h as default};
 
diff --git a/vendor/javascript/@stimulus-components--clipboard.js b/vendor/javascript/@stimulus-components--clipboard.js
index ffcd8134e42..c623162f92b 100644
--- a/vendor/javascript/@stimulus-components--clipboard.js
+++ b/vendor/javascript/@stimulus-components--clipboard.js
@@ -1,2 +1,4 @@
+// @stimulus-components/clipboard@5.0.0 downloaded from https://ga.jspm.io/npm:@stimulus-components/clipboard@5.0.0/dist/stimulus-clipboard.mjs
+
 import{Controller as t}from"@hotwired/stimulus";const e=class _Clipboard extends t{connect(){this.hasButtonTarget&&(this.originalContent=this.buttonTarget.innerHTML)}copy(t){t.preventDefault();const e=this.sourceTarget.innerHTML||this.sourceTarget.value;navigator.clipboard.writeText(e).then((()=>this.copied()))}copied(){this.hasButtonTarget&&(this.timeout&&clearTimeout(this.timeout),this.buttonTarget.innerHTML=this.successContentValue,this.timeout=setTimeout((()=>{this.buttonTarget.innerHTML=this.originalContent}),this.successDurationValue))}};e.targets=["button","source"],e.values={successContent:String,successDuration:{type:Number,default:2e3}};let s=e;export{s as default};
 
diff --git a/vendor/javascript/jquery.js b/vendor/javascript/jquery.js
index 7adbef72fcd..7c97c5004a2 100644
--- a/vendor/javascript/jquery.js
+++ b/vendor/javascript/jquery.js
@@ -1,3 +1,5 @@
+// jquery@3.7.1 downloaded from https://ga.jspm.io/npm:jquery@3.7.1/dist/jquery.js
+
 var e="undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:global;var t={};(function(e,n){t=e.document?n(e,true):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return n(e)}})("undefined"!==typeof window?window:t,(function(t,n){var r=[];var i=Object.getPrototypeOf;var o=r.slice;var a=r.flat?function(e){return r.flat.call(e)}:function(e){return r.concat.apply([],e)};var s=r.push;var u=r.indexOf;var l={};var c=l.toString;var f=l.hasOwnProperty;var d=f.toString;var p=d.call(Object);var h={};var g=function isFunction(e){return"function"===typeof e&&"number"!==typeof e.nodeType&&"function"!==typeof e.item};var m=function isWindow(e){return null!=e&&e===e.window};var v=t.document;var y={type:true,src:true,nonce:true,noModule:true};function DOMEval(e,t,n){n=n||v;var r,i,o=n.createElement("script");o.text=e;if(t)for(r in y){i=t[r]||t.getAttribute&&t.getAttribute(r);i&&o.setAttribute(r,i)}n.head.appendChild(o).parentNode.removeChild(o)}function toType(e){return null==e?e+"":"object"===typeof e||"function"===typeof e?l[c.call(e)]||"object":typeof e}var x="3.7.1",b=/HTML$/i,jQuery=function(e,t){return new jQuery.fn.init(e,t)};jQuery.fn=jQuery.prototype={jquery:x,constructor:jQuery,length:0,toArray:function(){return o.call(this||e)},get:function(t){return null==t?o.call(this||e):t<0?(this||e)[t+(this||e).length]:(this||e)[t]},pushStack:function(t){var n=jQuery.merge(this.constructor(),t);n.prevObject=this||e;return n},each:function(t){return jQuery.each(this||e,t)},map:function(t){return this.pushStack(jQuery.map(this||e,(function(e,n){return t.call(e,n,e)})))},slice:function(){return this.pushStack(o.apply(this||e,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(jQuery.grep(this||e,(function(e,t){return(t+1)%2})))},odd:function(){return this.pushStack(jQuery.grep(this||e,(function(e,t){return t%2})))},eq:function(t){var n=(this||e).length,r=+t+(t<0?n:0);return this.pushStack(r>=0&&r<n?[(this||e)[r]]:[])},end:function(){return(this||e).prevObject||this.constructor()},push:s,sort:r.sort,splice:r.splice};jQuery.extend=jQuery.fn.extend=function(){var t,n,r,i,o,a,s=arguments[0]||{},u=1,l=arguments.length,c=false;if("boolean"===typeof s){c=s;s=arguments[u]||{};u++}"object"===typeof s||g(s)||(s={});if(u===l){s=this||e;u--}for(;u<l;u++)if(null!=(t=arguments[u]))for(n in t){i=t[n];if("__proto__"!==n&&s!==i)if(c&&i&&(jQuery.isPlainObject(i)||(o=Array.isArray(i)))){r=s[n];a=o&&!Array.isArray(r)?[]:o||jQuery.isPlainObject(r)?r:{};o=false;s[n]=jQuery.extend(c,a,i)}else void 0!==i&&(s[n]=i)}return s};jQuery.extend({expando:"jQuery"+(x+Math.random()).replace(/\D/g,""),isReady:true,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;if(!e||"[object Object]"!==c.call(e))return false;t=i(e);if(!t)return true;n=f.call(t,"constructor")&&t.constructor;return"function"===typeof n&&d.call(n)===p},isEmptyObject:function(e){var t;for(t in e)return false;return true},globalEval:function(e,t,n){DOMEval(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(isArrayLike(e)){n=e.length;for(;r<n;r++)if(false===t.call(e[r],r,e[r]))break}else for(r in e)if(false===t.call(e[r],r,e[r]))break;return e},text:function(e){var t,n="",r=0,i=e.nodeType;if(!i)while(t=e[r++])n+=jQuery.text(t);return 1===i||11===i?e.textContent:9===i?e.documentElement.textContent:3===i||4===i?e.nodeValue:n},makeArray:function(e,t){var n=t||[];null!=e&&(isArrayLike(Object(e))?jQuery.merge(n,"string"===typeof e?[e]:e):s.call(n,e));return n},inArray:function(e,t,n){return null==t?-1:u.call(t,e,n)},isXMLDoc:function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument||e).documentElement;return!b.test(t||n&&n.nodeName||"HTML")},merge:function(e,t){var n=+t.length,r=0,i=e.length;for(;r<n;r++)e[i++]=t[r];e.length=i;return e},grep:function(e,t,n){var r,i=[],o=0,a=e.length,s=!n;for(;o<a;o++){r=!t(e[o],o);r!==s&&i.push(e[o])}return i},map:function(e,t,n){var r,i,o=0,s=[];if(isArrayLike(e)){r=e.length;for(;o<r;o++){i=t(e[o],o,n);null!=i&&s.push(i)}}else for(o in e){i=t(e[o],o,n);null!=i&&s.push(i)}return a(s)},guid:1,support:h});"function"===typeof Symbol&&(jQuery.fn[Symbol.iterator]=r[Symbol.iterator]);jQuery.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),(function(e,t){l["[object "+t+"]"]=t.toLowerCase()}));function isArrayLike(e){var t=!!e&&"length"in e&&e.length,n=toType(e);return!g(e)&&!m(e)&&("array"===n||0===t||"number"===typeof t&&t>0&&t-1 in e)}function nodeName(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}var w=r.pop;var T=r.sort;var C=r.splice;var S="[\\x20\\t\\r\\n\\f]";var k=new RegExp("^"+S+"+|((?:^|[^\\\\])(?:\\\\.)*)"+S+"+$","g");jQuery.contains=function(e,t){var n=t&&t.parentNode;return e===n||!!(n&&1===n.nodeType&&(e.contains?e.contains(n):e.compareDocumentPosition&&16&e.compareDocumentPosition(n)))};var A=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\x80-\uFFFF\w-]/g;function fcssescape(e,t){return t?"\0"===e?"�":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e}jQuery.escapeSelector=function(e){return(e+"").replace(A,fcssescape)};var E=v,D=s;(function(){var n,i,a,s,l,c,d,p,g,m,v=D,y=jQuery.expando,x=0,b=0,A=createCache(),N=createCache(),j=createCache(),P=createCache(),sortOrder=function(e,t){e===t&&(l=true);return 0},H="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",M="(?:\\\\[\\da-fA-F]{1,6}"+S+"?|\\\\[^\\r\\n\\f]|[\\w-]|[^\0-\\x7f])+",L="\\["+S+"*("+M+")(?:"+S+"*([*^$|!~]?=)"+S+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+M+"))|)"+S+"*\\]",q=":("+M+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+L+")*)|.*)\\)|)",O=new RegExp(S+"+","g"),F=new RegExp("^"+S+"*,"+S+"*"),R=new RegExp("^"+S+"*([>+~]|"+S+")"+S+"*"),I=new RegExp(S+"|>"),W=new RegExp(q),$=new RegExp("^"+M+"$"),B={ID:new RegExp("^#("+M+")"),CLASS:new RegExp("^\\.("+M+")"),TAG:new RegExp("^("+M+"|[*])"),ATTR:new RegExp("^"+L),PSEUDO:new RegExp("^"+q),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+S+"*(even|odd|(([+-]|)(\\d*)n|)"+S+"*(?:([+-]|)"+S+"*(\\d+)|))"+S+"*\\)|)","i"),bool:new RegExp("^(?:"+H+")$","i"),needsContext:new RegExp("^"+S+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+S+"*((?:-\\d)?\\d*)"+S+"*\\)|)(?=[^-]|$)","i")},_=/^(?:input|select|textarea|button)$/i,z=/^h\d$/i,X=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,U=/[+~]/,G=new RegExp("\\\\[\\da-fA-F]{1,6}"+S+"?|\\\\([^\\r\\n\\f])","g"),funescape=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10|55296,1023&n|56320))},unloadHandler=function(){setDocument()},V=addCombinator((function(e){return true===e.disabled&&nodeName(e,"fieldset")}),{dir:"parentNode",next:"legend"});function safeActiveElement(){try{return c.activeElement}catch(e){}}try{v.apply(r=o.call(E.childNodes),E.childNodes);r[E.childNodes.length].nodeType}catch(e){v={apply:function(e,t){D.apply(e,o.call(t))},call:function(e){D.apply(e,o.call(arguments,1))}}}function find(e,t,n,r){var i,o,a,s,u,l,f,d=t&&t.ownerDocument,m=t?t.nodeType:9;n=n||[];if("string"!==typeof e||!e||1!==m&&9!==m&&11!==m)return n;if(!r){setDocument(t);t=t||c;if(p){if(11!==m&&(u=X.exec(e)))if(i=u[1]){if(9===m){if(!(a=t.getElementById(i)))return n;if(a.id===i){v.call(n,a);return n}}else if(d&&(a=d.getElementById(i))&&find.contains(t,a)&&a.id===i){v.call(n,a);return n}}else{if(u[2]){v.apply(n,t.getElementsByTagName(e));return n}if((i=u[3])&&t.getElementsByClassName){v.apply(n,t.getElementsByClassName(i));return n}}if(!P[e+" "]&&(!g||!g.test(e))){f=e;d=t;if(1===m&&(I.test(e)||R.test(e))){d=U.test(e)&&testContext(t.parentNode)||t;d==t&&h.scope||((s=t.getAttribute("id"))?s=jQuery.escapeSelector(s):t.setAttribute("id",s=y));l=tokenize(e);o=l.length;while(o--)l[o]=(s?"#"+s:":scope")+" "+toSelector(l[o]);f=l.join(",")}try{v.apply(n,d.querySelectorAll(f));return n}catch(t){P(e,true)}finally{s===y&&t.removeAttribute("id")}}}}return select(e.replace(k,"$1"),t,n,r)}
 /**
      * Create key-value caches of limited size
diff --git a/vendor/javascript/local-time.js b/vendor/javascript/local-time.js
index 3776cc68e62..64d6e799587 100644
--- a/vendor/javascript/local-time.js
+++ b/vendor/javascript/local-time.js
@@ -1,2 +1,4 @@
+// local-time@3.0.2 downloaded from https://ga.jspm.io/npm:local-time@3.0.2/app/assets/javascripts/local-time.es2017-esm.js
+
 var t;t={config:{},run:function(){return this.getController().processElements()},process:function(...t){var e,r,a;for(r=0,a=t.length;r<a;r++)e=t[r],this.getController().processElement(e);return t.length},getController:function(){return null!=this.controller?this.controller:this.controller=new t.Controller}};var e,r,a,n,s,i,o,u,l,c,d,m,h,f,g,p,S,v,y,T,b,M,D,w,E,I,C,N,A,O,$,F,Y,k,W,L=t;L.config.useFormat24=!1,L.config.i18n={en:{date:{dayNames:["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],abbrDayNames:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],monthNames:["January","February","March","April","May","June","July","August","September","October","November","December"],abbrMonthNames:["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],yesterday:"yesterday",today:"today",tomorrow:"tomorrow",on:"on {date}",formats:{default:"%b %e, %Y",thisYear:"%b %e"}},time:{am:"am",pm:"pm",singular:"a {time}",singularAn:"an {time}",elapsed:"{time} ago",second:"second",seconds:"seconds",minute:"minute",minutes:"minutes",hour:"hour",hours:"hours",formats:{default:"%l:%M%P",default_24h:"%H:%M"}},datetime:{at:"{date} at {time}",formats:{default:"%B %e, %Y at %l:%M%P %Z",default_24h:"%B %e, %Y at %H:%M %Z"}}}},L.config.locale="en",L.config.defaultLocale="en",L.config.timerInterval=6e4,a=!isNaN(Date.parse("2011-01-01T12:00:00-05:00")),L.parseDate=function(t){return t=t.toString(),a||(t=r(t)),new Date(Date.parse(t))},e=/^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})(Z|[-+]?[\d:]+)$/,r=function(t){var r,a,n,s,i,o,u,l,c,d;if(s=t.match(e))return[r,c,o,a,n,i,l,d]=s,"Z"!==d&&(u=d.replace(":","")),`${c}/${o}/${a} ${n}:${i}:${l} GMT${[u]}`},L.elementMatchesSelector=(n=document.documentElement,s=null!=(i=null!=(o=null!=(u=null!=(l=n.matches)?l:n.matchesSelector)?u:n.webkitMatchesSelector)?o:n.mozMatchesSelector)?i:n.msMatchesSelector,function(t,e){if((null!=t?t.nodeType:void 0)===Node.ELEMENT_NODE)return s.call(t,e)}),({config:c}=L),({i18n:m}=c),L.getI18nValue=function(t="",{locale:e}={locale:c.locale}){var r;return null!=(r=d(m[e],t))?r:e!==c.defaultLocale?L.getI18nValue(t,{locale:c.defaultLocale}):void 0},L.translate=function(t,e={},r){var a,n,s;for(a in s=L.getI18nValue(t,r),e)n=e[a],s=s.replace(`{${a}}`,n);return s},d=function(t,e){var r,a,n,s,i;for(i=t,r=0,n=(s=e.split(".")).length;r<n;r++){if(null==i[a=s[r]])return null;i=i[a]}return i},({getI18nValue:f,translate:M}=L),b="function"==typeof("undefined"!=typeof Intl&&null!==Intl?Intl.DateTimeFormat:void 0),g={"Central European Standard Time":"CET","Central European Summer Time":"CEST","China Standard Time":"CST","Israel Daylight Time":"IDT","Israel Standard Time":"IST","Moscow Standard Time":"MSK","Philippine Standard Time":"PHT","Singapore Standard Time":"SGT","Western Indonesia Time":"WIB"},L.knownEdgeCaseTimeZones=g,L.strftime=T=function(t,e){var r,a,n,s,i,o,u;return a=t.getDay(),r=t.getDate(),i=t.getMonth(),u=t.getFullYear(),n=t.getHours(),s=t.getMinutes(),o=t.getSeconds(),e.replace(/%(-?)([%aAbBcdeHIlmMpPSwyYZ])/g,(function(e,l,c){switch(c){case"%":return"%";case"a":return f("date.abbrDayNames")[a];case"A":return f("date.dayNames")[a];case"b":return f("date.abbrMonthNames")[i];case"B":return f("date.monthNames")[i];case"c":return t.toString();case"d":return p(r,l);case"e":return r;case"H":return p(n,l);case"I":return p(T(t,"%l"),l);case"l":return 0===n||12===n?12:(n+12)%12;case"m":return p(i+1,l);case"M":return p(s,l);case"p":return M("time."+(n>11?"pm":"am")).toUpperCase();case"P":return M("time."+(n>11?"pm":"am"));case"S":return p(o,l);case"w":return a;case"y":return p(u%100,l);case"Y":return u;case"Z":return S(t)}}))},p=function(t,e){return"-"===e?t:`0${t}`.slice(-2)},S=function(t){var e,r,a;return(r=h(t))?g[r]:(a=y(t,{allowGMT:!1}))||(a=v(t))?a:(e=y(t,{allowGMT:!0}))?e:""},h=function(t){return Object.keys(g).find((function(e){return b?new Date(t).toLocaleString("en-US",{timeZoneName:"long"}).includes(e):t.toString().includes(e)}))},y=function(t,{allowGMT:e}){var r;if(b&&(r=new Date(t).toLocaleString("en-US",{timeZoneName:"short"}).split(" ").pop(),e||!r.includes("GMT")))return r},v=function(t){var e,r,a,n,s;return(e=null!=(r=(s=t.toString()).match(/\(([\w\s]+)\)$/))?r[1]:void 0)?/\s/.test(e)?e.match(/\b(\w)/g).join(""):e:(e=null!=(a=s.match(/(\w{3,4})\s\d{4}$/))?a[1]:void 0)||(e=null!=(n=s.match(/(UTC[\+\-]\d+)/))?n[1]:void 0)?e:void 0},L.CalendarDate=class{static fromDate(t){return new this(t.getFullYear(),t.getMonth()+1,t.getDate())}static today(){return this.fromDate(new Date)}constructor(t,e,r){this.date=new Date(Date.UTC(t,e-1)),this.date.setUTCDate(r),this.year=this.date.getUTCFullYear(),this.month=this.date.getUTCMonth()+1,this.day=this.date.getUTCDate(),this.value=this.date.getTime()}equals(t){return(null!=t?t.value:void 0)===this.value}is(t){return this.equals(t)}isToday(){return this.is(this.constructor.today())}occursOnSameYearAs(t){return this.year===(null!=t?t.year:void 0)}occursThisYear(){return this.occursOnSameYearAs(this.constructor.today())}daysSince(t){if(t)return(this.date-t.date)/864e5}daysPassed(){return this.constructor.today().daysSince(this)}},({strftime:E,translate:I,getI18nValue:w,config:D}=L),L.RelativeTime=class{constructor(t){this.date=t,this.calendarDate=L.CalendarDate.fromDate(this.date)}toString(){var t,e;return(e=this.toTimeElapsedString())?I("time.elapsed",{time:e}):(t=this.toWeekdayString())?(e=this.toTimeString(),I("datetime.at",{date:t,time:e})):I("date.on",{date:this.toDateString()})}toTimeOrDateString(){return this.calendarDate.isToday()?this.toTimeString():this.toDateString()}toTimeElapsedString(){var t,e,r,a,n;return r=(new Date).getTime()-this.date.getTime(),a=Math.round(r/1e3),e=Math.round(a/60),t=Math.round(e/60),r<0?null:a<10?(n=I("time.second"),I("time.singular",{time:n})):a<45?`${a} ${I("time.seconds")}`:a<90?(n=I("time.minute"),I("time.singular",{time:n})):e<45?`${e} ${I("time.minutes")}`:e<90?(n=I("time.hour"),I("time.singularAn",{time:n})):t<24?`${t} ${I("time.hours")}`:""}toWeekdayString(){switch(this.calendarDate.daysPassed()){case 0:return I("date.today");case 1:return I("date.yesterday");case-1:return I("date.tomorrow");case 2:case 3:case 4:case 5:case 6:return E(this.date,"%A");default:return""}}toDateString(){var t;return t=this.calendarDate.occursThisYear()?w("date.formats.thisYear"):w("date.formats.default"),E(this.date,t)}toTimeString(){var t;return t=D.useFormat24?"default_24h":"default",E(this.date,w(`time.formats.${t}`))}},({elementMatchesSelector:C}=L),L.PageObserver=class{constructor(t,e){this.processMutations=this.processMutations.bind(this),this.processInsertion=this.processInsertion.bind(this),this.selector=t,this.callback=e}start(){if(!this.started)return this.observeWithMutationObserver()||this.observeWithMutationEvent(),this.started=!0}observeWithMutationObserver(){if("undefined"!=typeof MutationObserver&&null!==MutationObserver)return new MutationObserver(this.processMutations).observe(document.documentElement,{childList:!0,subtree:!0}),!0}observeWithMutationEvent(){return addEventListener("DOMNodeInserted",this.processInsertion,!1),!0}findSignificantElements(t){var e;return e=[],(null!=t?t.nodeType:void 0)===Node.ELEMENT_NODE&&(C(t,this.selector)&&e.push(t),e.push(...t.querySelectorAll(this.selector))),e}processMutations(t){var e,r,a,n,s,i,o,u;for(e=[],r=0,n=t.length;r<n;r++)if("childList"===(i=t[r]).type)for(a=0,s=(u=i.addedNodes).length;a<s;a++)o=u[a],e.push(...this.findSignificantElements(o));return this.notify(e)}processInsertion(t){var e;return e=this.findSignificantElements(t.target),this.notify(e)}notify(t){if(null!=t?t.length:void 0)return"function"==typeof this.callback?this.callback(t):void 0}},({parseDate:O,strftime:$,getI18nValue:A,config:N}=L),L.Controller=function(){var t,e,r,a;return t="time[data-local]:not([data-localized])",e=function(t){return t.setAttribute("data-localized","")},r=function(t){return t.setAttribute("data-processed-at",(new Date).toISOString())},a=function(t){return new L.RelativeTime(t)},class{constructor(){this.processElements=this.processElements.bind(this),this.pageObserver=new L.PageObserver(t,this.processElements)}start(){if(!this.started)return this.processElements(),this.startTimer(),this.pageObserver.start(),this.started=!0}startTimer(){var t;if(t=N.timerInterval)return null!=this.timer?this.timer:this.timer=setInterval(this.processElements,t)}processElements(e=document.querySelectorAll(t)){var r,a,n;for(a=0,n=e.length;a<n;a++)r=e[a],this.processElement(r);return e.length}processElement(t){var n,s,i,o,u,l;if(n=t.getAttribute("datetime"),i=t.getAttribute("data-local"),s=N.useFormat24&&t.getAttribute("data-format24")||t.getAttribute("data-format"),o=O(n),!isNaN(o))return t.hasAttribute("title")||(l=N.useFormat24?"default_24h":"default",u=$(o,A(`datetime.formats.${l}`)),t.setAttribute("title",u)),r(t),t.textContent=function(){switch(i){case"time":return e(t),$(o,s);case"date":return e(t),a(o).toDateString();case"time-ago":return a(o).toString();case"time-or-date":return a(o).toTimeOrDateString();case"weekday":return a(o).toWeekdayString();case"weekday-or-date":return a(o).toWeekdayString()||a(o).toDateString()}}()}}}.call(window),W=!1,F=function(){return document.attachEvent?"complete"===document.readyState:"loading"!==document.readyState},Y=function(t){var e;return null!=(e="function"==typeof requestAnimationFrame?requestAnimationFrame(t):void 0)?e:setTimeout(t,17)},k=function(){return L.getController().start()},L.start=function(){return W?L.run():(W=!0,"undefined"!=typeof MutationObserver&&null!==MutationObserver||F()?k():Y(k))},L.processing=function(){return L.getController().started},window.LocalTime===L&&L.start();export{L as default};
 
diff --git a/vendor/javascript/stimulus-rails-nested-form.js b/vendor/javascript/stimulus-rails-nested-form.js
index 69d15ade87c..207fd164b60 100644
--- a/vendor/javascript/stimulus-rails-nested-form.js
+++ b/vendor/javascript/stimulus-rails-nested-form.js
@@ -1,2 +1,4 @@
+// stimulus-rails-nested-form@4.1.0 downloaded from https://ga.jspm.io/npm:stimulus-rails-nested-form@4.1.0/dist/stimulus-rails-nested-form.mjs
+
 import{Controller as e}from"@hotwired/stimulus";class r extends e{add(e){e.preventDefault();const t=this.templateTarget.innerHTML.replace(/NEW_RECORD/g,(new Date).getTime().toString());this.targetTarget.insertAdjacentHTML("beforebegin",t)}remove(e){e.preventDefault();const t=e.target.closest(this.wrapperSelectorValue);if("true"===t.dataset.newRecord)t.remove();else{t.style.display="none";const e=t.querySelector("input[name*='_destroy']");e.value="1"}}}r.targets=["target","template"];r.values={wrapperSelector:{type:String,default:".nested-form-wrapper"}};export{r as default};
 

From da3c75c43b71c7c1f98f2d215081cb7938abf73f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 22 Oct 2024 12:47:42 -0700
Subject: [PATCH 306/381] Bump statsd-instrument from 3.9.2 to 3.9.3 (#5156)

Bumps [statsd-instrument](https://github.com/Shopify/statsd-instrument) from 3.9.2 to 3.9.3.
- [Changelog](https://github.com/Shopify/statsd-instrument/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Shopify/statsd-instrument/compare/v3.9.2...v3.9.3)

---
updated-dependencies:
- dependency-name: statsd-instrument
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index bad2873687d..43e576608cd 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -794,7 +794,7 @@ GEM
       actionpack (>= 6.1)
       activesupport (>= 6.1)
       sprockets (>= 3.0.0)
-    statsd-instrument (3.9.2)
+    statsd-instrument (3.9.3)
     stimulus-rails (1.3.4)
       railties (>= 6.0.0)
     stringio (3.1.1)
@@ -1308,7 +1308,7 @@ CHECKSUMS
   snaky_hash (2.0.1) sha256=1ac87ec157fcfe7a460e821e0cd48ae1e6f5e3e082ab520f03f31a9259dbdc31
   sprockets (4.2.1) sha256=951b13dd2f2fcae840a7184722689a803e0ff9d2702d902bd844b196da773f97
   sprockets-rails (3.5.2) sha256=a9e88e6ce9f8c912d349aa5401509165ec42326baf9e942a85de4b76dbc4119e
-  statsd-instrument (3.9.2) sha256=56c70080fb73fed02d9ce26bbf573850b16739ae4252ca508e855dfcfb08db86
+  statsd-instrument (3.9.3) sha256=b23508e3565b61129fe4464a52b155e5761b2612ec052d50cde16af8ea0e2e30
   stimulus-rails (1.3.4) sha256=765676ffa1f33af64ce026d26b48e8ffb2e0b94e0f50e9119e11d6107d67cb06
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
   strong_migrations (2.0.1) sha256=86ed89bb62ff1861240ab4628a2500ef50cd8bbf03d4c8f7368fda2dd94636b9

From 02cc556ec2cd38a60ff1e72b5d3285fb6f97e898 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 22 Oct 2024 19:48:04 +0000
Subject: [PATCH 307/381] Bump actions/cache from 4.1.1 to 4.1.2 (#5155)

Bumps [actions/cache](https://github.com/actions/cache) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/3624ceb22c1c5a301c8db4169662070a689d9ea8...6849a6489940f00c2f30c0fb92c6274307ccb58a)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index c47c11d3c8b..31fb0c214ce 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -22,7 +22,7 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # master
       - name: Cache Docker layers
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-rubygems-${{ hashFiles('**/Gemfile.lock') }}

From 2472b80d0cab555280be8572eb1b97d7e5582df5 Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Thu, 24 Oct 2024 12:40:34 -0700
Subject: [PATCH 308/381] Apply new design to dashboard (#5152)

* Adds component for flash/alerts.
* Adds index to subscriptions controller for showing all subscriptions.
---
 .../stylesheets/application.tailwind.css      |  11 --
 app/controllers/dashboards_controller.rb      |  40 +++-
 app/controllers/subscriptions_controller.rb   |  20 +-
 app/helpers/icon_helper.rb                    |  14 ++
 app/helpers/prose_helper.rb                   |   7 +-
 app/helpers/versions_helper.rb                |  40 +++-
 .../controllers/dialog_controller.js          |   6 +-
 app/javascript/controllers/dump_controller.js |   2 +-
 app/views/components/alert_component.rb       |  62 ++++++
 app/views/components/button_component.rb      |   2 +-
 .../components/card/timeline_component.rb     |  30 +++
 app/views/components/card_component.rb        |  78 ++++++--
 app/views/dashboards/show.html.erb            | 181 +++++++++++++-----
 app/views/layouts/_breadcrumbs.html.erb       |   2 +-
 app/views/layouts/_session.html.erb           |  21 +-
 app/views/layouts/application.html.erb        |   6 +-
 app/views/layouts/hammy.html.erb              |  66 +++----
 app/views/pages/about.html.erb                |   2 +-
 app/views/pages/data.html.erb                 |  22 +--
 app/views/pages/download.html.erb             |   8 +-
 app/views/profiles/show.html.erb              |   2 +-
 app/views/rubygems/_aside.html.erb            |   2 +-
 app/views/stats/index.html.erb                |   2 +-
 app/views/subscriptions/index.html.erb        |  28 +++
 config/locales/de.yml                         |  33 ++--
 config/locales/en.yml                         |  13 +-
 config/locales/es.yml                         |  31 +--
 config/locales/fr.yml                         |  36 ++--
 config/locales/ja.yml                         |  33 ++--
 config/locales/nl.yml                         |  35 ++--
 config/locales/pt-BR.yml                      |  33 ++--
 config/locales/zh-CN.yml                      |  33 ++--
 config/locales/zh-TW.yml                      |  37 ++--
 config/routes.rb                              |   1 +
 public/images/icons.svg                       |  68 ++++---
 .../subscriptions_controller_test.rb          |  25 +++
 test/functional/versions_controller_test.rb   |   2 +-
 test/integration/profile_test.rb              |   2 +-
 test/integration/rubygems_test.rb             |   2 +-
 test/integration/subscriptions_test.rb        |  36 ++++
 test/views/alert_component_test.rb            |  53 +++++
 41 files changed, 798 insertions(+), 329 deletions(-)
 create mode 100644 app/helpers/icon_helper.rb
 create mode 100644 app/views/components/alert_component.rb
 create mode 100644 app/views/components/card/timeline_component.rb
 create mode 100644 app/views/subscriptions/index.html.erb
 create mode 100644 test/integration/subscriptions_test.rb
 create mode 100644 test/views/alert_component_test.rb

diff --git a/app/assets/stylesheets/application.tailwind.css b/app/assets/stylesheets/application.tailwind.css
index 9a9e22c1a76..2e81a977bc0 100644
--- a/app/assets/stylesheets/application.tailwind.css
+++ b/app/assets/stylesheets/application.tailwind.css
@@ -1,15 +1,4 @@
 @config "../../../config/tailwind.config.js";
 @tailwind base;
-
-@layer base {
-  @font-face {
-    font-family: "Titillium Web";
-    font-style: normal;
-    font-weight: 400;
-    font-display: swap;
-  }
-
-}
-
 @tailwind components;
 @tailwind utilities;
diff --git a/app/controllers/dashboards_controller.rb b/app/controllers/dashboards_controller.rb
index b4da09e50a0..241da3afaa5 100644
--- a/app/controllers/dashboards_controller.rb
+++ b/app/controllers/dashboards_controller.rb
@@ -4,14 +4,17 @@ class DashboardsController < ApplicationController
   before_action :redirect_to_new_mfa, if: :mfa_required_not_yet_enabled?
   before_action :redirect_to_settings_strong_mfa_required, if: :mfa_required_weak_level_enabled?
 
+  layout "hammy"
+
   def show
-    add_breadcrumb t("breadcrumbs.dashboard"), dashboard_path
+    add_breadcrumb t("breadcrumbs.dashboard")
 
     respond_to do |format|
       format.html do
-        @my_gems         = current_user.rubygems.with_versions.by_name.preload(:most_recent_version)
-        @latest_updates  = Version.subscribed_to_by(current_user).published.limit(Gemcutter::DEFAULT_PAGINATION)
-        @subscribed_gems = current_user.subscribed_gems.with_versions
+        @user = current_user
+        find_my_gems
+        find_subscribed_gems
+        find_latest_updates
       end
       format.atom do
         @versions = Version.subscribed_to_by(api_or_logged_in_user).published.limit(Gemcutter::DEFAULT_PAGINATION)
@@ -34,4 +37,33 @@ def authenticate_with_api_key
   def api_or_logged_in_user
     current_user || @api_key.user
   end
+
+  def find_my_gems
+    @my_gems_count = current_user.rubygems.with_versions.count
+    @my_gems = current_user
+      .rubygems
+      .with_versions
+      .by_downloads
+      .preload(:most_recent_version, :gem_download)
+      .load_async
+  end
+
+  def find_subscribed_gems
+    @subscribed_gems_count = current_user.subscribed_gems.with_versions.count
+    @subscribed_gems = current_user
+      .subscribed_gems
+      .with_versions
+      .limit(5)
+      .preload(:most_recent_version)
+      .load_async
+  end
+
+  def find_latest_updates
+    @latest_updates = Version
+      .subscribed_to_by(current_user)
+      .published
+      .limit(Gemcutter::DEFAULT_PAGINATION)
+      .preload(:rubygem, :pusher, pusher_api_key: :owner)
+      .load_async
+  end
 end
diff --git a/app/controllers/subscriptions_controller.rb b/app/controllers/subscriptions_controller.rb
index 67ba4419d61..442964a8f4b 100644
--- a/app/controllers/subscriptions_controller.rb
+++ b/app/controllers/subscriptions_controller.rb
@@ -1,5 +1,23 @@
 class SubscriptionsController < ApplicationController
-  before_action :find_rubygem
+  before_action :redirect_to_signin, only: :index, unless: :signed_in?
+  before_action :redirect_to_new_mfa, only: :index, if: :mfa_required_not_yet_enabled?
+  before_action :redirect_to_settings_strong_mfa_required, only: :index, if: :mfa_required_weak_level_enabled?
+
+  before_action :find_rubygem, only: %i[create destroy]
+
+  layout "hammy"
+
+  def index
+    add_breadcrumb t("breadcrumbs.dashboard"), dashboard_path
+    add_breadcrumb t("breadcrumbs.subscriptions")
+
+    @subscribed_gems = current_user
+      .subscribed_gems
+      .with_versions
+      .by_name
+      .preload(:most_recent_version)
+      .load_async
+  end
 
   def create
     subscription = @rubygem.subscriptions.build(user: current_user)
diff --git a/app/helpers/icon_helper.rb b/app/helpers/icon_helper.rb
new file mode 100644
index 00000000000..e84116cf09a
--- /dev/null
+++ b/app/helpers/icon_helper.rb
@@ -0,0 +1,14 @@
+module IconHelper
+  # size is in tailwind units (6 = 24px)
+  def icon_tag(name, size: 6, **options)
+    options[:class] = "h-#{size} w-#{size} flex-shrink-0 stroke-current stroke-0 fill-current #{options[:class]}"
+    options[:height] = size * 4
+    options[:width] = size * 4
+    options[:aria] ||= { hidden: true }
+    options[:role] ||= "graphics-symbol"
+
+    tag.svg(**options) do
+      concat tag.use(href: "/images/icons.svg##{name}")
+    end
+  end
+end
diff --git a/app/helpers/prose_helper.rb b/app/helpers/prose_helper.rb
index 17db0dd216a..32598181f28 100644
--- a/app/helpers/prose_helper.rb
+++ b/app/helpers/prose_helper.rb
@@ -1,7 +1,8 @@
 module ProseHelper
-  def prose(&)
-    base = "prose prose-neutral dark:prose-invert prose-lg lg:prose-xl max-w-prose mx-auto"
+  def prose(**options, &)
+    base = "prose prose-neutral dark:prose-invert prose-lg md:prose-xl max-w-prose mx-auto"
     styles = "prose-headings:font-semibold"
-    tag.div class: "#{base} #{styles}", &
+    options[:class] = "#{options[:class]} #{base} #{styles}"
+    tag.div(**options, &)
   end
 end
diff --git a/app/helpers/versions_helper.rb b/app/helpers/versions_helper.rb
index 4545f432500..5a3439f834a 100644
--- a/app/helpers/versions_helper.rb
+++ b/app/helpers/versions_helper.rb
@@ -1,8 +1,8 @@
 module VersionsHelper
-  def version_date_tag(version)
+  def version_date_tag(version, prefix: nil)
     data = {}
     klass = ["gem__version__date"]
-    date = version_authored_date(version)
+    date = version_authored_date(version, prefix:)
     if version.rely_on_built_at?
       klass << "tooltip__text"
       data.merge!(tooltip: t("versions.index.imported_gem_version_notice", import_date: nice_date_for(Version::RUBYGEMS_IMPORT_DATE)))
@@ -14,7 +14,39 @@ def version_date_tag(version)
     end
   end
 
-  def version_authored_date(version)
-    "- #{nice_date_for(version.authored_at)}"
+  def version_authored_date(version, prefix: nil)
+    "#{prefix}#{nice_date_for(version.authored_at)}"
+  end
+
+  def version_number(version)
+    tag.code(
+      version.number,
+      class: "px-2 text-c3 bg-green-200 dark:bg-green-800 rounded-sm text-neutral-900 dark:text-white"
+    )
+  end
+
+  def version_date_component(version, **options)
+    options[:class] = "flex text-b3 text-neutral-600 dark:text-neutral-400 #{options[:class]}"
+    options[:data] ||= {}
+
+    if version.rely_on_built_at?
+      options[:data].merge!(tooltip: t("versions.index.imported_gem_version_notice", import_date: nice_date_for(Version::RUBYGEMS_IMPORT_DATE)))
+    end
+
+    tag.div(**options) do
+      concat version_authored_date(version)
+      concat content_tag(:sup, "*") if version.rely_on_built_at?
+    end
+  end
+
+  def download_count_component(rubygem, **options)
+    downloads = number_with_delimiter(rubygem.downloads)
+    options[:class] = "flex text-neutral-600 dark:text-neutral-400 text-nowrap text-b3 space-x-1 items-center #{options[:class]}"
+    options[:title] = "#{t('total_downloads')}: #{downloads}"
+
+    tag.span(**options) do
+      concat tag.svg(tag.use(href: "/images/icons.svg#arrow-circle-down"), height: "20", width: "20", class: "fill-current")
+      concat tag.span(downloads)
+    end
   end
 end
diff --git a/app/javascript/controllers/dialog_controller.js b/app/javascript/controllers/dialog_controller.js
index b5e615109ad..b3f3c6f479d 100644
--- a/app/javascript/controllers/dialog_controller.js
+++ b/app/javascript/controllers/dialog_controller.js
@@ -8,13 +8,15 @@ export default class extends Dialog {
     this.setAriaExpanded('false')
   }
 
-  open() {
+  open(e) {
     super.open()
+    e.preventDefault()
     this.setAriaExpanded('true')
   }
 
-  close() {
+  close(e) {
     super.close()
+    e.preventDefault()
     this.setAriaExpanded('false')
   }
 
diff --git a/app/javascript/controllers/dump_controller.js b/app/javascript/controllers/dump_controller.js
index aecd608354e..7c42fc55582 100644
--- a/app/javascript/controllers/dump_controller.js
+++ b/app/javascript/controllers/dump_controller.js
@@ -46,7 +46,7 @@ export default class extends Controller {
 
   appendItem(text, uri) {
     const clone = this.templateTarget.content.cloneNode(true);
-    const a = clone.querySelector('a')
+    const a = clone.querySelector('a > span')
     a.textContent = text;
     a.href = uri;
     this.element.appendChild(clone)
diff --git a/app/views/components/alert_component.rb b/app/views/components/alert_component.rb
new file mode 100644
index 00000000000..c9edce905db
--- /dev/null
+++ b/app/views/components/alert_component.rb
@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+class AlertComponent < ApplicationComponent
+  attr_reader :style, :closeable
+
+  def initialize(style: :notice, closeable: false)
+    super()
+    @style = style.to_sym
+    @style = :notice if @style == :notice_html
+    @style = :neutral unless STYLES.key?(@style)
+    @closeable = closeable
+  end
+
+  def view_template(&)
+    color, icon_color, icon = STYLES.fetch(style)
+    data = { controller: "reveal", reveal_target: "item" } if closeable
+    p(data:, class: "flex flex-row items-center p-4 mb-10 rounded border text-b2 #{color} justify-between") do
+      span(class: "flex flex-row items-center") do
+        unsafe_raw helpers.icon_tag(icon, size: 8, class: "#{icon_color} mr-3 h-8 w-8")
+        span(class: "align-middle", &)
+      end
+      if closeable
+        button(data: { action: "click->reveal#hide" }, title: t("hide"), class: "h-8 w-8 ml-6 items-center justify-center outline-none") do
+          unsafe_raw helpers.icon_tag("close", class: "w-6 h-6", aria: { label: t("hide") })
+        end
+      end
+    end
+  end
+
+  COLORS = {
+    orange:  "border-orange-500 bg-orange-200 text-neutral-800 " \
+             "dark:bg-orange-900 dark:text-white",
+    yellow:  "border-yellow-500 bg-yellow-200 text-neutral-800 " \
+             "dark:bg-yellow-900 dark:text-white",
+    blue:    "border-blue-500 bg-blue-200 text-neutral-800 " \
+             "dark:bg-blue-900 dark:text-white",
+    green:   "border-green-500 bg-green-200 text-neutral-800 " \
+             "dark:bg-green-900 dark:text-white",
+    red:     "border-red-500 bg-red-200 text-neutral-800 " \
+             "dark:bg-red-900 dark:text-white",
+    neutral: "border-neutral-500 bg-neutral-200 text-neutral-800 " \
+             "dark:bg-neutral-900 dark:text-white"
+  }.freeze
+
+  ICON_COLORS = {
+    orange:  "fill-orange-500",
+    yellow:  "fill-yellow-600",
+    blue:    "fill-blue-500",
+    green:   "fill-green-500",
+    red:     "fill-red-400",
+    neutral: "fill-neutral-800"
+  }.freeze
+
+  STYLES = {
+    error:   [COLORS[:red],     ICON_COLORS[:red],     "error"],
+    alert:   [COLORS[:yellow],  ICON_COLORS[:yellow],  "warning"],
+    notice:  [COLORS[:blue],    ICON_COLORS[:blue],    "arrow-circle-right"],
+    success: [COLORS[:green],   ICON_COLORS[:green],   "check-circle"],
+    primary: [COLORS[:orange],  ICON_COLORS[:orange],  "arrow-circle-right"],
+    neutral: [COLORS[:neutral], ICON_COLORS[:neutral], "arrow-circle-right"]
+  }.freeze
+end
diff --git a/app/views/components/button_component.rb b/app/views/components/button_component.rb
index ddc94ae15bd..d64eef8dd5d 100644
--- a/app/views/components/button_component.rb
+++ b/app/views/components/button_component.rb
@@ -6,7 +6,7 @@ class ButtonComponent < ApplicationComponent
 
   attr_reader :text, :href, :type, :options, :color_css, :size_css
 
-  def initialize(text = nil, href: nil, type: :button, color: :primary, outline: false, size: :large, **options) # rubocop:disable Metrics/ParameterLists
+  def initialize(text = nil, href = nil, type: :button, color: :primary, outline: false, size: :large, **options) # rubocop:disable Metrics/ParameterLists
     super()
     @text = text
     @href = href
diff --git a/app/views/components/card/timeline_component.rb b/app/views/components/card/timeline_component.rb
new file mode 100644
index 00000000000..7f7ec86885e
--- /dev/null
+++ b/app/views/components/card/timeline_component.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+class Card::TimelineComponent < ApplicationComponent
+  include Phlex::Rails::Helpers::LinkTo
+  include Phlex::Rails::Helpers::TimeAgoInWords
+
+  def view_template(&)
+    div(class: "flex grow ml-2 md:-ml-2 border-l-2 border-neutral-300") do
+      div(class: "flex flex-col grow -mt-2", &)
+    end
+  end
+
+  def timeline_item(datetime, user_link = nil, &)
+    # this block is shifted left to align the dots with the line
+    div(class: "flex items-start -ml-2 mb-4") do
+      # Dot
+      div(class: "relative z-10 top-0.5 left-[1px] w-3 h-3 bg-orange-600 rounded-full flex-shrink-0 mt-1")
+
+      # Content
+      div(class: "flex-1 flex-col ml-5 md:ml-7 pb-4 border-b border-neutral-300 dark:border-neutral-700") do
+        div(class: "flex items-center justify-between") do
+          span(class: "text-b3 text-neutral-600") { t("time_ago", duration: time_ago_in_words(datetime)) }
+          span(class: "text-b3 text-neutral-800") { user_link } if user_link
+        end
+
+        div(class: "flex flex-wrap w-full items-center justify-between", &)
+      end
+    end
+  end
+end
diff --git a/app/views/components/card_component.rb b/app/views/components/card_component.rb
index 5b4211122ca..5d32d39cc2a 100644
--- a/app/views/components/card_component.rb
+++ b/app/views/components/card_component.rb
@@ -1,43 +1,85 @@
 # frozen_string_literal: true
 
 class CardComponent < ApplicationComponent
+  include Phlex::Rails::Helpers::LinkTo
+
   def view_template(&)
-    color = "bg-white dark:bg-black border border-neutral-400 dark:border-neutral-800 rounded-md shadow text-neutral-900 dark:text-neutral-100"
-    box = "w-full px-4 py-6 md:p-10"
+    color = "bg-white dark:bg-black border border-neutral-200 dark:border-neutral-800 text-neutral-900 dark:text-white "
+    box = "w-full px-4 py-6 md:p-10 mb-10 rounded-md shadow overflow-hidden"
     article(**classes(color, box), &)
   end
 
-  def head(title, icon: nil, url: nil, count: nil)
-    div(class: "flex justify-between items-center mb-8") do
-      h3(class: "flex items-center space-x-2 text-lg") do
-        render_icon(icon) if icon
-        span(class: "font-semibold") { title }
-        span(class: "font-light text-neutral-600") { count } if count
-      end
-
+  def head(title = nil, icon: nil, count: nil, url: nil, **options, &block)
+    block ||= proc do
+      title(title, icon:, count:)
       a(href: url, class: "text-sm text-orange-500 hover:underline") { t("view_all") } if url
     end
+    options[:class] = "#{options[:class]} flex justify-between items-center -mx-10 px-10 pb-8"
+    div(**options, &block)
+  end
+
+  def title(title, icon: nil, count: nil)
+    h3(class: "flex items-center text-lg space-x-2") do
+      render_icon(icon, class: "fill-orange") if icon
+      span(class: "font-semibold") { title }
+      # when count is 0, don't show the count because it's more confusing than helpful
+      span(class: "font-light text-neutral-600") { count } unless count.to_i.zero?
+    end
   end
 
   def with_list(items, &)
-    ul(class: "mx-6 my-8") do
+    list do
       items.each do |item|
-        li(class: "flex justify-between items-center py-3 px-4 rounded-md border border-white dark:border-neutral-850 hover:border-neutral-700") do
+        list_item do
           yield(item)
         end
       end
     end
   end
 
-  def with_content(&)
-    div(class: "space-y-4", &)
+  def list(**options, &)
+    options[:class] = "#{options[:class]} -mx-4"
+    ul(**options, &)
   end
 
-  private
+  def divided_list(**options, &)
+    options[:class] = "#{options[:class]} -mx-4 divide-y divide-neutral-200 dark:divide-neutral-800"
+    ul(**options, &)
+  end
+
+  def list_item(**options, &)
+    options[:class] = "#{options[:class]} #{LIST_ITEM_CLASSES}"
+    li(**options, &)
+  end
 
-  def render_icon(name, width: 32, height: 32)
-    svg(class: "fill-orange", width:, height:) do
-      "<use href=\"/images/icons.svg##{name}\"/>".html_safe # rubocop:disable Rails/OutputSafety
+  def list_item_to(url = nil, **options, &)
+    options[:class] = "#{options[:class]} #{LIST_ITEM_CLASSES}"
+    li do
+      link_to(url, **options) do
+        span(class: "flex-1", &)
+        render_icon("chevron-forward", class: "w-8 h-8 ml-2 text-neutral-800 dark:text-white fill-current")
+      end
     end
   end
+
+  # removes padding inside the "content" area of the card so scroll bar and overflaw appear correctly
+  # adds a border to the top of the scrollable area to explain the content being hidden on scroll
+  def scrollable(**options, &)
+    options[:class] = "#{options[:class]} lg:max-h-96 lg:overflow-y-auto"
+    options[:class] << " -mx-4 -mb-6 md:-mx-10 md:-mb-10"
+    options[:class] << " border-t border-neutral-200 dark:border-neutral-800"
+    div(**options) do
+      div(class: "px-4 pt-6 md:px-10 md:pt-10", &)
+    end
+  end
+
+  private
+
+  LIST_ITEM_CLASSES = "flex w-full px-4 py-3 " \
+                      "items-center md:rounded " \
+                      "hover:bg-neutral-100 dark:hover:bg-neutral-800"
+
+  def render_icon(name, size: 8, **)
+    unsafe_raw helpers.icon_tag(name, size: size, **)
+  end
 end
diff --git a/app/views/dashboards/show.html.erb b/app/views/dashboards/show.html.erb
index 0912ab5cb0b..edeed535109 100644
--- a/app/views/dashboards/show.html.erb
+++ b/app/views/dashboards/show.html.erb
@@ -1,66 +1,149 @@
 <% @title = t('.title') %>
 
-<div class="l-overflow">
-  <div class="subscribed l-colspan--l colspan--l--has-border">
-    <h3 class="gems__gem__name">
-      <%= t '.latest' %>:
-    </h3>
-    <%= link_to dashboard_path(:api_key => current_user.api_key, :format => :atom), :id => 'feed', :title => t('.latest_title'), :class => 'gem__link t-list__item', 'data-icon' => '#' do %>
-      <span class="t-hidden">RSS</span>
+<!-- Subscriptions -->
+
+<div class="flex flex-wrap space-y-4 lg:space-y-0 lg:space-x-20">
+  <aside class="w-full lg:w-96 lg:mb-32">
+    <%= render CardComponent.new do |c| %>
+      <!-- Profile Header -->
+      <div class="flex flex-wrap items-center mb-4">
+        <!-- Profile Picture -->
+        <%# <img src="https://via.placeholder.com/100" alt="Profile Picture" class="w-24 h-24 rounded-lg object-cover mr-4"> %>
+        <%= avatar 328, "user_gravatar", theme: :dark, class: "h-24 w-24 lg:h-40 lg:w-40 rounded-lg object-cover mr-4" %>
+
+        <!-- Name and Title -->
+        <div class="lg:w-full lg:mt-2">
+          <h2 class="text-lg font-bold"><%= @user.display_handle %></h2>
+          <% if @user.full_name.present? %>
+            <p class="text-neutral-500"><%= @user.full_name %></p>
+          <% end %>
+        </div>
+      </div>
+
+      <!-- Contact Info -->
+      <div class="my-6">
+        <% if @user.public_email? || @user == current_user %>
+          <div class="flex items-center mb-2">
+            <%= icon_tag("mail", color: :primary, class: "h-6 w-6 text-orange mr-3") %>
+            <p class="text-neutral-800 dark:text-white"><%=
+              mail_to(
+                @user.email,
+                encode: "hex",
+                class: "profile__header__attribute t-link--black"
+              )
+            %></p>
+          </div>
+        <% end %>
+        <% if @user.twitter_username.present? %>
+          <div class="flex items-center mb-2">
+            <%= icon_tag("x-twitter", color: :primary, class: "w-6 text-orange mr-3") %>
+            <p class="text-neutral-800 dark:text-white"><%=
+              link_to(
+                twitter_username(@user),
+                twitter_url(@user)
+              )
+            %></p>
+          </div>
+        <% end %>
+      </div>
+
+      <% if @user.memberships.any? %>
+      <!-- Organizations -->
+        <div class="max-w-96 mb-2 space-y-2">
+          <h3 class="text-neutral-800 dark:text-white font-semibold text-b3 uppercase mb-2">Organizations</h3>
+          <% @user.memberships.preload(:organization).each do |membership| %>
+            <div class="flex justify-between">
+              <p class="text-neutral-800 dark:text-white"><%= membership.organization.name %></p>
+              <p class="text-neutral-500 capitalize"><%= membership.role %></p>
+            </div>
+          <% end %>
+        </div>
+      <% end %>
     <% end %>
-    </a>
-    <div class="push--bottom">
-      <% if @latest_updates.empty? %>
-        <div class="t-body push--s">
-          <i class="t-text"><%= t('.no_subscriptions_html', :gem_link => link_to(t('.gem_link_text'), rubygem_path("rake"))) %></i>
+  </aside>
+
+  <div class="flex-1">
+    <%= render CardComponent.new do |c| %>
+      <%= c.head(divide: true) do %>
+        <%= c.title t(".latest"), icon: :history %>
+        <div class="flex space-x-2 items-center">
+          <%= link_to dashboard_path(api_key: current_user.api_key, format: :atom), id: 'feed', title: t('.latest_title'), class: 'items-center' do %>
+            <%= icon_tag("rss-feed", size: 6, class: "w-6 h-6 fill-orange") %>
+          <% end %>
         </div>
+      <% end %>
+
+      <% if @latest_updates.empty? %>
+        <%= prose do %>
+          <i><%= t('.no_subscriptions_html', :gem_link => link_to(t('.gem_link_text'), rubygem_path("rake"))) %></i>
+        <% end %>
       <% else %>
-        <ol>
-          <% @latest_updates.each do |version| %>
-            <li>
-              <a href="<%= rubygem_path(version.rubygem.slug) %>" class="dashboard__gem">
-                <div class="dashboard__gem__info">
-                  <strong class="dashboard__gem__name"><%= version.to_title %></strong>
-                  <i class="dashboard__gem__version"><%= t 'time_ago', :duration => time_ago_in_words(version.authored_at) %></i>
-                </div>
-                <p class="dashboard__gem__desc"><%= short_info(version) %></p>
-              </a>
-            </li>
+        <%= c.scrollable do %>
+          <%= render Card::TimelineComponent.new do |t| %>
+            <% @latest_updates.each do |version| %>
+              <%
+                pusher_link = if version.pusher.present?
+                  link_to_user(version.pusher)
+                elsif version.pusher_api_key&.owner.present?
+                  link_to_pusher(version.pusher_api_key.owner)
+                end
+              %>
+              <%= t.timeline_item(version.authored_at, pusher_link) do %>
+                  <div class="flex text-b1 text-neutral-800 dark:text-white"><%= link_to version.rubygem.name, rubygem_path(version.rubygem.slug) %></div>
+                  <%= version_number(version) %>
+              <% end %>
+            <% end %>
           <% end %>
-        </ol>
+        <% end %>
       <% end %>
-    </div>
-  </div>
+    <% end %>
 
-  <div class="l-col--r--pad">
-    <div class="mine t-body">
-      <h1><%= t '.mine' %></h1>
+    <%= render CardComponent.new do |c| %>
+      <%= c.head do %>
+        <%= c.title t(".mine"), icon: :gems, count: @my_gems_count %>
+      <% end %>
       <% if @my_gems.empty? %>
-        <div class="t-body push--bottom">
-          <p>
-            <%= t('.no_owned_html', :creating_link => link_to(t('.creating_link_text'), "https://guides.rubygems.org/make-your-own-gem/")) %>
-          </p>
-        </div>
+        <%= prose do %>
+          <i><%= t('.no_owned_html', :creating_link => link_to(t('.creating_link_text'), "https://guides.rubygems.org/make-your-own-gem/")) %></i>
+        <% end %>
       <% else %>
-        <ul>
+        <%= c.divided_list do %>
           <% @my_gems.each do |rubygem| %>
-            <li>
-              <%= link_to rubygem.name, rubygem_path(rubygem.slug), :title => short_info(rubygem.most_recent_version), :class => 't-link' %>
-            </li>
+            <%= c.list_item_to(
+              rubygem_path(rubygem.slug),
+              title: short_info(rubygem.most_recent_version),
+            ) do %>
+              <div class="flex flex-col w-full justify-between">
+                <div class="flex flex-row w-full items-center justify-between">
+                  <h4 class="text-b1 flex"><%= rubygem.name %></h4>
+                  <%= version_number(rubygem.most_recent_version) %>
+                </div>
+                <div class="flex flex-row w-full items-center justify-between">
+                  <%= download_count_component(rubygem, class: "flex") %>
+                  <div class="flex text-neutral-600"><%= version_date_component(rubygem.most_recent_version) %></div>
+                </div>
+              </div>
+            <% end %>
           <% end %>
-        </ul>
+        <% end %>
       <% end %>
+    <% end %>
 
-      <% if @subscribed_gems.present? %>
-        <h1><%= t '.my_subscriptions' %></h1>
-        <ul>
-          <% current_user.subscribed_gems.each do |gem| %>
-            <li>
-              <%= link_to gem, rubygem_path(gem.slug), :title => short_info(gem.most_recent_version), :class => 't-link' %>
-            </li>
-          <% end %>
-        </ul>
+    <% if @subscribed_gems.present? %>
+      <%= render CardComponent.new do |c| %>
+        <%= c.head do %>
+          <%= c.title t(".my_subscriptions"), icon: :gems, count: @subscribed_gems_count %>
+          <%= link_to t("view_all"), subscriptions_path, class: "text-sm text-orange-500" %>
+        <% end %>
+        <%= c.with_list(@subscribed_gems) do |gem| %>
+          <div class="flex flex-row w-full items-center justify-between">
+            <%= link_to rubygem_path(gem.slug), title: short_info(gem.most_recent_version) do %>
+              <h3 class="text-b1"><%= gem.name %></h3>
+              <p class="text-b3 text-neutral-600"><%= short_info(gem.most_recent_version) %></p>
+            <% end %>
+          </div>
+        <% end %>
       <% end %>
-    </div>
+    <% end %>
   </div>
 </div>
diff --git a/app/views/layouts/_breadcrumbs.html.erb b/app/views/layouts/_breadcrumbs.html.erb
index 151bafbe074..605713d9197 100644
--- a/app/views/layouts/_breadcrumbs.html.erb
+++ b/app/views/layouts/_breadcrumbs.html.erb
@@ -10,7 +10,7 @@
       <% end %>
 
       <% breadcrumbs.each do |name, link| %>
-        <svg class="fill-neutral-600 dark:fill-neutral-700 h-6 w-6" height="24" width="24" role="graphics-symbol" aria-hidden="true">
+        <svg class="text-neutral-600 dark:text-neutral-700 fill-neutral-600 dark:fill-neutral-700 h-6 w-6" height="24" width="24" role="graphics-symbol" aria-hidden="true">
           <use href="/images/icons.svg#chevron-right"/>
         </svg>
         <% if link %>
diff --git a/app/views/layouts/_session.html.erb b/app/views/layouts/_session.html.erb
index a5975f422da..ccb3796a353 100644
--- a/app/views/layouts/_session.html.erb
+++ b/app/views/layouts/_session.html.erb
@@ -1,19 +1,20 @@
-<div class="ml-3 flex text-neutral-900 dark:text-white hover:text-black dark:hover:text-neutral-400" data-controller="dialog">
+<div class="ml-3 flex text-neutral-900 dark:text-white hover:text-black dark:hover:text-neutral-400 items-center" data-controller="dialog">
   <% if signed_in? %>
-    <button data-action="dialog#open" data-dialog-target="button">
+    <%# This class is used in the tests :( I need it to be the same class until the old design is gone. %>
+    <%= link_to(dashboard_path, data: { action: "dialog#open", dialog_target: "button" }, class: "header__popup-link") do %>
       <%= avatar 64, "user_gravatar", theme: :dark, class: "h-9 w-9 rounded" %>
-    </button>
+    <% end %>
   <% else %>
     <div class="hidden md:flex text-nowrap">
-      <%= render ButtonComponent.new t('sign_in'), type: :link, href: sign_in_path, color: :secondary, size: :small %>
+      <%= render ButtonComponent.new t('sign_in'), sign_in_path, type: :link, color: :secondary, size: :small %>
       <% if Clearance.configuration.allow_sign_up? %>
-        <%= render ButtonComponent.new t('sign_up'), type: :link, href: sign_up_path, color: :primary, size: :small, class: "ml-3" %>
+        <%= render ButtonComponent.new t('sign_up'), sign_up_path, type: :link, color: :primary, size: :small, class: "ml-3" %>
       <% end %>
     </div>
 
     <% sign_in_sign_up_path = Clearance.configuration.allow_sign_up? ? sign_up_path : sign_in_path %>
-    <%= link_to sign_in_sign_up_path, class: "-mr-1 p-1 md:hidden" do %>
-      <svg width="28" height="28" class="h-7 w-7 fill-current"><use href="/images/icons.svg#profile"/></svg>
+    <%= link_to sign_in_sign_up_path, class: "-mr-1 p-1 md:hidden text-neutral-800 dark:text-white hover:text-neutral-600 dark:hover:text-neutral-400 " do %>
+      <%= icon_tag "profile", size: 7 %>
     <% end %>
   <% end %>
 
@@ -30,12 +31,12 @@
         <!-- Dialog header -->
         <div class="flex justify-between items-center">
           <h2 class="flex h-7 lg:h-8 lg:mb-0 items-center space-x-1 text-orange text-b1">
-            <svg class="w-6 h-6 fill-current" width="32" height="32" role="graphics-symbol" aria-label="RubyGems Home"><use href="/images/icons.svg#logo"/></svg>
+            <%= icon_tag "logo", size: 8, class: "w-6 h-6" %>
             <span class="text-h5 text-orange">RubyGems</span>
           <h2>
 
           <button data-action="dialog#close" class="h-8 w-8 items-center justify-center outline-none">
-            <svg class="w-6 h-6 fill-current" width="24" height="24" role="graphics-symbol" aria-label="Close profile modal"><use href="/images/icons.svg#close"/></svg>
+            <%= icon_tag "close", class: "w-6 h-6", aria: { label: "Close profile modal" } %>
           </button>
         </div>
 
@@ -45,7 +46,7 @@
           <%= link_to t('layouts.application.header.edit_profile'), edit_profile_path, class: "px-6 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
           <%= link_to t('layouts.application.header.settings'), edit_settings_path, class: "px-6 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
         </nav>
-        <%= link_to t('layouts.application.header.sign_out'), sign_out_path, method: :delete, class: "w-full my-8 px-4 py-2 text-b2 rounded border border-black dark:border-white bg-white dark:bg-black hover:bg-neutral-100 dark:hover:bg-neutral-800 text-black dark:text-white text-center" %>
+        <%= link_to t('sign_out'), sign_out_path, method: :delete, class: "w-full my-8 px-4 py-2 text-b2 rounded border border-black dark:border-white bg-white dark:bg-black hover:bg-neutral-100 dark:hover:bg-neutral-800 text-black dark:text-white text-center" %>
       </div>
     </div>
   </dialog>
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 59fd44a0de8..701f7a097d8 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -74,12 +74,12 @@
                 <%= link_to t('.header.settings'), edit_settings_path, class: "header__nav-link" %>
                 <%= link_to t('.header.dashboard'), dashboard_path, class: "header__nav-link" %>
                 <%= link_to t('.header.edit_profile'), edit_profile_path, class: "header__nav-link" %>
-                <%= link_to t('.header.sign_out'), sign_out_path, method: :delete, class: "header__nav-link" %>
+                <%= link_to t('sign_out'), sign_out_path, method: :delete, class: "header__nav-link" %>
               </div>
             <% else %>
-              <%= link_to t('.header.sign_in'), sign_in_path, class: "header__nav-link #{'is-active' if request.path_info == '/sign_in'}" %>
+              <%= link_to t('sign_in'), sign_in_path, class: "header__nav-link #{'is-active' if request.path_info == '/sign_in'}" %>
               <% if Clearance.configuration.allow_sign_up? %>
-                <%= link_to t('.header.sign_up'), sign_up_path, class: "header__nav-link #{'is-active' if request.path_info == '/sign_up'}" %>
+                <%= link_to t('sign_up'), sign_up_path, class: "header__nav-link #{'is-active' if request.path_info == '/sign_up'}" %>
               <% end %>
             <% end %>
           </nav>
diff --git a/app/views/layouts/hammy.html.erb b/app/views/layouts/hammy.html.erb
index 850f16647b3..b65449f08b2 100644
--- a/app/views/layouts/hammy.html.erb
+++ b/app/views/layouts/hammy.html.erb
@@ -34,12 +34,12 @@
           <div class="flex flex-row items-center xl:mr-auto" data-controller="dialog">
             <!-- Mobile Menu Button -->
             <button data-action="dialog#open" data-dialog-target="button" aria-label="Open menu" class="px-2 py-1 w-10 h-9 mr-3 items-center rounded text-white bg-orange hover:bg-orange-600 dark:bg-orange-600 dark:hover:bg-orange-700 lg:hidden focus:outline-none">
-              <svg width="24" height="24" class="fill-current" role="graphics-symbol"><use href="/images/icons.svg#menu"/></svg>
+              <%= icon_tag "menu" %>
             </button>
 
             <!-- Logo -->
             <%= link_to(root_path, title: "RubyGems", class: "flex h-8 items-center text-orange text-b1") do %>
-              <svg class="w-7 h-7 lg:w-8 lg:h-8 fill-current" width="32" height="32" role="graphics-symbol" aria-label="RubyGems Home"><use href="/images/icons.svg#logo"/></svg>
+              <%= icon_tag "logo", size: 8, class: "w-7 h-7 lg:w-8 lg:h-8", aria: { label: "RubyGems Home" } %>
               <span class="hidden sm:flex ml-1 text-h5 text-orange">RubyGems</span>
             <% end %>
 
@@ -52,7 +52,7 @@
               <div class="flex relative ml-7" data-controller="dropdown">
                 <button data-action="dropdown#toggle click@window->dropdown#hide" class="flex items-center text-neutral-900 dark:text-white hover:text-neutral-600 dark:hover:text-neutral-400 focus:outline-none lowercase">
                   <span><%= t("layouts.application.footer.about") %></span>
-                  <svg width="24" height="24" class="fill-current"><use href="/images/icons.svg#arrow-drop-down"/></svg>
+                  <%= icon_tag "arrow-drop-down" %>
                 </button>
 
                 <!-- About Dropdown Menu -->
@@ -67,9 +67,9 @@
               <!-- Language Selector -->
               <div class="flex relative ml-5" data-controller="dropdown">
                 <button data-action="dropdown#toggle click@window->dropdown#hide" class="flex items-center text-neutral-900 dark:text-white hover:text-neutral-600 dark:hover:text-neutral-400 focus:outline-none">
-                  <svg width="20" height="20" class="fill-current"><use href="/images/icons.svg#language"/></svg>
+                  <%= icon_tag "language", size: 5 %>
                   <span class="ml-1 text-b3 uppercase"><%= I18n.locale %></span>
-                  <svg width="24" height="24" class="fill-current"><use href="/images/icons.svg#arrow-drop-down"/></svg>
+                  <%= icon_tag "arrow-drop-down" %>
                 </button>
 
                 <!-- Language Dropdown Menu -->
@@ -91,11 +91,11 @@
                 <div class="flex flex-row items-center px-8 py-4 border-b border-neutral-400 dark:border-neutral-800">
                   <!-- Close Menu Button -->
                   <button data-action="dialog#close" aria-label="Close menu" class="px-2 py-1 w-10 h-9 mr-3 rounded text-white bg-orange dark:bg-orange-600 hover:bg-orange-700 dark:hover:bg-orange-700 focus:outline-none items-center">
-                    <svg width="24" height="24" class="fill-current"><use href="/images/icons.svg#close"/></svg>
+                    <%= icon_tag "close" %>
                   </button>
                   <!-- Logo -->
                   <%= link_to(root_path, title: "RubyGems", class: "flex h-8 items-center text-orange text-b1") do %>
-                    <svg class="w-7 h-7 lg:w-8 lg:h-8 fill-current" width="32" height="32" role="graphics-symbol" aria-label="RubyGems Home"><use href="/images/icons.svg#logo"/></svg>
+                    <%= icon_tag "logo", size: 8, class: "w-7 h-7 lg:w-8 lg:h-8", aria: { label: "RubyGems Home" } %>
                     <span class="ml-1 text-h5 lg:text-h4 text-orange">RubyGems</span>
                   <% end %>
                 </div>
@@ -110,7 +110,7 @@
                   <div data-controller="reveal" data-reveal-toggle-class="rotate-180" class="flex flex-col">
                     <button class="flex items-center px-8 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800 focus:outline-none justify-between" data-action="reveal#toggle" data-reveal-target="button">
                       <span><%= t("layouts.application.footer.about") %></span>
-                      <svg width="24" height="24" class="fill-current transition-transform transform" data-reveal-target="toggle"><use href="/images/icons.svg#keyboard-arrow-down"/></svg>
+                      <%= icon_tag "keyboard-arrow-down", class:"transition-transform transform", data: { reveal_target: "toggle" } %>
                     </button>
 
                     <%= link_to t('title'), page_path("about"), data: { reveal_target: "item" }, class: "hidden px-16 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800" %>
@@ -124,10 +124,10 @@
                   <div class="flex flex-col" data-controller="reveal" data-reveal-toggle-class="rotate-180">
                     <button class="flex items-center px-8 py-3 hover:bg-neutral-100 dark:hover:bg-neutral-800 focus:outline-none justify-between" data-action="reveal#toggle" data-reveal-target="button">
                       <span class="flex items-center">
-                        <svg width="24" height="24" class="fill-current"><use href="/images/icons.svg#language"/></svg>
+                        <%= icon_tag "language" %>
                         <span class="mx-2 text-b2 uppercase"><%= I18n.locale %></span>
                       </span>
-                      <svg width="24" height="24" class="fill-current transition-transform transform" data-reveal-target="toggle"><use href="/images/icons.svg#keyboard-arrow-down"/></svg>
+                      <%= icon_tag "keyboard-arrow-down", class:"transition-transform transform", data: { reveal_target: "toggle" } %>
                     </button>
 
                     <% I18n.available_locales.each do |language| %>
@@ -139,10 +139,11 @@
             </dialog>
           </div>
 
+          <!-- Search button and Profile -->
           <div class="ml-auto flex flex-row items-center xl:ml-0 xl:order-3">
             <!-- Search button -->
             <button type="button" data-action="reveal-search#toggle" data-reveal-search-target="toggle" aria-label="Open search" class="flex xl:hidden h-9 w-9 box-border text-neutral-800 dark:text-white hover:text-neutral-600 dark:hover:text-neutral-400 items-center justify-center rounded border-neutral-300 dark:border-neutral-700">
-              <svg width="24" height="24" class="h-6 w-6 fill-current"><use href="/images/icons.svg#search"/></svg>
+              <%= icon_tag "search", class: "h-6 w-6" %>
             </button>
 
             <!-- Profile -->
@@ -165,7 +166,7 @@
               <% end %>
 
               <button type="submit" id="search_submit" aria-labelledby="querylabel" class="absolute end-[1px] top-[1px] p-[5px] text-neutral-900 dark:text-white focus:outline-none border-l border-neutral-300 dark:border-neutral-700 hover:text-neutral-600 dark:hover:text-neutral-400 rounded-r">
-                <svg width="24" height="24" class="h-6 w-6 fill-current"><use href="/images/icons.svg#search"/></svg>
+                <%= icon_tag "search", class: "h-6 w-6" %>
               </button>
             <% end %>
           </div>
@@ -177,22 +178,23 @@
     </header>
 
     <!-- Content -->
-    <div class="flex-1 w-full px-8 py-6 flex-col bg-neutral-050 dark:bg-neutral-950 text-neutral-950 dark:text-neutral-050 text-b2 items-center inline-flex">
+    <main class="flex-1 w-full px-8 py-6 flex-col bg-neutral-050 dark:bg-neutral-950 text-neutral-950 dark:text-neutral-050 text-b2 items-center inline-flex">
       <div class="max-w-screen-xl w-full mx-auto mb-12 md:mb-16 lg:mb-28">
         <!-- New design notice -->
-        <p class="flex flex-row items-center bg-green-200 dark:bg-green-900 text-neutral-800 dark:text-neutral-200 p-4 mb-10 rounded border border-green-500 text-b2">
-          <svg class="flex-none fill-green-500 mr-2 h-6 w-6" height="24" width="24">
-            <use href="/images/icons.svg#toast"/>
-          </svg>
-          <span class="align-middle">
-            Design Under Construction.
-            <a href="https://blog.rubygems.org/2024/10/15/our-new-design.html" class="text-green-500 dark:text-green-400 text-nowrap">Learn more</a>
-          </span>
-        </p>
+        <%= render AlertComponent.new(style: :neutral, closeable: true) do %>
+          Design Under Construction.
+          <a href="https://blog.rubygems.org/2024/10/15/our-new-design.html" class="text-blue-500 dark:text-blue-400 text-nowrap">Learn more</a>
+        <% end %>
+
+        <% flash.each do |name, msg| %>
+          <%= render AlertComponent.new(style: name, closeable: true) do %>
+            <%= flash_message(name, msg) %>
+          <% end %>
+        <% end %>
 
         <%= yield %>
       </div>
-    </div>
+    </main>
 
       <!-- Footer -->
     <footer>
@@ -209,8 +211,8 @@
             </ul>
           </nav>
           <div class="flex space-x-4">
-            <a href="https://github.com/rubygems/rubygems.org" class="">
-              <svg width="24" height="24" class="fill-current"><use href="/images/icons.svg#github"/></svg>
+            <a href="https://github.com/rubygems/rubygems.org">
+              <%= icon_tag "github" %>
             </a>
             <%# <a href="" class=""><svg width="24" height="24" class="fill-current"><use href="/images/icons.svg#mastodon"/></svg></a>
             <a href="#" class=""><svg width="24" height="24" class="fill-current"><use href="/images/icons.svg#x-twitter"/></svg></a> %>
@@ -228,13 +230,13 @@
 
           <!-- Supporter Icons -->
           <div class="w-full lg:grow mx-auto grid grid-cols-3 gap-6 justify-items-center md:flex md:items-center md:justify-between">
-            <a href="https://rubycentral.org/" class="p-1"><svg width="60" height="60" class="fill-current"><use href="/images/icons.svg#ruby-central"/></svg></a>
-            <a href="https://dnsimple.link/resolving-rubygems" class="p-1"><svg width="60" height="60" class="fill-current"><use href="/images/icons.svg#dnsimple"/></svg></a>
-            <a href="https://www.datadoghq.com/" class="p-1"><svg width="60" height="60" class="fill-current"><use href="/images/icons.svg#datadog"/></svg></a>
-            <a href="https://www.fastly.com/" class="p-1"><svg width="60" height="60" class="fill-current"><use href="/images/icons.svg#fastly"/></svg></a>
-            <a href="https://www.honeybadger.io/" class="p-1"><svg width="60" height="60" class="fill-current"><use href="/images/icons.svg#honeybadger"/></svg></a>
-            <a href="https://domainr.com/" class="p-1"><svg width="60" height="60" class="fill-current"><use href="/images/icons.svg#domainr"/></svg></a>
-            <a href="https://mend.io/" class="col-start-2 p-1"><svg width="60" height="60" class="fill-current"><use href="/images/icons.svg#mend-io"/></svg></a>
+            <a href="https://rubycentral.org/" class="p-1"><%= icon_tag "ruby-central", size: 15 %></a>
+            <a href="https://dnsimple.link/resolving-rubygems" class="p-1"><%= icon_tag "dnsimple", size: 15 %></a>
+            <a href="https://www.datadoghq.com/" class="p-1"><%= icon_tag "datadog", size: 15 %></a>
+            <a href="https://www.fastly.com/" class="p-1"><%= icon_tag "fastly", size: 15 %></a>
+            <a href="https://www.honeybadger.io/" class="p-1"><%= icon_tag "honeybadger", size: 15 %></a>
+            <a href="https://domainr.com/" class="p-1"><%= icon_tag "domainr", size: 15 %></a>
+            <a href="https://mend.io/" class="col-start-2 p-1"><%= icon_tag "mend-io", size: 15 %></a>
           </div>
         </div>
       </div>
diff --git a/app/views/pages/about.html.erb b/app/views/pages/about.html.erb
index 7078e3097d1..e654a2f3e20 100644
--- a/app/views/pages/about.html.erb
+++ b/app/views/pages/about.html.erb
@@ -31,6 +31,6 @@
   <h2 class="about__assets__heading"><%= t('.logo_header') %></h2>
   <p><%= t('.logo_details') %></p>
   <div class="about__assets-wrap">
-    <%= render ButtonComponent.new t('rubygems.aside.links.download'), type: :link, href: "/logos.zip" %>
+    <%= render ButtonComponent.new t('rubygems.aside.links.download'), "/logos.zip", type: :link %>
   </div>
 <% end %>
diff --git a/app/views/pages/data.html.erb b/app/views/pages/data.html.erb
index 951fd6581be..c447164d503 100644
--- a/app/views/pages/data.html.erb
+++ b/app/views/pages/data.html.erb
@@ -3,17 +3,17 @@
 <div class="flex flex-col space-y-10 max-w-3xl mx-auto" id="data-dump">
   <%= render CardComponent.new do |c| %>
     <%= c.head("PostgreSQL Data", icon: :history) %>
-    <%= c.with_content do |user| %>
-      <%= prose do %>
-        <p>We provide weekly dumps of the RubyGems.org PostgreSQL data. This dump is sanitized, removing all user information.</p>
-        <p>The <a href="https://github.com/rubygems/rubygems.org/tree/master/script/load-pg-dump" class="text-orange">load-pg-dump</a> script is
-          available as an example of how to to download and load the most recent weekly dump.</p>
-      <% end %>
-      <ul data-controller="dump">
-        <template data-dump-target="template">
-          <li><a href="#" class="flex -mx-4 p-4 hover:bg-neutral-100 dark:hover:bg-neutral-800 lg:rounded"></a></li>
-        </template>
-      </ul>
+    <%= prose do |user| %>
+      <p>We provide weekly dumps of the RubyGems.org PostgreSQL data. This dump is sanitized, removing all user information.</p>
+      <p>The <a href="https://github.com/rubygems/rubygems.org/tree/master/script/load-pg-dump" class="text-orange">load-pg-dump</a> script is
+        available as an example of how to to download and load the most recent weekly dump.</p>
+    <% end %>
+    <%= c.list(data: { controller: "dump" }) do %>
+      <template data-dump-target="template">
+        <%= c.list_item_to "#" do %>
+          <span></span>
+        <% end %>
+      </template>
     <% end %>
   <% end %>
 </div>
diff --git a/app/views/pages/download.html.erb b/app/views/pages/download.html.erb
index 23184c1ecd5..bf823d20919 100644
--- a/app/views/pages/download.html.erb
+++ b/app/views/pages/download.html.erb
@@ -24,9 +24,9 @@
   </ol>
   <h4>Download the latest version</h4>
   <div id="formats" class="flex flex-row space-x-6">
-    <%= render ButtonComponent.new "tgz", type: :link, href: "https://rubygems.org/rubygems/rubygems-#{version_number}.tgz" %>
-    <%= render ButtonComponent.new "zip", type: :link, href: "https://rubygems.org/rubygems/rubygems-#{version_number}.zip" %>
-    <%= render ButtonComponent.new "gem", type: :link, href: "https://rubygems.org/gems/rubygems-update-#{version_number}.gem" %>
-    <%= render ButtonComponent.new "git", type: :link, href: "https://github.com/rubygems/rubygems" %>
+    <%= render ButtonComponent.new "tgz", "https://rubygems.org/rubygems/rubygems-#{version_number}.tgz", type: :link %>
+    <%= render ButtonComponent.new "zip", "https://rubygems.org/rubygems/rubygems-#{version_number}.zip", type: :link %>
+    <%= render ButtonComponent.new "gem", "https://rubygems.org/gems/rubygems-update-#{version_number}.gem", type: :link %>
+    <%= render ButtonComponent.new "git", "https://github.com/rubygems/rubygems", type: :link %>
   </div>
 <% end %>
diff --git a/app/views/profiles/show.html.erb b/app/views/profiles/show.html.erb
index d53b7f5ca94..a109e68018b 100644
--- a/app/views/profiles/show.html.erb
+++ b/app/views/profiles/show.html.erb
@@ -107,7 +107,7 @@
       </h2>
 
       <h4 id="downloads" class="gem__downloads__heading t-text--s">
-        <%= t('stats.index.total_downloads') %>
+        <%= t('total_downloads') %>
       </h4>
 
       <h2 id="downloads_count" class="gem__downloads">
diff --git a/app/views/rubygems/_aside.html.erb b/app/views/rubygems/_aside.html.erb
index 9e011629aaf..f7735be703b 100644
--- a/app/views/rubygems/_aside.html.erb
+++ b/app/views/rubygems/_aside.html.erb
@@ -7,7 +7,7 @@
   <% end %>
   <div class="gem__downloads-wrap" data-href="<%= api_v1_download_path(@latest_version.full_name, :format => 'json') %>">
     <h2 class="gem__downloads__heading t-text--s">
-      <%= t('stats.index.total_downloads') %>
+      <%= t('total_downloads') %>
       <span class="gem__downloads"><%= number_with_delimiter(@rubygem.downloads) %></span>
     </h2>
     <h2 class="gem__downloads__heading t-text--s">
diff --git a/app/views/stats/index.html.erb b/app/views/stats/index.html.erb
index bcac07047d8..f9098e70fff 100644
--- a/app/views/stats/index.html.erb
+++ b/app/views/stats/index.html.erb
@@ -10,7 +10,7 @@
     <span class="stat__count"><%= number_with_delimiter @number_of_users %></span>
   </h2>
   <h2 class="stat" data-icon="⌄">
-    <%= t('stats.index.total_downloads') %>
+    <%= t('total_downloads') %>
     <span class="stat__count"><%= number_with_delimiter @number_of_downloads %></span>
   </h2>
 </div>
diff --git a/app/views/subscriptions/index.html.erb b/app/views/subscriptions/index.html.erb
new file mode 100644
index 00000000000..e2ca69b101a
--- /dev/null
+++ b/app/views/subscriptions/index.html.erb
@@ -0,0 +1,28 @@
+<% @title = t("dashboards.show.my_subscriptions") %>
+
+<%= render CardComponent.new do |c| %>
+  <%= c.head(t("dashboards.show.my_subscriptions"), icon: :gems, count: @subscribed_gems.size) %>
+  <% if @subscribed_gems.empty? %>
+    <%= prose do %>
+      <i><%= t("dashboards.show.no_subscriptions_html", :gem_link => link_to(t('dashboards.show.gem_link_text'), rubygem_path("rake"))) %></i>
+    <% end %>
+  <% else %>
+    <%= c.with_list(@subscribed_gems) do |gem| %>
+      <div class="flex flex-row w-full items-center justify-between">
+        <%= link_to rubygem_path(gem.slug) do %>
+          <h3 class="text-b1"><%= gem.name %></h3>
+          <p class="text-b3"><%= short_info(gem.most_recent_version) %></p>
+        <% end %>
+        <%= button_to(
+          rubygem_subscription_path(gem.slug),
+          method: :delete,
+          title: t("rubygems.aside.links.unsubscribe"),
+          class: "h-8 w-8 ml-6 items-center justify-center outline-none",
+          aria: { label: t("rubygems.aside.links.unsubscribe") }
+        ) do %>
+          <%= icon_tag "close", class: "w-6 h-6" %>
+        <% end %>
+      </div>
+    <% end %>
+  <% end %>
+<% end %>
diff --git a/config/locales/de.yml b/config/locales/de.yml
index 99cbcaa4cb2..e3e04e1e1f6 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -4,6 +4,7 @@ de:
   copied: Kopiert!
   copy_to_clipboard: In die Zwischenablage kopieren
   edit: Bearbeiten
+  hide: Verbergen
   verification_expired:
   feed_latest: RubyGems.org | Neueste Gems
   feed_subscribed: RubyGems.org | Abonnierte Gems
@@ -39,6 +40,7 @@ de:
   otp_missing: Sie haben die Mehrfaktor-Authentifizierung aktiviert, aber keinen OTP-Code
     angegeben. Bitte füllen Sie diesen aus und versuchen Sie es erneut.
   sign_in: Anmelden
+  sign_out: Abmelden
   sign_up: Registrieren
   dependency_list: Alle transitiven Abhängigkeiten anzeigen
   multifactor_authentication: Mehrfaktorauthentifizierung
@@ -46,8 +48,10 @@ de:
   this_rubygem_could_not_be_found: Dieses Ruby Gem konnte nicht gefunden werden.
   time_ago: seit %{duration}
   title: RubyGems.org
-  update: Aktualisieren
+  total_downloads: Downloads insgesamt
   try_again: Etwas ist schiefgelaufen. Bitte versuchen Sie es erneut.
+  update: Aktualisieren
+  view_all: Alle anzeigen
   advanced_search: Erweiterte Suche
   authenticate: Authentifizieren
   helpers:
@@ -278,15 +282,13 @@ de:
         settings: Einstellungen
         edit_profile: Profil bearbeiten
         search_gem_html: Suche Gems&hellip;
-        sign_in: Anmelden
-        sign_out: Abmelden
-        sign_up: Registrieren
       mfa_banner_html:
   breadcrumbs:
-    home:
+    home: Startseite
     dashboard: Dashboard
-    settings:
+    settings: Einstellungen
     org_name: 'Organisation: %{name}'
+    subscriptions: Abonnements
   mailer:
     confirm_your_email: Bitte bestätigen Sie Ihre E-Mail-Adresse mit dem Link, der
       an Ihre E-Mail gesendet wurde.
@@ -635,6 +637,9 @@ de:
       title:
       close_browser:
   owners:
+    edit:
+      role:
+      title:
     confirm:
       confirmed_email:
       token_expired:
@@ -646,28 +651,25 @@ de:
       confirmed_at:
       added_by:
       action:
+      role:
+      role_field:
       email_field:
       submit_button:
       info:
       confirmed:
       pending:
       confirm_remove:
-      role:
-      role_field:
     resend_confirmation:
       resent_notice:
     create:
       success_notice:
+    update:
+      update_current_user_role:
+      success_notice:
     destroy:
       removed_notice:
       failed_notice:
     mfa_required:
-    update:
-      success_notice:
-      update_current_user_role:
-    edit:
-      role:
-      title:
   settings:
     edit:
       title:
@@ -854,7 +856,6 @@ de:
     index:
       title:
       all_time_most_downloaded: Am meisten Heruntergeladen in der gesamten Zeit
-      total_downloads: Downloads insgesamt
       total_gems: Gems insgesamt
       total_users: Benutzer insgesamt
   users:
@@ -1076,4 +1077,4 @@ de:
         api_key_scopes:
         api_key_gem_html:
         api_key_mfa:
-        not_required:
\ No newline at end of file
+        not_required:
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 3505362a1ee..c2e04a5298f 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -4,6 +4,7 @@ en:
   copied: Copied!
   copy_to_clipboard: Copy to clipboard
   edit: Edit
+  hide: Hide
   verification_expired: The verification has expired. Please verify again.
   feed_latest: RubyGems.org | Latest Gems
   feed_subscribed: RubyGems.org | Subscribed Gems
@@ -36,6 +37,7 @@ en:
   otp_incorrect: Your OTP code is incorrect. Please check it and retry.
   otp_missing: You have enabled multifactor authentication but no OTP code provided. Please fill it and retry.
   sign_in: Sign in
+  sign_out: Sign out
   sign_up: Sign up
   dependency_list: Show all transitive dependencies
   multifactor_authentication: Multi-factor authentication
@@ -43,8 +45,10 @@ en:
   this_rubygem_could_not_be_found: This rubygem could not be found.
   time_ago: "%{duration} ago"
   title: RubyGems.org
-  update: Update
+  total_downloads: Total downloads
   try_again: Something went wrong. Please try again.
+  update: Update
+  view_all: View all
   advanced_search: Advanced Search
   authenticate: Authenticate
   helpers:
@@ -264,15 +268,13 @@ en:
         settings: Settings
         edit_profile: Edit profile
         search_gem_html: Search Gems&hellip;
-        sign_in: Sign in
-        sign_out: Sign out
-        sign_up: Sign up
       mfa_banner_html: 🎉 We now support security devices! Improve your account security by <a href="/settings/edit#security-device">setting up</a> a new device. [Learn more](link to blog post)!
   breadcrumbs:
     home: Home
     dashboard: Dashboard
     settings: Settings
     org_name: "Org: %{name}"
+    subscriptions: Subscriptions
   mailer:
     confirm_your_email: Please confirm your email address with the link sent to your email.
     confirmation_subject: Please confirm your email address with %{host}
@@ -767,7 +769,6 @@ en:
     index:
       title: Stats
       all_time_most_downloaded: All Time Most Downloaded
-      total_downloads: Total downloads
       total_gems: Total gems
       total_users: Total users
   users:
@@ -997,4 +998,4 @@ en:
         api_key_scopes: "Scopes: %{scopes}"
         api_key_gem_html: "Gem: %{gem}"
         api_key_mfa: "MFA: %{mfa}"
-        not_required: "Not required"
\ No newline at end of file
+        not_required: "Not required"
diff --git a/config/locales/es.yml b/config/locales/es.yml
index 0cdf6d09ede..a223d9f20e3 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -4,6 +4,7 @@ es:
   copied: "¡Copiado!"
   copy_to_clipboard: Copiar al portapapeles
   edit: Editar
+  hide: Ocultar
   verification_expired:
   feed_latest: RubyGems.org | Gemas más recientes
   feed_subscribed: RubyGems.org | Suscripciones a gemas
@@ -37,6 +38,7 @@ es:
   otp_missing: Activaste autenticación con múltiples factores, pero no suministraste
     un código OTP. Por favor ingrésalo y prueba nuevamente.
   sign_in: Ingresa
+  sign_out: Salir
   sign_up: Regístrate
   dependency_list: Mostrar toda la cadena de dependencias
   multifactor_authentication: Autenticación de múltiples factores
@@ -44,8 +46,10 @@ es:
   this_rubygem_could_not_be_found: Esta gema no pudo encontrarse.
   time_ago: hace %{duration}
   title: RubyGems.org
-  update: Actualizar
+  total_downloads: Total de descargas
   try_again: Algo salió mal. Por favor inténtalo nuevamente.
+  update: Actualizar
+  view_all: Ver todo
   advanced_search: Búsqueda avanzada
   authenticate: Autenticar
   helpers:
@@ -277,15 +281,13 @@ es:
         settings: Configuración
         edit_profile: Editar
         search_gem_html: Buscar gemas&hellip;
-        sign_in: Acceso
-        sign_out: Salir
-        sign_up: Registro
       mfa_banner_html:
   breadcrumbs:
-    home:
+    home: Inicio
     dashboard: Dashboard
     settings: Configuración
     org_name: 'Org: %{name}'
+    subscriptions: Suscripciones
   mailer:
     confirm_your_email: Por favor confirma tu dirección de correo con el enlace enviado.
     confirmation_subject: Por favor confirma tu dirección de correo con %{host}
@@ -620,6 +622,9 @@ es:
       title: Error - Falló la verification
       close_browser: Por favor cierra este navegador e inténtalo de nuevo.
   owners:
+    edit:
+      role:
+      title:
     confirm:
       confirmed_email: Has sido añadido/a como propietario de la gema %{gem}
       token_expired: El token de confirmación ha expirado. Por favor intenta reenviar
@@ -632,31 +637,28 @@ es:
       confirmed_at: CONFIRMADO
       added_by: AÑADIDO POR
       action: ACCIÓN
+      role:
+      role_field:
       email_field: Correo / Usuario
       submit_button: Añadir a propietarios
       info: añadir o eliminar propietarios
       confirmed: Confirmado
       pending: Pendiente
       confirm_remove: "¿Seguro que quieres eliminar a este usuario de los propietarios?"
-      role:
-      role_field:
     resend_confirmation:
       resent_notice: Se ha reenviado un mensaje de confirmación a tu correo electrónico
     create:
       success_notice: Se ha añadido a %{handle} como propietario sin confirmar. Su
         acceso como propietario se activará cuando haga click en el mensaje de confirmación
         que se le ha enviado a su correo
+    update:
+      update_current_user_role:
+      success_notice:
     destroy:
       removed_notice: "%{owner_name} eliminado con éxito de la lista de propietarios"
       failed_notice: No se puede eliminar al único propietario de una gema
     mfa_required: La gema tiene activado el requerimiento de AMF, configura AMF en
       tu cuenta por favor.
-    edit:
-      role:
-      title:
-    update:
-      update_current_user_role:
-      success_notice:
   settings:
     edit:
       title: Editar configuración
@@ -881,7 +883,6 @@ es:
     index:
       title: Estadísticas
       all_time_most_downloaded: Más descargadas
-      total_downloads: Total de descargas
       total_gems: Gemas totales
       total_users: Usuarios totales
   users:
@@ -1131,4 +1132,4 @@ es:
         api_key_scopes:
         api_key_gem_html:
         api_key_mfa:
-        not_required:
\ No newline at end of file
+        not_required:
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index 00af532b78b..8149c79b7ff 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -4,6 +4,7 @@ fr:
   copied: Copié!
   copy_to_clipboard: Copier
   edit: Modification
+  hide: Cacher
   verification_expired:
   feed_latest: RubyGems.org | Derniers Gems
   feed_subscribed: RubyGems.org | Gems abonnés
@@ -37,6 +38,7 @@ fr:
   otp_incorrect:
   otp_missing:
   sign_in: Connexion
+  sign_out: Déconnexion
   sign_up: Inscription
   dependency_list:
   multifactor_authentication: Authentification Multifacteur
@@ -44,8 +46,10 @@ fr:
   this_rubygem_could_not_be_found: Rubygem introuvable.
   time_ago: il y a %{duration}
   title: RubyGems.org
-  update: Mise à jour
+  total_downloads: Total de téléchargements
   try_again: Une erreur est survenue. Veuillez réessayer.
+  update: Mise à jour
+  view_all: Voir tout
   advanced_search: Recherche avancée
   authenticate:
   helpers:
@@ -176,7 +180,6 @@ fr:
       yank_rubygem:
       add_owner:
       remove_owner:
-      update_owner:
       access_webhooks:
       show_dashboard:
       configure_trusted_publishers:
@@ -184,6 +187,7 @@ fr:
       save_key:
       mfa:
       expiration:
+      update_owner:
     new:
       new_api_key:
     reset:
@@ -205,7 +209,8 @@ fr:
       migrating_link_text: migration
       mine: Mes Gems
       my_subscriptions: Abonnements
-      no_owned_html: Vous n'avez pas encore publié de gem. Vous pouvez vérifier le guide de %{creating_link}.
+      no_owned_html: Vous n'avez pas encore publié de gem. Vous pouvez vérifier le
+        guide de %{creating_link}.
       no_subscriptions_html: Vous n'avez pas encore d'abonnements. Visitez %{gem_link}
         pour vous y abonner !
       title: Dashboard
@@ -268,15 +273,13 @@ fr:
         settings: Paramètres
         edit_profile: Modifier le profil
         search_gem_html: Recherche de Gems&hellip;
-        sign_in: Connexion
-        sign_out: Déconnexion
-        sign_up: Inscription
       mfa_banner_html:
   breadcrumbs:
-    home:
+    home: Accueil
     dashboard: Dashboard
     settings: Paramètres
     org_name: 'Org: %{name}'
+    subscriptions: Abonnements
   mailer:
     confirm_your_email: Veuillez confirmer votre adresse email avec le lien qui vous
       a été envoyé par email.
@@ -558,6 +561,9 @@ fr:
       title:
       close_browser:
   owners:
+    edit:
+      role:
+      title:
     confirm:
       confirmed_email:
       token_expired:
@@ -569,27 +575,24 @@ fr:
       confirmed_at:
       added_by:
       action:
+      role:
+      role_field:
       email_field:
       submit_button:
       info:
       confirmed:
       pending:
       confirm_remove:
-      role:
-      role_field:
     resend_confirmation:
       resent_notice:
     create:
       success_notice:
-    destroy:
-      removed_notice:
-      failed_notice:
     update:
       update_current_user_role:
       success_notice:
-    edit:
-      role:
-      title:
+    destroy:
+      removed_notice:
+      failed_notice:
     mfa_required:
   settings:
     edit:
@@ -803,7 +806,6 @@ fr:
     index:
       title:
       all_time_most_downloaded: Gems les plus téléchargés
-      total_downloads: Total de téléchargements
       total_gems: Total de gems
       total_users: Total d'utilisateurs
   users:
@@ -1025,4 +1027,4 @@ fr:
         api_key_scopes:
         api_key_gem_html:
         api_key_mfa:
-        not_required:
\ No newline at end of file
+        not_required:
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index 38ed4411d37..f3b08ba0bb6 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -4,6 +4,7 @@ ja:
   copied: コピー完了!
   copy_to_clipboard: クリップボードにコピー
   edit: 編集
+  hide: 非表示
   verification_expired: 検証が期限切れです。もう一度検証してください。
   feed_latest: RubyGems.org | 最新のgemの一覧
   feed_subscribed: RubyGems.org | 購読したgemの一覧
@@ -30,6 +31,7 @@ ja:
   otp_incorrect: OTPのコードが正しくありません。ご確認の上再試行してください。
   otp_missing: 多要素認証が有効化済みですがOTPのコードが与えられませんでした。入力の上再試行してください。
   sign_in: サインイン
+  sign_out: サインアウト
   sign_up: 新規登録
   dependency_list: 全ての推移的な依存関係を表示
   multifactor_authentication: 多要素認証
@@ -37,8 +39,10 @@ ja:
   this_rubygem_could_not_be_found: お探しのrubygemは見つかりませんでした。
   time_ago: "%{duration}前"
   title: RubyGems.org
-  update: 更新
+  total_downloads: 累計ダウンロード数
   try_again: エラーが発生しました。再試行してください。
+  update: 更新
+  view_all: 全て表示
   advanced_search: 高度な検索
   authenticate: 認証
   helpers:
@@ -169,7 +173,6 @@ ja:
       yank_rubygem: rubygemをヤンクする
       add_owner: 所有者を追加する
       remove_owner: 所有者を削除する
-      update_owner:
       access_webhooks: webhookにアクセスする
       show_dashboard: ダッシュボードを表示
       configure_trusted_publishers: 信頼できる発行元を構成
@@ -177,6 +180,7 @@ ja:
       save_key: キーを二度と表示できなくなるためご注意ください。新しいAPIキー：
       mfa: MFA
       expiration: 期限
+      update_owner:
     new:
       new_api_key: 新しいAPIキー
     reset:
@@ -258,16 +262,14 @@ ja:
         settings: 設定
         edit_profile: プロフィールを編集
         search_gem_html: gemを検索...
-        sign_in: サインイン
-        sign_out: サインアウト
-        sign_up: 新規登録
       mfa_banner_html: "\U0001F389 セキュリティ機器に対応しました！新しい機器を<a href=\"/settings/edit#security-device\">設定</a>してアカウントのセキュリティを向上しましょう。[詳細はこちら](link
         to blog post)！"
   breadcrumbs:
-    home:
+    home: ホーム
     dashboard: ダッシュボード
     settings: 設定
     org_name: 組織：%{name}
+    subscriptions: 購読
   mailer:
     confirm_your_email: Eメールに送信されたリンクからEメールアドレスを確認してください。
     confirmation_subject: "%{host}に登録されたメールアドレスを確認してください"
@@ -539,6 +541,9 @@ ja:
       title: エラー - 検証が失敗しました
       close_browser: このブラウザを閉じて再試行してください。
   owners:
+    edit:
+      role:
+      title:
     confirm:
       confirmed_email: "%{gem} gemの所有者として追加されました"
       token_expired: 確認トークンが期限切れです。gemのページからトークンを再送してみてください。
@@ -550,27 +555,24 @@ ja:
       confirmed_at: 確定日時
       added_by: 追加者
       action: 操作
+      role:
+      role_field:
       email_field: Eメール / ハンドル名
       submit_button: 所有者を追加
       info: 所有者を追加または削除する
       confirmed: 確定
       pending: 保留
       confirm_remove: このユーザーを所有者から削除されたいとのことでよろしいですか。
-      role:
-      role_field:
     resend_confirmation:
       resent_notice: 確定メールがEメールに再送されました。
     create:
       success_notice: "%{handle}が未確定の所有者として追加されました。当該ユーザーがEメールに送られた確定メールでクリックした後に所有権アクセスが有効になります。"
-    destroy:
-      removed_notice: "%{owner_name}は所有者から正常に削除されました"
-      failed_notice: gemの唯一の所有者は削除できません。
-    edit:
-      title:
-      role:
     update:
       update_current_user_role:
       success_notice:
+    destroy:
+      removed_notice: "%{owner_name}は所有者から正常に削除されました"
+      failed_notice: gemの唯一の所有者は削除できません。
     mfa_required: gemでMFAの要件が有効化されているため、アカウントにMFAを設定してください。
   settings:
     edit:
@@ -765,7 +767,6 @@ ja:
     index:
       title: 統計
       all_time_most_downloaded: 累計最多ダウンロード数
-      total_downloads: 累計ダウンロード数
       total_gems: gem総数
       total_users: ユーザー総数
   users:
@@ -1002,4 +1003,4 @@ ja:
         api_key_scopes: スコープ：%{scopes}
         api_key_gem_html: 'gem: %{gem}'
         api_key_mfa: 'MFA: %{mfa}'
-        not_required: 必要ではありません
\ No newline at end of file
+        not_required: 必要ではありません
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index 4f4b37e7eef..53b9966d822 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -4,6 +4,7 @@ nl:
   copied: Gekopieerd
   copy_to_clipboard: Kopieer naar klembord
   edit: Wijzig
+  hide: Verberg
   verification_expired:
   feed_latest: RubyGems.org | Nieuwste Gems
   feed_subscribed: RubyGems.org | Geabonneerde Gems
@@ -29,6 +30,7 @@ nl:
   otp_incorrect:
   otp_missing:
   sign_in: Inloggen
+  sign_out: Uitloggen
   sign_up: Registreren
   dependency_list:
   multifactor_authentication: Multifactor authenticatie
@@ -36,8 +38,10 @@ nl:
   this_rubygem_could_not_be_found: De gem kon niet gevonden worden.
   time_ago: "%{duration} geleden"
   title: RubyGems.org
-  update: Wijzig
+  total_downloads:
   try_again: Er is iets fout gegaan, probeer het opnieuw.
+  update: Wijzig
+  view_all: Bekijk alles
   advanced_search: Uitgebreid zoeken
   authenticate:
   helpers:
@@ -168,7 +172,6 @@ nl:
       yank_rubygem:
       add_owner:
       remove_owner:
-      update_owner:
       access_webhooks:
       show_dashboard:
       configure_trusted_publishers:
@@ -176,6 +179,7 @@ nl:
       save_key:
       mfa:
       expiration:
+      update_owner:
     new:
       new_api_key:
     reset:
@@ -260,15 +264,13 @@ nl:
         settings: Instellingen
         edit_profile: Wijzig profiel
         search_gem_html: Gems Zoeken&hellip;
-        sign_in: Inloggen
-        sign_out: Uitloggen
-        sign_up: Registreren
       mfa_banner_html:
   breadcrumbs:
-    home:
+    home: Startpagina
     dashboard: Dashboard
-    settings:
+    settings: Instellingen
     org_name: 'Organisatie: %{name}'
+    subscriptions: Abonnementen
   mailer:
     confirm_your_email:
     confirmation_subject:
@@ -539,6 +541,9 @@ nl:
       title:
       close_browser:
   owners:
+    edit:
+      role:
+      title:
     confirm:
       confirmed_email:
       token_expired:
@@ -550,27 +555,24 @@ nl:
       confirmed_at:
       added_by:
       action:
+      role:
+      role_field:
       email_field:
       submit_button:
       info:
       confirmed:
       pending:
       confirm_remove:
-      role:
-      role_field:
     resend_confirmation:
       resent_notice:
     create:
       success_notice:
+    update:
+      update_current_user_role:
+      success_notice:
     destroy:
       removed_notice:
       failed_notice:
-    edit:
-      role:
-      title:
-    update:
-      success_notice:
-      update_current_user_role:
     mfa_required:
   settings:
     edit:
@@ -758,7 +760,6 @@ nl:
     index:
       title:
       all_time_most_downloaded:
-      total_downloads:
       total_gems:
       total_users:
   users:
@@ -980,4 +981,4 @@ nl:
         api_key_scopes:
         api_key_gem_html:
         api_key_mfa:
-        not_required:
\ No newline at end of file
+        not_required:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index eea45da4011..f3a6de047e6 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -4,6 +4,7 @@ pt-BR:
   copied: Copiado
   copy_to_clipboard: Copiar
   edit: Editar
+  hide: Esconder
   verification_expired:
   feed_latest: RubyGems.org | Últimas Gems
   feed_subscribed: RubyGems.org | Gems do seu Feed
@@ -36,6 +37,7 @@ pt-BR:
   otp_missing: Você habilitou a autenticação multifator mas nenhum código OTP foi
     fornecido. Por favor, preencha-o e tente novamente.
   sign_in: Fazer Login
+  sign_out: Sair
   sign_up: Cadastrar
   dependency_list: Mostrar todas as dependências
   multifactor_authentication: Autenticação Multifator
@@ -43,8 +45,10 @@ pt-BR:
   this_rubygem_could_not_be_found: Não foi possível localizar esta rubygem
   time_ago: "%{duration} atrás"
   title: RubyGems.org
-  update: Atualizar
+  total_downloads: Total de downloads
   try_again: Algo deu errado. Por favor, tente novamente.
+  update: Atualizar
+  view_all: Ver tudo
   advanced_search: Busca avançada
   authenticate:
   helpers:
@@ -175,7 +179,6 @@ pt-BR:
       yank_rubygem:
       add_owner:
       remove_owner:
-      update_owner:
       access_webhooks:
       show_dashboard:
       configure_trusted_publishers:
@@ -183,6 +186,7 @@ pt-BR:
       save_key:
       mfa:
       expiration:
+      update_owner:
     new:
       new_api_key:
     reset:
@@ -266,15 +270,13 @@ pt-BR:
         settings: Configurações da Conta
         edit_profile: Editar Perfil
         search_gem_html: Buscar Gems&hellip;
-        sign_in: Fazer Login
-        sign_out: Sair
-        sign_up: Cadastrar
       mfa_banner_html:
   breadcrumbs:
-    home:
+    home: Início
     dashboard: Painel de Controle
     settings: Configurações da Conta
     org_name: 'Org: %{name}'
+    subscriptions: Observando
   mailer:
     confirm_your_email: Por favor, confirme seu endereço de email através do link
       que enviamos para o seu endereço de email.
@@ -551,6 +553,9 @@ pt-BR:
       title:
       close_browser:
   owners:
+    edit:
+      role:
+      title:
     confirm:
       confirmed_email:
       token_expired:
@@ -562,27 +567,24 @@ pt-BR:
       confirmed_at:
       added_by:
       action:
+      role:
+      role_field:
       email_field:
       submit_button:
       info:
       confirmed:
       pending:
       confirm_remove:
-      role:
-      role_field:
     resend_confirmation:
       resent_notice:
     create:
       success_notice:
-    destroy:
-      removed_notice:
-      failed_notice:
-    edit:
-      title:
-      role:
     update:
       update_current_user_role:
       success_notice:
+    destroy:
+      removed_notice:
+      failed_notice:
     mfa_required:
   settings:
     edit:
@@ -782,7 +784,6 @@ pt-BR:
     index:
       title: Estatísticas
       all_time_most_downloaded: Mais baixadas de todos os tempos
-      total_downloads: Total de downloads
       total_gems: Total de gems
       total_users: Total de usuários
   users:
@@ -1004,4 +1005,4 @@ pt-BR:
         api_key_scopes:
         api_key_gem_html:
         api_key_mfa:
-        not_required:
\ No newline at end of file
+        not_required:
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index 844c74d6fc2..f6f6d61608a 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -4,6 +4,7 @@ zh-CN:
   copied: 已复制！
   copy_to_clipboard: 复制到剪贴板
   edit: 编辑
+  hide: 隐藏
   verification_expired:
   feed_latest: RubyGems.org | 最新的 Gem
   feed_subscribed: RubyGems.org | 订阅的 Gem
@@ -31,6 +32,7 @@ zh-CN:
   otp_incorrect: 您的 OTP 码不正确。请检查后重试。
   otp_missing: 您已启用多因素验证，但是没有提供 OTP 码。请输入后重试。
   sign_in: 登录
+  sign_out: 退出
   sign_up: 注册
   dependency_list: 显示所有传递性依赖
   multifactor_authentication: 多因素验证
@@ -38,8 +40,10 @@ zh-CN:
   this_rubygem_could_not_be_found: 未找到这个 Gem
   time_ago: "%{duration} 前"
   title: RubyGems.org
-  update: 更新
+  total_downloads: 下载总量
   try_again: 出了点儿问题。请重试。
+  update: 更新
+  view_all: 查看全部
   advanced_search: 高级搜索
   authenticate: 身份认证
   helpers:
@@ -170,7 +174,6 @@ zh-CN:
       yank_rubygem: 撤回 Gem
       add_owner: 添加 Gem 业主
       remove_owner: 移除（某个）Gem 业主
-      update_owner:
       access_webhooks: 访问后 (Access) Webhook
       show_dashboard: 显示仪表盘
       configure_trusted_publishers:
@@ -178,6 +181,7 @@ zh-CN:
       save_key: 请注意在此之后我们不会再次向您显示该密钥。新的 API 密钥为：
       mfa: 多因素验证
       expiration:
+      update_owner:
     new:
       new_api_key: 生成新 API 密钥
     reset:
@@ -259,15 +263,13 @@ zh-CN:
         settings: 设置
         edit_profile: 编辑个人信息
         search_gem_html: 搜索 Gem &hellip;&hellip;
-        sign_in: 登录
-        sign_out: 退出
-        sign_up: 注册
       mfa_banner_html:
   breadcrumbs:
-    home:
+    home: 首页
     dashboard: 仪表盘
     settings: 设置
     org_name: 组织：%{name}
+    subscriptions: 订阅
   mailer:
     confirm_your_email: 请在发送到您的邮件中点击链接，确认您的邮箱地址。
     confirmation_subject: 请确认您的邮箱地址
@@ -544,6 +546,9 @@ zh-CN:
       title: 错误 — 验证失败
       close_browser: 请关闭该浏览器并重试。
   owners:
+    edit:
+      role:
+      title:
     confirm:
       confirmed_email: 您已被添加为 Gem %{gem} 的业主之一
       token_expired: 确认令牌已过期。请尝试从该 Gem 页面重新发送令牌。
@@ -555,27 +560,24 @@ zh-CN:
       confirmed_at: 批准于
       added_by: 添加
       action: 行为
+      role:
+      role_field:
       email_field: Email / Handle
       submit_button: 添加业主
       info: 添加或移除业主
       confirmed: 已批准
       pending: 待定
       confirm_remove: 您确定您想要从业主中移除该用户吗？
-      role:
-      role_field:
     resend_confirmation:
       resent_notice: 一封确认邮件已被重新发送到您的邮箱中
     create:
       success_notice: "%{handle} 已添加为还未经批准的业主。在用户点击发送到其邮箱的批准邮件后，所有权访问才将被启用。"
+    update:
+      update_current_user_role:
+      success_notice:
     destroy:
       removed_notice: "%{owner_name} 已成功从业主中移除"
       failed_notice: 不能删除该 Gem 的唯一业主
-    edit:
-      role:
-      title:
-    update:
-      success_notice:
-      update_current_user_role:
     mfa_required: 该 Gem 已启用多因素验证，请在您的帐户上设置多因素验证。
   settings:
     edit:
@@ -770,7 +772,6 @@ zh-CN:
     index:
       title: 统计数据
       all_time_most_downloaded: 至今最多下载
-      total_downloads: 下载总量
       total_gems: Gem 总数
       total_users: 用户总数
   users:
@@ -994,4 +995,4 @@ zh-CN:
         api_key_scopes:
         api_key_gem_html:
         api_key_mfa:
-        not_required:
\ No newline at end of file
+        not_required:
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index 59158187eb3..c536c74792c 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -4,6 +4,7 @@ zh-TW:
   copied: 已複製
   copy_to_clipboard: 複製
   edit: 編輯
+  hide: 隱藏
   verification_expired:
   feed_latest: RubyGems.org | 最新 Gems
   feed_subscribed: RubyGems.org | 訂閱 Gems
@@ -30,6 +31,7 @@ zh-TW:
   otp_incorrect: 您的 OTP 碼不正確。請檢查後再試一次。
   otp_missing: 您已啟用多重要素驗證，但是沒有輸入 OTP 碼。請輸入後再試一次。
   sign_in: 登入
+  sign_out: 登出
   sign_up: 註冊
   dependency_list:
   multifactor_authentication: 多重要素驗證
@@ -37,8 +39,10 @@ zh-TW:
   this_rubygem_could_not_be_found: 找不到此 rubygem。
   time_ago: "%{duration} 前"
   title: RubyGems.org
-  update: 更新
+  total_downloads: 總下載次數
   try_again: 發生錯誤。請再試一次。
+  update: 更新
+  view_all: 查看全部
   advanced_search: 進階搜尋
   authenticate: 驗證
   helpers:
@@ -169,7 +173,6 @@ zh-TW:
       yank_rubygem: 移除 rubygem
       add_owner: 新增擁有者
       remove_owner: 移除擁有者
-      update_owner:
       access_webhooks: 存取 Webhooks
       show_dashboard: 顯示儀表板
       configure_trusted_publishers:
@@ -177,6 +180,7 @@ zh-TW:
       save_key: 請注意，我們無法再次顯示您的 API 金鑰。新 API 金鑰：
       mfa: MFA
       expiration:
+      update_owner:
     new:
       new_api_key: 新 API 金鑰
     reset:
@@ -258,15 +262,13 @@ zh-TW:
         settings: 設定
         edit_profile: 編輯個人檔案
         search_gem_html: 搜尋 Gems&hellip;
-        sign_in: 登入
-        sign_out: 登出
-        sign_up: 註冊
       mfa_banner_html: "\U0001F389 我們現在支援安全裝置了！<a href=\"/settings/edit#security-device\">設定</a>新的裝置來提升您的帳號安全。[了解詳情](部落格文章連結)！"
   breadcrumbs:
-    home:
-    dashboard:
-    settings:
+    home: 首頁
+    dashboard: 控制台
+    settings: 設定
     org_name: 組織：%{name}
+    subscriptions: 訂閱
   mailer:
     confirm_your_email: 已寄送連結，請點擊連結來確認您的電子郵件地址。
     confirmation_subject: "%{host} 電子郵件地址確認"
@@ -539,6 +541,9 @@ zh-TW:
       title: 錯誤 - 驗證失敗
       close_browser: 請關閉此瀏覽器並重試。
   owners:
+    edit:
+      role:
+      title:
     confirm:
       confirmed_email:
       token_expired: 確認權杖已過期。請從 Gem 頁面嘗試重新傳送權杖。
@@ -550,27 +555,24 @@ zh-TW:
       confirmed_at: 確認於
       added_by: 新增者
       action: 操作
+      role:
+      role_field:
       email_field:
       submit_button: 新增擁有者
       info: 新增或移除擁有者
       confirmed: 已確認
       pending: 待確認
       confirm_remove: 您確定要將此使用者從擁有者名單中移除嗎？
-      role:
-      role_field:
     resend_confirmation:
       resent_notice:
     create:
       success_notice: "%{handle} 已以未確認擁有者的身分加入。所有權存取將在使用者點擊傳送到他們的電子郵件地址的確認信後啟用。"
-    destroy:
-      removed_notice:
-      failed_notice: 無法移除 Gem 的唯一擁有者
-    edit:
-      role:
-      title:
     update:
       update_current_user_role:
       success_notice:
+    destroy:
+      removed_notice:
+      failed_notice: 無法移除 Gem 的唯一擁有者
     mfa_required: Gem 啟用了 MFA 要求，請設定您的帳號的 MFA。
   settings:
     edit:
@@ -760,7 +762,6 @@ zh-TW:
     index:
       title: 統計資料
       all_time_most_downloaded: 歷史下載次數排行
-      total_downloads: 總下載次數
       total_gems: Gems 總數
       total_users: 總使用者數量
   users:
@@ -985,4 +986,4 @@ zh-TW:
         api_key_scopes:
         api_key_gem_html:
         api_key_mfa:
-        not_required:
\ No newline at end of file
+        not_required:
diff --git a/config/routes.rb b/config/routes.rb
index 03dd015b3d2..52cc5e01050 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -157,6 +157,7 @@
       get :advanced
     end
     resource :dashboard, only: :show, constraints: { format: /html|atom/ }
+    resources :subscriptions, only: :index
     resources :profiles, only: :show
     get "profile/me", to: "profiles#me", as: :my_profile
     resource :multifactor_auth, only: %i[update] do
diff --git a/public/images/icons.svg b/public/images/icons.svg
index 321ab50e6af..1b91eb5e461 100644
--- a/public/images/icons.svg
+++ b/public/images/icons.svg
@@ -1,25 +1,30 @@
 <?xml version="1.0" encoding="utf-8"?>
 <svg xmlns="http://www.w3.org/2000/svg">
   <defs>
-    <symbol viewBox="0 0 32 32" id="logo">
-      <path d="M10.4 10.5l-3.9 4L16 24l9.6-9.5-3.9-4H10.4ZM16 29 4.7 22.5V9.5L16 3 27.3 9.5v13L16 29ZM2 8V24l14 8 14-8V8L16 0 2 8Z"/>
+    <!-- Material icons (updated) -->
+    <symbol id="warning" viewBox="0 -960 960 960"><path d="M137.02-140q-10.17 0-18.27-4.97t-12.59-13.11q-4.68-8.08-5.15-17.5-.47-9.42 5.08-18.66l342.43-591.52q5.56-9.24 13.9-13.66 8.35-4.42 17.58-4.42 9.23 0 17.58 4.42 8.34 4.42 13.9 13.66l342.43 591.52q5.55 9.24 5.08 18.66-.47 9.42-5.15 17.5-4.49 8.14-12.59 13.11-8.1 4.97-18.27 4.97H137.02ZM178-200h604L480-720 178-200Zm302-47.69q13.73 0 23.02-9.29t9.29-23.02q0-13.73-9.29-23.02T480-312.31q-13.73 0-23.02 9.29T447.69-280q0 13.73 9.29 23.02t23.02 9.29Zm.01-104.62q12.76 0 21.37-8.62 8.62-8.63 8.62-21.38v-140q0-12.75-8.63-21.37-8.63-8.63-21.38-8.63-12.76 0-21.37 8.63-8.62 8.62-8.62 21.37v140q0 12.75 8.63 21.38 8.63 8.62 21.38 8.62ZM480-460Z"/></symbol>
+    <symbol id="error" viewBox="0 -960 960 960"><path d="M480-290.77q13.73 0 23.02-9.29t9.29-23.02q0-13.73-9.29-23.02-9.29-9.28-23.02-9.28t-23.02 9.28q-9.29 9.29-9.29 23.02t9.29 23.02q9.29 9.29 23.02 9.29Zm.01-146.15q12.76 0 21.37-8.63 8.62-8.62 8.62-21.37v-180q0-12.75-8.63-21.38-8.63-8.62-21.38-8.62-12.76 0-21.37 8.62-8.62 8.63-8.62 21.38v180q0 12.75 8.63 21.37 8.63 8.63 21.38 8.63Zm.06 336.92q-78.84 0-148.21-29.92t-120.68-81.21q-51.31-51.29-81.25-120.63Q100-401.1 100-479.93q0-78.84 29.92-148.21t81.21-120.68q51.29-51.31 120.63-81.25Q401.1-860 479.93-860q78.84 0 148.21 29.92t120.68 81.21q51.31 51.29 81.25 120.63Q860-558.9 860-480.07q0 78.84-29.92 148.21t-81.21 120.68q-51.29 51.31-120.63 81.25Q558.9-100 480.07-100Zm-.07-60q134 0 227-93t93-227q0-134-93-227t-227-93q-134 0-227 93t-93 227q0 134 93 227t227 93Zm0-320Z"/></symbol>
+    <symbol id="arrow-circle-right" viewBox="0 -960 960 960"><path d="m512.23-450-53.31 53.31q-8.3 8.31-8.11 20.69.19 12.38 8.5 20.69t20.95 8.31q12.64 0 20.82-8.31l99.38-99.38q10.85-10.85 10.85-25.31 0-14.46-10.85-25.31l-99.77-99.77q-8.31-8.3-20.69-8.3t-20.69 8.3q-8.31 8.31-8.31 20.95 0 12.64 8.31 20.82L512.23-510H360q-12.75 0-21.37 8.63-8.63 8.63-8.63 21.38 0 12.76 8.63 21.37Q347.25-450 360-450h152.23Zm-32.16 350q-78.84 0-148.21-29.92t-120.68-81.21q-51.31-51.29-81.25-120.63Q100-401.1 100-479.93q0-78.84 29.92-148.21t81.21-120.68q51.29-51.31 120.63-81.25Q401.1-860 479.93-860q78.84 0 148.21 29.92t120.68 81.21q51.31 51.29 81.25 120.63Q860-558.9 860-480.07q0 78.84-29.92 148.21t-81.21 120.68q-51.29 51.31-120.63 81.25Q558.9-100 480.07-100Zm-.07-60q134 0 227-93t93-227q0-134-93-227t-227-93q-134 0-227 93t-93 227q0 134 93 227t227 93Zm0-320Z"/></symbol>
+    <symbol id="house-siding" viewBox="0 -960 960 960"><path d="M273.85-260v90q0 12.75-8.63 21.37-8.63 8.63-21.39 8.63-12.75 0-21.37-8.63-8.61-8.62-8.61-21.37v-374.08L120-473.46q-10.54 7.31-22.31 6.19-11.77-1.12-19.46-11.65-7.69-10.54-6.27-22.31 1.43-11.77 11.96-19.46L436-787.23q9.85-7.23 21.08-10.65 11.24-3.43 22.92-3.43 11.68 0 22.92 3.43 11.23 3.42 21.08 10.65l352.46 266.54q9.92 7.69 11.65 19.46 1.73 11.77-5.96 22.31-7.69 10.53-19.46 11.65-11.77 1.12-22.31-6.19l-93.84-70.62V-170q0 12.75-8.63 21.37-8.63 8.63-21.39 8.63-12.75 0-21.37-8.63-8.61-8.62-8.61-21.37v-90H273.85Zm0-215.38h412.69v-95.39H273.85v95.39Zm0 155.38h412.69v-95.39H273.85V-320Zm54.61-310.77h303.08L480-744.39 328.46-630.77Z"/></symbol>
+    <symbol id="arrow-circle-down" viewBox="0 -960 960 960"><path d="m454-447.84-49.31-49.31q-8.31-8.31-18.19-8.31t-18.19 8.31q-8.31 8.3-8.31 18.44 0 10.15 8.31 18.32l89.91 89.91q9.7 9.71 22.35 9.71 12.64 0 22.12-9.85l89.77-89.77q8.31-8.17 8.31-18.32 0-10.14-8.31-18.44-8.31-8.31-18.45-8.31-10.14 0-18.32 8.31l-49.31 49.31v-138.52q0-10.93-7.41-18.32-7.42-7.4-18.39-7.4-10.96 0-18.77 7.4-7.81 7.39-7.81 18.32v138.52ZM480.34-116q-75.11 0-141.48-28.42-66.37-28.42-116.18-78.21-49.81-49.79-78.25-116.09Q116-405.01 116-480.39q0-75.38 28.42-141.25t78.21-115.68q49.79-49.81 116.09-78.25Q405.01-844 480.39-844q75.38 0 141.25 28.42t115.68 78.21q49.81 49.79 78.25 115.85Q844-555.45 844-480.34q0 75.11-28.42 141.48-28.42 66.37-78.21 116.18-49.79 49.81-115.85 78.25Q555.45-116 480.34-116Zm-.34-52q130 0 221-91t91-221q0-130-91-221t-221-91q-130 0-221 91t-91 221q0 130 91 221t221 91Zm0-312Z"/></symbol>
+    <symbol id="check-circle" viewBox="0 -960 960 960"><path d="m423.23-394.15-92.92-92.93q-8.31-8.3-20.89-8.5-12.57-.19-21.27 8.5-8.69 8.7-8.69 21.08 0 12.38 8.69 21.08l109.77 109.77q10.85 10.84 25.31 10.84 14.46 0 25.31-10.84l222.54-222.54q8.3-8.31 8.5-20.89.19-12.57-8.5-21.27-8.7-8.69-21.08-8.69-12.38 0-21.08 8.69l-205.69 205.7ZM480.07-100q-78.84 0-148.21-29.92t-120.68-81.21q-51.31-51.29-81.25-120.63Q100-401.1 100-479.93q0-78.84 29.92-148.21t81.21-120.68q51.29-51.31 120.63-81.25Q401.1-860 479.93-860q78.84 0 148.21 29.92t120.68 81.21q51.31 51.29 81.25 120.63Q860-558.9 860-480.07q0 78.84-29.92 148.21t-81.21 120.68q-51.29 51.31-120.63 81.25Q558.9-100 480.07-100Zm-.07-60q134 0 227-93t93-227q0-134-93-227t-227-93q-134 0-227 93t-93 227q0 134 93 227t227 93Zm0-320Z"/></symbol>
+    <symbol id="logout" viewBox="0 -960 960 960"><path d="M224.62-160q-27.62 0-46.12-18.5Q160-197 160-224.62v-510.76q0-27.62 18.5-46.12Q197-800 224.62-800h236.15q8.54 0 14.27 5.73t5.73 14.27q0 8.54-5.73 14.27T460.77-760H224.62q-9.24 0-16.93 7.69-7.69 7.69-7.69 16.93v510.76q0 9.24 7.69 16.93 7.69 7.69 16.93 7.69h236.15q8.54 0 14.27 5.73t5.73 14.27q0 8.54-5.73 14.27T460.77-160H224.62Zm497.76-300H387.69q-8.54 0-14.27-5.73T367.69-480q0-8.54 5.73-14.27t14.27-5.73h334.69l-78.84-78.85q-5.62-5.61-6-13.53-.39-7.93 6-14.54 6.38-6.62 14.15-6.73 7.77-.12 14.39 6.5l104.54 104.53q9.69 9.7 9.69 22.62 0 12.92-9.69 22.62L672.08-352.85q-5.85 5.85-13.89 6.12-8.04.27-14.65-6.35-6.39-6.61-6.27-14.27.11-7.65 6.5-14.03L722.38-460Z"/></symbol>
+
+    <symbol id="chevron-right" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="size-6">
+      <path stroke-linecap="round" stroke-linejoin="round" d="m8.25 4.5 7.5 7.5-7.5 7.5" />
     </symbol>
 
-    <!-- Material icons -->
-    <symbol id="arrow-circle-right" viewBox="0 0 24 24" enable-background="new 0 0 24 24">
-      <g>
-        <rect fill="none" height="24" width="24"/>
-        <rect fill="none" height="24" width="24"/>
-      </g>
-      <g>
-        <path d="M22,12c0-5.52-4.48-10-10-10C6.48,2,2,6.48,2,12s4.48,10,10,10C17.52,22,22,17.52,22,12z M12,14.79V13H9 c-0.55,0-1-0.45-1-1s0.45-1,1-1h3V9.21c0-0.45,0.54-0.67,0.85-0.35l2.79,2.79c0.2,0.2,0.2,0.51,0,0.71l-2.79,2.79 C12.54,15.46,12,15.24,12,14.79z"/>
-      </g>
+    <symbol id="chevron-forward" viewBox="0 0 960 1147"><path d="M518 576L355 413q-8-8-8.5-20.5T355 371q9-9 21-9t21 9l180 180q5 5 7.5 11.5T587 576q0 7-2.5 13.5T577 601L397 781q-8 8-20.5 8.5T355 781q-9-9-9-21t9-21l163-163z"/></symbol>
+    <symbol id="rss-feed" viewBox="0 0 960 1147"><path d="M205 916q-27 0-46-19t-19-46q0-26 19-45t46-19q26 0 45 19t19 45q0 27-19 46t-45 19zm530 0q-19 0-32-14.5T688 867q-9-100-50-186.5T529 527q-67-68-153.5-109T189 368q-20-2-34.5-15T140 321q0-20 14-32.5t33-10.5q119 9 222.5 57.5T593 463q79 80 127.5 183.5T778 869q2 19-10.5 33T735 916zm-230 0q-19 0-32.5-13.5T456 870q-8-53-31-98.5T366 690q-36-36-81.5-59T186 600q-19-3-32.5-16.5T140 551q0-19 14-31.5t33-9.5q71 8 132.5 38T429 627q49 48 79 109.5T546 869q3 19-9.5 33T505 916z"/></symbol>
+    <symbol id="mail" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="size-6">
+      <path stroke-linecap="round" stroke-linejoin="round" d="M21.75 6.75v10.5a2.25 2.25 0 0 1-2.25 2.25h-15a2.25 2.25 0 0 1-2.25-2.25V6.75m19.5 0A2.25 2.25 0 0 0 19.5 4.5h-15a2.25 2.25 0 0 0-2.25 2.25m19.5 0v.243a2.25 2.25 0 0 1-1.07 1.916l-7.5 4.615a2.25 2.25 0 0 1-2.36 0L3.32 8.91a2.25 2.25 0 0 1-1.07-1.916V6.75" />
     </symbol>
+
+    <!-- Material icons (wrong weight) -->
     <symbol id="arrow-drop-down" viewBox="0 0 24 24">
       <path d="M0 0h24v24H0V0z" fill="none"/>
       <path d="M8.71 11.71l2.59 2.59c.39.39 1.02.39 1.41 0l2.59-2.59c.63-.63.18-1.71-.71-1.71H9.41c-.89 0-1.33 1.08-.7 1.71z"/>
     </symbol>
-    <symbol id="chevron-right" viewBox="0 0 960 1147"><path d="M518 576L355 413q-8-8-8.5-20.5T355 371q9-9 21-9t21 9l180 180q5 5 7.5 11.5T587 576q0 7-2.5 13.5T577 601L397 781q-8 8-20.5 8.5T355 781q-9-9-9-21t9-21l163-163z"/></symbol>
     <symbol id="close" viewBox="0 0 24 24">
       <path d="M0 0h24v24H0V0z" fill="none"/>
       <path d="M18.3 5.71c-.39-.39-1.02-.39-1.41 0L12 10.59 7.11 5.7c-.39-.39-1.02-.39-1.41 0-.39.39-.39 1.02 0 1.41L10.59 12 5.7 16.89c-.39.39-.39 1.02 0 1.41.39.39 1.02.39 1.41 0L12 13.41l4.89 4.89c.39.39 1.02.39 1.41 0 .39-.39.39-1.02 0-1.41L13.41 12l4.89-4.89c.38-.38.38-1.02 0-1.4z"/>
@@ -39,7 +44,6 @@
       <path d="M0 0h24v24H0V0z" fill="none"/>
       <path d="M13.26 3C8.17 2.86 4 6.95 4 12H2.21c-.45 0-.67.54-.35.85l2.79 2.8c.2.2.51.2.71 0l2.79-2.8c.31-.31.09-.85-.36-.85H6c0-3.9 3.18-7.05 7.1-7 3.72.05 6.85 3.18 6.9 6.9.05 3.91-3.1 7.1-7 7.1-1.61 0-3.1-.55-4.28-1.48-.4-.31-.96-.28-1.32.08-.42.42-.39 1.13.08 1.49C9 20.29 10.91 21 13 21c5.05 0 9.14-4.17 9-9.26-.13-4.69-4.05-8.61-8.74-8.74zm-.51 5c-.41 0-.75.34-.75.75v3.68c0 .35.19.68.49.86l3.12 1.85c.36.21.82.09 1.03-.26.21-.36.09-.82-.26-1.03l-2.88-1.71v-3.4c0-.4-.34-.74-.75-.74z"/>
     </symbol>
-    <symbol id="house-siding" viewBox="0 0 960 1147"><path d="M274 796v90q0 13-8.5 21.5T244 916q-13 0-21.5-8.5T214 886V512l-94 71q-11 7-22.5 6T78 577q-7-10-6-22t12-20l352-266q10-7 21-10.5t23-3.5q12 0 23 3.5t21 10.5l352 266q10 8 12 20t-6 22q-8 11-19.5 12t-22.5-6l-93-71v374q0 13-9 21.5t-21 8.5q-13 0-21.5-8.5T687 886v-90H274zm0-215h413v-96H274v96zm0 155h413v-95H274v95zm54-311h304L480 312 328 425z"/></symbol>
 
     <symbol id="keyboard-arrow-down" viewBox="0 0 24 24">
       <path d="M8.12 9.29L12 13.17l3.88-3.88c.39-.39 1.02-.39 1.41 0 .39.39.39 1.02 0 1.41l-4.59 4.59c-.39.39-1.02.39-1.41 0L6.7 10.7c-.39-.39-.39-1.02 0-1.41.39-.38 1.03-.39 1.42 0z"/>
@@ -70,48 +74,52 @@
       <path d="M4.47 21h15.06c1.54 0 2.5-1.67 1.73-3L13.73 4.99c-.77-1.33-2.69-1.33-3.46 0L2.74 18c-.77 1.33.19 3 1.73 3zM12 14c-.55 0-1-.45-1-1v-2c0-.55.45-1 1-1s1 .45 1 1v2c0 .55-.45 1-1 1zm1 4h-2v-2h2v2z"/>
     </symbol>
 
-    <symbol viewBox="0 0 24 24" id="profile">
-      <path d="M2.1 20.5A14.2 14.2 90 016.5 17.6C8.2 16.9 10 16.5 12 16.5 13.9 16.5 15.8 16.9 17.4 17.6A14.2 14.2 90 0121.9 20.5V2.6A.4.4 90 0021.7 2.3.4.4 90 0021.4 2.1H2.6A.4.4 90 002.3 2.3.4.4 90 002.1 2.6V20.5ZM12 14.4C13.3 14.4 14.4 14 15.2 13.1S16.6 11.1 16.6 9.8C16.6 8.5 16.1 7.5 15.2 6.6S13.3 5.2 12 5.2C10.7 5.2 9.6 5.7 8.7 6.6S7.4 8.5 7.4 9.8C7.4 11.1 7.9 12.2 8.7 13.1S10.7 14.4 12 14.4ZM2.6 24C1.8 24 1.2 23.7.7 23.3.2 22.8 0 22.2 0 21.4V2.6C0 1.8.2 1.2.7.7 1.2.2 1.8 0 2.6 0H21.4C22.2 0 22.8.2 23.3.7 23.7 1.2 24 1.8 24 2.6V21.4C24 22.2 23.7 22.8 23.3 23.3 22.8 23.7 22.2 24 21.4 24H2.6ZM3.8 21.9H20.2C19 20.8 17.7 20 16.3 19.4A12 12 90 0012 18.6C10.6 18.6 9.1 18.9 7.7 19.4 6.3 20 4.9 20.8 3.8 21.9ZM12 12.3A2.4 2.4 90 0110.3 11.6 2.4 2.4 90 019.5 9.8C9.5 9.1 9.8 8.6 10.3 8.1A2.4 2.4 90 0112 7.3C12.7 7.3 13.3 7.6 13.7 8.1 14.2 8.6 14.5 9.1 14.5 9.8 14.5 10.5 14.2 11.1 13.7 11.6A2.4 2.4 90 0112 12.3Z"/>
+    <!-- Custom Icons -->
+    <symbol viewBox="0 0 32 32" id="logo">
+      <path d="M10.4 10.5l-3.9 4L16 24l9.6-9.5-3.9-4H10.4ZM16 29 4.7 22.5V9.5L16 3 27.3 9.5v13L16 29ZM2 8V24l14 8 14-8V8L16 0 2 8Z"/>
     </symbol>
-    <symbol viewBox="0 0 32 32" id="toast">
-      <path fill-rule="evenodd" clip-rule="evenodd" d="M16 30a14 14 0 1 0 0-28 14 14 0 0 0 0 28Zm0 2a16 16 0 1 0 0-32 16 16 0 0 0 0 32ZM8 16a1 1 0 0 0 1 1h11.586l-4.294 4.293a1.001 1.001 0 0 0 1.416 1.416l6-6a1 1 0 0 0 0-1.416l-6-6a1.002 1.002 0 0 0-1.416 1.416l4.294 4.292H9a1 1 0 0 0-1 1Z"/>
+    <symbol viewBox="0 0 32 32" id="gems"><!-- same as logo -->
+      <path d="M10.4 10.5l-3.9 4L16 24l9.6-9.5-3.9-4H10.4ZM16 29 4.7 22.5V9.5L16 3 27.3 9.5v13L16 29ZM2 8V24l14 8 14-8V8L16 0 2 8Z"/>
+    </symbol>
+    <symbol id="profile" viewBox="0 0 24 24">
+      <path d="M2.1 20.5A14.2 14.2 90 016.5 17.6C8.2 16.9 10 16.5 12 16.5 13.9 16.5 15.8 16.9 17.4 17.6A14.2 14.2 90 0121.9 20.5V2.6A.4.4 90 0021.7 2.3.4.4 90 0021.4 2.1H2.6A.4.4 90 002.3 2.3.4.4 90 002.1 2.6V20.5ZM12 14.4C13.3 14.4 14.4 14 15.2 13.1S16.6 11.1 16.6 9.8C16.6 8.5 16.1 7.5 15.2 6.6S13.3 5.2 12 5.2C10.7 5.2 9.6 5.7 8.7 6.6S7.4 8.5 7.4 9.8C7.4 11.1 7.9 12.2 8.7 13.1S10.7 14.4 12 14.4ZM2.6 24C1.8 24 1.2 23.7.7 23.3.2 22.8 0 22.2 0 21.4V2.6C0 1.8.2 1.2.7.7 1.2.2 1.8 0 2.6 0H21.4C22.2 0 22.8.2 23.3.7 23.7 1.2 24 1.8 24 2.6V21.4C24 22.2 23.7 22.8 23.3 23.3 22.8 23.7 22.2 24 21.4 24H2.6ZM3.8 21.9H20.2C19 20.8 17.7 20 16.3 19.4A12 12 90 0012 18.6C10.6 18.6 9.1 18.9 7.7 19.4 6.3 20 4.9 20.8 3.8 21.9ZM12 12.3A2.4 2.4 90 0110.3 11.6 2.4 2.4 90 019.5 9.8C9.5 9.1 9.8 8.6 10.3 8.1A2.4 2.4 90 0112 7.3C12.7 7.3 13.3 7.6 13.7 8.1 14.2 8.6 14.5 9.1 14.5 9.8 14.5 10.5 14.2 11.1 13.7 11.6A2.4 2.4 90 0112 12.3Z"/>
     </symbol>
-    <symbol viewBox="0 0 24 24" id="history">
+    <symbol id="history" viewBox="0 0 24 24">
       <path d="M12 23.9c-2.8 0-5.3-.9-7.4-2.6-2.1-1.7-3.5-3.9-4.1-6.6a.9.9 90 01.1-.8 1 1 90 01.7-.4 1.1 1.1 90 01.8.2c.2.2.4.4.5.7.5 2.2 1.7 3.9 3.4 5.3 1.8 1.4 3.8 2.1 6 2.1 2.7 0 5-1 6.9-2.9s2.9-4.2 2.9-6.9-1-5-2.9-6.9C17 3.2 14.7 2.2 12 2.2a9.4 9.4 90 00-4.3 1A10.6 10.6 90 004.2 6h2.6c.3 0 .5.1.7.3a1 1 90 01.3.7 1 1 90 01-.3.7 1 1 90 01-.7.3H2a1.2 1.2 90 01-.9-.4 1.2 1.2 90 01-.4-.9V2.1c0-.3.1-.5.3-.7a1 1 90 01.7-.3c.3 0 .5.1.7.3a1 1 90 01.3.7v2.3A11.9 11.9 90 017 1.2a11.7 11.7 90 015-1.1 11.6 11.6 90 014.6.9c1.4.6 2.7 1.5 3.8 2.5a12.1 12.1 90 012.5 3.8 11.6 11.6 90 01.9 4.6c0 1.7-.3 3.2-.9 4.6a12 12 90 01-2.5 3.8 12 12 90 01-3.8 2.5 11.6 11.6 90 01-4.6.9Zm1.1-12.3 3.8 3.9a1 1 90 01.3.7 1 1 90 01-.3.7 1 1 90 01-.7.3 1 1 90 01-.7-.3l-4.1-4.1a1.3 1.3 90 01-.4-.9V6.1c0-.3.1-.5.3-.7a1 1 90 01.7-.3c.3 0 .5.1.7.3a1 1 90 01.3.7v5.5Z"/>
     </symbol>
-    <symbol viewBox="0 0 60 60" id="ruby-central">
+    <symbol id="ruby-central" viewBox="0 0 60 60">
       <path fill-rule="evenodd" clip-rule="evenodd" d="M9.362 11.513a9.603 9.603 0 0 1 9.604-9.604h21.131a9.605 9.605 0 0 1 9.605 9.604v21.131a9.606 9.606 0 0 1-9.605 9.605h-21.13a9.605 9.605 0 0 1-9.605-9.605v-21.13ZM44.33 21.886c0 8.063-6.537 14.6-14.6 14.6s-14.599-6.537-14.599-14.6 6.536-14.6 14.6-14.6 14.599 6.537 14.599 14.6ZM27.164 13.05c-.984 0-1.92.418-2.577 1.149L21.4 17.742a3.467 3.467 0 0 0-.1 4.518l5.916 7.196a3.467 3.467 0 0 0 5.354 0l5.916-7.196a3.467 3.467 0 0 0-.1-4.518l-3.187-3.544a3.467 3.467 0 0 0-2.577-1.15h-5.458ZM26.591 16a.77.77 0 0 1 .573-.254h5.458c.219 0 .426.093.573.254l3.186 3.545a.77.77 0 0 1 .022 1.004l-5.915 7.197a.77.77 0 0 1-1.19 0l-5.915-7.197a.77.77 0 0 1 .022-1.004L26.591 16Zm32.113 40.033c.05.049.108.074.178.074h.868a.24.24 0 0 0 .177-.074.238.238 0 0 0 .073-.177v-6.917a.24.24 0 0 0-.073-.18.243.243 0 0 0-.177-.072h-.868a.245.245 0 0 0-.178.073.246.246 0 0 0-.073.179v6.917c0 .07.025.13.073.177Zm-4.164.178c-.361 0-.689-.07-.982-.209a1.907 1.907 0 0 1-.7-.576 1.403 1.403 0 0 1-.25-.814 1.365 1.365 0 0 1 .584-1.16c.397-.293.92-.488 1.568-.585l1.432-.21v-.218c0-.293-.073-.52-.22-.68-.146-.16-.397-.24-.752-.24a1.112 1.112 0 0 0-.617.156.91.91 0 0 0-.345.398.266.266 0 0 1-.24.135h-.826c-.076 0-.135-.02-.177-.062a.256.256 0 0 1-.053-.168 1.062 1.062 0 0 1 .137-.407c.083-.16.216-.314.397-.46.18-.153.414-.282.7-.386.286-.105.63-.157 1.034-.157.44 0 .808.055 1.109.167a1.862 1.862 0 0 1 .73.428c.182.181.314.395.398.638.083.243.125.501.125.773v3.282a.24.24 0 0 1-.073.177.243.243 0 0 1-.177.074h-.847a.258.258 0 0 1-.189-.074.267.267 0 0 1-.062-.177v-.408a1.655 1.655 0 0 1-.366.376 2.124 2.124 0 0 1-.565.283 2.533 2.533 0 0 1-.773.104Zm.356-.993c.244 0 .463-.052.658-.156a1.08 1.08 0 0 0 .47-.48c.119-.224.178-.503.178-.837v-.22l-1.045.167c-.41.063-.717.164-.92.303-.2.14-.303.31-.303.513a.61.61 0 0 0 .137.397.95.95 0 0 0 .365.24c.146.048.3.073.46.073Zm-5.827.815a.243.243 0 0 0 .177.074h.909c.077 0 .14-.025.188-.074a.243.243 0 0 0 .074-.177v-2.873c0-.328.09-.586.272-.774.187-.188.449-.283.783-.283h.815c.077 0 .136-.023.178-.073a.243.243 0 0 0 .073-.178v-.752a.243.243 0 0 0-.073-.177.222.222 0 0 0-.178-.073h-.428c-.335 0-.63.06-.889.177a1.579 1.579 0 0 0-.617.513v-.43a.237.237 0 0 0-.083-.187.243.243 0 0 0-.177-.073h-.847a.25.25 0 0 0-.25.26v4.923c0 .07.023.13.073.177Zm-1.774.074c-.418 0-.77-.074-1.056-.22a1.4 1.4 0 0 1-.637-.648c-.14-.292-.21-.654-.21-1.086V51.78h-.825a.243.243 0 0 1-.178-.073.246.246 0 0 1-.073-.179v-.606c0-.07.025-.129.073-.177a.243.243 0 0 1 .178-.073h.825v-1.734c0-.071.021-.13.064-.18a.256.256 0 0 1 .187-.072h.846a.246.246 0 0 1 .251.252v1.734h1.307c.07 0 .13.024.178.073a.243.243 0 0 1 .073.177v.606c0 .07-.025.13-.073.179a.243.243 0 0 1-.178.073H46.74v2.268c0 .285.05.507.147.668.105.16.283.24.533.24h.722c.07 0 .127.025.177.074a.243.243 0 0 1 .073.177v.648a.24.24 0 0 1-.073.177.245.245 0 0 1-.177.074h-.847Zm-8.542-.074a.243.243 0 0 0 .177.074h.92a.24.24 0 0 0 .178-.074.238.238 0 0 0 .073-.177V52.98c0-.403.108-.72.324-.95.216-.23.505-.346.867-.346.377 0 .662.116.857.345.202.23.304.548.304.951v2.875c0 .07.024.13.072.177.05.049.108.074.179.074h.918c.071 0 .13-.025.179-.074a.243.243 0 0 0 .073-.177v-2.937c0-.488-.088-.906-.262-1.253a1.844 1.844 0 0 0-.72-.806 2.053 2.053 0 0 0-1.108-.292c-.418 0-.77.076-1.056.23a2.18 2.18 0 0 0-.69.554v-.429a.243.243 0 0 0-.072-.177.24.24 0 0 0-.178-.073h-.858a.238.238 0 0 0-.177.073.243.243 0 0 0-.073.177v4.933c0 .07.024.13.073.177Zm-3.443.178c-.774 0-1.387-.223-1.84-.67-.453-.445-.696-1.079-.73-1.9a2.545 2.545 0 0 1-.012-.263c0-.111.004-.198.011-.26.027-.523.147-.976.355-1.36.216-.382.513-.675.889-.877.376-.208.818-.313 1.327-.313.563 0 1.037.118 1.42.355.384.23.674.554.869.972.194.411.291.888.291 1.431v.22a.238.238 0 0 1-.073.178.253.253 0 0 1-.187.073h-3.47v.083c.007.244.052.47.136.68a1.233 1.233 0 0 0 .387.49c.174.126.38.19.616.19a1.3 1.3 0 0 0 .491-.084 1.293 1.293 0 0 0 .502-.397c.063-.085.111-.133.146-.147a.407.407 0 0 1 .177-.03h.9c.069 0 .125.02.167.061a.174.174 0 0 1 .063.157c-.007.111-.067.248-.179.408a1.938 1.938 0 0 1-.459.47 2.71 2.71 0 0 1-.763.386 3.322 3.322 0 0 1-1.034.147Zm-1.15-3.292h2.309v-.03c0-.273-.045-.51-.135-.712a1.12 1.12 0 0 0-.397-.48 1.082 1.082 0 0 0-.627-.178 1.08 1.08 0 0 0-.627.178 1.112 1.112 0 0 0-.397.48 1.838 1.838 0 0 0-.126.711v.031Zm-6.727 2.958c.453.223 1.003.334 1.65.334.475 0 .9-.062 1.275-.187a3.02 3.02 0 0 0 .962-.513c.265-.222.47-.48.617-.773a2.222 2.222 0 0 0 .23-.951.17.17 0 0 0-.063-.157.211.211 0 0 0-.157-.063h-.993a.313.313 0 0 0-.187.052c-.05.035-.085.102-.106.199-.11.453-.303.767-.574.94-.272.168-.61.251-1.013.251-.467 0-.84-.129-1.119-.386-.279-.265-.428-.697-.449-1.295a24.37 24.37 0 0 1 0-1.757c.021-.6.17-1.028.45-1.284.277-.266.651-.398 1.118-.398.403 0 .74.084 1.013.251.271.166.464.48.574.94a.354.354 0 0 0 .106.198.313.313 0 0 0 .187.054h.993a.211.211 0 0 0 .157-.064.171.171 0 0 0 .063-.156 2.218 2.218 0 0 0-.847-1.714 2.898 2.898 0 0 0-.962-.523 4.018 4.018 0 0 0-1.274-.188c-.64 0-1.188.115-1.641.345a2.408 2.408 0 0 0-1.034.972c-.237.425-.37.93-.397 1.515a37.886 37.886 0 0 0 0 1.86c.027.593.16 1.102.397 1.526.237.418.578.742 1.024.972Zm-7.801 2.216a.2.2 0 0 1-.147-.064.199.199 0 0 1-.063-.146V57.8a.474.474 0 0 1 .042-.083l.816-1.934-2.007-4.734a.482.482 0 0 1-.041-.147.25.25 0 0 1 .073-.156.196.196 0 0 1 .156-.073h.847c.083 0 .146.02.187.063a.424.424 0 0 1 .095.135l1.39 3.417 1.43-3.417a.314.314 0 0 1 .095-.135c.042-.042.104-.063.189-.063h.835a.2.2 0 0 1 .147.063.186.186 0 0 1 .073.145.468.468 0 0 1-.042.168l-2.957 6.845a.417.417 0 0 1-.105.135c-.041.043-.105.064-.188.064h-.825Zm-4.87-2.09c.272.138.61.208 1.013.208.37 0 .69-.058.962-.178.272-.125.498-.299.68-.522.18-.222.32-.484.417-.783a3.8 3.8 0 0 0 .168-1.003 6.92 6.92 0 0 0 .01-.335c0-.105-.004-.22-.01-.345a3.348 3.348 0 0 0-.158-.972 2.281 2.281 0 0 0-.428-.784 1.828 1.828 0 0 0-.679-.533 2.278 2.278 0 0 0-.962-.188 2.123 2.123 0 0 0-.96.199 1.983 1.983 0 0 0-.648.491v-2.32a.246.246 0 0 0-.074-.178.223.223 0 0 0-.177-.073h-.889a.243.243 0 0 0-.177.073.246.246 0 0 0-.074.179v6.917c0 .07.025.13.074.177a.243.243 0 0 0 .177.074h.826a.22.22 0 0 0 .177-.074.238.238 0 0 0 .073-.177v-.386c.175.216.394.393.66.532Zm1.327-1.098c-.167.126-.4.188-.7.188-.285 0-.519-.066-.7-.198a1.197 1.197 0 0 1-.387-.502 2.28 2.28 0 0 1-.135-.637 6.72 6.72 0 0 1 0-.805c.006-.21.055-.408.146-.595a1.2 1.2 0 0 1 .397-.482c.174-.125.4-.187.68-.187.298 0 .532.065.7.198a1 1 0 0 1 .354.502c.077.208.122.438.137.69.013.208.013.417 0 .627a2.39 2.39 0 0 1-.137.689 1.065 1.065 0 0 1-.355.512ZM8.603 56.21c-.425 0-.794-.094-1.108-.282a1.93 1.93 0 0 1-.71-.815 2.912 2.912 0 0 1-.25-1.254v-2.937c0-.07.023-.129.073-.177a.238.238 0 0 1 .177-.073h.92a.22.22 0 0 1 .177.073.243.243 0 0 1 .073.177v2.874c0 .864.38 1.296 1.139 1.296.362 0 .648-.116.857-.345.216-.23.324-.547.324-.951v-2.874c0-.07.024-.129.074-.177a.238.238 0 0 1 .177-.073h.92c.07 0 .129.023.177.073a.243.243 0 0 1 .074.177v4.933c0 .07-.025.13-.074.177a.243.243 0 0 1-.177.074h-.847a.258.258 0 0 1-.188-.074.267.267 0 0 1-.062-.177v-.428a2.031 2.031 0 0 1-.7.574c-.28.14-.627.209-1.046.209Zm-8.53-.178c.05.05.109.074.178.074h.951c.077 0 .136-.024.177-.074a.238.238 0 0 0 .074-.177v-2.509h1.453l1.348 2.478a.84.84 0 0 0 .147.187c.062.064.152.095.27.095h.952a.199.199 0 0 0 .145-.062.197.197 0 0 0 .074-.158.252.252 0 0 0-.031-.114l-1.526-2.665a2.12 2.12 0 0 0 1.014-.742c.257-.342.386-.77.386-1.285 0-.746-.243-1.315-.73-1.704-.489-.39-1.154-.585-1.997-.585H.251a.238.238 0 0 0-.177.073.253.253 0 0 0-.074.188v6.803c0 .07.025.13.074.177Zm2.853-3.866H1.453V49.95h1.473c.432 0 .75.102.952.303.209.196.313.467.313.816s-.104.62-.313.815c-.21.188-.526.282-.952.282Z"/>
     </symbol>
-    <symbol viewBox="0 0 60 60" id="dnsimple">
+    <symbol id="dnsimple" viewBox="0 0 60 60">
       <path fill-rule="evenodd" clip-rule="evenodd" d="M6.175 24.787a3.92 3.92 0 0 0-.843.075v2.802c-.392-.151-.844-.226-1.446-.226-2.139 0-3.887 1.461-3.887 3.811 0 2.41 1.597 3.736 3.947 3.736 1.16 0 2.35-.316 3.088-.708v-9.415a4.242 4.242 0 0 0-.859-.075Zm-2.259 8.707c-1.296 0-2.184-.874-2.184-2.275 0-1.386.949-2.275 2.214-2.275.512 0 .979.061 1.386.317v4.007a3.742 3.742 0 0 1-1.416.226Zm8.421-6.086c-1.537 0-2.787.602-3.42 1.13v6.221c.286.06.573.075.844.075.286 0 .587-.015.858-.075v-5.393c.332-.196.919-.391 1.582-.391 1.1 0 1.732.497 1.732 1.807v3.977c.302.06.573.075.859.075.271 0 .573-.015.859-.075v-4.384c0-1.641-1.01-2.967-3.314-2.967ZM19.974 35c1.958 0 3.103-.904 3.103-2.395 0-1.416-1.129-1.943-2.681-2.184-1.22-.196-1.537-.422-1.537-.889 0-.452.392-.738 1.296-.738.859 0 1.597.256 2.094.542.346-.271.572-.693.648-1.22-.467-.332-1.386-.693-2.682-.693-1.808 0-2.998.904-2.998 2.229 0 1.507 1.206 1.974 2.471 2.17 1.28.195 1.687.467 1.687.949 0 .482-.361.858-1.371.858-1.13 0-1.762-.391-2.199-.708-.362.226-.648.633-.783 1.175.406.347 1.355.904 2.952.904Zm5.483-8.451a1.09 1.09 0 0 0 1.085-1.084 1.09 1.09 0 0 0-1.085-1.085c-.617 0-1.114.482-1.114 1.085 0 .602.497 1.084 1.114 1.084Zm0 8.285c.287 0 .573-.015.844-.075v-7.125a4.01 4.01 0 0 0-.844-.075c-.286 0-.572.015-.858.075v7.125c.286.06.587.075.858.075Zm10.892-7.426c-.964 0-1.838.376-2.426.828-.527-.512-1.31-.828-2.335-.828-1.491 0-2.786.633-3.359 1.13v6.221c.286.06.573.075.844.075.286 0 .587-.015.858-.075v-5.393a2.92 2.92 0 0 1 1.462-.391c1.16 0 1.596.738 1.596 1.762v4.022c.287.06.573.075.874.075.271 0 .573-.015.844-.075v-4.534c0-.226-.03-.452-.076-.663.347-.286.829-.587 1.522-.587 1.16 0 1.612.738 1.612 1.762v4.022c.271.06.557.075.858.075.272 0 .573-.015.844-.075v-4.534c0-1.552-1.055-2.817-3.118-2.817Zm8.134.015c-1.355 0-2.485.527-3.178 1.1v9.023c.301.06.572.075.858.075.287 0 .573-.015.844-.075v-2.772c.452.151.934.211 1.537.211 1.988 0 3.781-1.401 3.781-3.811 0-2.471-1.657-3.751-3.842-3.751Zm-.06 6.041c-.557 0-1.009-.091-1.416-.287v-3.841a2.842 2.842 0 0 1 1.401-.346c1.311 0 2.199.828 2.199 2.199 0 1.416-.888 2.275-2.184 2.275Zm6.312 1.37c.286 0 .587-.015.859-.075v-9.882a4.308 4.308 0 0 0-.874-.075c-.286 0-.573.015-.844.075v9.882c.301.06.588.075.859.075Zm9.264-4.187c0-1.913-1.356-3.224-3.269-3.224-2.033 0-3.585 1.597-3.585 3.811 0 2.335 1.537 3.751 3.676 3.751 1.431 0 2.365-.527 2.967-1.009a1.76 1.76 0 0 0-.738-1.16c-.467.331-1.069.738-2.109.738-1.19 0-1.913-.723-2.048-1.898h5.046c.045-.392.06-.633.06-1.009Zm-5.091-.121c.12-.979.768-1.717 1.822-1.717 1.16.015 1.597.874 1.597 1.717h-3.419Z"/>
     </symbol>
-    <symbol viewBox="0 0 60 60" id="datadog">
+    <symbol id="datadog" viewBox="0 0 60 60">
       <path d="M58.339 56.312v2.096c-.384.101-.728.15-1.03.15-2.034 0-3.05-1.075-3.05-3.224 0-1.986 1.078-2.978 3.233-2.978.898 0 1.735.167 2.51.503v-1.505c-.775-.29-1.653-.438-2.636-.438-3.221 0-4.834 1.471-4.834 4.418 0 3.109 1.584 4.666 4.751 4.666 1.09 0 1.995-.159 2.718-.476V54.84h-2.686l-.561 1.473h1.585Zm-11.376 2.245c1.807 0 2.71-1.041 2.71-3.124 0-2.051-.903-3.078-2.71-3.078-1.854 0-2.78 1.027-2.78 3.078 0 2.083.926 3.124 2.78 3.124Zm-4.508-3.086c0-3.038 1.504-4.555 4.508-4.555 2.957 0 4.436 1.517 4.436 4.555 0 3.02-1.479 4.529-4.436 4.529-2.871 0-4.373-1.51-4.508-4.53Zm-7.56 3.024h1.978c1.86 0 2.793-1.094 2.793-3.282 0-1.864-.932-2.794-2.793-2.794h-1.978v6.076Zm2.229 1.44h-3.89V50.98h3.89c2.803 0 4.205 1.412 4.205 4.233 0 3.148-1.402 4.723-4.205 4.723Zm-12.777 0h-1.709l3.81-8.955h1.79l3.89 8.956H30.34l-1.13-2.443h-2.874l.57-1.44h1.865L27.3 52.69l-2.954 7.246Zm-7.665-8.955h6.81v1.44h-2.574v7.516h-1.661V52.42h-2.575v-1.44ZM9.84 59.936H8.133l3.81-8.956h1.787l3.892 8.956h-1.789l-1.13-2.443H11.83l.571-1.44h1.864l-1.47-3.363-2.954 7.246Zm-8.176-1.441H3.64c1.863 0 2.792-1.094 2.792-3.282 0-1.864-.93-2.794-2.792-2.794H1.665v6.076Zm2.227 1.44H.002V50.98h3.89c2.803 0 4.206 1.412 4.206 4.233 0 3.148-1.403 4.723-4.206 4.723ZM29.864 14.47c.32-.304-1.597-.704-3.085.31-1.097.75-1.132 2.354-.082 3.264.105.09.192.154.273.206a9.513 9.513 0 0 1 2.767-.816c.223-.248.482-.686.417-1.477-.087-1.075-.902-.905-.29-1.486Zm10.065 5.833c-.18-.1-1.03-.06-1.627.01-1.137.135-2.364.529-2.633.739-.49.378-.268 1.037.095 1.307 1.012.757 1.9 1.264 2.838 1.14.575-.075 1.082-.986 1.442-1.813.245-.569.245-1.183-.115-1.383Zm-3.882-6.725c-.066.15-.169.248-.015.734l.01.028.025.063.064.146c.278.569.584 1.105 1.095 1.38.133-.023.269-.038.41-.045.481-.021.784.055.976.159a2.14 2.14 0 0 0 .01-.442c-.038-.721.142-1.947-1.243-2.592-.523-.242-1.257-.168-1.5.136a.634.634 0 0 1 .115.025c.37.128.12.256.053.408Zm14.266 9.879-1.194.227L46.828.002 7.77 4.53l4.812 39.046 4.571-.664c-.364-.52-.932-1.152-1.904-1.959-1.346-1.118-.87-3.018-.076-4.218 1.05-2.027 6.464-4.603 6.158-7.843-.11-1.178-.297-2.712-1.391-3.763-.04.436.033.856.033.856s-.45-.572-.673-1.354c-.222-.3-.396-.395-.633-.795-.168.463-.146 1-.146 1s-.368-.868-.426-1.6c-.219.327-.274.95-.274.95s-.477-1.368-.368-2.105c-.218-.642-.863-1.914-.681-4.807 1.192.835 3.816.637 4.838-.87.34-.499.573-1.86-.168-4.546-.477-1.721-1.656-4.284-2.117-5.257l-.054.04c.242.783.742 2.425.933 3.222.58 2.415.736 3.256.464 4.37-.232.968-.788 1.601-2.196 2.309-1.409.71-3.279-1.018-3.397-1.114-1.368-1.09-2.426-2.869-2.544-3.733-.123-.946.544-1.514.882-2.287a8.6 8.6 0 0 0-1.02.383s.642-.664 1.432-1.238a8.26 8.26 0 0 0 .864-.641c-.5-.009-.904.005-.904.005s.832-.45 1.695-.777c-.63-.029-1.236-.005-1.236-.005s1.858-.832 3.328-1.442c1.009-.414 1.995-.291 2.55.51.727 1.05 1.49 1.62 3.11 1.973.995-.44 1.297-.667 2.545-1.007 1.1-1.21 1.963-1.366 1.963-1.366s-.427.393-.542 1.01c.623-.491 1.306-.902 1.306-.902s-.264.327-.51.846l.057.085c.728-.436 1.583-.78 1.583-.78s-.244.31-.531.709c.548-.005 1.66.023 2.092.072 2.55.056 3.078-2.722 4.056-3.07 1.225-.438 1.773-.702 3.86 1.348 1.79 1.76 3.19 4.91 2.495 5.615-.583.586-1.732-.228-3.005-1.816a6.865 6.865 0 0 1-1.42-3.097 3.043 3.043 0 0 0-.984-1.684s.453 1.012.453 1.904c0 .488.061 2.31.843 3.332-.078.15-.114.74-.2.853-.908-1.099-2.861-1.885-3.178-2.117 1.076.883 3.553 2.911 4.504 4.855.9 1.838.37 3.523.825 3.96.129.125 1.935 2.374 2.282 3.504.607 1.97.036 4.04-.757 5.324l-2.214.345c-.324-.09-.543-.135-.834-.303.161-.283.48-.99.483-1.136l-.125-.219c-.69.976-1.844 1.924-2.803 2.469-1.256.712-2.702.602-3.644.31-2.673-.824-5.202-2.63-5.81-3.105 0 0-.02.379.095.464.674.76 2.218 2.135 3.71 3.094l-3.181.35 1.504 11.712c-.666.096-.77.143-1.5.247-.644-2.274-1.875-3.758-3.22-4.622-1.186-.763-2.823-.935-4.39-.624l-.1.116c1.089-.113 2.374.044 3.695.88 1.297.82 2.341 2.938 2.726 4.212.493 1.63.832 3.372-.493 5.22-.942 1.313-3.695 2.038-5.918.468.594.955 1.396 1.737 2.477 1.884 1.605.218 3.129-.061 4.176-1.137.895-.92 1.37-2.845 1.245-4.872l1.417-.205.511 3.637 23.449-2.823-1.913-18.66ZM27.86 28.834l2.951-.406c.477.215.81.297 1.382.442.89.232 1.924.455 3.451-.314.356-.177 1.096-.854 1.395-1.24l12.087-2.193 1.233 14.924-20.708 3.732-1.79-14.945Zm17.149 4.953-3.96-2.611-3.301 5.517-3.842-1.123-3.382 5.161.174 1.625 18.388-3.388-1.07-11.489-3.007 6.308Z"/>
     </symbol>
-    <symbol viewBox="0 0 60 60" id="fastly">
+    <symbol id="fastly" viewBox="0 0 60 60">
       <path d="M40.845 36.419h4.699v-2.393h-1.558V18.379h-3.141v18.04ZM.008 34.026h1.6v-7.55h-1.6v-2.078l1.6-.263v-2.103c0-2.546.554-3.653 3.797-3.653.698 0 1.533.103 2.264.24l-.434 2.561a6.106 6.106 0 0 0-1.047-.093c-1.141 0-1.43.11-1.43 1.234v1.822h2.375v2.342H4.758v7.55h1.584v2.393H.016v-2.402H.008Zm39.228-.757c-.494.102-.92.093-1.235.102-1.294.034-1.183-.391-1.183-1.617v-5.278h2.469v-2.342h-2.469V18.38h-3.15v14.029c0 2.759.681 4.01 3.644 4.01.698 0 1.668-.18 2.392-.34l-.468-2.81Zm19.563.775c.664 0 1.2.528 1.2 1.192 0 .663-.536 1.183-1.2 1.183a1.186 1.186 0 0 1-1.101-.728 1.186 1.186 0 0 1-.091-.456c0-.672.536-1.191 1.192-1.191Zm0 2.187a1 1 0 0 0 .996-1.004.99.99 0 0 0-.996-.987.983.983 0 0 0-.996.987c0 .553.451 1.004.996 1.004Zm.221-.417-.238-.348h-.17v.349h-.264v-1.167h.485c.29 0 .468.145.468.4 0 .188-.094.315-.247.366l.29.4h-.324Zm-.409-.587h.214c.118 0 .204-.05.204-.179 0-.119-.085-.17-.196-.17h-.222v.349Zm-28.868-8.76v-.417c-.953-.17-1.897-.179-2.409-.179-1.464 0-1.642.775-1.642 1.2 0 .597.204.92 1.787 1.27 2.324.518 4.648 1.063 4.648 3.94 0 2.733-1.405 4.138-4.358 4.138-1.975 0-3.899-.426-5.364-.8v-2.35h2.384v.418c1.03.195 2.103.178 2.665.178 1.566 0 1.813-.843 1.813-1.285 0-.622-.451-.92-1.916-1.218-2.758-.468-4.954-1.413-4.954-4.214 0-2.656 1.78-3.695 4.733-3.695 2.001 0 3.525.307 4.989.682v2.332h-2.376Zm-14.752 1.882-1.158 1.012a.616.616 0 0 0-.639 1.014.616.616 0 0 0 1.033-.299.617.617 0 0 0-.02-.34l1.022-1.14-.238-.248Z"/>
       <path d="M20.068 23.47h-3.15v.886a6.38 6.38 0 0 0-2.12-.792v-1.073h.383v-.8h-3.167v.8h.384v1.081a6.48 6.48 0 0 0-5.261 6.368 6.469 6.469 0 0 0 1.899 4.588 6.48 6.48 0 0 0 4.587 1.9c1.209 0 2.35-.333 3.32-.912l.562.911h3.329v-3.15h-.766V23.47Zm-3.116 6.657a3.343 3.343 0 0 1-3.15 3.142v-.375h-.375v.375a3.332 3.332 0 0 1-3.124-3.15h.375v-.374h-.375a3.342 3.342 0 0 1 3.124-3.124v.374h.375v-.375a3.333 3.333 0 0 1 3.15 3.141h-.375v.375h.375v-.009Zm36.555-5.992h6.495v2.34h-1.549l-3.984 9.8c-1.141 2.749-3.013 5.345-5.874 5.345-.698 0-1.635-.076-2.282-.23l.281-2.86c.418.076.962.128 1.243.128 1.328 0 2.818-.818 3.286-2.248l-4.035-9.935h-1.55v-2.341h6.496v2.341h-1.549l2.29 5.627 2.29-5.627h-1.55v-2.341h-.008Z"/>
     </symbol>
-    <symbol viewBox="0 0 60 60" id="honeybadger">
+    <symbol id="honeybadger" viewBox="0 0 60 60">
       <path fill-rule="evenodd" clip-rule="evenodd" d="m37.902 14.22 7.608 7.607-15.506 15.507-1.687-1.687-2.292 2.29 2.451 2.452a2.161 2.161 0 0 0 3.056 0l17.034-17.034a2.16 2.16 0 0 0 0-3.055l-9.3-9.298-1.364 3.218Zm-.284-4.866-1.364 3.218-2.87-2.87 2.291-2.29 1.943 1.942Zm-3.47-3.472-2.616-2.615a2.161 2.161 0 0 0-3.056 0L11.444 20.3a2.161 2.161 0 0 0 0 3.055l9.984 9.984 1.462-3.119-8.391-8.393L30.004 6.323l1.853 1.85 2.29-2.29ZM23.051 34.964l1.462-3.12 2.276 2.275-2.293 2.29-1.445-1.445Z"/>
       <path d="M39.405 5.158c.232-.546-.459-1.013-.879-.592L19.967 23.125h7.56l-6.016 14.81c-.221.547.466 1.003.882.586L40.49 20.424h-7.561l6.476-15.266Z"/>
       <path fill-rule="evenodd" clip-rule="evenodd" d="m5.662 57.367 1.744-11.959H5.465l-.715 4.864H2.989l.715-4.864H1.762L.004 57.367h1.941l.78-5.308h1.762l-.78 5.308h1.955Zm3.62-2.397c1.942 0 2.705-.82 3.107-3.75.375-2.783-.276-3.697-2.08-3.697-1.913 0-2.732.941-3.078 3.804-.36 2.81.374 3.643 2.052 3.643Zm.196-1.371c-.486 0-.611-.47-.348-2.285.25-1.882.486-2.432 1.04-2.432.486 0 .583.442.333 2.298-.249 1.84-.486 2.419-1.025 2.419Zm5.672-5.323c.43-.404 1.054-.753 1.608-.753 1.124 0 1.513.766 1.318 2.11l-.777 5.175h-1.803l.736-4.972c.068-.484-.028-.727-.388-.727-.278 0-.541.243-.707.404l-.778 5.295h-1.802l1.04-7.124h1.526l.027.592Zm22.967-.592-.21.525a1.545 1.545 0 0 0-1.33-.686c-1.318 0-2.122 1.05-2.455 3.83-.333 2.756.306 3.617 1.345 3.617.624 0 1.11-.296 1.47-.712l.014.55h1.665l1.053-7.124h-1.552Zm-1.056 5.39c-.151.19-.442.39-.692.39-.445 0-.583-.417-.347-2.15.25-1.841.513-2.272.956-2.272.265 0 .486.188.611.39l-.528 3.643Zm8.558-7.666-1.387 9.4h-1.65l-.015-.55c-.36.43-.86.712-1.47.712-1.04 0-1.692-.86-1.344-3.617.333-2.78 1.122-3.83 2.454-3.83.514 0 .915.215 1.206.552l.403-2.667h1.803Zm-3.967 5.906c-.249 1.733-.097 2.15.347 2.15.236 0 .541-.2.693-.39l.527-3.642c-.125-.202-.36-.39-.61-.39-.444 0-.707.43-.957 2.272Zm-15.81 6.05h21.502a2.584 2.584 0 0 0 2.559-2.223l1.054-7.457h-1.553l-.166.538c-.278-.39-.75-.699-1.262-.699-1.4 0-2.164.766-2.552 3.75-.374 2.715.236 3.548 1.332 3.548.554 0 1.067-.24 1.413-.644l-.055.51c-.149.639-.804 1.145-1.882 1.145H26.71c-.255.603-.503 1.09-.797 1.45l-.07.082Zm21.842-4.02c-.444 0-.61-.39-.374-2.084.236-1.774.513-2.218.97-2.218.25 0 .473.188.596.377l-.512 3.535c-.152.188-.445.39-.68.39Zm7.461.994c-.734.43-1.498.632-2.164.632-1.553 0-2.26-1.344-1.955-3.63.36-2.741 1.387-3.817 3.148-3.817 1.096 0 1.775.565 1.775 1.56 0 1.33-.749 2.782-3.189 3.226 0 .072.004.126.008.174.003.04.005.079.005.12.013.552.306.848.791.848.333 0 .72-.108 1.276-.363l.305 1.25Zm-1.18-5.484c-.428 0-.818.645-1.053 2.07a1.557 1.557 0 0 0 1.414-1.546c0-.323-.11-.524-.36-.524Zm3.46 5.954.734-4.879c.36-.322.763-.497 1.165-.497.112 0 .208 0 .32.013l.36-1.733a.932.932 0 0 0-.568-.189c-.528 0-.985.418-1.318 1.009l-.027-.848h-1.415l-1.055 7.124h1.804Zm-34.924-.47c-.736.43-1.498.632-2.164.632-1.553 0-2.26-1.344-1.954-3.63.36-2.741 1.385-3.817 3.146-3.817 1.097 0 1.776.565 1.776 1.56 0 1.33-.749 2.782-3.189 3.226 0 .072.004.126.007.174.003.04.006.079.006.12.015.552.305.848.791.848.333 0 .721-.108 1.275-.363l.306 1.25Zm-1.18-5.484c-.429 0-.817.645-1.052 2.07a1.557 1.557 0 0 0 1.413-1.546c0-.323-.11-.524-.36-.524Zm9.85 6.116c1.58 0 2.19-1.25 2.524-4.167.318-2.608-.195-3.28-1.29-3.28-.554 0-1.04.23-1.47.565l.36-2.482h-1.802l-1.346 9.202h1.637l.166-.537c.236.39.666.7 1.22.7Zm-.347-1.506a.675.675 0 0 1-.624-.39l.541-3.655c.208-.215.484-.377.749-.377.416 0 .499.416.319 1.828-.166 1.681-.444 2.594-.985 2.594Zm-5.516-.59 1.566-5.19h1.859L25.96 54.89c-.764 1.962-1.193 2.474-2.4 2.474H6.626l.225-1.532h16.414c.557 0 .864-.387.864-.89l-.624-7.258h1.956l-.153 5.19Z"/>
     </symbol>
-    <symbol viewBox="0 0 60 60" id="domainr">
+    <symbol id="domainr" viewBox="0 0 60 60">
       <path d="M30.02 0a22.501 22.501 0 0 1 15.899 6.582A22.515 22.515 0 0 1 52.5 22.473c0 5.96-2.378 11.676-6.582 15.89a22.5 22.5 0 0 1-15.899 6.583H10.236a.733.733 0 0 1-.626-.35.887.887 0 0 1-.11-.354c0-.125.025-.25.086-.361l1.152-2.306a.959.959 0 0 1 .883-.537H30.02a18.57 18.57 0 0 0 18.57-18.565A18.57 18.57 0 0 0 30.02 3.91H14.048a.409.409 0 0 0-.184.046.466.466 0 0 0-.135.129.309.309 0 0 0-.049.179c-.012.064.012.126.037.184l1.066 2.12a.429.429 0 0 0 .184.199c.074.049.16.073.258.073H30.02a15.64 15.64 0 0 1 15.641 15.634A15.647 15.647 0 0 1 30.02 38.106H13.656a.733.733 0 0 1-.626-.35.887.887 0 0 1-.11-.352.75.75 0 0 1 .086-.363l4.572-9.145a.96.96 0 0 1 .87-.538H30.02a4.89 4.89 0 0 0 4.89-4.885 4.89 4.89 0 0 0-4.89-4.885h-9.132a.405.405 0 0 0-.184.047.466.466 0 0 0-.135.129.309.309 0 0 0-.049.179c-.012.062.012.125.037.182l1.066 2.121c.037.08.098.15.172.199a.525.525 0 0 0 .27.073h7.955c.527 0 1.017.206 1.385.573.368.367.576.864.576 1.382 0 .518-.208 1.015-.576 1.382a1.949 1.949 0 0 1-1.385.572h-10.1a.999.999 0 0 1-.515-.147 1.054 1.054 0 0 1-.356-.39l-4.584-9.145a.735.735 0 0 1-.074-.362c0-.126.037-.248.11-.356a.671.671 0 0 1 .258-.256.744.744 0 0 1 .368-.092H30.02a8.81 8.81 0 0 1 6.227 2.576 8.82 8.82 0 0 1 2.574 6.218 8.819 8.819 0 0 1-2.574 6.218 8.809 8.809 0 0 1-6.227 2.576h-9.426a.503.503 0 0 0-.442.274l-1.066 2.12a.462.462 0 0 0-.037.183.32.32 0 0 0 .061.178.29.29 0 0 0 .135.13c.05.03.11.046.172.046H30.02a11.75 11.75 0 0 0 8.299-3.435 11.743 11.743 0 0 0 3.432-8.29 11.743 11.743 0 0 0-3.432-8.291 11.75 11.75 0 0 0-8.299-3.434H13.08a.999.999 0 0 1-.515-.147 1.053 1.053 0 0 1-.356-.39L7.625 1.065A.735.735 0 0 1 7.55.703a.62.62 0 0 1 .11-.354.757.757 0 0 1 .258-.256.745.745 0 0 1 .368-.094H30.02ZM6.423 59.86h-2.17l.013-1.39h2.157c.638 0 1.153-.137 1.582-.412.429-.274.747-.668.968-1.18.208-.511.319-1.122.319-1.83v-.55c0-.55-.062-1.037-.184-1.46a3.019 3.019 0 0 0-.54-1.068 2.397 2.397 0 0 0-.882-.657 3.022 3.022 0 0 0-1.201-.223H4.217v-1.398h2.268c.674 0 1.299.114 1.85.343a4.016 4.016 0 0 1 1.447.97c.417.424.723.932.944 1.522.22.592.33 1.253.33 1.984v.538c0 .73-.11 1.391-.33 1.983a4.233 4.233 0 0 1-.944 1.521c-.404.42-.895.743-1.459.971-.564.225-1.2.336-1.9.336Zm-1.2-10.168V59.86H3.468V49.692h1.753Zm7.109 6.474v-.161c0-.544.073-1.05.233-1.515.159-.47.392-.878.686-1.222a3.16 3.16 0 0 1 1.103-.81 3.62 3.62 0 0 1 1.483-.293c.552 0 1.042.098 1.471.293.442.19.81.46 1.116.81.306.344.527.751.686 1.222.16.466.246.97.246 1.515v.16c0 .546-.086 1.051-.246 1.516-.159.465-.38.872-.686 1.222a3.27 3.27 0 0 1-1.103.81A3.58 3.58 0 0 1 15.85 60a3.74 3.74 0 0 1-1.496-.287 3.27 3.27 0 0 1-1.103-.81 3.783 3.783 0 0 1-.686-1.222 4.64 4.64 0 0 1-.233-1.515Zm1.68-.161v.16c0 .34.036.661.097.964.074.303.184.569.331.797.147.228.343.407.576.537.233.13.515.196.834.196.306 0 .576-.065.809-.196.233-.13.417-.31.576-.537.147-.228.257-.494.319-.797a4.07 4.07 0 0 0 .11-.963v-.161c0-.335-.037-.652-.11-.95a2.173 2.173 0 0 0-.331-.803 1.59 1.59 0 0 0-.576-.544 1.554 1.554 0 0 0-.81-.202c-.318 0-.6.067-.833.202-.22.13-.417.311-.564.544s-.257.501-.33.803a4.706 4.706 0 0 0-.099.95Zm8.433-2.165v6.02h-1.68v-7.556h1.581l.099 1.536Zm-.27 1.963-.576-.008c0-.52.061-1.002.196-1.445.135-.442.319-.826.576-1.152.245-.331.564-.584.932-.761.38-.182.809-.272 1.311-.272.343 0 .65.051.944.153.282.098.527.254.748.468.208.215.368.49.478.824.122.336.184.74.184 1.215v5.035h-1.692v-4.888c0-.368-.049-.656-.16-.866a.973.973 0 0 0-.465-.447 1.73 1.73 0 0 0-.723-.14c-.319 0-.589.061-.81.182-.22.12-.404.286-.539.496-.134.21-.245.451-.306.726a4.033 4.033 0 0 0-.098.88Zm4.682-.448-.784.176c0-.456.061-.888.184-1.292a3.4 3.4 0 0 1 .564-1.075c.257-.313.564-.557.931-.733a2.854 2.854 0 0 1 1.263-.266c.392 0 .735.054 1.03.16.318.103.576.266.784.49.22.222.38.513.49.872.11.354.172.782.172 1.285v4.888h-1.692v-4.896c0-.38-.06-.676-.171-.886a.836.836 0 0 0-.454-.433 1.884 1.884 0 0 0-.723-.126c-.257 0-.49.05-.686.147a1.383 1.383 0 0 0-.503.399 1.839 1.839 0 0 0-.306.578c-.062.22-.099.457-.099.712Zm10.628 2.99v-3.604c0-.27-.049-.502-.147-.698a1.066 1.066 0 0 0-.454-.454 1.526 1.526 0 0 0-.735-.16c-.282 0-.515.046-.711.14a1.206 1.206 0 0 0-.478.377.91.91 0 0 0-.16.537h-1.679c0-.298.074-.586.22-.866.148-.28.356-.528.626-.748.27-.218.6-.39.98-.516s.81-.188 1.288-.188c.564 0 1.079.095 1.508.286.44.19.796.48 1.041.866.258.381.38.862.38 1.438v3.36c0 .344.025.653.074.928.049.27.123.505.22.706v.111H37.73a2.797 2.797 0 0 1-.184-.691 4.8 4.8 0 0 1-.06-.824Zm.233-3.08.025 1.04h-1.214c-.306 0-.588.031-.821.091a1.69 1.69 0 0 0-.6.251c-.148.112-.27.248-.356.406-.074.158-.11.337-.11.537 0 .201.048.385.134.552.098.163.233.291.405.384.183.094.404.14.662.14a1.835 1.835 0 0 0 1.507-.734c.147-.208.233-.407.245-.593l.54.747a2.3 2.3 0 0 1-.282.615c-.135.219-.319.427-.54.628a2.616 2.616 0 0 1-1.801.67 2.92 2.92 0 0 1-1.324-.293 2.395 2.395 0 0 1-.907-.803 2.067 2.067 0 0 1-.331-1.152c0-.4.073-.754.233-1.062.147-.311.367-.572.661-.782a3.338 3.338 0 0 1 1.091-.474c.43-.112.92-.168 1.471-.168h1.312Zm5.014-2.96v7.555H41.04v-7.556h1.692ZM40.93 50.32c0-.256.085-.468.245-.635.184-.173.417-.259.723-.259.294 0 .527.086.699.259a.848.848 0 0 1 .257.635c0 .251-.086.46-.257.629-.172.168-.405.251-.699.251-.306 0-.54-.083-.723-.251a.883.883 0 0 1-.245-.629Zm5.307 3.596v5.943h-1.679v-7.556h1.594l.085 1.613Zm-.294 1.886-.54-.008c0-.534.074-1.026.221-1.473.148-.446.356-.831.613-1.152.27-.321.576-.568.944-.74a2.82 2.82 0 0 1 1.238-.265c.356 0 .687.051.98.153.295.098.553.258.76.482.222.224.38.514.491.874.11.353.172.788.172 1.305v4.881H49.13v-4.888c0-.363-.061-.65-.16-.86a.946.946 0 0 0-.453-.453 1.711 1.711 0 0 0-.735-.14 1.59 1.59 0 0 0-.772.182 1.74 1.74 0 0 0-.589.496c-.147.21-.27.451-.355.726a2.938 2.938 0 0 0-.123.88Zm8.287-2.06v6.117h-1.692v-7.556h1.606l.086 1.438Zm2.304-1.488-.012 1.564a4.306 4.306 0 0 0-.687-.055c-.282 0-.539.042-.76.125a1.418 1.418 0 0 0-.882.894 2.574 2.574 0 0 0-.147.72l-.38.028c0-.476.049-.915.135-1.32a3.48 3.48 0 0 1 .429-1.068c.183-.308.429-.548.71-.72.282-.173.613-.258.993-.258a2.13 2.13 0 0 1 .601.09Z"/>
     </symbol>
-    <symbol viewBox="0 0 60 60" id="mend-io">
+    <symbol id="mend-io" viewBox="0 0 60 60">
       <path d="M43.39 27.355c-2.24 5.173-7.39 8.79-13.39 8.79-.25 0-.49-.006-.73-.018-7.72-.38-13.87-6.763-13.87-14.58 0-1.31.18-2.576.5-3.78.33-.352.79-.57 1.31-.57.99 0 1.81.818 1.81 1.824v.587c0 .01-.01.02-.01.028v4.44a3.33 3.33 0 0 0 3.32 3.331 3.33 3.33 0 0 0 3.32-3.331v-3.582c0-.012-.01-.022-.01-.035v-1.438c0-1.006.81-1.825 1.81-1.825s1.81.82 1.81 1.825v5.055c0 1.837 1.49 3.331 3.31 3.331a3.33 3.33 0 0 0 3.32-3.331V19.02c0-1.006.81-1.825 1.81-1.825.99 0 1.8.82 1.8 1.825v5.055a3.33 3.33 0 0 0 3.32 3.331c.19 0 .38-.02.57-.052Z"/>
       <path d="M44.59 21.55c0 1.322-.18 2.598-.5 3.818v.006c-.01.002-.01.005-.01.005v.002c-.33.32-.77.52-1.27.52-.99 0-1.8-.819-1.8-1.824v-5.055a3.331 3.331 0 0 0-3.32-3.332c-1.83 0-3.31 1.496-3.31 3.333v5.055c0 1.006-.81 1.825-1.81 1.825s-1.81-.82-1.81-1.825v-5.055c0-1.837-1.48-3.333-3.31-3.333a3.331 3.331 0 0 0-3.32 3.333v5.055c0 1.006-.81 1.825-1.8 1.825-1 0-1.81-.82-1.81-1.825v-5.055c0-1.836-1.49-3.33-3.31-3.332h-.01c-.2 0-.4.021-.6.057C18.85 10.573 24 6.956 30 6.956c.07 0 .15 0 .23.002 7.95.126 14.36 6.61 14.36 14.594M.11 52.772a.408.408 0 0 1-.11-.289v-7.528c0-.117.04-.214.11-.289a.4.4 0 0 1 .29-.111h1.75c.11 0 .21.038.28.111a.38.38 0 0 1 .12.289v.544c.24-.32.57-.584.98-.792.41-.209.87-.313 1.39-.313 1.17 0 1.98.459 2.43 1.378.26-.406.61-.737 1.07-.994.46-.256.95-.384 1.48-.384.87 0 1.58.296 2.13.89.55.592.83 1.476.83 2.651v4.548c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121H10.6a.421.421 0 0 1-.3-.112.376.376 0 0 1-.12-.289v-4.436c0-.534-.11-.918-.32-1.154-.22-.234-.52-.352-.89-.352-.35 0-.63.12-.85.36-.23.241-.34.623-.34 1.146v4.436c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121H5.52a.414.414 0 0 1-.29-.112.408.408 0 0 1-.11-.289v-4.436c0-.523-.11-.905-.34-1.146a1.15 1.15 0 0 0-.87-.36c-.36 0-.63.12-.86.36-.23.241-.35.617-.35 1.129v4.453c0 .107-.03.2-.11.28a.367.367 0 0 1-.29.121H.4a.382.382 0 0 1-.29-.112Zm15.07-.768c-.74-.694-1.13-1.703-1.16-3.028v-.56c.05-1.26.44-2.246 1.18-2.955.74-.71 1.74-1.066 2.99-1.066.91 0 1.67.185 2.3.553.62.368 1.09.873 1.41 1.513.31.641.47 1.378.47 2.211v.384c0 .107-.04.199-.11.28-.08.08-.17.12-.29.12h-5.13v.112c.02.502.15.908.37 1.217.23.31.55.464.98.464.27 0 .48-.056.66-.168.17-.112.32-.248.46-.408.1-.117.17-.19.23-.216.06-.026.15-.04.28-.04h1.99c.09 0 .18.029.25.088s.1.136.1.232c0 .278-.16.598-.47.961-.32.364-.77.678-1.37.945-.6.267-1.3.4-2.12.4-1.28 0-2.29-.347-3.02-1.041v.002Zm4.37-4.133v-.031c0-.523-.12-.938-.36-1.241-.24-.305-.57-.457-1-.457-.43 0-.75.152-.99.457-.24.303-.36.718-.36 1.241v.031h2.71Zm4.1 4.901a.408.408 0 0 1-.11-.289v-7.528c0-.117.04-.214.11-.289a.418.418 0 0 1 .29-.111h1.85c.11 0 .21.038.29.111a.38.38 0 0 1 .12.289v.608c.29-.352.66-.635 1.11-.849.46-.214.97-.32 1.55-.32.94 0 1.7.318 2.29.954.59.635.88 1.524.88 2.666v4.469c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121h-2.02c-.1 0-.2-.04-.28-.121a.383.383 0 0 1-.12-.28v-4.372c0-.503-.12-.89-.37-1.162-.24-.273-.59-.408-1.05-.408-.46 0-.8.135-1.06.408-.26.272-.38.659-.38 1.162v4.372c0 .107-.04.2-.12.28a.36.36 0 0 1-.28.121h-2.01a.414.414 0 0 1-.29-.112Zm10.53-.712c-.58-.657-.9-1.583-.95-2.78l-.02-.561.02-.577c.04-1.153.36-2.066.95-2.739.59-.672 1.41-1.009 2.44-1.009.97 0 1.76.316 2.36.945v-3.428a.382.382 0 0 1 .4-.4h1.95c.12 0 .21.038.29.112.07.075.11.171.11.288v10.572c0 .106-.04.199-.11.279a.382.382 0 0 1-.29.121h-1.81c-.11 0-.2-.04-.28-.121a.383.383 0 0 1-.12-.279v-.514c-.59.715-1.42 1.073-2.5 1.073s-1.86-.328-2.44-.985v.003Zm4.4-1.618c.23-.305.36-.696.4-1.177.01-.139.01-.342.01-.608 0-.267 0-.454-.01-.593-.03-.437-.16-.8-.4-1.089-.25-.288-.61-.433-1.08-.433-.5 0-.86.15-1.08.448-.22.3-.34.711-.37 1.234-.02.107-.02.272-.02.497 0 .224 0 .389.02.496.03.523.15.934.37 1.234.22.299.58.448 1.08.448.51 0 .84-.152 1.08-.457Zm9.06-7.2c-.08-.075-.11-.17-.11-.288v-1.442c0-.117.03-.214.11-.288a.382.382 0 0 1 .29-.112h1.92c.12 0 .21.038.29.112.07.074.11.171.11.288v1.442c0 .117-.04.213-.11.288a.397.397 0 0 1-.29.112h-1.92a.382.382 0 0 1-.29-.112Zm.02 9.53a.376.376 0 0 1-.12-.288v-7.529c0-.117.04-.213.12-.288a.374.374 0 0 1 .28-.112h1.89c.12 0 .22.038.29.112a.37.37 0 0 1 .11.288v7.529c0 .106-.03.199-.11.28a.37.37 0 0 1-.29.12h-1.89a.374.374 0 0 1-.28-.112Zm5.02-.672c-.72-.631-1.11-1.517-1.17-2.659-.01-.139-.02-.379-.02-.721 0-.341.01-.581.02-.72.06-1.131.46-2.015 1.2-2.651.74-.636 1.74-.954 3.03-.954 1.28 0 2.3.318 3.04.954.74.636 1.14 1.519 1.2 2.651.01.139.02.379.02.72 0 .342-.01.583-.02.721-.06 1.142-.45 2.028-1.17 2.659-.71.63-1.74.944-3.07.944-1.34 0-2.35-.314-3.06-.944Zm4.1-1.433c.22-.284.35-.719.38-1.305.01-.107.02-.32.02-.642 0-.321-.01-.533-.02-.641-.03-.577-.16-1.008-.39-1.297-.23-.289-.57-.433-1.03-.433-.89 0-1.36.577-1.41 1.73l-.02.641.02.642c.02.588.14 1.023.37 1.305.23.283.58.424 1.04.424.46 0 .81-.141 1.04-.424Zm-12.16 2.217a1.45 1.45 0 1 0 0-2.9 1.45 1.45 0 0 0 0 2.9Z"/>
     </symbol>
-    <symbol viewBox="0 0 24 24" id="github">
-      <path d="M12 0c6.63 0 12 5.37 12 12a12.024 12.024 0 0 1-8.175 11.385c-.6.12-.825-.255-.825-.57 0-.405.015-1.695.015-3.3 0-1.125-.375-1.845-.81-2.22 2.67-.3 5.475-1.32 5.475-5.925 0-1.32-.465-2.385-1.23-3.225.12-.3.54-1.53-.12-3.18 0 0-1.005-.33-3.3 1.23-.96-.27-1.98-.405-3-.405s-2.04.135-3 .405c-2.295-1.545-3.3-1.23-3.3-1.23-.66 1.65-.24 2.88-.12 3.18-.765.84-1.23 1.92-1.23 3.225 0 4.59 2.79 5.625 5.46 5.925-.345.3-.66.825-.765 1.605-.69.315-2.415.825-3.495-.99-.225-.36-.9-1.245-1.845-1.23-1.005.015-.405.57.015.795.51.285 1.095 1.35 1.23 1.695.24.675 1.02 1.965 4.035 1.41 0 1.005.015 1.95.015 2.235 0 .315-.225.675-.825.57A11.995 11.995 0 0 1 0 12C0 5.37 5.37 0 12 0Z"/>
+    <symbol id="github" viewBox="0 0 24 24">
+      <path d="M12 2C17.525 2 22 6.58819 22 12.2529C21.9995 14.4012 21.3419 16.4952 20.1198 18.2402C18.8977 19.9852 17.1727 21.2933 15.1875 21.9804C14.6875 22.0829 14.5 21.7625 14.5 21.4934C14.5 21.1474 14.5125 20.0452 14.5125 18.6738C14.5125 17.7126 14.2 17.0974 13.8375 16.777C16.0625 16.5207 18.4 15.6492 18.4 11.7147C18.4 10.5868 18.0125 9.67689 17.375 8.95918C17.475 8.70286 17.825 7.65193 17.275 6.24215C17.275 6.24215 16.4375 5.9602 14.525 7.29308C13.725 7.06239 12.875 6.94704 12.025 6.94704C11.175 6.94704 10.325 7.06239 9.525 7.29308C7.6125 5.97301 6.775 6.24215 6.775 6.24215C6.225 7.65193 6.575 8.70286 6.675 8.95918C6.0375 9.67689 5.65 10.5997 5.65 11.7147C5.65 15.6364 7.975 16.5207 10.2 16.777C9.9125 17.0334 9.65 17.4819 9.5625 18.1484C8.9875 18.4175 7.55 18.8533 6.65 17.3025C6.4625 16.9949 5.9 16.2388 5.1125 16.2516C4.275 16.2644 4.775 16.7386 5.125 16.9308C5.55 17.1743 6.0375 18.0843 6.15 18.3791C6.35 18.9558 7 20.058 9.5125 19.5838C9.5125 20.4425 9.525 21.2499 9.525 21.4934C9.525 21.7625 9.3375 22.0701 8.8375 21.9804C6.8458 21.3007 5.11342 19.9952 3.88611 18.2492C2.65881 16.5031 1.9989 14.4052 2 12.2529C2 6.58819 6.475 2 12 2Z"/>
     </symbol>
-    <symbol viewBox="0 0 24 24" id="mastodon">
+    <symbol id="mastodon" viewBox="0 0 24 24">
       <path d="M23.193 7.879c0-5.207-3.411-6.732-3.411-6.732C18.062.357 15.109.025 12.04 0h-.076c-3.068.025-6.019.357-7.74 1.147 0 0-3.411 1.526-3.411 6.732 0 1.191-.023 2.617.015 4.129.123 5.092.933 10.111 5.641 11.356 2.171.575 4.034.695 5.534.613 2.722-.152 4.249-.972 4.249-.972l-.09-1.975s-1.945.614-4.129.539c-2.165-.075-4.448-.233-4.799-2.891a5.626 5.626 0 0 1-.048-.745s2.124.519 4.817.643c1.646.076 3.19-.096 4.759-.283 3.007-.359 5.625-2.211 5.954-3.905.52-2.668.477-6.509.477-6.509Zm-4.023 6.709h-2.498v-6.12c0-1.289-.542-1.944-1.628-1.944-1.2 0-1.802.777-1.802 2.312v3.35H10.76v-3.35c0-1.535-.601-2.312-1.803-2.312-1.086 0-1.628.655-1.628 1.944v6.12H4.832V8.284c0-1.289.327-2.313.987-3.07.68-.757 1.569-1.146 2.674-1.146 1.278 0 2.247.491 2.886 1.473L12 6.585l.623-1.044c.64-.982 1.609-1.473 2.887-1.473 1.104 0 1.994.389 2.674 1.146.658.757.986 1.781.986 3.07v6.304Z"/>
     </symbol>
-    <symbol viewBox="0 0 24 24" id="x-twitter">
-      <path d="M14.286 10.664 23.222.5h-2.117l-7.763 8.824L7.147.5H0l9.37 13.344L0 24.5h2.117l8.192-9.319 6.544 9.32H24M2.88 2.061h3.253l14.97 20.953H17.85"/>
+    <symbol id="x-twitter" viewBox="0 0 24 24">
+      <path d="M16.39 19.89h2.44L7.6 4.17H5.16M21 21H15.64l-4.91-6.99L4.59 21H3l7.03-7.99L3 3H8.36l4.65 6.62L18.83 3h1.59l-6.71 7.62"/>
     </symbol>
   </defs>
 </svg>
diff --git a/test/functional/subscriptions_controller_test.rb b/test/functional/subscriptions_controller_test.rb
index d0ce9a69bc3..6407699103d 100644
--- a/test/functional/subscriptions_controller_test.rb
+++ b/test/functional/subscriptions_controller_test.rb
@@ -7,6 +7,31 @@ class SubscriptionsControllerTest < ActionController::TestCase
     sign_in_as(@user)
   end
 
+  context "on GET to index when the user is not subscribed to any gems" do
+    setup do
+      get :index
+    end
+
+    should respond_with :success
+
+    should "render 'no subscriptions' message" do
+      assert page.has_content?("You're not subscribed to any gems yet.")
+    end
+  end
+
+  context "on GET to index when the user is subscribed" do
+    setup do
+      create(:subscription, rubygem: @rubygem, user: @user)
+      get :index
+    end
+
+    should respond_with :success
+
+    should "show the gem name" do
+      assert page.has_content?(@rubygem.name)
+    end
+  end
+
   context "On POST to create for a gem that the user is not subscribed to" do
     setup do
       post :create, params: { rubygem_id: @rubygem.slug }
diff --git a/test/functional/versions_controller_test.rb b/test/functional/versions_controller_test.rb
index fcdbca198a3..6b6a4ddec8a 100644
--- a/test/functional/versions_controller_test.rb
+++ b/test/functional/versions_controller_test.rb
@@ -107,7 +107,7 @@ class VersionsControllerTest < ActionController::TestCase
         The date displayed was specified by the author in the gemspec.
       NOTICE
 
-      assert_select ".gem__version__date", text: "- January 01, 2000*", count: 1 do |elements|
+      assert_select ".gem__version__date", text: "January 01, 2000*", count: 1 do |elements|
         version = elements.first
 
         assert_equal(tooltip_text, version["data-tooltip"])
diff --git a/test/integration/profile_test.rb b/test/integration/profile_test.rb
index 34540ceee86..8585cfed4ad 100644
--- a/test/integration/profile_test.rb
+++ b/test/integration/profile_test.rb
@@ -88,7 +88,7 @@ def sign_out
     assert_changes -> { @user.reload.mail_fails }, from: 1, to: 0 do
       visit link
 
-      assert page.has_selector? "#flash_notice", text: "Your email address has been verified"
+      assert page.has_content?("Your email address has been verified")
       visit edit_profile_path
 
       assert page.has_selector? "input[value='nick2@example.com']"
diff --git a/test/integration/rubygems_test.rb b/test/integration/rubygems_test.rb
index f6d1095e31a..39940bac94d 100644
--- a/test/integration/rubygems_test.rb
+++ b/test/integration/rubygems_test.rb
@@ -12,7 +12,7 @@ class RubygemsTest < ActionDispatch::IntegrationTest
     assert page.has_content? "arrakis"
   end
 
-  test "gems list doesn't fall pray to path_params query param" do
+  test "gems list doesn't fall prey to path_params query param" do
     get "/gems?path_params=string"
 
     assert page.has_content? "arrakis"
diff --git a/test/integration/subscriptions_test.rb b/test/integration/subscriptions_test.rb
new file mode 100644
index 00000000000..6e7d65644bb
--- /dev/null
+++ b/test/integration/subscriptions_test.rb
@@ -0,0 +1,36 @@
+require "test_helper"
+
+class SubscriptionsTest < SystemTest
+  setup do
+    @user = create(:user)
+    @rubygem = create(:rubygem, name: "sandworm", number: "1.0.0")
+    @version = create(:version, rubygem: @rubygem, number: "1.1.1")
+  end
+
+  test "subscribe to a gem" do
+    visit subscriptions_path(as: @user.id)
+
+    assert page.has_content? "You're not subscribed to any gems yet."
+
+    visit rubygem_path(@rubygem.slug)
+
+    click_link "Subscribe"
+
+    assert page.has_content? "Unsubscribe"
+
+    visit dashboard_path
+
+    assert page.has_content? @rubygem.name
+    assert page.has_content? @version.number
+
+    visit subscriptions_path
+
+    assert page.has_content? @rubygem.name
+
+    page.find("button[title='Unsubscribe']").click # rubocop:disable Capybara/SpecificActions
+
+    visit subscriptions_path
+
+    assert page.has_content? "You're not subscribed to any gems yet."
+  end
+end
diff --git a/test/views/alert_component_test.rb b/test/views/alert_component_test.rb
new file mode 100644
index 00000000000..4a70a968447
--- /dev/null
+++ b/test/views/alert_component_test.rb
@@ -0,0 +1,53 @@
+require "test_helper"
+require "phlex/testing/rails/view_helper"
+
+class AlertComponentTest < ComponentTest
+  def alert(...)
+    AlertComponent.new(...)
+  end
+
+  def render(...)
+    response = super
+    Capybara.string(response)
+  end
+
+  test "renders a non-closable (blue) notice by default" do
+    page = render(alert { "Hello, world!" })
+
+    assert_selector ".bg-blue-200.text-neutral-800"
+    assert_text page, "Hello, world!"
+    refute_selector "button[title='Hide']"
+  end
+
+  test "renders a closable alert" do
+    page = render(alert(style: :alert, closeable: true) { "Alert!" })
+
+    assert_selector ".bg-yellow-200.text-neutral-800"
+    assert_text page, "Alert!"
+    assert_selector "button[title='Hide']"
+  end
+
+  test "renders a closable error" do
+    page = render(alert(style: :error, closeable: true) { "Error!" })
+
+    assert_selector ".bg-red-200.text-neutral-800"
+    assert_text page, "Error!"
+    assert_selector "button[title='Hide']"
+  end
+
+  test "renders a closable success" do
+    page = render(alert(style: :success, closeable: true) { "Success!" })
+
+    assert_selector ".bg-green-200.text-neutral-800"
+    assert_text page, "Success!"
+    assert_selector "button[title='Hide']"
+  end
+
+  test "renders a neutral alert" do
+    page = render(alert(style: :neutral, closeable: false) { "Here's some info" })
+
+    assert_selector ".bg-neutral-200.text-neutral-800"
+    assert_text page, "Here's some info"
+    refute_selector "button[title='Hide']"
+  end
+end

From 2bdd7f31356e05947897442adb5ed760c2bd3b05 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 24 Oct 2024 14:19:12 +0000
Subject: [PATCH 309/381] Bump actions/checkout from 4.2.1 to 4.2.2

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871...11bd71901bbe5b1630ceea73d27597364c9af683)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml     |  2 +-
 .github/workflows/docker.yml     |  2 +-
 .github/workflows/lint.yml       | 10 +++++-----
 .github/workflows/scorecards.yml |  2 +-
 .github/workflows/test.yml       |  2 +-
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index b79b2449d67..2e9b79a52b7 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -41,7 +41,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 31fb0c214ce..1cce01e300f 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -17,7 +17,7 @@ jobs:
       RUBYGEMS_VERSION: "3.5.20"
       RUBY_VERSION: "3.3.5"
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # master
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 16637b31aaa..6df1b0621e3 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -12,7 +12,7 @@ jobs:
     name: Rubocop
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: ruby/setup-ruby@7bae1d00b5db9166f4f0fc47985a3a5702cb58f0 # v1.197.0
         with:
           bundler-cache: true
@@ -22,7 +22,7 @@ jobs:
     name: Brakeman
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: ruby/setup-ruby@7bae1d00b5db9166f4f0fc47985a3a5702cb58f0 # v1.197.0
         with:
           bundler-cache: true
@@ -32,7 +32,7 @@ jobs:
     name: Importmap Verify
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: ruby/setup-ruby@7bae1d00b5db9166f4f0fc47985a3a5702cb58f0 # v1.197.0
         with:
           bundler-cache: true
@@ -50,7 +50,7 @@ jobs:
     steps:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: ruby/setup-ruby@7bae1d00b5db9166f4f0fc47985a3a5702cb58f0 # v1.197.0
         with:
           bundler-cache: true
@@ -73,7 +73,7 @@ jobs:
     name: Frizbee
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: segiddins/frizbee-action@c162fdaa6c73525a577d2d6eb193683dfc9ba2be # segiddins/run-in-place
         env:
           GITHUB_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 625190ec904..443a4645714 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v3.1.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3.1.0
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index dbf6d6e0070..e55d6191689 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -49,7 +49,7 @@ jobs:
       AVO_LICENSE_KEY: ${{ secrets.AVO_LICENSE_KEY }}
       BUNDLE_PACKAGER__DEV: ${{ secrets.BUNDLE_PACKAGER__DEV }}
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup rubygems.org
         uses: ./.github/actions/setup-rubygems.org

From cfee8c65c049a4f74bbb1d700a36eb9a7ca0abc5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 24 Oct 2024 14:14:55 +0000
Subject: [PATCH 310/381] Bump lookbook from 2.3.2 to 2.3.3

Bumps [lookbook](https://github.com/ViewComponent/lookbook) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/ViewComponent/lookbook/releases)
- [Commits](https://github.com/ViewComponent/lookbook/compare/v2.3.2...v2.3.3)

---
updated-dependencies:
- dependency-name: lookbook
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 43e576608cd..6c2a21cc4a9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -211,7 +211,7 @@ GEM
       bigdecimal
       rexml
     crass (1.0.6)
-    css_parser (1.17.1)
+    css_parser (1.19.1)
       addressable
     csv (3.3.0)
     dalli (3.2.8)
@@ -430,10 +430,10 @@ GEM
       rake (~> 13.0)
     local_time (3.0.2)
     logger (1.6.1)
-    loofah (2.22.0)
+    loofah (2.23.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
-    lookbook (2.3.2)
+    lookbook (2.3.3)
       activemodel
       css_parser
       htmlbeautifier (~> 1.3)
@@ -681,7 +681,7 @@ GEM
       railties (>= 5.1, < 8.0)
       roadie (~> 5.0)
     rotp (6.3.0)
-    rouge (4.3.0)
+    rouge (4.4.0)
     rqrcode (2.2.0)
       chunky_png (~> 1.0)
       rqrcode_core (~> 1.0)
@@ -877,8 +877,8 @@ GEM
       rexml
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    yard (0.9.36)
-    zeitwerk (2.7.0)
+    yard (0.9.37)
+    zeitwerk (2.7.1)
     zlib (3.1.1)
 
 PLATFORMS
@@ -1074,7 +1074,7 @@ CHECKSUMS
   cose (1.3.0) sha256=63247c66a5bc76e53926756574fe3724cc0a88707e358c90532ae2a320e98601
   crack (1.0.0) sha256=c83aefdb428cdc7b66c7f287e488c796f055c0839e6e545fec2c7047743c4a49
   crass (1.0.6) sha256=dc516022a56e7b3b156099abc81b6d2b08ea1ed12676ac7a5657617f012bd45d
-  css_parser (1.17.1) sha256=eb730f2d26591a843e52bd3d0efd76abdfeec8bad728e0b2ac821fc10bb018e6
+  css_parser (1.19.1) sha256=1940dce01e3b9be18d6880e6d65162d984cc04ff28998cf4759beb999275209e
   csv (3.3.0) sha256=0bbd1defdc31134abefed027a639b3723c2753862150f4c3ee61cab71b20d67d
   dalli (3.2.8) sha256=2e63595084d91fae2655514a02c5d4fc0f16c0799893794abe23bf628bebaaa5
   dartsass-sprockets (3.1.0) sha256=c238ec9f7f496489ac5a7813cd1f83d1e077a1826921acefc7e290a521b7a20a
@@ -1166,8 +1166,8 @@ CHECKSUMS
   llhttp-ffi (0.5.0) sha256=496f40ad44bcbf99de02da1f26b1ad64e6593cd487b931508a86228e2a3af0fa
   local_time (3.0.2) sha256=cb8abb2d56726ae285d00b0bd7f4c34bafc38c0c1cbc70ddc28f3a5661168d9d
   logger (1.6.1) sha256=3ad9587ed3940bf7897ea64a673971415523f4f7d6b22c5e3af5219705669653
-  loofah (2.22.0) sha256=10d76e070c86b12fec74b6a9515fd1940f4459198b991342d0a7897d86c372fe
-  lookbook (2.3.2) sha256=abcdefeb13d9150ab30ab8022a2f459db85cbd02e90a0e8e066b32f9048e160a
+  loofah (2.23.0) sha256=a409cf88e5c808c1908e7d1b997df867d102be16e110e81eef43823dd24c7175
+  lookbook (2.3.3) sha256=580dd8d2242f2a702b0aea39fa40704ac5837ea89e0225134dea8e4151b97e45
   mail (2.8.1) sha256=ec3b9fadcf2b3755c78785cb17bc9a0ca9ee9857108a64b6f5cfc9c0b5bfc9ad
   maintenance_tasks (2.8.0) sha256=7ee8aa37ab39c6c3a5f4637878c1a343cc296596742248112458b922968d4a16
   marcel (1.0.4) sha256=0d5649feb64b8f19f3d3468b96c680bae9746335d02194270287868a661516a4
@@ -1262,7 +1262,7 @@ CHECKSUMS
   roadie (5.2.1) sha256=e4a4f61ce792bd91b228b6844b4bad6b160cdc1b8df86c81a8b983082a5001d6
   roadie-rails (3.2.0) sha256=90a534857fcfe9fdbe4f9ebfdbc47e5d33462c4f36f478fc80ba6a7b6257433f
   rotp (6.3.0) sha256=75d40087e65ed0d8022c33055a6306c1c400d1c12261932533b5d6cbcd868854
-  rouge (4.3.0) sha256=9ee3d9ec53338e78c03fff0cbcd08881d80d69152349b046761e48ccf2de581c
+  rouge (4.4.0) sha256=7a6d6d951e3202e4ce3926838625fa6edeb35680e6d1e3817f53c14212220b64
   rqrcode (2.2.0) sha256=23eea88bb44c7ee6d6cab9354d08c287f7ebcdc6112e1fe7bcc2d010d1ffefc1
   rqrcode_core (1.2.0) sha256=cf4989dc82d24e2877984738c4ee569308625fed2a810960f1b02d68d0308d1a
   rspec (3.13.0) sha256=d490914ac1d5a5a64a0e1400c1d54ddd2a501324d703b8cfe83f458337bab993
@@ -1347,8 +1347,8 @@ CHECKSUMS
   websocket-extensions (0.1.5) sha256=1c6ba63092cda343eb53fc657110c71c754c56484aad42578495227d717a8241
   xml-simple (1.1.9) sha256=d21131e519c86f1a5bc2b6d2d57d46e6998e47f18ed249b25cad86433dbd695d
   xpath (3.2.0) sha256=6dfda79d91bb3b949b947ecc5919f042ef2f399b904013eb3ef6d20dd3a4082e
-  yard (0.9.36) sha256=5505736c1b00c926f71053a606ab75f02070c5960d0778b901fe9d8b0a470be4
-  zeitwerk (2.7.0) sha256=a44c846861f2dfb571b834110a38f610dae5f15bac7ebf642a0d46b723da43a4
+  yard (0.9.37) sha256=a6e910399e78e613f80ba9add9ba7c394b1a935f083cccbef82903a3d2a26992
+  zeitwerk (2.7.1) sha256=0945986050e4907140895378e74df1fe882a2271ed087cc6c6d6b00d415a2756
   zlib (3.1.1) sha256=f61bb03139bbe256c36ba99ef9fece1fb223e9034ed9e5fa3ddb1588d99abc71
 
 RUBY VERSION

From e1d42701da0f67509987289bf6012ae799e876d9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 24 Oct 2024 14:13:57 +0000
Subject: [PATCH 311/381] Bump google-protobuf from 4.28.2 to 4.28.3

Bumps [google-protobuf](https://github.com/protocolbuffers/protobuf) from 4.28.2 to 4.28.3.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

---
updated-dependencies:
- dependency-name: google-protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 6c2a21cc4a9..a1eca050466 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -314,19 +314,19 @@ GEM
       fugit (>= 1.1)
       railties (>= 6.0.0)
       thor (>= 0.14.1)
-    google-protobuf (4.28.2)
+    google-protobuf (4.28.3)
       bigdecimal
       rake (>= 13)
-    google-protobuf (4.28.2-aarch64-linux)
+    google-protobuf (4.28.3-aarch64-linux)
       bigdecimal
       rake (>= 13)
-    google-protobuf (4.28.2-arm64-darwin)
+    google-protobuf (4.28.3-arm64-darwin)
       bigdecimal
       rake (>= 13)
-    google-protobuf (4.28.2-x86_64-darwin)
+    google-protobuf (4.28.3-x86_64-darwin)
       bigdecimal
       rake (>= 13)
-    google-protobuf (4.28.2-x86_64-linux)
+    google-protobuf (4.28.3-x86_64-linux)
       bigdecimal
       rake (>= 13)
     gravtastic (3.2.6)
@@ -1116,11 +1116,11 @@ CHECKSUMS
   get_process_mem (1.0.0) sha256=d54024f3bcbf776a4d6e0155ec2b21bc3ba44e2fd158c4c00c80aa8a36e0b4aa
   globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9
   good_job (3.99.1) sha256=7d3869d8a8ee8ef7048fee5d746f41c21987b7822c20038a2f773036bef0830a
-  google-protobuf (4.28.2) sha256=6841bb4566bc33fc2d59b4dd28bfd9308fc528545f21722e9f6e6fa566289c29
-  google-protobuf (4.28.2-aarch64-linux) sha256=a2ea5fc997adeed17a135a9fc46d05de69a6e4bf90c023c5ff1ab071c28bceea
-  google-protobuf (4.28.2-arm64-darwin) sha256=fe43de80f4818900c734dfb9076251ef582d200d4a21985675fc6e1500364602
-  google-protobuf (4.28.2-x86_64-darwin) sha256=e1247c97fd2fb882abc2b6aa2c25211dcf91769665d123358bff8177e9277f8e
-  google-protobuf (4.28.2-x86_64-linux) sha256=c7bb3952d150cb1a0544cef3e3a01ac87fdd190dbf7c26b2ff9e58629bab08ea
+  google-protobuf (4.28.3) sha256=c0ed86d6595257123ea9806dceed6ae158b6f8afde550cda2f565c5fa1df29b5
+  google-protobuf (4.28.3-aarch64-linux) sha256=7715ac58bad92f3297d02ed302879f03b6994fedcc63d20ec9bfd16b793c95ee
+  google-protobuf (4.28.3-arm64-darwin) sha256=cde7fa6b63349c79b1e9d815e6b4e3090bd98b7ac460bb282de3af03c4b9c0d5
+  google-protobuf (4.28.3-x86_64-darwin) sha256=f2c3aa765d43bd6aa62f5cb48f7c59e6b49a38dc65332b61625f26f7cb4c37f9
+  google-protobuf (4.28.3-x86_64-linux) sha256=2e4a2558b863024b296ac1dbceebb707c95f057a0ae1b5023a16440f209ba05a
   gravtastic (3.2.6) sha256=ef98abcecf7c402b61cff1ae7c50a2c6d97dd22bac21ea9b421ce05bc03d734f
   groupdate (6.5.1) sha256=a0a78d051a510d61864fe987f00089d8f03739741eadc41e6ad4ea6f786da110
   hashdiff (1.1.1) sha256=c7966316726e0ceefe9f5c6aef107ebc3ccfef8b6db55fe3934f046b2cf0936a

From 8dccbe9e7a751fe46b97c81dbe45af184502cab8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Oct 2024 14:30:26 +0000
Subject: [PATCH 312/381] Bump mocha from 2.4.5 to 2.5.0

Bumps [mocha](https://github.com/freerange/mocha) from 2.4.5 to 2.5.0.
- [Changelog](https://github.com/freerange/mocha/blob/main/RELEASE.md)
- [Commits](https://github.com/freerange/mocha/compare/v2.4.5...v2.5.0)

---
updated-dependencies:
- dependency-name: mocha
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 7dd49896903..7c104a4d80a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -140,7 +140,7 @@ group :test do
   gem "launchy", "~> 3.0"
   gem "rack-test", "~> 2.1", require: "rack/test"
   gem "rails-controller-testing", "~> 1.0"
-  gem "mocha", "~> 2.4", require: false
+  gem "mocha", "~> 2.5", require: false
   gem "shoulda-context", "~> 3.0.0.rc1"
   gem "shoulda-matchers", "~> 6.4"
   gem "selenium-webdriver", "~> 4.25"
diff --git a/Gemfile.lock b/Gemfile.lock
index a1eca050466..366c09478bb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -477,7 +477,7 @@ GEM
       ruby-progressbar
     minitest-retry (0.2.3)
       minitest (>= 5.0)
-    mocha (2.4.5)
+    mocha (2.5.0)
       ruby2_keywords (>= 0.0.5)
     msgpack (1.7.3)
     multi_json (1.15.0)
@@ -946,7 +946,7 @@ DEPENDENCIES
   minitest-gcstats (~> 1.3)
   minitest-reporters (~> 1.7)
   minitest-retry (~> 0.2.3)
-  mocha (~> 2.4)
+  mocha (~> 2.5)
   observer (~> 0.1.2)
   octokit (~> 9.2)
   omniauth (~> 2.1)
@@ -1182,7 +1182,7 @@ CHECKSUMS
   minitest-gcstats (1.3.1) sha256=cb25490f93aac02e3a5ff307e560d41afcdcafa7952c1c32efdeb9886b1f4711
   minitest-reporters (1.7.1) sha256=5060413a0c95b8c32fe73e0606f3631c173a884d7900e50013e15094eb50562c
   minitest-retry (0.2.3) sha256=7b7f4896efb9b931a1acb442a40e5273c441f44946cf4c6a8eb8895838e7bf29
-  mocha (2.4.5) sha256=b4c17e103a9b20ec9e21374f4e9be41006dbd20c5e7cb1c215f8ec56599a6112
+  mocha (2.5.0) sha256=7852595064e8ef4c6a3f6d8a5a5ab8c705168f913bb17929ab1c35f4dd4c7717
   msgpack (1.7.3) sha256=edb751dc3378020296365fef3197e5eeab8a7d9a571a25d046464d71b97d3012
   multi_json (1.15.0) sha256=1fd04138b6e4a90017e8d1b804c039031399866ff3fbabb7822aea367c78615d
   multi_xml (0.7.1) sha256=4fce100c68af588ff91b8ba90a0bb3f0466f06c909f21a32f4962059140ba61b

From a15d5844c58f0a73546d6bf4e949d1181f634a09 Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Fri, 25 Oct 2024 14:36:52 -0700
Subject: [PATCH 313/381] Fix alert icon color (#5169)

---
 app/views/components/alert_component.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/components/alert_component.rb b/app/views/components/alert_component.rb
index c9edce905db..6c5952c423b 100644
--- a/app/views/components/alert_component.rb
+++ b/app/views/components/alert_component.rb
@@ -48,7 +48,7 @@ def view_template(&)
     blue:    "fill-blue-500",
     green:   "fill-green-500",
     red:     "fill-red-400",
-    neutral: "fill-neutral-800"
+    neutral: "fill-neutral-800 dark:fill-neutral-500"
   }.freeze
 
   STYLES = {

From f550cecbe32e4081a2461e00a4c0ed2457cb87e6 Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Sat, 26 Oct 2024 13:03:32 -0700
Subject: [PATCH 314/381] Fix 500 in pages controller and add test coverage for
 all pages (#5170)

---
 app/helpers/pages_helper.rb            | 15 --------
 app/views/pages/download.html.erb      | 10 +++---
 test/integration/about_page_test.rb    | 16 ---------
 test/integration/pages_test.rb         | 49 ++++++++++++++++++++++----
 test/unit/helpers/pages_helper_test.rb | 35 ------------------
 5 files changed, 48 insertions(+), 77 deletions(-)
 delete mode 100644 app/helpers/pages_helper.rb
 delete mode 100644 test/integration/about_page_test.rb

diff --git a/app/helpers/pages_helper.rb b/app/helpers/pages_helper.rb
deleted file mode 100644
index 5c303f9476c..00000000000
--- a/app/helpers/pages_helper.rb
+++ /dev/null
@@ -1,15 +0,0 @@
-module PagesHelper
-  def version_number
-    version&.number || "0.0.0"
-  end
-
-  def version
-    Rubygem.current_rubygems_release
-  end
-
-  def subtitle
-    subtitle = "v#{version_number}"
-    subtitle += " - #{nice_date_for(version.authored_at)}" if version
-    subtitle
-  end
-end
diff --git a/app/views/pages/download.html.erb b/app/views/pages/download.html.erb
index bf823d20919..e1412a7237c 100644
--- a/app/views/pages/download.html.erb
+++ b/app/views/pages/download.html.erb
@@ -1,8 +1,10 @@
 <% @title = t('.title') %>
-<% @subtitle = subtitle %>
 
 <%= prose do %>
   <h2><%= @title %></h2>
+  <% if (rubygems_version = Rubygem.current_rubygems_release) %>
+    <h4><%= "v#{rubygems_version.number} - #{nice_date_for(rubygems_version.authored_at)}" %></h4>
+  <% end %>
   <p>
     RubyGems is a package management framework for Ruby.
     <br>
@@ -24,9 +26,9 @@
   </ol>
   <h4>Download the latest version</h4>
   <div id="formats" class="flex flex-row space-x-6">
-    <%= render ButtonComponent.new "tgz", "https://rubygems.org/rubygems/rubygems-#{version_number}.tgz", type: :link %>
-    <%= render ButtonComponent.new "zip", "https://rubygems.org/rubygems/rubygems-#{version_number}.zip", type: :link %>
-    <%= render ButtonComponent.new "gem", "https://rubygems.org/gems/rubygems-update-#{version_number}.gem", type: :link %>
+    <%= render ButtonComponent.new "tgz", "https://rubygems.org/rubygems/rubygems-#{rubygems_version}.tgz", type: :link %>
+    <%= render ButtonComponent.new "zip", "https://rubygems.org/rubygems/rubygems-#{rubygems_version}.zip", type: :link %>
+    <%= render ButtonComponent.new "gem", "https://rubygems.org/gems/rubygems-update-#{rubygems_version}.gem", type: :link %>
     <%= render ButtonComponent.new "git", "https://github.com/rubygems/rubygems", type: :link %>
   </div>
 <% end %>
diff --git a/test/integration/about_page_test.rb b/test/integration/about_page_test.rb
deleted file mode 100644
index ed6ea009813..00000000000
--- a/test/integration/about_page_test.rb
+++ /dev/null
@@ -1,16 +0,0 @@
-require "test_helper"
-
-class AboutPageTest < ActionDispatch::IntegrationTest
-  def assert_about_page_i18n(local)
-    get page_url("about"), params: { locale: local }
-
-    assert_response :success
-    assert page.has_content? I18n.t("pages.about.title")
-  end
-
-  test "about page i18n for all supported languages" do
-    I18n.available_locales.each do |locale|
-      assert_about_page_i18n locale
-    end
-  end
-end
diff --git a/test/integration/pages_test.rb b/test/integration/pages_test.rb
index 25cce82ef58..d326d207682 100644
--- a/test/integration/pages_test.rb
+++ b/test/integration/pages_test.rb
@@ -1,20 +1,55 @@
 require "test_helper"
 
 class PagesTest < SystemTest
-  test "renders existing page" do
-    visit "/"
-    click_link "About"
-
-    assert page.has_content? "Welcome to RubyGems.org"
-  end
-
   test "gracefully fails on unknown page" do
     assert_raises(ActionController::RoutingError) do
       visit "/pages/not-existing-one"
     end
+  end
 
+  test "it only allows html format" do
     assert_raises(ActionController::RoutingError) do
       visit "/pages/data.zip"
     end
   end
+
+  test "renders /pages/about for all supported languages" do
+    I18n.available_locales.each do |locale|
+      visit "/?locale=#{locale}"
+      click_link I18n.t("layouts.application.footer.about")
+
+      assert page.has_content? I18n.t("pages.about.title")
+    end
+  end
+
+  test "renders /pages/download" do
+    rubygem = create(:rubygem, name: "rubygems-update")
+    create(:version, number: "1.4.8", rubygem: rubygem)
+    create(:version,
+      number: "3.5.22",
+      created_at: Time.zone.local(2024, 10, 16),
+      rubygem: rubygem)
+
+    visit "/pages/download"
+
+    assert page.has_content?("v3.5.22 - October 16, 2024")
+  end
+
+  test "renders /pages/data" do
+    visit "/pages/data"
+
+    assert page.has_content?("PostgreSQL Data")
+  end
+
+  test "renders /pages/security" do
+    visit "/pages/security"
+
+    assert page.has_content?("Security")
+  end
+
+  test "renders /pages/sponsors" do
+    visit "/pages/sponsors"
+
+    assert page.has_content?("Sponsors")
+  end
 end
diff --git a/test/unit/helpers/pages_helper_test.rb b/test/unit/helpers/pages_helper_test.rb
index 6adce171e5d..f8517cdcf27 100644
--- a/test/unit/helpers/pages_helper_test.rb
+++ b/test/unit/helpers/pages_helper_test.rb
@@ -2,39 +2,4 @@
 
 class PagesHelperTest < ActionView::TestCase
   include RubygemsHelper
-
-  context "downloads" do
-    setup do
-      @rubygem = create(:rubygem, name: "rubygems-update")
-      @version_first = create(:version, number: "1.4.8", rubygem: @rubygem)
-      @version_last = create(:version,
-        number: "2.4.8",
-        built_at: Time.zone.local(2015, 1, 1),
-        rubygem: @rubygem)
-    end
-
-    should "return latest rubygem release version number" do
-      assert_equal @version_last.number, version_number
-    end
-
-    should "return 0.0.0 as version number if version doesn't exist" do
-      @rubygem.versions.each(&:destroy)
-
-      assert_equal "0.0.0", version_number
-    end
-
-    should "return latest rubygem release" do
-      assert_equal @version_last, version
-    end
-
-    should "return subtitle with release date and version number if both exist" do
-      assert_equal "v#{@version_last.number} - #{nice_date_for(@version_last.created_at)}", subtitle
-    end
-
-    should "return subtitle with only version number if version doesn't exist" do
-      @rubygem.destroy
-
-      assert_equal "v0.0.0", subtitle
-    end
-  end
 end

From b8f3151721c3a7dc3b65c133d3fb8f89a62e4d22 Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Mon, 28 Oct 2024 10:34:29 -0700
Subject: [PATCH 315/381] Propshaft (#5085)

---
 .gitignore                                    |   1 -
 Dockerfile                                    |   2 +-
 Gemfile                                       |   8 +-
 Gemfile.lock                                  |  59 ++-------
 app/assets/config/manifest.js                 |   7 --
 app/assets/images/icons.svg                   | 117 ++++++++++++++++++
 app/assets/stylesheets/application.css        |  34 +++--
 app/helpers/icon_helper.rb                    |   2 +-
 app/helpers/versions_helper.rb                |   2 +-
 app/views/layouts/_breadcrumbs.html.erb       |   9 +-
 app/views/layouts/application.html.erb        |   3 +-
 app/views/layouts/hammy.html.erb              |   5 +-
 config/application.rb                         |   1 -
 config/environments/development.rb            |   2 -
 config/environments/production.rb             |   6 -
 config/environments/staging.rb                |   4 -
 config/initializers/assets.rb                 |   5 -
 ...ub_buttons.css.scss => github_buttons.css} |   2 +-
 18 files changed, 161 insertions(+), 108 deletions(-)
 delete mode 100644 app/assets/config/manifest.js
 create mode 100644 app/assets/images/icons.svg
 rename vendor/assets/stylesheets/{github_buttons.css.scss => github_buttons.css} (98%)

diff --git a/.gitignore b/.gitignore
index fcfb8481101..80cf647e05c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,6 +26,5 @@ REVISION
 /.env*
 /.pumaenv.local
 /doc/erd.*
-
 /app/assets/builds/*
 !/app/assets/builds/.keep
diff --git a/Dockerfile b/Dockerfile
index 4def663466f..db689142888 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -91,7 +91,7 @@ COPY --link config/database.yml.sample /app/config/database.yml
 # Precompiling assets for production without requiring secret RAILS_MASTER_KEY
 RUN <<BASH
   set -ex
-  RAILS_GROUPS=assets SECRET_KEY_BASE_DUMMY=1 bin/rails assets:precompile
+  SECRET_KEY_BASE_DUMMY=1 bin/rails assets:precompile
   rm -fr /app/tmp/cache/assets/
 BASH
 
diff --git a/Gemfile b/Gemfile
index 7c104a4d80a..f1fee731abe 100644
--- a/Gemfile
+++ b/Gemfile
@@ -85,7 +85,7 @@ gem "csv", "~> 3.3" # zeitwerk-2.6.12
 gem "observer", "~> 0.1.2" # launchdarkly-server-sdk-8.0.0
 
 # Assets
-gem "sprockets-rails", "~> 3.5"
+gem "propshaft", "~> 1.1.0"
 gem "importmap-rails", "~> 2.0"
 gem "stimulus-rails", "~> 1.3" # this adds stimulus-loading.js so it must be available at runtime
 gem "local_time", "~> 3.0"
@@ -95,12 +95,6 @@ group :assets, :development do
   gem "tailwindcss-rails", "~> 3.0"
 end
 
-group :assets do
-  gem "dartsass-sprockets", "~> 3.1"
-  gem "terser", "~> 1.2"
-  gem "autoprefixer-rails", "~> 10.4"
-end
-
 group :development, :test do
   gem "pry-byebug", "~> 3.10"
   gem "toxiproxy", "~> 2.0"
diff --git a/Gemfile.lock b/Gemfile.lock
index 366c09478bb..620f32dc93c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -115,8 +115,6 @@ GEM
       ffi-compiler (~> 1.0)
     ast (2.4.2)
     attr_required (1.0.2)
-    autoprefixer-rails (10.4.19.0)
-      execjs (~> 2)
     avo (3.13.1)
       actionview (>= 6.1)
       active_link_to
@@ -215,12 +213,6 @@ GEM
       addressable
     csv (3.3.0)
     dalli (3.2.8)
-    dartsass-sprockets (3.1.0)
-      railties (>= 4.0.0)
-      sassc-embedded (~> 1.69)
-      sprockets (> 3.0)
-      sprockets-rails
-      tilt
     datadog (2.4.0)
       debase-ruby_core_source (= 3.3.1)
       libdatadog (~> 12.0.0.1.0)
@@ -265,7 +257,6 @@ GEM
     erubi (1.13.0)
     et-orbi (1.2.11)
       tzinfo
-    execjs (2.9.1)
     factory_bot (6.4.5)
       activesupport (>= 5.0.0)
     factory_bot_rails (6.4.3)
@@ -570,6 +561,11 @@ GEM
     pp (0.5.0)
       prettyprint
     prettyprint (0.2.0)
+    propshaft (1.1.0)
+      actionpack (>= 7.0.0)
+      activesupport (>= 7.0.0)
+      rack
+      railties (>= 7.0.0)
     prosopite (1.4.2)
     pry (0.14.1)
       coderay (~> 1.1)
@@ -736,21 +732,6 @@ GEM
     rubyzip (2.3.2)
     safety_net_attestation (0.4.0)
       jwt (~> 2.0)
-    sass-embedded (1.72.0)
-      google-protobuf (>= 3.25, < 5.0)
-      rake (>= 13.0.0)
-    sass-embedded (1.72.0-aarch64-linux-gnu)
-      google-protobuf (>= 3.25, < 5.0)
-    sass-embedded (1.72.0-arm64-darwin)
-      google-protobuf (>= 3.25, < 5.0)
-    sass-embedded (1.72.0-x86_64-darwin)
-      google-protobuf (>= 3.25, < 5.0)
-    sass-embedded (1.72.0-x86_64-linux-gnu)
-      google-protobuf (>= 3.25, < 5.0)
-    sass-embedded (1.72.0-x86_64-linux-musl)
-      google-protobuf (>= 3.25, < 5.0)
-    sassc-embedded (1.70.1)
-      sass-embedded (~> 1.70)
     sawyer (0.9.2)
       addressable (>= 2.3.5)
       faraday (>= 0.17.3, < 3)
@@ -787,13 +768,6 @@ GEM
     snaky_hash (2.0.1)
       hashie
       version_gem (~> 1.1, >= 1.1.1)
-    sprockets (4.2.1)
-      concurrent-ruby (~> 1.0)
-      rack (>= 2.2.4, < 4)
-    sprockets-rails (3.5.2)
-      actionpack (>= 6.1)
-      activesupport (>= 6.1)
-      sprockets (>= 3.0.0)
     statsd-instrument (3.9.3)
     stimulus-rails (1.3.4)
       railties (>= 6.0.0)
@@ -813,10 +787,7 @@ GEM
     tailwindcss-ruby (3.4.14-arm64-darwin)
     tailwindcss-ruby (3.4.14-x86_64-darwin)
     tailwindcss-ruby (3.4.14-x86_64-linux)
-    terser (1.2.4)
-      execjs (>= 0.3.0, < 3)
     thor (1.3.2)
-    tilt (2.3.0)
     timeout (0.4.1)
     timescaledb (0.3.0)
       activerecord
@@ -893,7 +864,6 @@ PLATFORMS
 DEPENDENCIES
   aggregate_assertions (~> 0.2.0)
   amazing_print (~> 1.6)
-  autoprefixer-rails (~> 10.4)
   avo (~> 3.13)
   avo-advanced (~> 3.13)!
   avo_upgrade (~> 0.1.1)
@@ -910,7 +880,6 @@ DEPENDENCIES
   compact_index (~> 0.15.0)
   csv (~> 3.3)
   dalli (~> 3.2)
-  dartsass-sprockets (~> 3.1)
   datadog (~> 2.4)
   datadog-ci (~> 1.8)
   derailed_benchmarks (~> 2.2)
@@ -960,6 +929,7 @@ DEPENDENCIES
   pghero (~> 3.6)
   phlex-rails (~> 1.2)
   pp (= 0.5.0)
+  propshaft (~> 1.1.0)
   prosopite (~> 1.4)
   pry-byebug (~> 3.10)
   puma (~> 6.4)
@@ -993,12 +963,10 @@ DEPENDENCIES
   shoulda-matchers (~> 6.4)
   simplecov (~> 0.22)
   simplecov-cobertura (~> 2.1)
-  sprockets-rails (~> 3.5)
   statsd-instrument (~> 3.9)
   stimulus-rails (~> 1.3)
   strong_migrations (~> 2.0)
   tailwindcss-rails (~> 3.0)
-  terser (~> 1.2)
   timescaledb (~> 0.3)
   toxiproxy (~> 2.0)
   unpwn (~> 1.0)
@@ -1031,7 +999,6 @@ CHECKSUMS
   argon2 (2.3.0) sha256=980ef65172bf512ad37b6cbb0d61eef40b6dccab6a7db4e70557527e1dce9557
   ast (2.4.2) sha256=1e280232e6a33754cde542bc5ef85520b74db2aac73ec14acef453784447cc12
   attr_required (1.0.2) sha256=f0ebfc56b35e874f4d0ae799066dbc1f81efefe2364ca3803dc9ea6a4de6cb99
-  autoprefixer-rails (10.4.19.0) sha256=ccd21f47e5a07a581c7d239025e0d8d06a005825e96e06f72382d818fe665f4e
   avo (3.13.1) sha256=6fd001bda35c4b307579fbc6f597de60d89846b04b96d2bc4cb06bcd54b5945b
   avo-advanced (3.13.1) sha256=87d87a6e0837dbeab549428f3afbcb0e0c81e23e46de62dffd0a1270bffc1d0e
   avo-dashboards (3.13.1) sha256=073cdbb7c7e9ad46693291d6d5976bdba1a900bf572376a88e02b793f9e4e528
@@ -1077,7 +1044,6 @@ CHECKSUMS
   css_parser (1.19.1) sha256=1940dce01e3b9be18d6880e6d65162d984cc04ff28998cf4759beb999275209e
   csv (3.3.0) sha256=0bbd1defdc31134abefed027a639b3723c2753862150f4c3ee61cab71b20d67d
   dalli (3.2.8) sha256=2e63595084d91fae2655514a02c5d4fc0f16c0799893794abe23bf628bebaaa5
-  dartsass-sprockets (3.1.0) sha256=c238ec9f7f496489ac5a7813cd1f83d1e077a1826921acefc7e290a521b7a20a
   datadog (2.4.0) sha256=3d30038eecb59cb7960cbb9e5eb32ee029b6516203698b4d4454b01688ca0aab
   datadog-ci (1.8.1) sha256=c461acd83d36b5894716ea7b1c207fd4b7fa103994c0773e3936a68da4dfa594
   date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
@@ -1094,7 +1060,6 @@ CHECKSUMS
   email_validator (2.2.4) sha256=5ab238095bec7aef9389f230e9e0c64c5081cdf91f19d6c5cecee0a93af20604
   erubi (1.13.0) sha256=fca61b47daefd865d0fb50d168634f27ad40181867445badf6427c459c33cd62
   et-orbi (1.2.11) sha256=d26e868cc21db88280a9ec1a50aa3da5d267eb9b2037ba7b831d6c2731f5df64
-  execjs (2.9.1) sha256=e8fd066f6df60c8e8fbebc32c6fb356b5212c77374e8416a9019ca4bb154dcfb
   factory_bot (6.4.5) sha256=d71dd29bc95f0ec2bf27e3dd9b1b4d557bd534caca744663cb7db4bacf3198be
   factory_bot_rails (6.4.3) sha256=ea73ceac1c0ff3dc11fff390bf2ea8a2604066525ed8ecd3b3bc2c267226dcc8
   faraday (2.12.0) sha256=d106d0b1bc2548a8c0c34619a657a5e4aeae2780f951b0e095c8f803bbbf4517
@@ -1222,6 +1187,7 @@ CHECKSUMS
   phlex-rails (1.2.1) sha256=1d80709c02114cda869951d22bfca189b5f208d1eb89f2e6fafbe3c0240a822f
   pp (0.5.0) sha256=f8f40bc2ba9e1ab351b9458151da3a89f46034f7f599a8e0a06abb9b9f4411dd
   prettyprint (0.2.0) sha256=2bc9e15581a94742064a3cc8b0fb9d45aae3d03a1baa6ef80922627a0766f193
+  propshaft (1.1.0) sha256=d389361faf66aeb17e8d204828962c1e506edd14a1a17adb3fa475435c070f6b
   prosopite (1.4.2) sha256=b2e422e2d9dbf3ce20130ded3252fe14adb3833555eacd451f5015d8c9177e79
   pry (0.14.1) sha256=99b6df0665875dd5a39d85e0150aa5a12e2bb4fef401b6c4f64d32ee502f8454
   pry-byebug (3.10.1) sha256=c8f975c32255bfdb29e151f5532130be64ff3d0042dc858d0907e849125581f8
@@ -1284,13 +1250,6 @@ CHECKSUMS
   ruby2_keywords (0.0.5) sha256=ffd13740c573b7301cf7a2e61fc857b2a8e3d3aff32545d6f8300d8bae10e3ef
   rubyzip (2.3.2) sha256=3f57e3935dc2255c414484fbf8d673b4909d8a6a57007ed754dde39342d2373f
   safety_net_attestation (0.4.0) sha256=96be2d74e7ed26453a51894913449bea0e072f44490021545ac2d1c38b0718ce
-  sass-embedded (1.72.0) sha256=05d3e53092022a4b4eef5b76b9597c7f2af4e4efb06812e1a60e3601189a3d2e
-  sass-embedded (1.72.0-aarch64-linux-gnu) sha256=cbe3b303bb2acf784a46e98cbb22b5218f1607524dc66c00f5bd3b32f029eae4
-  sass-embedded (1.72.0-arm64-darwin) sha256=24bbb0fe3cb255070c0bd7d44ee330b1226bd02647a4390d6f50e706a3819a4a
-  sass-embedded (1.72.0-x86_64-darwin) sha256=f8b4940847cda523b418b8d1354dfb22464ca1f108d05be3e0d2bab7643d8757
-  sass-embedded (1.72.0-x86_64-linux-gnu) sha256=33ecf2737eb685dc61853652312b0395c645b30578fc0d853d4b15f67cab1f3c
-  sass-embedded (1.72.0-x86_64-linux-musl) sha256=52161ecf9927251a463f8f9d34364940cfe881b47c10b57fdcb6f8e813c91995
-  sassc-embedded (1.70.1) sha256=a95172c9c6725dfc412c702a0e705fb8a5bcb3aac2a32586b18e5432987103d3
   sawyer (0.9.2) sha256=fa3a72d62a4525517b18857ddb78926aab3424de0129be6772a8e2ba240e7aca
   searchkick (5.4.0) sha256=75d7256d3ec2af2dc11c2ba8160c86d80451f3f86447aae2ace1f79553de0bf3
   securerandom (0.3.1) sha256=98f0450c0ea46d2f9a4b6db4f391dbd83dc08049592eada155739f40e0341bde
@@ -1306,8 +1265,6 @@ CHECKSUMS
   simplecov_json_formatter (0.1.4) sha256=529418fbe8de1713ac2b2d612aa3daa56d316975d307244399fa4838c601b428
   smart_properties (1.17.0) sha256=f9323f8122e932341756ddec8e0ac9ec6e238408a7661508be99439ca6d6384b
   snaky_hash (2.0.1) sha256=1ac87ec157fcfe7a460e821e0cd48ae1e6f5e3e082ab520f03f31a9259dbdc31
-  sprockets (4.2.1) sha256=951b13dd2f2fcae840a7184722689a803e0ff9d2702d902bd844b196da773f97
-  sprockets-rails (3.5.2) sha256=a9e88e6ce9f8c912d349aa5401509165ec42326baf9e942a85de4b76dbc4119e
   statsd-instrument (3.9.3) sha256=b23508e3565b61129fe4464a52b155e5761b2612ec052d50cde16af8ea0e2e30
   stimulus-rails (1.3.4) sha256=765676ffa1f33af64ce026d26b48e8ffb2e0b94e0f50e9119e11d6107d67cb06
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
@@ -1319,9 +1276,7 @@ CHECKSUMS
   tailwindcss-ruby (3.4.14-arm64-darwin) sha256=439ea278878d42b40f775db3783b8fd7d25fa969fd8c11f42436ba064752ae3a
   tailwindcss-ruby (3.4.14-x86_64-darwin) sha256=add1f6c63cfb7851557323ef7bc7ed49d927ba610b4b363d1066389232ade3ef
   tailwindcss-ruby (3.4.14-x86_64-linux) sha256=c23dec24cb855d748750e8f4bca1b048a1e617f381e81336c8ab65ede7e84d5c
-  terser (1.2.4) sha256=c85f46e0fcdeef4a52639cbb6dd6b359bf0151d035206b072366e7dac379cc83
   thor (1.3.2) sha256=eef0293b9e24158ccad7ab383ae83534b7ad4ed99c09f96f1a6b036550abbeda
-  tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c
   timeout (0.4.1) sha256=6f1f4edd4bca28cffa59501733a94215407c6960bd2107331f0280d4abdebb9a
   timescaledb (0.3.0) sha256=9ce2b39417d30544054cb609fbd84e18e304c7b7952a793846b8f4489551a28f
   toxiproxy (2.0.2) sha256=2e3b53604fb921d40da3db8f78a52b3133fcae33e93d440725335b15974e440a
diff --git a/app/assets/config/manifest.js b/app/assets/config/manifest.js
deleted file mode 100644
index c0134c6bbde..00000000000
--- a/app/assets/config/manifest.js
+++ /dev/null
@@ -1,7 +0,0 @@
-//= link application.css
-//= link hammy.css
-//= link_tree ../../../vendor/assets/images
-//= link_tree ../builds
-//= link_tree ../../javascript .js
-//= link_tree ../../javascript/src .js
-//= link_tree ../../../vendor/javascript .js
diff --git a/app/assets/images/icons.svg b/app/assets/images/icons.svg
new file mode 100644
index 00000000000..321ab50e6af
--- /dev/null
+++ b/app/assets/images/icons.svg
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="utf-8"?>
+<svg xmlns="http://www.w3.org/2000/svg">
+  <defs>
+    <symbol viewBox="0 0 32 32" id="logo">
+      <path d="M10.4 10.5l-3.9 4L16 24l9.6-9.5-3.9-4H10.4ZM16 29 4.7 22.5V9.5L16 3 27.3 9.5v13L16 29ZM2 8V24l14 8 14-8V8L16 0 2 8Z"/>
+    </symbol>
+
+    <!-- Material icons -->
+    <symbol id="arrow-circle-right" viewBox="0 0 24 24" enable-background="new 0 0 24 24">
+      <g>
+        <rect fill="none" height="24" width="24"/>
+        <rect fill="none" height="24" width="24"/>
+      </g>
+      <g>
+        <path d="M22,12c0-5.52-4.48-10-10-10C6.48,2,2,6.48,2,12s4.48,10,10,10C17.52,22,22,17.52,22,12z M12,14.79V13H9 c-0.55,0-1-0.45-1-1s0.45-1,1-1h3V9.21c0-0.45,0.54-0.67,0.85-0.35l2.79,2.79c0.2,0.2,0.2,0.51,0,0.71l-2.79,2.79 C12.54,15.46,12,15.24,12,14.79z"/>
+      </g>
+    </symbol>
+    <symbol id="arrow-drop-down" viewBox="0 0 24 24">
+      <path d="M0 0h24v24H0V0z" fill="none"/>
+      <path d="M8.71 11.71l2.59 2.59c.39.39 1.02.39 1.41 0l2.59-2.59c.63-.63.18-1.71-.71-1.71H9.41c-.89 0-1.33 1.08-.7 1.71z"/>
+    </symbol>
+    <symbol id="chevron-right" viewBox="0 0 960 1147"><path d="M518 576L355 413q-8-8-8.5-20.5T355 371q9-9 21-9t21 9l180 180q5 5 7.5 11.5T587 576q0 7-2.5 13.5T577 601L397 781q-8 8-20.5 8.5T355 781q-9-9-9-21t9-21l163-163z"/></symbol>
+    <symbol id="close" viewBox="0 0 24 24">
+      <path d="M0 0h24v24H0V0z" fill="none"/>
+      <path d="M18.3 5.71c-.39-.39-1.02-.39-1.41 0L12 10.59 7.11 5.7c-.39-.39-1.02-.39-1.41 0-.39.39-.39 1.02 0 1.41L10.59 12 5.7 16.89c-.39.39-.39 1.02 0 1.41.39.39 1.02.39 1.41 0L12 13.41l4.89 4.89c.39.39 1.02.39 1.41 0 .39-.39.39-1.02 0-1.41L13.41 12l4.89-4.89c.38-.38.38-1.02 0-1.4z"/>
+    </symbol>
+    <symbol id="error" viewBox="0 0 24 24">
+      <path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm0 11c-.55 0-1-.45-1-1V8c0-.55.45-1 1-1s1 .45 1 1v4c0 .55-.45 1-1 1zm1 4h-2v-2h2v2z"/>
+    </symbol>
+    <symbol id="content-copy" viewBox="0 0 24 24" enable-background="new 0 0 24 24">
+      <g>
+        <rect fill="none" height="24" width="24"/>
+      </g>
+      <g>
+        <path d="M15,20H5V7c0-0.55-0.45-1-1-1h0C3.45,6,3,6.45,3,7v13c0,1.1,0.9,2,2,2h10c0.55,0,1-0.45,1-1v0C16,20.45,15.55,20,15,20z M20,16V4c0-1.1-0.9-2-2-2H9C7.9,2,7,2.9,7,4v12c0,1.1,0.9,2,2,2h9C19.1,18,20,17.1,20,16z M18,16H9V4h9V16z"/>
+      </g>
+    </symbol>
+    <symbol id="history" viewBox="0 0 24 24">
+      <path d="M0 0h24v24H0V0z" fill="none"/>
+      <path d="M13.26 3C8.17 2.86 4 6.95 4 12H2.21c-.45 0-.67.54-.35.85l2.79 2.8c.2.2.51.2.71 0l2.79-2.8c.31-.31.09-.85-.36-.85H6c0-3.9 3.18-7.05 7.1-7 3.72.05 6.85 3.18 6.9 6.9.05 3.91-3.1 7.1-7 7.1-1.61 0-3.1-.55-4.28-1.48-.4-.31-.96-.28-1.32.08-.42.42-.39 1.13.08 1.49C9 20.29 10.91 21 13 21c5.05 0 9.14-4.17 9-9.26-.13-4.69-4.05-8.61-8.74-8.74zm-.51 5c-.41 0-.75.34-.75.75v3.68c0 .35.19.68.49.86l3.12 1.85c.36.21.82.09 1.03-.26.21-.36.09-.82-.26-1.03l-2.88-1.71v-3.4c0-.4-.34-.74-.75-.74z"/>
+    </symbol>
+    <symbol id="house-siding" viewBox="0 0 960 1147"><path d="M274 796v90q0 13-8.5 21.5T244 916q-13 0-21.5-8.5T214 886V512l-94 71q-11 7-22.5 6T78 577q-7-10-6-22t12-20l352-266q10-7 21-10.5t23-3.5q12 0 23 3.5t21 10.5l352 266q10 8 12 20t-6 22q-8 11-19.5 12t-22.5-6l-93-71v374q0 13-9 21.5t-21 8.5q-13 0-21.5-8.5T687 886v-90H274zm0-215h413v-96H274v96zm0 155h413v-95H274v95zm54-311h304L480 312 328 425z"/></symbol>
+
+    <symbol id="keyboard-arrow-down" viewBox="0 0 24 24">
+      <path d="M8.12 9.29L12 13.17l3.88-3.88c.39-.39 1.02-.39 1.41 0 .39.39.39 1.02 0 1.41l-4.59 4.59c-.39.39-1.02.39-1.41 0L6.7 10.7c-.39-.39-.39-1.02 0-1.41.39-.38 1.03-.39 1.42 0z"/>
+    </symbol>
+    <symbol id="keyboard-arrow-up" viewBox="0 0 24 24">
+      <path d="M8.12 14.71L12 10.83l3.88 3.88c.39.39 1.02.39 1.41 0 .39-.39.39-1.02 0-1.41L12.7 8.71c-.39-.39-1.02-.39-1.41 0L6.7 13.3c-.39.39-.39 1.02 0 1.41.39.38 1.03.39 1.42 0z"/>
+    </symbol>
+    <symbol id="language" viewBox="0 0 24 24">
+      <path d="M0 0h24v24H0V0z" fill="none"/>
+      <path d="M11.99 2C6.47 2 2 6.48 2 12s4.47 10 9.99 10C17.52 22 22 17.52 22 12S17.52 2 11.99 2zm6.93 6h-2.95c-.32-1.25-.78-2.45-1.38-3.56 1.84.63 3.37 1.91 4.33 3.56zM12 4.04c.83 1.2 1.48 2.53 1.91 3.96h-3.82c.43-1.43 1.08-2.76 1.91-3.96zM4.26 14C4.1 13.36 4 12.69 4 12s.1-1.36.26-2h3.38c-.08.66-.14 1.32-.14 2s.06 1.34.14 2H4.26zm.82 2h2.95c.32 1.25.78 2.45 1.38 3.56-1.84-.63-3.37-1.9-4.33-3.56zm2.95-8H5.08c.96-1.66 2.49-2.93 4.33-3.56C8.81 5.55 8.35 6.75 8.03 8zM12 19.96c-.83-1.2-1.48-2.53-1.91-3.96h3.82c-.43 1.43-1.08 2.76-1.91 3.96zM14.34 14H9.66c-.09-.66-.16-1.32-.16-2s.07-1.35.16-2h4.68c.09.65.16 1.32.16 2s-.07 1.34-.16 2zm.25 5.56c.6-1.11 1.06-2.31 1.38-3.56h2.95c-.96 1.65-2.49 2.93-4.33 3.56zM16.36 14c.08-.66.14-1.32.14-2s-.06-1.34-.14-2h3.38c.16.64.26 1.31.26 2s-.1 1.36-.26 2h-3.38z"/>
+    </symbol>
+    <symbol id="menu" viewBox="0 0 24 24">
+      <path d="M0 0h24v24H0V0z" fill="none"/>
+      <path d="M4 18h16c.55 0 1-.45 1-1s-.45-1-1-1H4c-.55 0-1 .45-1 1s.45 1 1 1zm0-5h16c.55 0 1-.45 1-1s-.45-1-1-1H4c-.55 0-1 .45-1 1s.45 1 1 1zM3 7c0 .55.45 1 1 1h16c.55 0 1-.45 1-1s-.45-1-1-1H4c-.55 0-1 .45-1 1z"/>
+    </symbol>
+    <symbol id="search" viewBox="0 0 24 24">
+      <path d="M9.7 14.1c-1.3 0-2.4-.4-3.3-1.3-.9-.9-1.3-2-1.3-3.3s.4-2.4 1.3-3.3c.9-.9 2-1.3 3.3-1.3 1.3 0 2.4.4 3.3 1.3.9.9 1.3 2 1.3 3.3s-.4 2.4-1.3 3.3c-.9.9-2 1.3-3.3 1.3Zm0 1.5c.7 0 1.4-.1 2-.3.7-.3 1.2-.6 1.7-1l5.8 5.8c.1.1.3.2.5.2s.4-.1.5-.2c.2-.2.3-.4.2-.6 0-.2 0-.4-.2-.5l-5.7-5.8c.4-.4.7-1 .9-1.7.3-.6.4-1.3.4-2 0-1.7-.6-3.2-1.8-4.3C12.8 4 11.4 3.4 9.7 3.4 8 3.4 6.5 4 5.3 5.2 4.2 6.3 3.6 7.8 3.6 9.5s.6 3.2 1.7 4.3C6.5 15 8 15.6 9.7 15.6Z"/>
+    </symbol>
+    <symbol id="settings" viewBox="0 0 24 24" enable-background="new 0 0 24 24">
+      <rect fill="none" height="24" width="24"/>
+      <path d="M19.5,12c0-0.23-0.01-0.45-0.03-0.68l1.86-1.41c0.4-0.3,0.51-0.86,0.26-1.3l-1.87-3.23c-0.25-0.44-0.79-0.62-1.25-0.42 l-2.15,0.91c-0.37-0.26-0.76-0.49-1.17-0.68l-0.29-2.31C14.8,2.38,14.37,2,13.87,2h-3.73C9.63,2,9.2,2.38,9.14,2.88L8.85,5.19 c-0.41,0.19-0.8,0.42-1.17,0.68L5.53,4.96c-0.46-0.2-1-0.02-1.25,0.42L2.41,8.62c-0.25,0.44-0.14,0.99,0.26,1.3l1.86,1.41 C4.51,11.55,4.5,11.77,4.5,12s0.01,0.45,0.03,0.68l-1.86,1.41c-0.4,0.3-0.51,0.86-0.26,1.3l1.87,3.23c0.25,0.44,0.79,0.62,1.25,0.42 l2.15-0.91c0.37,0.26,0.76,0.49,1.17,0.68l0.29,2.31C9.2,21.62,9.63,22,10.13,22h3.73c0.5,0,0.93-0.38,0.99-0.88l0.29-2.31 c0.41-0.19,0.8-0.42,1.17-0.68l2.15,0.91c0.46,0.2,1,0.02,1.25-0.42l1.87-3.23c0.25-0.44,0.14-0.99-0.26-1.3l-1.86-1.41 C19.49,12.45,19.5,12.23,19.5,12z M12.04,15.5c-1.93,0-3.5-1.57-3.5-3.5s1.57-3.5,3.5-3.5s3.5,1.57,3.5,3.5S13.97,15.5,12.04,15.5z"/>
+    </symbol>
+    <symbol id="tune" viewBox="0 0 24 24">
+      <path d="M0 0h24v24H0V0z" fill="none"/>
+      <path d="M3 18c0 .55.45 1 1 1h5v-2H4c-.55 0-1 .45-1 1zM3 6c0 .55.45 1 1 1h9V5H4c-.55 0-1 .45-1 1zm10 14v-1h7c.55 0 1-.45 1-1s-.45-1-1-1h-7v-1c0-.55-.45-1-1-1s-1 .45-1 1v4c0 .55.45 1 1 1s1-.45 1-1zM7 10v1H4c-.55 0-1 .45-1 1s.45 1 1 1h3v1c0 .55.45 1 1 1s1-.45 1-1v-4c0-.55-.45-1-1-1s-1 .45-1 1zm14 2c0-.55-.45-1-1-1h-9v2h9c.55 0 1-.45 1-1zm-5-3c.55 0 1-.45 1-1V7h3c.55 0 1-.45 1-1s-.45-1-1-1h-3V4c0-.55-.45-1-1-1s-1 .45-1 1v4c0 .55.45 1 1 1z"/>
+    </symbol>
+    <symbol id="warning" viewBox="0 0 24 24">
+      <path d="M4.47 21h15.06c1.54 0 2.5-1.67 1.73-3L13.73 4.99c-.77-1.33-2.69-1.33-3.46 0L2.74 18c-.77 1.33.19 3 1.73 3zM12 14c-.55 0-1-.45-1-1v-2c0-.55.45-1 1-1s1 .45 1 1v2c0 .55-.45 1-1 1zm1 4h-2v-2h2v2z"/>
+    </symbol>
+
+    <symbol viewBox="0 0 24 24" id="profile">
+      <path d="M2.1 20.5A14.2 14.2 90 016.5 17.6C8.2 16.9 10 16.5 12 16.5 13.9 16.5 15.8 16.9 17.4 17.6A14.2 14.2 90 0121.9 20.5V2.6A.4.4 90 0021.7 2.3.4.4 90 0021.4 2.1H2.6A.4.4 90 002.3 2.3.4.4 90 002.1 2.6V20.5ZM12 14.4C13.3 14.4 14.4 14 15.2 13.1S16.6 11.1 16.6 9.8C16.6 8.5 16.1 7.5 15.2 6.6S13.3 5.2 12 5.2C10.7 5.2 9.6 5.7 8.7 6.6S7.4 8.5 7.4 9.8C7.4 11.1 7.9 12.2 8.7 13.1S10.7 14.4 12 14.4ZM2.6 24C1.8 24 1.2 23.7.7 23.3.2 22.8 0 22.2 0 21.4V2.6C0 1.8.2 1.2.7.7 1.2.2 1.8 0 2.6 0H21.4C22.2 0 22.8.2 23.3.7 23.7 1.2 24 1.8 24 2.6V21.4C24 22.2 23.7 22.8 23.3 23.3 22.8 23.7 22.2 24 21.4 24H2.6ZM3.8 21.9H20.2C19 20.8 17.7 20 16.3 19.4A12 12 90 0012 18.6C10.6 18.6 9.1 18.9 7.7 19.4 6.3 20 4.9 20.8 3.8 21.9ZM12 12.3A2.4 2.4 90 0110.3 11.6 2.4 2.4 90 019.5 9.8C9.5 9.1 9.8 8.6 10.3 8.1A2.4 2.4 90 0112 7.3C12.7 7.3 13.3 7.6 13.7 8.1 14.2 8.6 14.5 9.1 14.5 9.8 14.5 10.5 14.2 11.1 13.7 11.6A2.4 2.4 90 0112 12.3Z"/>
+    </symbol>
+    <symbol viewBox="0 0 32 32" id="toast">
+      <path fill-rule="evenodd" clip-rule="evenodd" d="M16 30a14 14 0 1 0 0-28 14 14 0 0 0 0 28Zm0 2a16 16 0 1 0 0-32 16 16 0 0 0 0 32ZM8 16a1 1 0 0 0 1 1h11.586l-4.294 4.293a1.001 1.001 0 0 0 1.416 1.416l6-6a1 1 0 0 0 0-1.416l-6-6a1.002 1.002 0 0 0-1.416 1.416l4.294 4.292H9a1 1 0 0 0-1 1Z"/>
+    </symbol>
+    <symbol viewBox="0 0 24 24" id="history">
+      <path d="M12 23.9c-2.8 0-5.3-.9-7.4-2.6-2.1-1.7-3.5-3.9-4.1-6.6a.9.9 90 01.1-.8 1 1 90 01.7-.4 1.1 1.1 90 01.8.2c.2.2.4.4.5.7.5 2.2 1.7 3.9 3.4 5.3 1.8 1.4 3.8 2.1 6 2.1 2.7 0 5-1 6.9-2.9s2.9-4.2 2.9-6.9-1-5-2.9-6.9C17 3.2 14.7 2.2 12 2.2a9.4 9.4 90 00-4.3 1A10.6 10.6 90 004.2 6h2.6c.3 0 .5.1.7.3a1 1 90 01.3.7 1 1 90 01-.3.7 1 1 90 01-.7.3H2a1.2 1.2 90 01-.9-.4 1.2 1.2 90 01-.4-.9V2.1c0-.3.1-.5.3-.7a1 1 90 01.7-.3c.3 0 .5.1.7.3a1 1 90 01.3.7v2.3A11.9 11.9 90 017 1.2a11.7 11.7 90 015-1.1 11.6 11.6 90 014.6.9c1.4.6 2.7 1.5 3.8 2.5a12.1 12.1 90 012.5 3.8 11.6 11.6 90 01.9 4.6c0 1.7-.3 3.2-.9 4.6a12 12 90 01-2.5 3.8 12 12 90 01-3.8 2.5 11.6 11.6 90 01-4.6.9Zm1.1-12.3 3.8 3.9a1 1 90 01.3.7 1 1 90 01-.3.7 1 1 90 01-.7.3 1 1 90 01-.7-.3l-4.1-4.1a1.3 1.3 90 01-.4-.9V6.1c0-.3.1-.5.3-.7a1 1 90 01.7-.3c.3 0 .5.1.7.3a1 1 90 01.3.7v5.5Z"/>
+    </symbol>
+    <symbol viewBox="0 0 60 60" id="ruby-central">
+      <path fill-rule="evenodd" clip-rule="evenodd" d="M9.362 11.513a9.603 9.603 0 0 1 9.604-9.604h21.131a9.605 9.605 0 0 1 9.605 9.604v21.131a9.606 9.606 0 0 1-9.605 9.605h-21.13a9.605 9.605 0 0 1-9.605-9.605v-21.13ZM44.33 21.886c0 8.063-6.537 14.6-14.6 14.6s-14.599-6.537-14.599-14.6 6.536-14.6 14.6-14.6 14.599 6.537 14.599 14.6ZM27.164 13.05c-.984 0-1.92.418-2.577 1.149L21.4 17.742a3.467 3.467 0 0 0-.1 4.518l5.916 7.196a3.467 3.467 0 0 0 5.354 0l5.916-7.196a3.467 3.467 0 0 0-.1-4.518l-3.187-3.544a3.467 3.467 0 0 0-2.577-1.15h-5.458ZM26.591 16a.77.77 0 0 1 .573-.254h5.458c.219 0 .426.093.573.254l3.186 3.545a.77.77 0 0 1 .022 1.004l-5.915 7.197a.77.77 0 0 1-1.19 0l-5.915-7.197a.77.77 0 0 1 .022-1.004L26.591 16Zm32.113 40.033c.05.049.108.074.178.074h.868a.24.24 0 0 0 .177-.074.238.238 0 0 0 .073-.177v-6.917a.24.24 0 0 0-.073-.18.243.243 0 0 0-.177-.072h-.868a.245.245 0 0 0-.178.073.246.246 0 0 0-.073.179v6.917c0 .07.025.13.073.177Zm-4.164.178c-.361 0-.689-.07-.982-.209a1.907 1.907 0 0 1-.7-.576 1.403 1.403 0 0 1-.25-.814 1.365 1.365 0 0 1 .584-1.16c.397-.293.92-.488 1.568-.585l1.432-.21v-.218c0-.293-.073-.52-.22-.68-.146-.16-.397-.24-.752-.24a1.112 1.112 0 0 0-.617.156.91.91 0 0 0-.345.398.266.266 0 0 1-.24.135h-.826c-.076 0-.135-.02-.177-.062a.256.256 0 0 1-.053-.168 1.062 1.062 0 0 1 .137-.407c.083-.16.216-.314.397-.46.18-.153.414-.282.7-.386.286-.105.63-.157 1.034-.157.44 0 .808.055 1.109.167a1.862 1.862 0 0 1 .73.428c.182.181.314.395.398.638.083.243.125.501.125.773v3.282a.24.24 0 0 1-.073.177.243.243 0 0 1-.177.074h-.847a.258.258 0 0 1-.189-.074.267.267 0 0 1-.062-.177v-.408a1.655 1.655 0 0 1-.366.376 2.124 2.124 0 0 1-.565.283 2.533 2.533 0 0 1-.773.104Zm.356-.993c.244 0 .463-.052.658-.156a1.08 1.08 0 0 0 .47-.48c.119-.224.178-.503.178-.837v-.22l-1.045.167c-.41.063-.717.164-.92.303-.2.14-.303.31-.303.513a.61.61 0 0 0 .137.397.95.95 0 0 0 .365.24c.146.048.3.073.46.073Zm-5.827.815a.243.243 0 0 0 .177.074h.909c.077 0 .14-.025.188-.074a.243.243 0 0 0 .074-.177v-2.873c0-.328.09-.586.272-.774.187-.188.449-.283.783-.283h.815c.077 0 .136-.023.178-.073a.243.243 0 0 0 .073-.178v-.752a.243.243 0 0 0-.073-.177.222.222 0 0 0-.178-.073h-.428c-.335 0-.63.06-.889.177a1.579 1.579 0 0 0-.617.513v-.43a.237.237 0 0 0-.083-.187.243.243 0 0 0-.177-.073h-.847a.25.25 0 0 0-.25.26v4.923c0 .07.023.13.073.177Zm-1.774.074c-.418 0-.77-.074-1.056-.22a1.4 1.4 0 0 1-.637-.648c-.14-.292-.21-.654-.21-1.086V51.78h-.825a.243.243 0 0 1-.178-.073.246.246 0 0 1-.073-.179v-.606c0-.07.025-.129.073-.177a.243.243 0 0 1 .178-.073h.825v-1.734c0-.071.021-.13.064-.18a.256.256 0 0 1 .187-.072h.846a.246.246 0 0 1 .251.252v1.734h1.307c.07 0 .13.024.178.073a.243.243 0 0 1 .073.177v.606c0 .07-.025.13-.073.179a.243.243 0 0 1-.178.073H46.74v2.268c0 .285.05.507.147.668.105.16.283.24.533.24h.722c.07 0 .127.025.177.074a.243.243 0 0 1 .073.177v.648a.24.24 0 0 1-.073.177.245.245 0 0 1-.177.074h-.847Zm-8.542-.074a.243.243 0 0 0 .177.074h.92a.24.24 0 0 0 .178-.074.238.238 0 0 0 .073-.177V52.98c0-.403.108-.72.324-.95.216-.23.505-.346.867-.346.377 0 .662.116.857.345.202.23.304.548.304.951v2.875c0 .07.024.13.072.177.05.049.108.074.179.074h.918c.071 0 .13-.025.179-.074a.243.243 0 0 0 .073-.177v-2.937c0-.488-.088-.906-.262-1.253a1.844 1.844 0 0 0-.72-.806 2.053 2.053 0 0 0-1.108-.292c-.418 0-.77.076-1.056.23a2.18 2.18 0 0 0-.69.554v-.429a.243.243 0 0 0-.072-.177.24.24 0 0 0-.178-.073h-.858a.238.238 0 0 0-.177.073.243.243 0 0 0-.073.177v4.933c0 .07.024.13.073.177Zm-3.443.178c-.774 0-1.387-.223-1.84-.67-.453-.445-.696-1.079-.73-1.9a2.545 2.545 0 0 1-.012-.263c0-.111.004-.198.011-.26.027-.523.147-.976.355-1.36.216-.382.513-.675.889-.877.376-.208.818-.313 1.327-.313.563 0 1.037.118 1.42.355.384.23.674.554.869.972.194.411.291.888.291 1.431v.22a.238.238 0 0 1-.073.178.253.253 0 0 1-.187.073h-3.47v.083c.007.244.052.47.136.68a1.233 1.233 0 0 0 .387.49c.174.126.38.19.616.19a1.3 1.3 0 0 0 .491-.084 1.293 1.293 0 0 0 .502-.397c.063-.085.111-.133.146-.147a.407.407 0 0 1 .177-.03h.9c.069 0 .125.02.167.061a.174.174 0 0 1 .063.157c-.007.111-.067.248-.179.408a1.938 1.938 0 0 1-.459.47 2.71 2.71 0 0 1-.763.386 3.322 3.322 0 0 1-1.034.147Zm-1.15-3.292h2.309v-.03c0-.273-.045-.51-.135-.712a1.12 1.12 0 0 0-.397-.48 1.082 1.082 0 0 0-.627-.178 1.08 1.08 0 0 0-.627.178 1.112 1.112 0 0 0-.397.48 1.838 1.838 0 0 0-.126.711v.031Zm-6.727 2.958c.453.223 1.003.334 1.65.334.475 0 .9-.062 1.275-.187a3.02 3.02 0 0 0 .962-.513c.265-.222.47-.48.617-.773a2.222 2.222 0 0 0 .23-.951.17.17 0 0 0-.063-.157.211.211 0 0 0-.157-.063h-.993a.313.313 0 0 0-.187.052c-.05.035-.085.102-.106.199-.11.453-.303.767-.574.94-.272.168-.61.251-1.013.251-.467 0-.84-.129-1.119-.386-.279-.265-.428-.697-.449-1.295a24.37 24.37 0 0 1 0-1.757c.021-.6.17-1.028.45-1.284.277-.266.651-.398 1.118-.398.403 0 .74.084 1.013.251.271.166.464.48.574.94a.354.354 0 0 0 .106.198.313.313 0 0 0 .187.054h.993a.211.211 0 0 0 .157-.064.171.171 0 0 0 .063-.156 2.218 2.218 0 0 0-.847-1.714 2.898 2.898 0 0 0-.962-.523 4.018 4.018 0 0 0-1.274-.188c-.64 0-1.188.115-1.641.345a2.408 2.408 0 0 0-1.034.972c-.237.425-.37.93-.397 1.515a37.886 37.886 0 0 0 0 1.86c.027.593.16 1.102.397 1.526.237.418.578.742 1.024.972Zm-7.801 2.216a.2.2 0 0 1-.147-.064.199.199 0 0 1-.063-.146V57.8a.474.474 0 0 1 .042-.083l.816-1.934-2.007-4.734a.482.482 0 0 1-.041-.147.25.25 0 0 1 .073-.156.196.196 0 0 1 .156-.073h.847c.083 0 .146.02.187.063a.424.424 0 0 1 .095.135l1.39 3.417 1.43-3.417a.314.314 0 0 1 .095-.135c.042-.042.104-.063.189-.063h.835a.2.2 0 0 1 .147.063.186.186 0 0 1 .073.145.468.468 0 0 1-.042.168l-2.957 6.845a.417.417 0 0 1-.105.135c-.041.043-.105.064-.188.064h-.825Zm-4.87-2.09c.272.138.61.208 1.013.208.37 0 .69-.058.962-.178.272-.125.498-.299.68-.522.18-.222.32-.484.417-.783a3.8 3.8 0 0 0 .168-1.003 6.92 6.92 0 0 0 .01-.335c0-.105-.004-.22-.01-.345a3.348 3.348 0 0 0-.158-.972 2.281 2.281 0 0 0-.428-.784 1.828 1.828 0 0 0-.679-.533 2.278 2.278 0 0 0-.962-.188 2.123 2.123 0 0 0-.96.199 1.983 1.983 0 0 0-.648.491v-2.32a.246.246 0 0 0-.074-.178.223.223 0 0 0-.177-.073h-.889a.243.243 0 0 0-.177.073.246.246 0 0 0-.074.179v6.917c0 .07.025.13.074.177a.243.243 0 0 0 .177.074h.826a.22.22 0 0 0 .177-.074.238.238 0 0 0 .073-.177v-.386c.175.216.394.393.66.532Zm1.327-1.098c-.167.126-.4.188-.7.188-.285 0-.519-.066-.7-.198a1.197 1.197 0 0 1-.387-.502 2.28 2.28 0 0 1-.135-.637 6.72 6.72 0 0 1 0-.805c.006-.21.055-.408.146-.595a1.2 1.2 0 0 1 .397-.482c.174-.125.4-.187.68-.187.298 0 .532.065.7.198a1 1 0 0 1 .354.502c.077.208.122.438.137.69.013.208.013.417 0 .627a2.39 2.39 0 0 1-.137.689 1.065 1.065 0 0 1-.355.512ZM8.603 56.21c-.425 0-.794-.094-1.108-.282a1.93 1.93 0 0 1-.71-.815 2.912 2.912 0 0 1-.25-1.254v-2.937c0-.07.023-.129.073-.177a.238.238 0 0 1 .177-.073h.92a.22.22 0 0 1 .177.073.243.243 0 0 1 .073.177v2.874c0 .864.38 1.296 1.139 1.296.362 0 .648-.116.857-.345.216-.23.324-.547.324-.951v-2.874c0-.07.024-.129.074-.177a.238.238 0 0 1 .177-.073h.92c.07 0 .129.023.177.073a.243.243 0 0 1 .074.177v4.933c0 .07-.025.13-.074.177a.243.243 0 0 1-.177.074h-.847a.258.258 0 0 1-.188-.074.267.267 0 0 1-.062-.177v-.428a2.031 2.031 0 0 1-.7.574c-.28.14-.627.209-1.046.209Zm-8.53-.178c.05.05.109.074.178.074h.951c.077 0 .136-.024.177-.074a.238.238 0 0 0 .074-.177v-2.509h1.453l1.348 2.478a.84.84 0 0 0 .147.187c.062.064.152.095.27.095h.952a.199.199 0 0 0 .145-.062.197.197 0 0 0 .074-.158.252.252 0 0 0-.031-.114l-1.526-2.665a2.12 2.12 0 0 0 1.014-.742c.257-.342.386-.77.386-1.285 0-.746-.243-1.315-.73-1.704-.489-.39-1.154-.585-1.997-.585H.251a.238.238 0 0 0-.177.073.253.253 0 0 0-.074.188v6.803c0 .07.025.13.074.177Zm2.853-3.866H1.453V49.95h1.473c.432 0 .75.102.952.303.209.196.313.467.313.816s-.104.62-.313.815c-.21.188-.526.282-.952.282Z"/>
+    </symbol>
+    <symbol viewBox="0 0 60 60" id="dnsimple">
+      <path fill-rule="evenodd" clip-rule="evenodd" d="M6.175 24.787a3.92 3.92 0 0 0-.843.075v2.802c-.392-.151-.844-.226-1.446-.226-2.139 0-3.887 1.461-3.887 3.811 0 2.41 1.597 3.736 3.947 3.736 1.16 0 2.35-.316 3.088-.708v-9.415a4.242 4.242 0 0 0-.859-.075Zm-2.259 8.707c-1.296 0-2.184-.874-2.184-2.275 0-1.386.949-2.275 2.214-2.275.512 0 .979.061 1.386.317v4.007a3.742 3.742 0 0 1-1.416.226Zm8.421-6.086c-1.537 0-2.787.602-3.42 1.13v6.221c.286.06.573.075.844.075.286 0 .587-.015.858-.075v-5.393c.332-.196.919-.391 1.582-.391 1.1 0 1.732.497 1.732 1.807v3.977c.302.06.573.075.859.075.271 0 .573-.015.859-.075v-4.384c0-1.641-1.01-2.967-3.314-2.967ZM19.974 35c1.958 0 3.103-.904 3.103-2.395 0-1.416-1.129-1.943-2.681-2.184-1.22-.196-1.537-.422-1.537-.889 0-.452.392-.738 1.296-.738.859 0 1.597.256 2.094.542.346-.271.572-.693.648-1.22-.467-.332-1.386-.693-2.682-.693-1.808 0-2.998.904-2.998 2.229 0 1.507 1.206 1.974 2.471 2.17 1.28.195 1.687.467 1.687.949 0 .482-.361.858-1.371.858-1.13 0-1.762-.391-2.199-.708-.362.226-.648.633-.783 1.175.406.347 1.355.904 2.952.904Zm5.483-8.451a1.09 1.09 0 0 0 1.085-1.084 1.09 1.09 0 0 0-1.085-1.085c-.617 0-1.114.482-1.114 1.085 0 .602.497 1.084 1.114 1.084Zm0 8.285c.287 0 .573-.015.844-.075v-7.125a4.01 4.01 0 0 0-.844-.075c-.286 0-.572.015-.858.075v7.125c.286.06.587.075.858.075Zm10.892-7.426c-.964 0-1.838.376-2.426.828-.527-.512-1.31-.828-2.335-.828-1.491 0-2.786.633-3.359 1.13v6.221c.286.06.573.075.844.075.286 0 .587-.015.858-.075v-5.393a2.92 2.92 0 0 1 1.462-.391c1.16 0 1.596.738 1.596 1.762v4.022c.287.06.573.075.874.075.271 0 .573-.015.844-.075v-4.534c0-.226-.03-.452-.076-.663.347-.286.829-.587 1.522-.587 1.16 0 1.612.738 1.612 1.762v4.022c.271.06.557.075.858.075.272 0 .573-.015.844-.075v-4.534c0-1.552-1.055-2.817-3.118-2.817Zm8.134.015c-1.355 0-2.485.527-3.178 1.1v9.023c.301.06.572.075.858.075.287 0 .573-.015.844-.075v-2.772c.452.151.934.211 1.537.211 1.988 0 3.781-1.401 3.781-3.811 0-2.471-1.657-3.751-3.842-3.751Zm-.06 6.041c-.557 0-1.009-.091-1.416-.287v-3.841a2.842 2.842 0 0 1 1.401-.346c1.311 0 2.199.828 2.199 2.199 0 1.416-.888 2.275-2.184 2.275Zm6.312 1.37c.286 0 .587-.015.859-.075v-9.882a4.308 4.308 0 0 0-.874-.075c-.286 0-.573.015-.844.075v9.882c.301.06.588.075.859.075Zm9.264-4.187c0-1.913-1.356-3.224-3.269-3.224-2.033 0-3.585 1.597-3.585 3.811 0 2.335 1.537 3.751 3.676 3.751 1.431 0 2.365-.527 2.967-1.009a1.76 1.76 0 0 0-.738-1.16c-.467.331-1.069.738-2.109.738-1.19 0-1.913-.723-2.048-1.898h5.046c.045-.392.06-.633.06-1.009Zm-5.091-.121c.12-.979.768-1.717 1.822-1.717 1.16.015 1.597.874 1.597 1.717h-3.419Z"/>
+    </symbol>
+    <symbol viewBox="0 0 60 60" id="datadog">
+      <path d="M58.339 56.312v2.096c-.384.101-.728.15-1.03.15-2.034 0-3.05-1.075-3.05-3.224 0-1.986 1.078-2.978 3.233-2.978.898 0 1.735.167 2.51.503v-1.505c-.775-.29-1.653-.438-2.636-.438-3.221 0-4.834 1.471-4.834 4.418 0 3.109 1.584 4.666 4.751 4.666 1.09 0 1.995-.159 2.718-.476V54.84h-2.686l-.561 1.473h1.585Zm-11.376 2.245c1.807 0 2.71-1.041 2.71-3.124 0-2.051-.903-3.078-2.71-3.078-1.854 0-2.78 1.027-2.78 3.078 0 2.083.926 3.124 2.78 3.124Zm-4.508-3.086c0-3.038 1.504-4.555 4.508-4.555 2.957 0 4.436 1.517 4.436 4.555 0 3.02-1.479 4.529-4.436 4.529-2.871 0-4.373-1.51-4.508-4.53Zm-7.56 3.024h1.978c1.86 0 2.793-1.094 2.793-3.282 0-1.864-.932-2.794-2.793-2.794h-1.978v6.076Zm2.229 1.44h-3.89V50.98h3.89c2.803 0 4.205 1.412 4.205 4.233 0 3.148-1.402 4.723-4.205 4.723Zm-12.777 0h-1.709l3.81-8.955h1.79l3.89 8.956H30.34l-1.13-2.443h-2.874l.57-1.44h1.865L27.3 52.69l-2.954 7.246Zm-7.665-8.955h6.81v1.44h-2.574v7.516h-1.661V52.42h-2.575v-1.44ZM9.84 59.936H8.133l3.81-8.956h1.787l3.892 8.956h-1.789l-1.13-2.443H11.83l.571-1.44h1.864l-1.47-3.363-2.954 7.246Zm-8.176-1.441H3.64c1.863 0 2.792-1.094 2.792-3.282 0-1.864-.93-2.794-2.792-2.794H1.665v6.076Zm2.227 1.44H.002V50.98h3.89c2.803 0 4.206 1.412 4.206 4.233 0 3.148-1.403 4.723-4.206 4.723ZM29.864 14.47c.32-.304-1.597-.704-3.085.31-1.097.75-1.132 2.354-.082 3.264.105.09.192.154.273.206a9.513 9.513 0 0 1 2.767-.816c.223-.248.482-.686.417-1.477-.087-1.075-.902-.905-.29-1.486Zm10.065 5.833c-.18-.1-1.03-.06-1.627.01-1.137.135-2.364.529-2.633.739-.49.378-.268 1.037.095 1.307 1.012.757 1.9 1.264 2.838 1.14.575-.075 1.082-.986 1.442-1.813.245-.569.245-1.183-.115-1.383Zm-3.882-6.725c-.066.15-.169.248-.015.734l.01.028.025.063.064.146c.278.569.584 1.105 1.095 1.38.133-.023.269-.038.41-.045.481-.021.784.055.976.159a2.14 2.14 0 0 0 .01-.442c-.038-.721.142-1.947-1.243-2.592-.523-.242-1.257-.168-1.5.136a.634.634 0 0 1 .115.025c.37.128.12.256.053.408Zm14.266 9.879-1.194.227L46.828.002 7.77 4.53l4.812 39.046 4.571-.664c-.364-.52-.932-1.152-1.904-1.959-1.346-1.118-.87-3.018-.076-4.218 1.05-2.027 6.464-4.603 6.158-7.843-.11-1.178-.297-2.712-1.391-3.763-.04.436.033.856.033.856s-.45-.572-.673-1.354c-.222-.3-.396-.395-.633-.795-.168.463-.146 1-.146 1s-.368-.868-.426-1.6c-.219.327-.274.95-.274.95s-.477-1.368-.368-2.105c-.218-.642-.863-1.914-.681-4.807 1.192.835 3.816.637 4.838-.87.34-.499.573-1.86-.168-4.546-.477-1.721-1.656-4.284-2.117-5.257l-.054.04c.242.783.742 2.425.933 3.222.58 2.415.736 3.256.464 4.37-.232.968-.788 1.601-2.196 2.309-1.409.71-3.279-1.018-3.397-1.114-1.368-1.09-2.426-2.869-2.544-3.733-.123-.946.544-1.514.882-2.287a8.6 8.6 0 0 0-1.02.383s.642-.664 1.432-1.238a8.26 8.26 0 0 0 .864-.641c-.5-.009-.904.005-.904.005s.832-.45 1.695-.777c-.63-.029-1.236-.005-1.236-.005s1.858-.832 3.328-1.442c1.009-.414 1.995-.291 2.55.51.727 1.05 1.49 1.62 3.11 1.973.995-.44 1.297-.667 2.545-1.007 1.1-1.21 1.963-1.366 1.963-1.366s-.427.393-.542 1.01c.623-.491 1.306-.902 1.306-.902s-.264.327-.51.846l.057.085c.728-.436 1.583-.78 1.583-.78s-.244.31-.531.709c.548-.005 1.66.023 2.092.072 2.55.056 3.078-2.722 4.056-3.07 1.225-.438 1.773-.702 3.86 1.348 1.79 1.76 3.19 4.91 2.495 5.615-.583.586-1.732-.228-3.005-1.816a6.865 6.865 0 0 1-1.42-3.097 3.043 3.043 0 0 0-.984-1.684s.453 1.012.453 1.904c0 .488.061 2.31.843 3.332-.078.15-.114.74-.2.853-.908-1.099-2.861-1.885-3.178-2.117 1.076.883 3.553 2.911 4.504 4.855.9 1.838.37 3.523.825 3.96.129.125 1.935 2.374 2.282 3.504.607 1.97.036 4.04-.757 5.324l-2.214.345c-.324-.09-.543-.135-.834-.303.161-.283.48-.99.483-1.136l-.125-.219c-.69.976-1.844 1.924-2.803 2.469-1.256.712-2.702.602-3.644.31-2.673-.824-5.202-2.63-5.81-3.105 0 0-.02.379.095.464.674.76 2.218 2.135 3.71 3.094l-3.181.35 1.504 11.712c-.666.096-.77.143-1.5.247-.644-2.274-1.875-3.758-3.22-4.622-1.186-.763-2.823-.935-4.39-.624l-.1.116c1.089-.113 2.374.044 3.695.88 1.297.82 2.341 2.938 2.726 4.212.493 1.63.832 3.372-.493 5.22-.942 1.313-3.695 2.038-5.918.468.594.955 1.396 1.737 2.477 1.884 1.605.218 3.129-.061 4.176-1.137.895-.92 1.37-2.845 1.245-4.872l1.417-.205.511 3.637 23.449-2.823-1.913-18.66ZM27.86 28.834l2.951-.406c.477.215.81.297 1.382.442.89.232 1.924.455 3.451-.314.356-.177 1.096-.854 1.395-1.24l12.087-2.193 1.233 14.924-20.708 3.732-1.79-14.945Zm17.149 4.953-3.96-2.611-3.301 5.517-3.842-1.123-3.382 5.161.174 1.625 18.388-3.388-1.07-11.489-3.007 6.308Z"/>
+    </symbol>
+    <symbol viewBox="0 0 60 60" id="fastly">
+      <path d="M40.845 36.419h4.699v-2.393h-1.558V18.379h-3.141v18.04ZM.008 34.026h1.6v-7.55h-1.6v-2.078l1.6-.263v-2.103c0-2.546.554-3.653 3.797-3.653.698 0 1.533.103 2.264.24l-.434 2.561a6.106 6.106 0 0 0-1.047-.093c-1.141 0-1.43.11-1.43 1.234v1.822h2.375v2.342H4.758v7.55h1.584v2.393H.016v-2.402H.008Zm39.228-.757c-.494.102-.92.093-1.235.102-1.294.034-1.183-.391-1.183-1.617v-5.278h2.469v-2.342h-2.469V18.38h-3.15v14.029c0 2.759.681 4.01 3.644 4.01.698 0 1.668-.18 2.392-.34l-.468-2.81Zm19.563.775c.664 0 1.2.528 1.2 1.192 0 .663-.536 1.183-1.2 1.183a1.186 1.186 0 0 1-1.101-.728 1.186 1.186 0 0 1-.091-.456c0-.672.536-1.191 1.192-1.191Zm0 2.187a1 1 0 0 0 .996-1.004.99.99 0 0 0-.996-.987.983.983 0 0 0-.996.987c0 .553.451 1.004.996 1.004Zm.221-.417-.238-.348h-.17v.349h-.264v-1.167h.485c.29 0 .468.145.468.4 0 .188-.094.315-.247.366l.29.4h-.324Zm-.409-.587h.214c.118 0 .204-.05.204-.179 0-.119-.085-.17-.196-.17h-.222v.349Zm-28.868-8.76v-.417c-.953-.17-1.897-.179-2.409-.179-1.464 0-1.642.775-1.642 1.2 0 .597.204.92 1.787 1.27 2.324.518 4.648 1.063 4.648 3.94 0 2.733-1.405 4.138-4.358 4.138-1.975 0-3.899-.426-5.364-.8v-2.35h2.384v.418c1.03.195 2.103.178 2.665.178 1.566 0 1.813-.843 1.813-1.285 0-.622-.451-.92-1.916-1.218-2.758-.468-4.954-1.413-4.954-4.214 0-2.656 1.78-3.695 4.733-3.695 2.001 0 3.525.307 4.989.682v2.332h-2.376Zm-14.752 1.882-1.158 1.012a.616.616 0 0 0-.639 1.014.616.616 0 0 0 1.033-.299.617.617 0 0 0-.02-.34l1.022-1.14-.238-.248Z"/>
+      <path d="M20.068 23.47h-3.15v.886a6.38 6.38 0 0 0-2.12-.792v-1.073h.383v-.8h-3.167v.8h.384v1.081a6.48 6.48 0 0 0-5.261 6.368 6.469 6.469 0 0 0 1.899 4.588 6.48 6.48 0 0 0 4.587 1.9c1.209 0 2.35-.333 3.32-.912l.562.911h3.329v-3.15h-.766V23.47Zm-3.116 6.657a3.343 3.343 0 0 1-3.15 3.142v-.375h-.375v.375a3.332 3.332 0 0 1-3.124-3.15h.375v-.374h-.375a3.342 3.342 0 0 1 3.124-3.124v.374h.375v-.375a3.333 3.333 0 0 1 3.15 3.141h-.375v.375h.375v-.009Zm36.555-5.992h6.495v2.34h-1.549l-3.984 9.8c-1.141 2.749-3.013 5.345-5.874 5.345-.698 0-1.635-.076-2.282-.23l.281-2.86c.418.076.962.128 1.243.128 1.328 0 2.818-.818 3.286-2.248l-4.035-9.935h-1.55v-2.341h6.496v2.341h-1.549l2.29 5.627 2.29-5.627h-1.55v-2.341h-.008Z"/>
+    </symbol>
+    <symbol viewBox="0 0 60 60" id="honeybadger">
+      <path fill-rule="evenodd" clip-rule="evenodd" d="m37.902 14.22 7.608 7.607-15.506 15.507-1.687-1.687-2.292 2.29 2.451 2.452a2.161 2.161 0 0 0 3.056 0l17.034-17.034a2.16 2.16 0 0 0 0-3.055l-9.3-9.298-1.364 3.218Zm-.284-4.866-1.364 3.218-2.87-2.87 2.291-2.29 1.943 1.942Zm-3.47-3.472-2.616-2.615a2.161 2.161 0 0 0-3.056 0L11.444 20.3a2.161 2.161 0 0 0 0 3.055l9.984 9.984 1.462-3.119-8.391-8.393L30.004 6.323l1.853 1.85 2.29-2.29ZM23.051 34.964l1.462-3.12 2.276 2.275-2.293 2.29-1.445-1.445Z"/>
+      <path d="M39.405 5.158c.232-.546-.459-1.013-.879-.592L19.967 23.125h7.56l-6.016 14.81c-.221.547.466 1.003.882.586L40.49 20.424h-7.561l6.476-15.266Z"/>
+      <path fill-rule="evenodd" clip-rule="evenodd" d="m5.662 57.367 1.744-11.959H5.465l-.715 4.864H2.989l.715-4.864H1.762L.004 57.367h1.941l.78-5.308h1.762l-.78 5.308h1.955Zm3.62-2.397c1.942 0 2.705-.82 3.107-3.75.375-2.783-.276-3.697-2.08-3.697-1.913 0-2.732.941-3.078 3.804-.36 2.81.374 3.643 2.052 3.643Zm.196-1.371c-.486 0-.611-.47-.348-2.285.25-1.882.486-2.432 1.04-2.432.486 0 .583.442.333 2.298-.249 1.84-.486 2.419-1.025 2.419Zm5.672-5.323c.43-.404 1.054-.753 1.608-.753 1.124 0 1.513.766 1.318 2.11l-.777 5.175h-1.803l.736-4.972c.068-.484-.028-.727-.388-.727-.278 0-.541.243-.707.404l-.778 5.295h-1.802l1.04-7.124h1.526l.027.592Zm22.967-.592-.21.525a1.545 1.545 0 0 0-1.33-.686c-1.318 0-2.122 1.05-2.455 3.83-.333 2.756.306 3.617 1.345 3.617.624 0 1.11-.296 1.47-.712l.014.55h1.665l1.053-7.124h-1.552Zm-1.056 5.39c-.151.19-.442.39-.692.39-.445 0-.583-.417-.347-2.15.25-1.841.513-2.272.956-2.272.265 0 .486.188.611.39l-.528 3.643Zm8.558-7.666-1.387 9.4h-1.65l-.015-.55c-.36.43-.86.712-1.47.712-1.04 0-1.692-.86-1.344-3.617.333-2.78 1.122-3.83 2.454-3.83.514 0 .915.215 1.206.552l.403-2.667h1.803Zm-3.967 5.906c-.249 1.733-.097 2.15.347 2.15.236 0 .541-.2.693-.39l.527-3.642c-.125-.202-.36-.39-.61-.39-.444 0-.707.43-.957 2.272Zm-15.81 6.05h21.502a2.584 2.584 0 0 0 2.559-2.223l1.054-7.457h-1.553l-.166.538c-.278-.39-.75-.699-1.262-.699-1.4 0-2.164.766-2.552 3.75-.374 2.715.236 3.548 1.332 3.548.554 0 1.067-.24 1.413-.644l-.055.51c-.149.639-.804 1.145-1.882 1.145H26.71c-.255.603-.503 1.09-.797 1.45l-.07.082Zm21.842-4.02c-.444 0-.61-.39-.374-2.084.236-1.774.513-2.218.97-2.218.25 0 .473.188.596.377l-.512 3.535c-.152.188-.445.39-.68.39Zm7.461.994c-.734.43-1.498.632-2.164.632-1.553 0-2.26-1.344-1.955-3.63.36-2.741 1.387-3.817 3.148-3.817 1.096 0 1.775.565 1.775 1.56 0 1.33-.749 2.782-3.189 3.226 0 .072.004.126.008.174.003.04.005.079.005.12.013.552.306.848.791.848.333 0 .72-.108 1.276-.363l.305 1.25Zm-1.18-5.484c-.428 0-.818.645-1.053 2.07a1.557 1.557 0 0 0 1.414-1.546c0-.323-.11-.524-.36-.524Zm3.46 5.954.734-4.879c.36-.322.763-.497 1.165-.497.112 0 .208 0 .32.013l.36-1.733a.932.932 0 0 0-.568-.189c-.528 0-.985.418-1.318 1.009l-.027-.848h-1.415l-1.055 7.124h1.804Zm-34.924-.47c-.736.43-1.498.632-2.164.632-1.553 0-2.26-1.344-1.954-3.63.36-2.741 1.385-3.817 3.146-3.817 1.097 0 1.776.565 1.776 1.56 0 1.33-.749 2.782-3.189 3.226 0 .072.004.126.007.174.003.04.006.079.006.12.015.552.305.848.791.848.333 0 .721-.108 1.275-.363l.306 1.25Zm-1.18-5.484c-.429 0-.817.645-1.052 2.07a1.557 1.557 0 0 0 1.413-1.546c0-.323-.11-.524-.36-.524Zm9.85 6.116c1.58 0 2.19-1.25 2.524-4.167.318-2.608-.195-3.28-1.29-3.28-.554 0-1.04.23-1.47.565l.36-2.482h-1.802l-1.346 9.202h1.637l.166-.537c.236.39.666.7 1.22.7Zm-.347-1.506a.675.675 0 0 1-.624-.39l.541-3.655c.208-.215.484-.377.749-.377.416 0 .499.416.319 1.828-.166 1.681-.444 2.594-.985 2.594Zm-5.516-.59 1.566-5.19h1.859L25.96 54.89c-.764 1.962-1.193 2.474-2.4 2.474H6.626l.225-1.532h16.414c.557 0 .864-.387.864-.89l-.624-7.258h1.956l-.153 5.19Z"/>
+    </symbol>
+    <symbol viewBox="0 0 60 60" id="domainr">
+      <path d="M30.02 0a22.501 22.501 0 0 1 15.899 6.582A22.515 22.515 0 0 1 52.5 22.473c0 5.96-2.378 11.676-6.582 15.89a22.5 22.5 0 0 1-15.899 6.583H10.236a.733.733 0 0 1-.626-.35.887.887 0 0 1-.11-.354c0-.125.025-.25.086-.361l1.152-2.306a.959.959 0 0 1 .883-.537H30.02a18.57 18.57 0 0 0 18.57-18.565A18.57 18.57 0 0 0 30.02 3.91H14.048a.409.409 0 0 0-.184.046.466.466 0 0 0-.135.129.309.309 0 0 0-.049.179c-.012.064.012.126.037.184l1.066 2.12a.429.429 0 0 0 .184.199c.074.049.16.073.258.073H30.02a15.64 15.64 0 0 1 15.641 15.634A15.647 15.647 0 0 1 30.02 38.106H13.656a.733.733 0 0 1-.626-.35.887.887 0 0 1-.11-.352.75.75 0 0 1 .086-.363l4.572-9.145a.96.96 0 0 1 .87-.538H30.02a4.89 4.89 0 0 0 4.89-4.885 4.89 4.89 0 0 0-4.89-4.885h-9.132a.405.405 0 0 0-.184.047.466.466 0 0 0-.135.129.309.309 0 0 0-.049.179c-.012.062.012.125.037.182l1.066 2.121c.037.08.098.15.172.199a.525.525 0 0 0 .27.073h7.955c.527 0 1.017.206 1.385.573.368.367.576.864.576 1.382 0 .518-.208 1.015-.576 1.382a1.949 1.949 0 0 1-1.385.572h-10.1a.999.999 0 0 1-.515-.147 1.054 1.054 0 0 1-.356-.39l-4.584-9.145a.735.735 0 0 1-.074-.362c0-.126.037-.248.11-.356a.671.671 0 0 1 .258-.256.744.744 0 0 1 .368-.092H30.02a8.81 8.81 0 0 1 6.227 2.576 8.82 8.82 0 0 1 2.574 6.218 8.819 8.819 0 0 1-2.574 6.218 8.809 8.809 0 0 1-6.227 2.576h-9.426a.503.503 0 0 0-.442.274l-1.066 2.12a.462.462 0 0 0-.037.183.32.32 0 0 0 .061.178.29.29 0 0 0 .135.13c.05.03.11.046.172.046H30.02a11.75 11.75 0 0 0 8.299-3.435 11.743 11.743 0 0 0 3.432-8.29 11.743 11.743 0 0 0-3.432-8.291 11.75 11.75 0 0 0-8.299-3.434H13.08a.999.999 0 0 1-.515-.147 1.053 1.053 0 0 1-.356-.39L7.625 1.065A.735.735 0 0 1 7.55.703a.62.62 0 0 1 .11-.354.757.757 0 0 1 .258-.256.745.745 0 0 1 .368-.094H30.02ZM6.423 59.86h-2.17l.013-1.39h2.157c.638 0 1.153-.137 1.582-.412.429-.274.747-.668.968-1.18.208-.511.319-1.122.319-1.83v-.55c0-.55-.062-1.037-.184-1.46a3.019 3.019 0 0 0-.54-1.068 2.397 2.397 0 0 0-.882-.657 3.022 3.022 0 0 0-1.201-.223H4.217v-1.398h2.268c.674 0 1.299.114 1.85.343a4.016 4.016 0 0 1 1.447.97c.417.424.723.932.944 1.522.22.592.33 1.253.33 1.984v.538c0 .73-.11 1.391-.33 1.983a4.233 4.233 0 0 1-.944 1.521c-.404.42-.895.743-1.459.971-.564.225-1.2.336-1.9.336Zm-1.2-10.168V59.86H3.468V49.692h1.753Zm7.109 6.474v-.161c0-.544.073-1.05.233-1.515.159-.47.392-.878.686-1.222a3.16 3.16 0 0 1 1.103-.81 3.62 3.62 0 0 1 1.483-.293c.552 0 1.042.098 1.471.293.442.19.81.46 1.116.81.306.344.527.751.686 1.222.16.466.246.97.246 1.515v.16c0 .546-.086 1.051-.246 1.516-.159.465-.38.872-.686 1.222a3.27 3.27 0 0 1-1.103.81A3.58 3.58 0 0 1 15.85 60a3.74 3.74 0 0 1-1.496-.287 3.27 3.27 0 0 1-1.103-.81 3.783 3.783 0 0 1-.686-1.222 4.64 4.64 0 0 1-.233-1.515Zm1.68-.161v.16c0 .34.036.661.097.964.074.303.184.569.331.797.147.228.343.407.576.537.233.13.515.196.834.196.306 0 .576-.065.809-.196.233-.13.417-.31.576-.537.147-.228.257-.494.319-.797a4.07 4.07 0 0 0 .11-.963v-.161c0-.335-.037-.652-.11-.95a2.173 2.173 0 0 0-.331-.803 1.59 1.59 0 0 0-.576-.544 1.554 1.554 0 0 0-.81-.202c-.318 0-.6.067-.833.202-.22.13-.417.311-.564.544s-.257.501-.33.803a4.706 4.706 0 0 0-.099.95Zm8.433-2.165v6.02h-1.68v-7.556h1.581l.099 1.536Zm-.27 1.963-.576-.008c0-.52.061-1.002.196-1.445.135-.442.319-.826.576-1.152.245-.331.564-.584.932-.761.38-.182.809-.272 1.311-.272.343 0 .65.051.944.153.282.098.527.254.748.468.208.215.368.49.478.824.122.336.184.74.184 1.215v5.035h-1.692v-4.888c0-.368-.049-.656-.16-.866a.973.973 0 0 0-.465-.447 1.73 1.73 0 0 0-.723-.14c-.319 0-.589.061-.81.182-.22.12-.404.286-.539.496-.134.21-.245.451-.306.726a4.033 4.033 0 0 0-.098.88Zm4.682-.448-.784.176c0-.456.061-.888.184-1.292a3.4 3.4 0 0 1 .564-1.075c.257-.313.564-.557.931-.733a2.854 2.854 0 0 1 1.263-.266c.392 0 .735.054 1.03.16.318.103.576.266.784.49.22.222.38.513.49.872.11.354.172.782.172 1.285v4.888h-1.692v-4.896c0-.38-.06-.676-.171-.886a.836.836 0 0 0-.454-.433 1.884 1.884 0 0 0-.723-.126c-.257 0-.49.05-.686.147a1.383 1.383 0 0 0-.503.399 1.839 1.839 0 0 0-.306.578c-.062.22-.099.457-.099.712Zm10.628 2.99v-3.604c0-.27-.049-.502-.147-.698a1.066 1.066 0 0 0-.454-.454 1.526 1.526 0 0 0-.735-.16c-.282 0-.515.046-.711.14a1.206 1.206 0 0 0-.478.377.91.91 0 0 0-.16.537h-1.679c0-.298.074-.586.22-.866.148-.28.356-.528.626-.748.27-.218.6-.39.98-.516s.81-.188 1.288-.188c.564 0 1.079.095 1.508.286.44.19.796.48 1.041.866.258.381.38.862.38 1.438v3.36c0 .344.025.653.074.928.049.27.123.505.22.706v.111H37.73a2.797 2.797 0 0 1-.184-.691 4.8 4.8 0 0 1-.06-.824Zm.233-3.08.025 1.04h-1.214c-.306 0-.588.031-.821.091a1.69 1.69 0 0 0-.6.251c-.148.112-.27.248-.356.406-.074.158-.11.337-.11.537 0 .201.048.385.134.552.098.163.233.291.405.384.183.094.404.14.662.14a1.835 1.835 0 0 0 1.507-.734c.147-.208.233-.407.245-.593l.54.747a2.3 2.3 0 0 1-.282.615c-.135.219-.319.427-.54.628a2.616 2.616 0 0 1-1.801.67 2.92 2.92 0 0 1-1.324-.293 2.395 2.395 0 0 1-.907-.803 2.067 2.067 0 0 1-.331-1.152c0-.4.073-.754.233-1.062.147-.311.367-.572.661-.782a3.338 3.338 0 0 1 1.091-.474c.43-.112.92-.168 1.471-.168h1.312Zm5.014-2.96v7.555H41.04v-7.556h1.692ZM40.93 50.32c0-.256.085-.468.245-.635.184-.173.417-.259.723-.259.294 0 .527.086.699.259a.848.848 0 0 1 .257.635c0 .251-.086.46-.257.629-.172.168-.405.251-.699.251-.306 0-.54-.083-.723-.251a.883.883 0 0 1-.245-.629Zm5.307 3.596v5.943h-1.679v-7.556h1.594l.085 1.613Zm-.294 1.886-.54-.008c0-.534.074-1.026.221-1.473.148-.446.356-.831.613-1.152.27-.321.576-.568.944-.74a2.82 2.82 0 0 1 1.238-.265c.356 0 .687.051.98.153.295.098.553.258.76.482.222.224.38.514.491.874.11.353.172.788.172 1.305v4.881H49.13v-4.888c0-.363-.061-.65-.16-.86a.946.946 0 0 0-.453-.453 1.711 1.711 0 0 0-.735-.14 1.59 1.59 0 0 0-.772.182 1.74 1.74 0 0 0-.589.496c-.147.21-.27.451-.355.726a2.938 2.938 0 0 0-.123.88Zm8.287-2.06v6.117h-1.692v-7.556h1.606l.086 1.438Zm2.304-1.488-.012 1.564a4.306 4.306 0 0 0-.687-.055c-.282 0-.539.042-.76.125a1.418 1.418 0 0 0-.882.894 2.574 2.574 0 0 0-.147.72l-.38.028c0-.476.049-.915.135-1.32a3.48 3.48 0 0 1 .429-1.068c.183-.308.429-.548.71-.72.282-.173.613-.258.993-.258a2.13 2.13 0 0 1 .601.09Z"/>
+    </symbol>
+    <symbol viewBox="0 0 60 60" id="mend-io">
+      <path d="M43.39 27.355c-2.24 5.173-7.39 8.79-13.39 8.79-.25 0-.49-.006-.73-.018-7.72-.38-13.87-6.763-13.87-14.58 0-1.31.18-2.576.5-3.78.33-.352.79-.57 1.31-.57.99 0 1.81.818 1.81 1.824v.587c0 .01-.01.02-.01.028v4.44a3.33 3.33 0 0 0 3.32 3.331 3.33 3.33 0 0 0 3.32-3.331v-3.582c0-.012-.01-.022-.01-.035v-1.438c0-1.006.81-1.825 1.81-1.825s1.81.82 1.81 1.825v5.055c0 1.837 1.49 3.331 3.31 3.331a3.33 3.33 0 0 0 3.32-3.331V19.02c0-1.006.81-1.825 1.81-1.825.99 0 1.8.82 1.8 1.825v5.055a3.33 3.33 0 0 0 3.32 3.331c.19 0 .38-.02.57-.052Z"/>
+      <path d="M44.59 21.55c0 1.322-.18 2.598-.5 3.818v.006c-.01.002-.01.005-.01.005v.002c-.33.32-.77.52-1.27.52-.99 0-1.8-.819-1.8-1.824v-5.055a3.331 3.331 0 0 0-3.32-3.332c-1.83 0-3.31 1.496-3.31 3.333v5.055c0 1.006-.81 1.825-1.81 1.825s-1.81-.82-1.81-1.825v-5.055c0-1.837-1.48-3.333-3.31-3.333a3.331 3.331 0 0 0-3.32 3.333v5.055c0 1.006-.81 1.825-1.8 1.825-1 0-1.81-.82-1.81-1.825v-5.055c0-1.836-1.49-3.33-3.31-3.332h-.01c-.2 0-.4.021-.6.057C18.85 10.573 24 6.956 30 6.956c.07 0 .15 0 .23.002 7.95.126 14.36 6.61 14.36 14.594M.11 52.772a.408.408 0 0 1-.11-.289v-7.528c0-.117.04-.214.11-.289a.4.4 0 0 1 .29-.111h1.75c.11 0 .21.038.28.111a.38.38 0 0 1 .12.289v.544c.24-.32.57-.584.98-.792.41-.209.87-.313 1.39-.313 1.17 0 1.98.459 2.43 1.378.26-.406.61-.737 1.07-.994.46-.256.95-.384 1.48-.384.87 0 1.58.296 2.13.89.55.592.83 1.476.83 2.651v4.548c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121H10.6a.421.421 0 0 1-.3-.112.376.376 0 0 1-.12-.289v-4.436c0-.534-.11-.918-.32-1.154-.22-.234-.52-.352-.89-.352-.35 0-.63.12-.85.36-.23.241-.34.623-.34 1.146v4.436c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121H5.52a.414.414 0 0 1-.29-.112.408.408 0 0 1-.11-.289v-4.436c0-.523-.11-.905-.34-1.146a1.15 1.15 0 0 0-.87-.36c-.36 0-.63.12-.86.36-.23.241-.35.617-.35 1.129v4.453c0 .107-.03.2-.11.28a.367.367 0 0 1-.29.121H.4a.382.382 0 0 1-.29-.112Zm15.07-.768c-.74-.694-1.13-1.703-1.16-3.028v-.56c.05-1.26.44-2.246 1.18-2.955.74-.71 1.74-1.066 2.99-1.066.91 0 1.67.185 2.3.553.62.368 1.09.873 1.41 1.513.31.641.47 1.378.47 2.211v.384c0 .107-.04.199-.11.28-.08.08-.17.12-.29.12h-5.13v.112c.02.502.15.908.37 1.217.23.31.55.464.98.464.27 0 .48-.056.66-.168.17-.112.32-.248.46-.408.1-.117.17-.19.23-.216.06-.026.15-.04.28-.04h1.99c.09 0 .18.029.25.088s.1.136.1.232c0 .278-.16.598-.47.961-.32.364-.77.678-1.37.945-.6.267-1.3.4-2.12.4-1.28 0-2.29-.347-3.02-1.041v.002Zm4.37-4.133v-.031c0-.523-.12-.938-.36-1.241-.24-.305-.57-.457-1-.457-.43 0-.75.152-.99.457-.24.303-.36.718-.36 1.241v.031h2.71Zm4.1 4.901a.408.408 0 0 1-.11-.289v-7.528c0-.117.04-.214.11-.289a.418.418 0 0 1 .29-.111h1.85c.11 0 .21.038.29.111a.38.38 0 0 1 .12.289v.608c.29-.352.66-.635 1.11-.849.46-.214.97-.32 1.55-.32.94 0 1.7.318 2.29.954.59.635.88 1.524.88 2.666v4.469c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121h-2.02c-.1 0-.2-.04-.28-.121a.383.383 0 0 1-.12-.28v-4.372c0-.503-.12-.89-.37-1.162-.24-.273-.59-.408-1.05-.408-.46 0-.8.135-1.06.408-.26.272-.38.659-.38 1.162v4.372c0 .107-.04.2-.12.28a.36.36 0 0 1-.28.121h-2.01a.414.414 0 0 1-.29-.112Zm10.53-.712c-.58-.657-.9-1.583-.95-2.78l-.02-.561.02-.577c.04-1.153.36-2.066.95-2.739.59-.672 1.41-1.009 2.44-1.009.97 0 1.76.316 2.36.945v-3.428a.382.382 0 0 1 .4-.4h1.95c.12 0 .21.038.29.112.07.075.11.171.11.288v10.572c0 .106-.04.199-.11.279a.382.382 0 0 1-.29.121h-1.81c-.11 0-.2-.04-.28-.121a.383.383 0 0 1-.12-.279v-.514c-.59.715-1.42 1.073-2.5 1.073s-1.86-.328-2.44-.985v.003Zm4.4-1.618c.23-.305.36-.696.4-1.177.01-.139.01-.342.01-.608 0-.267 0-.454-.01-.593-.03-.437-.16-.8-.4-1.089-.25-.288-.61-.433-1.08-.433-.5 0-.86.15-1.08.448-.22.3-.34.711-.37 1.234-.02.107-.02.272-.02.497 0 .224 0 .389.02.496.03.523.15.934.37 1.234.22.299.58.448 1.08.448.51 0 .84-.152 1.08-.457Zm9.06-7.2c-.08-.075-.11-.17-.11-.288v-1.442c0-.117.03-.214.11-.288a.382.382 0 0 1 .29-.112h1.92c.12 0 .21.038.29.112.07.074.11.171.11.288v1.442c0 .117-.04.213-.11.288a.397.397 0 0 1-.29.112h-1.92a.382.382 0 0 1-.29-.112Zm.02 9.53a.376.376 0 0 1-.12-.288v-7.529c0-.117.04-.213.12-.288a.374.374 0 0 1 .28-.112h1.89c.12 0 .22.038.29.112a.37.37 0 0 1 .11.288v7.529c0 .106-.03.199-.11.28a.37.37 0 0 1-.29.12h-1.89a.374.374 0 0 1-.28-.112Zm5.02-.672c-.72-.631-1.11-1.517-1.17-2.659-.01-.139-.02-.379-.02-.721 0-.341.01-.581.02-.72.06-1.131.46-2.015 1.2-2.651.74-.636 1.74-.954 3.03-.954 1.28 0 2.3.318 3.04.954.74.636 1.14 1.519 1.2 2.651.01.139.02.379.02.72 0 .342-.01.583-.02.721-.06 1.142-.45 2.028-1.17 2.659-.71.63-1.74.944-3.07.944-1.34 0-2.35-.314-3.06-.944Zm4.1-1.433c.22-.284.35-.719.38-1.305.01-.107.02-.32.02-.642 0-.321-.01-.533-.02-.641-.03-.577-.16-1.008-.39-1.297-.23-.289-.57-.433-1.03-.433-.89 0-1.36.577-1.41 1.73l-.02.641.02.642c.02.588.14 1.023.37 1.305.23.283.58.424 1.04.424.46 0 .81-.141 1.04-.424Zm-12.16 2.217a1.45 1.45 0 1 0 0-2.9 1.45 1.45 0 0 0 0 2.9Z"/>
+    </symbol>
+    <symbol viewBox="0 0 24 24" id="github">
+      <path d="M12 0c6.63 0 12 5.37 12 12a12.024 12.024 0 0 1-8.175 11.385c-.6.12-.825-.255-.825-.57 0-.405.015-1.695.015-3.3 0-1.125-.375-1.845-.81-2.22 2.67-.3 5.475-1.32 5.475-5.925 0-1.32-.465-2.385-1.23-3.225.12-.3.54-1.53-.12-3.18 0 0-1.005-.33-3.3 1.23-.96-.27-1.98-.405-3-.405s-2.04.135-3 .405c-2.295-1.545-3.3-1.23-3.3-1.23-.66 1.65-.24 2.88-.12 3.18-.765.84-1.23 1.92-1.23 3.225 0 4.59 2.79 5.625 5.46 5.925-.345.3-.66.825-.765 1.605-.69.315-2.415.825-3.495-.99-.225-.36-.9-1.245-1.845-1.23-1.005.015-.405.57.015.795.51.285 1.095 1.35 1.23 1.695.24.675 1.02 1.965 4.035 1.41 0 1.005.015 1.95.015 2.235 0 .315-.225.675-.825.57A11.995 11.995 0 0 1 0 12C0 5.37 5.37 0 12 0Z"/>
+    </symbol>
+    <symbol viewBox="0 0 24 24" id="mastodon">
+      <path d="M23.193 7.879c0-5.207-3.411-6.732-3.411-6.732C18.062.357 15.109.025 12.04 0h-.076c-3.068.025-6.019.357-7.74 1.147 0 0-3.411 1.526-3.411 6.732 0 1.191-.023 2.617.015 4.129.123 5.092.933 10.111 5.641 11.356 2.171.575 4.034.695 5.534.613 2.722-.152 4.249-.972 4.249-.972l-.09-1.975s-1.945.614-4.129.539c-2.165-.075-4.448-.233-4.799-2.891a5.626 5.626 0 0 1-.048-.745s2.124.519 4.817.643c1.646.076 3.19-.096 4.759-.283 3.007-.359 5.625-2.211 5.954-3.905.52-2.668.477-6.509.477-6.509Zm-4.023 6.709h-2.498v-6.12c0-1.289-.542-1.944-1.628-1.944-1.2 0-1.802.777-1.802 2.312v3.35H10.76v-3.35c0-1.535-.601-2.312-1.803-2.312-1.086 0-1.628.655-1.628 1.944v6.12H4.832V8.284c0-1.289.327-2.313.987-3.07.68-.757 1.569-1.146 2.674-1.146 1.278 0 2.247.491 2.886 1.473L12 6.585l.623-1.044c.64-.982 1.609-1.473 2.887-1.473 1.104 0 1.994.389 2.674 1.146.658.757.986 1.781.986 3.07v6.304Z"/>
+    </symbol>
+    <symbol viewBox="0 0 24 24" id="x-twitter">
+      <path d="M14.286 10.664 23.222.5h-2.117l-7.763 8.824L7.147.5H0l9.37 13.344L0 24.5h2.117l8.192-9.319 6.544 9.32H24M2.88 2.061h3.253l14.97 20.953H17.85"/>
+    </symbol>
+  </defs>
+</svg>
diff --git a/app/assets/stylesheets/application.css b/app/assets/stylesheets/application.css
index 60707cefb77..dceb43dbed2 100644
--- a/app/assets/stylesheets/application.css
+++ b/app/assets/stylesheets/application.css
@@ -1,8 +1,26 @@
-/*
- * This is a manifest file that'll automatically include all the stylesheets available in this directory
- * and any sub-directories. You're free to add application-wide styles to this file and they'll appear at
- * the top of the compiled file, but it's generally better to create a new file per style scope.
- *= require_self
- *= require github_buttons
- *= require_tree .
-*/
+@import url("base.css");
+@import url("layout.css");
+@import url("suggest-list.css");
+@import url("type.css");
+@import url("github_buttons.css");
+
+@import url("modules/badge.css");
+@import url("modules/button.css");
+@import url("modules/dependencies.css");
+@import url("modules/error.css");
+@import url("modules/footer.css");
+@import url("modules/form.css");
+@import url("modules/gem.css");
+@import url("modules/gems.css");
+@import url("modules/header.css");
+@import url("modules/home.css");
+@import url("modules/mfa.css");
+@import url("modules/nav/nav--paginated.css");
+@import url("modules/nav/nav--v.css");
+@import url("modules/news.css");
+@import url("modules/org.css");
+@import url("modules/owners.css");
+@import url("modules/search.css");
+@import url("modules/shared.css");
+@import url("modules/stats.css");
+@import url("modules/status-icon.css");
diff --git a/app/helpers/icon_helper.rb b/app/helpers/icon_helper.rb
index e84116cf09a..a33031e6365 100644
--- a/app/helpers/icon_helper.rb
+++ b/app/helpers/icon_helper.rb
@@ -8,7 +8,7 @@ def icon_tag(name, size: 6, **options)
     options[:role] ||= "graphics-symbol"
 
     tag.svg(**options) do
-      concat tag.use(href: "/images/icons.svg##{name}")
+      concat tag.use(href: "#{asset_path('/images/icons.svg')}##{name}")
     end
   end
 end
diff --git a/app/helpers/versions_helper.rb b/app/helpers/versions_helper.rb
index 5a3439f834a..e1047d859f4 100644
--- a/app/helpers/versions_helper.rb
+++ b/app/helpers/versions_helper.rb
@@ -45,7 +45,7 @@ def download_count_component(rubygem, **options)
     options[:title] = "#{t('total_downloads')}: #{downloads}"
 
     tag.span(**options) do
-      concat tag.svg(tag.use(href: "/images/icons.svg#arrow-circle-down"), height: "20", width: "20", class: "fill-current")
+      concat icon_tag("arrow-circle-down", size: 5)
       concat tag.span(downloads)
     end
   end
diff --git a/app/views/layouts/_breadcrumbs.html.erb b/app/views/layouts/_breadcrumbs.html.erb
index 605713d9197..27896537c67 100644
--- a/app/views/layouts/_breadcrumbs.html.erb
+++ b/app/views/layouts/_breadcrumbs.html.erb
@@ -3,16 +3,11 @@
     <nav class="flex justify-start items-center text-b2" aria-label="Breadcrumb">
       <!-- Home breadcrumb -->
       <%= link_to root_path, class: "inline-block p-1 -ml-1 hover:text-neutral-600 dark:hover:text-neutral-400", title: t("breadcrumbs.home"), aria: { label: t("breadcrumbs.home") } do %>
-        <svg class="fill-current" height="24" width="24" role="graphics-symbol">
-          <title><%= t('breadcrumbs.home') %></title>
-          <use href="/images/icons.svg#house-siding"/>
-        </svg>
+        <%= icon_tag "house-siding", size: 6 %>
       <% end %>
 
       <% breadcrumbs.each do |name, link| %>
-        <svg class="text-neutral-600 dark:text-neutral-700 fill-neutral-600 dark:fill-neutral-700 h-6 w-6" height="24" width="24" role="graphics-symbol" aria-hidden="true">
-          <use href="/images/icons.svg#chevron-right"/>
-        </svg>
+        <%= icon_tag "chevron-right", size: 6, class: "text-neutral-600 dark:text-neutral-700 fill-neutral-600 dark:fill-neutral-700", size: 6, aria: { hidden: "true" } %>
         <% if link %>
           <%= link_to name, link, class: "inline-block p-1 hover:text-neutral-600 dark:hover:text-neutral-400" %>
         <% else %>
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 701f7a097d8..0c4f46be8b1 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -13,8 +13,7 @@
     <link rel="fluid-icon" href="/fluid-icon.png"/>
     <link rel="search" type="application/opensearchdescription+xml" title="<%=t :title %>" href="/opensearch.xml">
     <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
-
-    <%= stylesheet_link_tag("application") %>
+    <%= stylesheet_link_tag("application", "preload_links_header" => true) %>
     <link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
     <link href='https://fonts.googleapis.com/css?family=Roboto:100&amp;subset=greek,latin,cyrillic,latin-ext' rel='stylesheet' type='text/css'>
     <%= render "layouts/feeds" %>
diff --git a/app/views/layouts/hammy.html.erb b/app/views/layouts/hammy.html.erb
index b65449f08b2..529339c32e6 100644
--- a/app/views/layouts/hammy.html.erb
+++ b/app/views/layouts/hammy.html.erb
@@ -214,8 +214,9 @@
             <a href="https://github.com/rubygems/rubygems.org">
               <%= icon_tag "github" %>
             </a>
-            <%# <a href="" class=""><svg width="24" height="24" class="fill-current"><use href="/images/icons.svg#mastodon"/></svg></a>
-            <a href="#" class=""><svg width="24" height="24" class="fill-current"><use href="/images/icons.svg#x-twitter"/></svg></a> %>
+            <a href="https://ruby.social/users/rubygems">
+              <%= icon_tag "mastodon" %>
+            </a>
           </div>
         </div>
       </div>
diff --git a/config/application.rb b/config/application.rb
index c6955202e86..9f395a1b1f1 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -12,7 +12,6 @@
 # require "action_text/engine"
 require "action_view/railtie"
 # require "action_cable/engine"
-require "sprockets/railtie"
 require "rails/test_unit/railtie"
 
 # Require the gems listed in Gemfile, including any gems
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 985853896bd..2384e1ee68d 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -123,8 +123,6 @@
       'Cache-Control' => 'max-age=315360000, public',
       'Expires' => 'Thu, 31 Dec 2037 23:55:55 GMT'
     }
-    config.assets.js_compressor = :terser
-    config.assets.css_compressor = :sass
     config.assets.compile = false
     config.assets.digest = true
     config.assets.debug = false
diff --git a/config/environments/production.rb b/config/environments/production.rb
index fce4d18fc9b..8d95758ee47 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -27,12 +27,6 @@
     'Expires' => 'Thu, 31 Dec 2037 23:55:55 GMT'
   }
 
-  # Compress JavaScript using a preprocessor
-  config.assets.js_compressor = :terser
-
-  # Compress CSS using a preprocessor.
-  config.assets.css_compressor = :sass
-
   # Do not fall back to assets pipeline if a precompiled asset is missed.
   config.assets.compile = false
 
diff --git a/config/environments/staging.rb b/config/environments/staging.rb
index f2a52cdfe87..ae4726d99a0 100644
--- a/config/environments/staging.rb
+++ b/config/environments/staging.rb
@@ -30,10 +30,6 @@
     'Expires' => 'Thu, 31 Dec 2037 23:55:55 GMT'
   }
 
-  # Compress JavaScripts and CSS.
-  config.assets.js_compressor = :terser
-  config.assets.css_compressor = :sass
-
   # Do not fallback to assets pipeline if a precompiled asset is missed.
   config.assets.compile = false
 
diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb
index 4658f8394f0..487324424ff 100644
--- a/config/initializers/assets.rb
+++ b/config/initializers/assets.rb
@@ -5,8 +5,3 @@
 
 # Add additional assets to the asset load path.
 # Rails.application.config.assets.paths << Emoji.images_path
-
-# Precompile additional assets.
-# application.js, application.css, and all non-JS/CSS in the app/assets
-# folder are already added.
-Rails.application.config.assets.precompile += %w[*.png *.jpg *.jpeg *.gif *.svg]
diff --git a/vendor/assets/stylesheets/github_buttons.css.scss b/vendor/assets/stylesheets/github_buttons.css
similarity index 98%
rename from vendor/assets/stylesheets/github_buttons.css.scss
rename to vendor/assets/stylesheets/github_buttons.css
index ebb3356741a..a1c36ae230d 100644
--- a/vendor/assets/stylesheets/github_buttons.css.scss
+++ b/vendor/assets/stylesheets/github_buttons.css
@@ -63,7 +63,7 @@
   width: 14px;
   height: 14px;
   margin-right: 4px;
-  background: image-url('github_icon.png');
+  background: url('github_icon.png');
   background-size: 100% 100%;
   background-repeat: no-repeat;
 }

From 197263d956ed5157bfc4ab7d319376e4cb66f37c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 28 Oct 2024 17:43:14 +0000
Subject: [PATCH 316/381] Bump pg from 1.5.8 to 1.5.9 (#5165)

Bumps [pg](https://github.com/ged/ruby-pg) from 1.5.8 to 1.5.9.
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.md)
- [Commits](https://github.com/ged/ruby-pg/compare/v1.5.8...v1.5.9)

---
updated-dependencies:
- dependency-name: pg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 620f32dc93c..1eac89ea3ca 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -549,7 +549,7 @@ GEM
     parser (3.3.5.0)
       ast (~> 2.4.1)
       racc
-    pg (1.5.8)
+    pg (1.5.9)
     pg_query (5.1.0)
       google-protobuf (>= 3.22.3)
     pghero (3.6.1)
@@ -1180,7 +1180,7 @@ CHECKSUMS
   pagy (8.6.3) sha256=537b2ee3119f237dd6c4a0d0a35c67a77b9d91ebb9d4f85e31407c2686774fb2
   parallel (1.26.3) sha256=d86babb7a2b814be9f4b81587bf0b6ce2da7d45969fab24d8ae4bf2bb4d4c7ef
   parser (3.3.5.0) sha256=f30ebb71b7830c2e7cdc4b2b0e0ec2234900e3fca3fe2fba47f78be759181ab3
-  pg (1.5.8) sha256=efd71939dd1d6d9f0b434dc61dee6ef64f1d2bfcd3c177598a8797c27e654f37
+  pg (1.5.9) sha256=761efbdf73b66516f0c26fcbe6515dc7500c3f0aa1a1b853feae245433c64fdc
   pg_query (5.1.0) sha256=b7f7f47c864f08ccbed46a8244906fb6ee77ee344fd27250717963928c93145d
   pghero (3.6.1) sha256=e6d4f6ec3979d4828dafcd1eaa4214e70279fe2502b9fe5bd632d8333aa79cd4
   phlex (1.10.2) sha256=49dca7df081258f937be5e4ee0a81b11743f2b4fea25ac7537912b9c9344b1e6

From 26e7301270f7a45a040b38d321fc2e2f91a3d864 Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Mon, 28 Oct 2024 11:01:13 -0700
Subject: [PATCH 317/381] Add RAILS_GROUPS=assets back to Dockerfile (#5173)

I missed that the tailwind gem was included in a group in the Gemfile
on its own that included :assets as the group name.
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index db689142888..4def663466f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -91,7 +91,7 @@ COPY --link config/database.yml.sample /app/config/database.yml
 # Precompiling assets for production without requiring secret RAILS_MASTER_KEY
 RUN <<BASH
   set -ex
-  SECRET_KEY_BASE_DUMMY=1 bin/rails assets:precompile
+  RAILS_GROUPS=assets SECRET_KEY_BASE_DUMMY=1 bin/rails assets:precompile
   rm -fr /app/tmp/cache/assets/
 BASH
 

From afc736754112aadc1f1ad661aff9f1dfda13d477 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 28 Oct 2024 12:45:23 -0700
Subject: [PATCH 318/381] Bump rexml from 3.3.8 to 3.3.9 (#5171)

Bumps [rexml](https://github.com/ruby/rexml) from 3.3.8 to 3.3.9.
- [Release notes](https://github.com/ruby/rexml/releases)
- [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md)
- [Commits](https://github.com/ruby/rexml/compare/v3.3.8...v3.3.9)

---
updated-dependencies:
- dependency-name: rexml
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 1eac89ea3ca..b1e07358e89 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -669,7 +669,7 @@ GEM
     regexp_parser (2.9.2)
     reline (0.5.10)
       io-console (~> 0.5)
-    rexml (3.3.8)
+    rexml (3.3.9)
     roadie (5.2.1)
       css_parser (~> 1.4)
       nokogiri (~> 1.15)
@@ -1224,7 +1224,7 @@ CHECKSUMS
   redcarpet (3.6.0) sha256=8ad1889c0355ff4c47174af14edd06d62f45a326da1da6e8a121d59bdcd2e9e9
   regexp_parser (2.9.2) sha256=5a27e767ad634f8a4b544520d5cd28a0db7aa1198a5d7c9d7e11d7b3d9066446
   reline (0.5.10) sha256=1660c969a792ebd034e6ceee8ca628f3b6698dcdb34f7a282a5edda37b958166
-  rexml (3.3.8) sha256=f68fd96345330a1062896d0d0401324b0dae0ee20f784791b0843db96b212167
+  rexml (3.3.9) sha256=d71875b85299f341edf47d44df0212e7658cbdf35aeb69cefdb63f57af3137c9
   roadie (5.2.1) sha256=e4a4f61ce792bd91b228b6844b4bad6b160cdc1b8df86c81a8b983082a5001d6
   roadie-rails (3.2.0) sha256=90a534857fcfe9fdbe4f9ebfdbc47e5d33462c4f36f478fc80ba6a7b6257433f
   rotp (6.3.0) sha256=75d40087e65ed0d8022c33055a6306c1c400d1c12261932533b5d6cbcd868854

From 6bac2df812d1de28cf6f8be828d28008c1f6d0c1 Mon Sep 17 00:00:00 2001
From: Manuel Meurer <manuel@meurer.io>
Date: Mon, 28 Oct 2024 20:48:55 +0100
Subject: [PATCH 319/381] Improve DE translations on about page (#5154)

---
 config/locales/de.yml | 48 +++++++++++++++++++++----------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/config/locales/de.yml b/config/locales/de.yml
index e3e04e1e1f6..982ff33eced 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -463,37 +463,37 @@ de:
     about:
       contributors_amount: "%{count} Rubyists"
       downloads_amount: Millionen von Gem-Downloads
-      checkout_code: bitte prüfe den Code
-      mit_licensed: MIT-lizenziert
+      checkout_code: sieh dir einfach den Code an
+      mit_licensed: MIT Lizenz
       logo_header: Auf der Suche nach unserem Logo?
-      logo_details: Wähle einfach den Download-Button, um drei .PNGs und eine .SVG
-        des RubyGems-Logos für dich zu erhalten.
+      logo_details: Klick einfach auf den Download-Button, um drei PNGs und eine SVG
+        des RubyGems-Logos zu erhalten.
       founding_html: Das Projekt wurde im April 2009 von %{founder} gestartet und
-        hat seitdem über %{contributors} und %{downloads}. Ab dem Release von RubyGems
-        1.3.6 wurde die Website von Gemcutter zu %{title} umbenannt, um eine zentrale
-        Rolle in der Ruby-Community zu verfestigen.
-      support_html: Obwohl RubyGems.org nicht von einem bestimmten Unternehmen ausgeführt
+        ist seitdem dank %{contributors} und %{downloads} gewachsen. Mit dem Release von RubyGems
+        1.3.6 wurde die Website von Gemcutter zu %{title} umbenannt, um ihre zentrale
+        Rolle in der Ruby-Community zu verdeutlichen.
+      support_html: Obwohl RubyGems.org nicht von einem zentralen Unternehmen geführt
         wird, haben viele Unternehmen uns bereits unterstützt. Das aktuelle Design,
-        die Illustrationen und die Front-End-Entwicklung für dieser Webseite wurden
-        von %{dockyard} erstellt. %{github} hat auch von unschätzbarem Wert uns geholfen
-        den Code mit anderen Entwicklern zuteilen, um an dem Code leichter zusammenarbeiten.
-        Die Website wurde mit %{heroku} gestartet, dessen großen Dienst uns geholfen,
-        RubyGems als eine praktikable Lösung zu erweisen, wo die ganze Gemeinschaft
-        darauf verlassen kann. Our infrastructure is currently hosted on %{aws}.
+        die Illustrationen und die Frontend-Entwicklung wurden
+        von %{dockyard} erstellt. %{github} war auch von unschätzbarem Wert und hat uns sehr geholfen,
+        zusammenzuarbeiten und Code zu teilen.
+        Die Website wurde mit %{heroku} gestartet, großartiger Service dazu beitrug, RubyGems
+        als eine praktikable Lösung zu beweisen, auf die sich die gesamte Community verlassen kann.
+        Unsere Infrastruktur wird derzeit auf %{aws} gehostet.
       technical_html: 'Einige Einblicke in die technischen Aspekte dieser Webseite:
-        Es ist 100% in Ruby geschrieben. Die Hauptseite ist verwendet die %{rails}-Software.
-        Die Gems werden in %{s3}, served by %{fastly}, gehostet und die Zeit zwischen
-        der Veröffentlichung eines neuen Gems und nachdem er bereit zur Installation
-        freigegeben ist, ist minimal. Für mehr Informationen siehe %{source_code}
-        (%{license}) auf GitHub.'
+        Sie ist zu 100% in Ruby geschrieben. Die Hauptseite ist eine %{rails} App.
+        Die Gems werden auf %{s3} gehostet und über %{fastly} ausgeliefert, und die Zeit nach
+        der Veröffentlichung eines neuen Gems, bis es zur Installation bereit seht, beträgt
+        meistens nur einige wenige Sekunden. Für mehr Informationen %{source_code}, der mit der
+        %{license} auf GitHub bereitseht.'
       title: Über uns
       purpose:
-        better_api: Bereitstellen eines besseren APIs für den Umgang mit Gems
-        enable_community: Der Gemeinschaft ermöglichen, die Webseite zu verbessern
+        better_api: Eine bessere API bereitzustellen, um mit Gems zu arbeiten
+        enable_community: Es der Community zu ermöglichen, diese Webseite zu verbessern
           und zu erweitern
-        header: 'Willkommen in %{site}, die Community für Ruby Gem-Hostingservice.
-          Die Gründe sind vielfältig:'
-        transparent_pages: Erstellen transparenter und zugänglicher Projektseiten
+        header: 'Willkommen bei RubyGems.org, dem Gem-Hosting-Srrvice der Ruby-Community.
+          Dieses Projekt hat drei Ziele:'
+        transparent_pages: Mehr transparente und barrierefreie Projektseiten zu erstellen
     data:
       title: RubyGems.org Data Dumps
     download:

From 142c4c19a0a85f110e9b1e8e9576963911279891 Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Mon, 28 Oct 2024 12:51:13 -0700
Subject: [PATCH 320/381] Wait for avo form input to render in system test
 (#5172)

---
 test/system/avo/manual_changes_test.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/system/avo/manual_changes_test.rb b/test/system/avo/manual_changes_test.rb
index 0180c51cb7c..8d47468e5ea 100644
--- a/test/system/avo/manual_changes_test.rb
+++ b/test/system/avo/manual_changes_test.rb
@@ -14,6 +14,7 @@ class Avo::ManualChangesSystemTest < ApplicationSystemTestCase
     visit avo.resources_log_tickets_path
     click_on "Create new log ticket"
 
+    page.find_by_id("log_ticket_key", wait: Capybara.default_max_wait_time) # Wait for input to be available.
     fill_in "Key", with: "key"
     fill_in "Directory", with: "dir"
     fill_in "Processed count", with: "0"

From 6b81ec2589647761270d9c87ecc2abc7e7cedadc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 28 Oct 2024 17:36:06 +0000
Subject: [PATCH 321/381] Bump factory_bot_rails from 6.4.3 to 6.4.4

Bumps [factory_bot_rails](https://github.com/thoughtbot/factory_bot_rails) from 6.4.3 to 6.4.4.
- [Release notes](https://github.com/thoughtbot/factory_bot_rails/releases)
- [Changelog](https://github.com/thoughtbot/factory_bot_rails/blob/main/NEWS.md)
- [Commits](https://github.com/thoughtbot/factory_bot_rails/compare/v6.4.3...v6.4.4)

---
updated-dependencies:
- dependency-name: factory_bot_rails
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index b1e07358e89..1cd7afd7484 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -257,10 +257,10 @@ GEM
     erubi (1.13.0)
     et-orbi (1.2.11)
       tzinfo
-    factory_bot (6.4.5)
+    factory_bot (6.5.0)
       activesupport (>= 5.0.0)
-    factory_bot_rails (6.4.3)
-      factory_bot (~> 6.4)
+    factory_bot_rails (6.4.4)
+      factory_bot (~> 6.5)
       railties (>= 5.0.0)
     faraday (2.12.0)
       faraday-net_http (>= 2.0, < 3.4)
@@ -421,7 +421,7 @@ GEM
       rake (~> 13.0)
     local_time (3.0.2)
     logger (1.6.1)
-    loofah (2.23.0)
+    loofah (2.23.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     lookbook (2.3.3)
@@ -1060,8 +1060,8 @@ CHECKSUMS
   email_validator (2.2.4) sha256=5ab238095bec7aef9389f230e9e0c64c5081cdf91f19d6c5cecee0a93af20604
   erubi (1.13.0) sha256=fca61b47daefd865d0fb50d168634f27ad40181867445badf6427c459c33cd62
   et-orbi (1.2.11) sha256=d26e868cc21db88280a9ec1a50aa3da5d267eb9b2037ba7b831d6c2731f5df64
-  factory_bot (6.4.5) sha256=d71dd29bc95f0ec2bf27e3dd9b1b4d557bd534caca744663cb7db4bacf3198be
-  factory_bot_rails (6.4.3) sha256=ea73ceac1c0ff3dc11fff390bf2ea8a2604066525ed8ecd3b3bc2c267226dcc8
+  factory_bot (6.5.0) sha256=6374b3a3593b8077ee9856d553d2e84d75b47b912cc24eafea4062f9363d2261
+  factory_bot_rails (6.4.4) sha256=139e17caa2c50f098fddf5e5e1f29e8067352024e91ca1186d018b36589e5c88
   faraday (2.12.0) sha256=d106d0b1bc2548a8c0c34619a657a5e4aeae2780f951b0e095c8f803bbbf4517
   faraday-follow_redirects (0.3.0) sha256=d92d975635e2c7fe525dd494fcd4b9bb7f0a4a0ec0d5f4c15c729530fdb807f9
   faraday-multipart (1.0.4) sha256=9012021ab57790f7d712f590b48d5f948b19b43cfa11ca83e6459f06090b0725
@@ -1131,7 +1131,7 @@ CHECKSUMS
   llhttp-ffi (0.5.0) sha256=496f40ad44bcbf99de02da1f26b1ad64e6593cd487b931508a86228e2a3af0fa
   local_time (3.0.2) sha256=cb8abb2d56726ae285d00b0bd7f4c34bafc38c0c1cbc70ddc28f3a5661168d9d
   logger (1.6.1) sha256=3ad9587ed3940bf7897ea64a673971415523f4f7d6b22c5e3af5219705669653
-  loofah (2.23.0) sha256=a409cf88e5c808c1908e7d1b997df867d102be16e110e81eef43823dd24c7175
+  loofah (2.23.1) sha256=d0a07422cb3b69272e124afa914ef6d517e30d5496b7f1c1fc5b95481f13f75e
   lookbook (2.3.3) sha256=580dd8d2242f2a702b0aea39fa40704ac5837ea89e0225134dea8e4151b97e45
   mail (2.8.1) sha256=ec3b9fadcf2b3755c78785cb17bc9a0ca9ee9857108a64b6f5cfc9c0b5bfc9ad
   maintenance_tasks (2.8.0) sha256=7ee8aa37ab39c6c3a5f4637878c1a343cc296596742248112458b922968d4a16

From 45df4a83ab7ef0703f144b247fd9c7358eb69d51 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Oct 2024 14:42:50 +0000
Subject: [PATCH 322/381] Bump github/codeql-action from 3.26.13 to 3.27.0

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.13 to 3.27.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/f779452ac5af1c261dce0346a8f964149f49322b...662472033e021d55d94146f66f6058822b0b39fd)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 2e9b79a52b7..67766490121 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
+        uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
+        uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
+        uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 443a4645714..1e7ebcc8c95 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
+        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
         with:
           sarif_file: results.sarif

From e2ca5639d61292a7d86c40513940ea6d0c706f21 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 28 Oct 2024 19:57:45 +0000
Subject: [PATCH 323/381] Bump lookbook from 2.3.3 to 2.3.4

Bumps [lookbook](https://github.com/ViewComponent/lookbook) from 2.3.3 to 2.3.4.
- [Release notes](https://github.com/ViewComponent/lookbook/releases)
- [Commits](https://github.com/ViewComponent/lookbook/compare/v2.3.3...v2.3.4)

---
updated-dependencies:
- dependency-name: lookbook
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 1cd7afd7484..7576d6d414a 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -424,7 +424,7 @@ GEM
     loofah (2.23.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
-    lookbook (2.3.3)
+    lookbook (2.3.4)
       activemodel
       css_parser
       htmlbeautifier (~> 1.3)
@@ -1132,7 +1132,7 @@ CHECKSUMS
   local_time (3.0.2) sha256=cb8abb2d56726ae285d00b0bd7f4c34bafc38c0c1cbc70ddc28f3a5661168d9d
   logger (1.6.1) sha256=3ad9587ed3940bf7897ea64a673971415523f4f7d6b22c5e3af5219705669653
   loofah (2.23.1) sha256=d0a07422cb3b69272e124afa914ef6d517e30d5496b7f1c1fc5b95481f13f75e
-  lookbook (2.3.3) sha256=580dd8d2242f2a702b0aea39fa40704ac5837ea89e0225134dea8e4151b97e45
+  lookbook (2.3.4) sha256=16484c9eb514ac0c23c4b59cfd5a52697141d35056e3a9c2a22b314c1b887605
   mail (2.8.1) sha256=ec3b9fadcf2b3755c78785cb17bc9a0ca9ee9857108a64b6f5cfc9c0b5bfc9ad
   maintenance_tasks (2.8.0) sha256=7ee8aa37ab39c6c3a5f4637878c1a343cc296596742248112458b922968d4a16
   marcel (1.0.4) sha256=0d5649feb64b8f19f3d3468b96c680bae9746335d02194270287868a661516a4

From 70327f4045c94fb1fc0d4a04bc64fc89ba6fe231 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Oct 2024 14:32:31 +0000
Subject: [PATCH 324/381] Bump openid_connect from 2.3.0 to 2.3.1

Bumps [openid_connect](https://github.com/nov/openid_connect) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/nov/openid_connect/releases)
- [Changelog](https://github.com/nov/openid_connect/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nov/openid_connect/compare/v2.3.0...v2.3.1)

---
updated-dependencies:
- dependency-name: openid_connect
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 7576d6d414a..5c06644f004 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -357,7 +357,7 @@ GEM
     job-iteration (1.5.1)
       activejob (>= 5.2)
     json (2.7.2)
-    json-jwt (1.16.6)
+    json-jwt (1.16.7)
       activesupport (>= 4.2)
       aes_key_wrap
       base64
@@ -523,7 +523,7 @@ GEM
     omniauth-rails_csrf_protection (1.0.2)
       actionpack (>= 4.2)
       omniauth (~> 2.0)
-    openid_connect (2.3.0)
+    openid_connect (2.3.1)
       activemodel
       attr_required (>= 1.0.0)
       email_validator
@@ -1106,7 +1106,7 @@ CHECKSUMS
   jmespath (1.6.2) sha256=238d774a58723d6c090494c8879b5e9918c19485f7e840f2c1c7532cf84ebcb1
   job-iteration (1.5.1) sha256=1428ad5b308adbaae8776c16b7792a846eb1ad7f4ab3c6e0f9668dd2ab1179e5
   json (2.7.2) sha256=1898b5cbc81cd36c0fd4d0b7ad2682c39fb07c5ff682fc6265f678f550d4982c
-  json-jwt (1.16.6) sha256=ab451f9cd8743cecc4137f4170806046c1d8a6d4ee6e8570e0b5c958409b266c
+  json-jwt (1.16.7) sha256=ccabff4c6d1a14276b23178e8bebe513ef236399b72a0b886d7ed94800d172a5
   jwt (2.7.1) sha256=07357cd2f180739b2f8184eda969e252d850ac996ed0a23f616e8ff0a90ae19b
   kaminari (1.2.2) sha256=c4076ff9adccc6109408333f87b5c4abbda5e39dc464bd4c66d06d9f73442a3e
   kaminari-actionview (1.2.2) sha256=1330f6fc8b59a4a4ef6a549ff8a224797289ebf7a3a503e8c1652535287cc909
@@ -1171,7 +1171,7 @@ CHECKSUMS
   omniauth-github (2.0.1) sha256=8ff8e70ac6d6db9d52485eef52cfa894938c941496e66b52b5e2773ade3ccad4
   omniauth-oauth2 (1.8.0) sha256=b2f8e9559cc7e2d4efba57607691d6d2b634b879fc5b5b6ccfefa3da85089e78
   omniauth-rails_csrf_protection (1.0.2) sha256=1170fd672aff092b9b7ebebc1453559f073ed001e3ce62a1df616e32f8dc5fe0
-  openid_connect (2.3.0) sha256=0dbb9cefeb11e0a65e706349266355bbbb060382ae138fc9e199ab1aa622744c
+  openid_connect (2.3.1) sha256=5d808380cff80d78e3d3d54cfaebe2d6461d835c674faa29e2314a402c1b2182
   opensearch-ruby (3.4.0) sha256=0a8621686bed3c59b4c23e08cbaef873685a3fe4568e9d2703155ca92b8ca05d
   openssl (3.2.0) sha256=3c4bb8760977b4becd2819c6c2569bcf5c6f48b32b9f7a4ce1fd37f996378d14
   openssl-signature_algorithm (1.3.0) sha256=a3b40b5e8276162d4a6e50c7c97cdaf1446f9b2c3946a6fa2c14628e0c957e80

From b5b4f42f9d5d038d29d9764369d09ca2276d91eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Mon, 28 Oct 2024 21:24:33 +0100
Subject: [PATCH 325/381] Construct invalid JWT manually in OIDC test.

- json-jwt library doesn't compose invalid JWT anymore
---
 .../api/v1/oidc/trusted_publisher_controller_test.rb   | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/test/integration/api/v1/oidc/trusted_publisher_controller_test.rb b/test/integration/api/v1/oidc/trusted_publisher_controller_test.rb
index fa930577713..98286492fd6 100644
--- a/test/integration/api/v1/oidc/trusted_publisher_controller_test.rb
+++ b/test/integration/api/v1/oidc/trusted_publisher_controller_test.rb
@@ -124,15 +124,17 @@ def jwt(claims = @claims, key: @pkey)
 
     %w[nbf exp iat iss jti].each do |claim|
       should "return bad request with missing/invalid #{claim}" do
-        @claims[claim] = ["a"]
+        payload = jwt # generates jwt hash
+        payload[claim] = ["a"]
+
         post api_v1_oidc_trusted_publisher_exchange_token_path,
-          params: { jwt: jwt.to_s }
+          params: { jwt: payload.to_s }
 
         assert_response :bad_request
 
-        @claims.delete claim
+        payload.delete claim
         post api_v1_oidc_trusted_publisher_exchange_token_path,
-          params: { jwt: jwt.to_s }
+          params: { jwt: payload.to_s }
 
         assert_response :bad_request
       end

From e51471eeccc00f63ca39acb8bbf2c756b37c94bd Mon Sep 17 00:00:00 2001
From: Martin Emde <me@martinemde.com>
Date: Mon, 28 Oct 2024 17:01:06 -0700
Subject: [PATCH 326/381] fix PT-BR display bug

---
 config/locales/pt-BR.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index f3a6de047e6..dd6691234cf 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -235,7 +235,7 @@ pt-BR:
   layouts:
     application:
       footer:
-        about: Sobre o Rubygems
+        about: Sobre
         api: API
         blog: Blog
         contribute: Como Contribuir

From 3ac96115eefdd9db32fd139d2cfc14bf4ce669ce Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Mon, 28 Oct 2024 19:20:56 -0700
Subject: [PATCH 327/381] Enable turbo only on the hammy layout. (#5168)

Also cleanup importmap verify a little (improved via debugging)
---
 app/javascript/application.js                 |  3 ++
 .../controllers/autocomplete_controller.js    |  2 +-
 app/views/layouts/hammy.html.erb              |  2 +-
 config/importmap.rb                           |  5 +++
 .../initializers/content_security_policy.rb   |  7 +++-
 lib/tasks/importmap.rake                      | 21 ++++++++----
 script/turbo_rails_hash                       | 33 +++++++++++++++++++
 7 files changed, 64 insertions(+), 9 deletions(-)
 create mode 100755 script/turbo_rails_hash

diff --git a/app/javascript/application.js b/app/javascript/application.js
index 3623739686b..50eaafaba76 100644
--- a/app/javascript/application.js
+++ b/app/javascript/application.js
@@ -1,4 +1,7 @@
 // Configure your import map in config/importmap.rb. Read more: https://github.com/rails/importmap-rails
+import "@hotwired/turbo-rails"
+Turbo.session.drive = false
+
 import Rails from "@rails/ujs";
 Rails.start();
 
diff --git a/app/javascript/controllers/autocomplete_controller.js b/app/javascript/controllers/autocomplete_controller.js
index c933cd6df2b..f1825ce6466 100644
--- a/app/javascript/controllers/autocomplete_controller.js
+++ b/app/javascript/controllers/autocomplete_controller.js
@@ -11,7 +11,7 @@ export default class extends Controller {
     this.suggestLength = 0;
   }
 
-  disconnect() { clear() }
+  disconnect() { this.clear() }
 
   clear() {
     this.suggestionsTarget.classList.add('hidden');
diff --git a/app/views/layouts/hammy.html.erb b/app/views/layouts/hammy.html.erb
index 529339c32e6..f753a007ed1 100644
--- a/app/views/layouts/hammy.html.erb
+++ b/app/views/layouts/hammy.html.erb
@@ -23,7 +23,7 @@
   <%= yield :head %>
   <%= javascript_importmap_tags %>
 </head>
-<body class="bg-white dark:bg-black">
+<body data-turbo="true" class="bg-white dark:bg-black">
   <div class="min-h-screen flex flex-col">
     <!-- Header -->
     <header>
diff --git a/config/importmap.rb b/config/importmap.rb
index 17e88c72ed7..455a99b32b1 100644
--- a/config/importmap.rb
+++ b/config/importmap.rb
@@ -5,6 +5,11 @@
 pin "application"
 pin_all_from "app/javascript/src", under: "src"
 
+# If the version of turbo-rails changes, check that the CSP hash of the ProgressBar stylesheet didn't change.
+# Look for an error in the browser console indicating that a stylesheet was skipped.
+# 'turbo.min.js' is embedded in the turbo-rails gem.
+pin "@hotwired/turbo-rails", to: "turbo.min.js"
+
 pin "@hotwired/stimulus", to: "@hotwired--stimulus.js" # @3.2.2
 # stimulus-loading.js is a compiled asset only available from stimulus-rails gem
 pin "@hotwired/stimulus-loading", to: "stimulus-loading.js"
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 616790254b5..331f03e0fec 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -14,7 +14,12 @@
     # NOTE: This scirpt_src is overridden for all requests in ApplicationController
     # This is the baseline in case the override is ever skipped
     policy.script_src :self, "https://secure.gaug.es", "https://www.fastly-insights.com"
-    policy.style_src :self, "https://fonts.googleapis.com"
+    policy.style_src :self, "https://fonts.googleapis.com",
+      # This hardcoded value is the SHA256 of the style tag injected by turbo-rails ProgressBar.
+      # We don't want to rely on the nonce because it gets cached and then turbo can't reliably navigate.
+      # This is because new turbo responses and old cached responses will have different nonces, making CSP fail.
+      # You can regenerate this value by looking at script/turbo_rails_hash in this repo.
+      "'sha256-WAyOw4V+FqDc35lQPyRADLBWbuNK8ahvYEaQIYF1+Ps='"
     policy.connect_src :self, "https://s3-us-west-2.amazonaws.com/rubygems-dumps/", "https://*.fastly-insights.com", "https://fastly-insights.com",
       "https://api.github.com", "http://localhost:*"
     policy.form_action :self, "https://github.com/login/oauth/authorize"
diff --git a/lib/tasks/importmap.rake b/lib/tasks/importmap.rake
index fc80ce2e0cd..22d9283516c 100644
--- a/lib/tasks/importmap.rake
+++ b/lib/tasks/importmap.rake
@@ -7,11 +7,17 @@ namespace :importmap do
   desc "Verify downloaded packages in vendor/javascript"
   task :verify do # rubocop:disable Rails/RakeEnvironment
     options = { env: "production", from: "jspm.io" }
-    all_files = Rails.root.glob("vendor/javascript/*.js").map { |p| p.relative_path_from(Rails.root) }
-    all_files.delete(Pathname.new("vendor/javascript/github-buttons.js")) || raise("importmap:verify expected github-buttons.js not found")
-    all_files.delete(Pathname.new("vendor/javascript/webauthn-json.js")) || raise("importmap:verify expected webauthn-json.js not found")
+    importmap_path = "config/importmap.rb"
+    vendor_pathname = Rails.root.join("vendor/javascript")
+    all_files = vendor_pathname.glob("*.js").map { |p| p.relative_path_from(Rails.root) }
+    manually_vendored_files = ["github-buttons.js", "webauthn-json.js"]
 
-    npm = Importmap::Npm.new(Rails.root.join("config/importmap.rb"))
+    manually_vendored_files.each do |filename|
+      path = vendor_pathname.join(filename).relative_path_from(Rails.root)
+      all_files.delete(path) || raise("importmap:verify expected #{path} not found")
+    end
+
+    npm = Importmap::Npm.new(importmap_path)
 
     packages = npm.packages_with_versions.map do |p, v|
       v.blank? ? p : [p, v].join("@")
@@ -19,9 +25,12 @@ namespace :importmap do
 
     puts "Verifying packages in vendor/javascript"
 
-    packager = ImportmapHelper::Packager.new
+    packager = ImportmapHelper::Packager.new(
+      importmap_path,
+      vendor_path: vendor_pathname.relative_path_from(Rails.root)
+    )
 
-    if (imports = packager.import(*packages, env: options[:env], from: options[:from]))
+    if (imports = packager.import(*packages, **options))
       imports.each do |package, url|
         puts %(Verifying "#{package}" download from #{url})
         packager.verify(package, url, verbose: ENV["VERBOSE"])
diff --git a/script/turbo_rails_hash b/script/turbo_rails_hash
new file mode 100755
index 00000000000..3a2e748a768
--- /dev/null
+++ b/script/turbo_rails_hash
@@ -0,0 +1,33 @@
+#!/usr/bin/env ruby
+
+require "digest"
+
+# when you copy the src here, make sure you don't change the indentation or start/end spacing.
+css = ".turbo-progress-bar {
+  position: fixed;
+  display: block;
+  top: 0;
+  left: 0;
+  height: 3px;
+  background: #0076ff;
+  z-index: 2147483647;
+  transition:
+    width 300ms ease-out,
+    opacity 150ms 150ms ease-in;
+  transform: translate3d(0, 0, 0);
+}
+"
+
+puts <<~INSTRUCTIONS
+  This script generates a Content Security Policy (CSP) hash for the Turbo ProgressBar CSS.
+  The CSS is hardcoded into this script because it is generated by the Turbo JavaScript code.
+  You can copy it directly from the <style> tag injected at the top of the <head> on a page with Turbo.
+  It's dynamically generated so we can't just copy it from the source code.
+  The CSS is generated inside the ProgressBar class, example link here:
+
+  https://github.com/hotwired/turbo-rails/blob/b733dfc3d08b6c64be68b6699250cf402e1cd631/app/assets/javascripts/turbo.js#L2306
+
+  Once updated, add this to config/initializers/content_security_policy.rb in the style-src directive:
+
+  policy.style_src :self, ..., "'sha256-#{Digest::SHA256.base64digest(css)}'"
+INSTRUCTIONS

From 1510f96ac32afff95331ef44ec05c30565b9dbb8 Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Mon, 28 Oct 2024 21:02:05 -0700
Subject: [PATCH 328/381] Updated to newest icons.svg (#5175)

Somehow I ended up committing an older version of the icons.svg file.

Switch to the updated one with all the correct icons.
This one is still a WIP but at least it has the right icons.
---
 app/assets/images/icons.svg |  68 +++++++++++---------
 app/helpers/icon_helper.rb  |   2 +-
 public/images/icons.svg     | 125 ------------------------------------
 3 files changed, 39 insertions(+), 156 deletions(-)
 delete mode 100644 public/images/icons.svg

diff --git a/app/assets/images/icons.svg b/app/assets/images/icons.svg
index 321ab50e6af..1b91eb5e461 100644
--- a/app/assets/images/icons.svg
+++ b/app/assets/images/icons.svg
@@ -1,25 +1,30 @@
 <?xml version="1.0" encoding="utf-8"?>
 <svg xmlns="http://www.w3.org/2000/svg">
   <defs>
-    <symbol viewBox="0 0 32 32" id="logo">
-      <path d="M10.4 10.5l-3.9 4L16 24l9.6-9.5-3.9-4H10.4ZM16 29 4.7 22.5V9.5L16 3 27.3 9.5v13L16 29ZM2 8V24l14 8 14-8V8L16 0 2 8Z"/>
+    <!-- Material icons (updated) -->
+    <symbol id="warning" viewBox="0 -960 960 960"><path d="M137.02-140q-10.17 0-18.27-4.97t-12.59-13.11q-4.68-8.08-5.15-17.5-.47-9.42 5.08-18.66l342.43-591.52q5.56-9.24 13.9-13.66 8.35-4.42 17.58-4.42 9.23 0 17.58 4.42 8.34 4.42 13.9 13.66l342.43 591.52q5.55 9.24 5.08 18.66-.47 9.42-5.15 17.5-4.49 8.14-12.59 13.11-8.1 4.97-18.27 4.97H137.02ZM178-200h604L480-720 178-200Zm302-47.69q13.73 0 23.02-9.29t9.29-23.02q0-13.73-9.29-23.02T480-312.31q-13.73 0-23.02 9.29T447.69-280q0 13.73 9.29 23.02t23.02 9.29Zm.01-104.62q12.76 0 21.37-8.62 8.62-8.63 8.62-21.38v-140q0-12.75-8.63-21.37-8.63-8.63-21.38-8.63-12.76 0-21.37 8.63-8.62 8.62-8.62 21.37v140q0 12.75 8.63 21.38 8.63 8.62 21.38 8.62ZM480-460Z"/></symbol>
+    <symbol id="error" viewBox="0 -960 960 960"><path d="M480-290.77q13.73 0 23.02-9.29t9.29-23.02q0-13.73-9.29-23.02-9.29-9.28-23.02-9.28t-23.02 9.28q-9.29 9.29-9.29 23.02t9.29 23.02q9.29 9.29 23.02 9.29Zm.01-146.15q12.76 0 21.37-8.63 8.62-8.62 8.62-21.37v-180q0-12.75-8.63-21.38-8.63-8.62-21.38-8.62-12.76 0-21.37 8.62-8.62 8.63-8.62 21.38v180q0 12.75 8.63 21.37 8.63 8.63 21.38 8.63Zm.06 336.92q-78.84 0-148.21-29.92t-120.68-81.21q-51.31-51.29-81.25-120.63Q100-401.1 100-479.93q0-78.84 29.92-148.21t81.21-120.68q51.29-51.31 120.63-81.25Q401.1-860 479.93-860q78.84 0 148.21 29.92t120.68 81.21q51.31 51.29 81.25 120.63Q860-558.9 860-480.07q0 78.84-29.92 148.21t-81.21 120.68q-51.29 51.31-120.63 81.25Q558.9-100 480.07-100Zm-.07-60q134 0 227-93t93-227q0-134-93-227t-227-93q-134 0-227 93t-93 227q0 134 93 227t227 93Zm0-320Z"/></symbol>
+    <symbol id="arrow-circle-right" viewBox="0 -960 960 960"><path d="m512.23-450-53.31 53.31q-8.3 8.31-8.11 20.69.19 12.38 8.5 20.69t20.95 8.31q12.64 0 20.82-8.31l99.38-99.38q10.85-10.85 10.85-25.31 0-14.46-10.85-25.31l-99.77-99.77q-8.31-8.3-20.69-8.3t-20.69 8.3q-8.31 8.31-8.31 20.95 0 12.64 8.31 20.82L512.23-510H360q-12.75 0-21.37 8.63-8.63 8.63-8.63 21.38 0 12.76 8.63 21.37Q347.25-450 360-450h152.23Zm-32.16 350q-78.84 0-148.21-29.92t-120.68-81.21q-51.31-51.29-81.25-120.63Q100-401.1 100-479.93q0-78.84 29.92-148.21t81.21-120.68q51.29-51.31 120.63-81.25Q401.1-860 479.93-860q78.84 0 148.21 29.92t120.68 81.21q51.31 51.29 81.25 120.63Q860-558.9 860-480.07q0 78.84-29.92 148.21t-81.21 120.68q-51.29 51.31-120.63 81.25Q558.9-100 480.07-100Zm-.07-60q134 0 227-93t93-227q0-134-93-227t-227-93q-134 0-227 93t-93 227q0 134 93 227t227 93Zm0-320Z"/></symbol>
+    <symbol id="house-siding" viewBox="0 -960 960 960"><path d="M273.85-260v90q0 12.75-8.63 21.37-8.63 8.63-21.39 8.63-12.75 0-21.37-8.63-8.61-8.62-8.61-21.37v-374.08L120-473.46q-10.54 7.31-22.31 6.19-11.77-1.12-19.46-11.65-7.69-10.54-6.27-22.31 1.43-11.77 11.96-19.46L436-787.23q9.85-7.23 21.08-10.65 11.24-3.43 22.92-3.43 11.68 0 22.92 3.43 11.23 3.42 21.08 10.65l352.46 266.54q9.92 7.69 11.65 19.46 1.73 11.77-5.96 22.31-7.69 10.53-19.46 11.65-11.77 1.12-22.31-6.19l-93.84-70.62V-170q0 12.75-8.63 21.37-8.63 8.63-21.39 8.63-12.75 0-21.37-8.63-8.61-8.62-8.61-21.37v-90H273.85Zm0-215.38h412.69v-95.39H273.85v95.39Zm0 155.38h412.69v-95.39H273.85V-320Zm54.61-310.77h303.08L480-744.39 328.46-630.77Z"/></symbol>
+    <symbol id="arrow-circle-down" viewBox="0 -960 960 960"><path d="m454-447.84-49.31-49.31q-8.31-8.31-18.19-8.31t-18.19 8.31q-8.31 8.3-8.31 18.44 0 10.15 8.31 18.32l89.91 89.91q9.7 9.71 22.35 9.71 12.64 0 22.12-9.85l89.77-89.77q8.31-8.17 8.31-18.32 0-10.14-8.31-18.44-8.31-8.31-18.45-8.31-10.14 0-18.32 8.31l-49.31 49.31v-138.52q0-10.93-7.41-18.32-7.42-7.4-18.39-7.4-10.96 0-18.77 7.4-7.81 7.39-7.81 18.32v138.52ZM480.34-116q-75.11 0-141.48-28.42-66.37-28.42-116.18-78.21-49.81-49.79-78.25-116.09Q116-405.01 116-480.39q0-75.38 28.42-141.25t78.21-115.68q49.79-49.81 116.09-78.25Q405.01-844 480.39-844q75.38 0 141.25 28.42t115.68 78.21q49.81 49.79 78.25 115.85Q844-555.45 844-480.34q0 75.11-28.42 141.48-28.42 66.37-78.21 116.18-49.79 49.81-115.85 78.25Q555.45-116 480.34-116Zm-.34-52q130 0 221-91t91-221q0-130-91-221t-221-91q-130 0-221 91t-91 221q0 130 91 221t221 91Zm0-312Z"/></symbol>
+    <symbol id="check-circle" viewBox="0 -960 960 960"><path d="m423.23-394.15-92.92-92.93q-8.31-8.3-20.89-8.5-12.57-.19-21.27 8.5-8.69 8.7-8.69 21.08 0 12.38 8.69 21.08l109.77 109.77q10.85 10.84 25.31 10.84 14.46 0 25.31-10.84l222.54-222.54q8.3-8.31 8.5-20.89.19-12.57-8.5-21.27-8.7-8.69-21.08-8.69-12.38 0-21.08 8.69l-205.69 205.7ZM480.07-100q-78.84 0-148.21-29.92t-120.68-81.21q-51.31-51.29-81.25-120.63Q100-401.1 100-479.93q0-78.84 29.92-148.21t81.21-120.68q51.29-51.31 120.63-81.25Q401.1-860 479.93-860q78.84 0 148.21 29.92t120.68 81.21q51.31 51.29 81.25 120.63Q860-558.9 860-480.07q0 78.84-29.92 148.21t-81.21 120.68q-51.29 51.31-120.63 81.25Q558.9-100 480.07-100Zm-.07-60q134 0 227-93t93-227q0-134-93-227t-227-93q-134 0-227 93t-93 227q0 134 93 227t227 93Zm0-320Z"/></symbol>
+    <symbol id="logout" viewBox="0 -960 960 960"><path d="M224.62-160q-27.62 0-46.12-18.5Q160-197 160-224.62v-510.76q0-27.62 18.5-46.12Q197-800 224.62-800h236.15q8.54 0 14.27 5.73t5.73 14.27q0 8.54-5.73 14.27T460.77-760H224.62q-9.24 0-16.93 7.69-7.69 7.69-7.69 16.93v510.76q0 9.24 7.69 16.93 7.69 7.69 16.93 7.69h236.15q8.54 0 14.27 5.73t5.73 14.27q0 8.54-5.73 14.27T460.77-160H224.62Zm497.76-300H387.69q-8.54 0-14.27-5.73T367.69-480q0-8.54 5.73-14.27t14.27-5.73h334.69l-78.84-78.85q-5.62-5.61-6-13.53-.39-7.93 6-14.54 6.38-6.62 14.15-6.73 7.77-.12 14.39 6.5l104.54 104.53q9.69 9.7 9.69 22.62 0 12.92-9.69 22.62L672.08-352.85q-5.85 5.85-13.89 6.12-8.04.27-14.65-6.35-6.39-6.61-6.27-14.27.11-7.65 6.5-14.03L722.38-460Z"/></symbol>
+
+    <symbol id="chevron-right" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="size-6">
+      <path stroke-linecap="round" stroke-linejoin="round" d="m8.25 4.5 7.5 7.5-7.5 7.5" />
     </symbol>
 
-    <!-- Material icons -->
-    <symbol id="arrow-circle-right" viewBox="0 0 24 24" enable-background="new 0 0 24 24">
-      <g>
-        <rect fill="none" height="24" width="24"/>
-        <rect fill="none" height="24" width="24"/>
-      </g>
-      <g>
-        <path d="M22,12c0-5.52-4.48-10-10-10C6.48,2,2,6.48,2,12s4.48,10,10,10C17.52,22,22,17.52,22,12z M12,14.79V13H9 c-0.55,0-1-0.45-1-1s0.45-1,1-1h3V9.21c0-0.45,0.54-0.67,0.85-0.35l2.79,2.79c0.2,0.2,0.2,0.51,0,0.71l-2.79,2.79 C12.54,15.46,12,15.24,12,14.79z"/>
-      </g>
+    <symbol id="chevron-forward" viewBox="0 0 960 1147"><path d="M518 576L355 413q-8-8-8.5-20.5T355 371q9-9 21-9t21 9l180 180q5 5 7.5 11.5T587 576q0 7-2.5 13.5T577 601L397 781q-8 8-20.5 8.5T355 781q-9-9-9-21t9-21l163-163z"/></symbol>
+    <symbol id="rss-feed" viewBox="0 0 960 1147"><path d="M205 916q-27 0-46-19t-19-46q0-26 19-45t46-19q26 0 45 19t19 45q0 27-19 46t-45 19zm530 0q-19 0-32-14.5T688 867q-9-100-50-186.5T529 527q-67-68-153.5-109T189 368q-20-2-34.5-15T140 321q0-20 14-32.5t33-10.5q119 9 222.5 57.5T593 463q79 80 127.5 183.5T778 869q2 19-10.5 33T735 916zm-230 0q-19 0-32.5-13.5T456 870q-8-53-31-98.5T366 690q-36-36-81.5-59T186 600q-19-3-32.5-16.5T140 551q0-19 14-31.5t33-9.5q71 8 132.5 38T429 627q49 48 79 109.5T546 869q3 19-9.5 33T505 916z"/></symbol>
+    <symbol id="mail" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="size-6">
+      <path stroke-linecap="round" stroke-linejoin="round" d="M21.75 6.75v10.5a2.25 2.25 0 0 1-2.25 2.25h-15a2.25 2.25 0 0 1-2.25-2.25V6.75m19.5 0A2.25 2.25 0 0 0 19.5 4.5h-15a2.25 2.25 0 0 0-2.25 2.25m19.5 0v.243a2.25 2.25 0 0 1-1.07 1.916l-7.5 4.615a2.25 2.25 0 0 1-2.36 0L3.32 8.91a2.25 2.25 0 0 1-1.07-1.916V6.75" />
     </symbol>
+
+    <!-- Material icons (wrong weight) -->
     <symbol id="arrow-drop-down" viewBox="0 0 24 24">
       <path d="M0 0h24v24H0V0z" fill="none"/>
       <path d="M8.71 11.71l2.59 2.59c.39.39 1.02.39 1.41 0l2.59-2.59c.63-.63.18-1.71-.71-1.71H9.41c-.89 0-1.33 1.08-.7 1.71z"/>
     </symbol>
-    <symbol id="chevron-right" viewBox="0 0 960 1147"><path d="M518 576L355 413q-8-8-8.5-20.5T355 371q9-9 21-9t21 9l180 180q5 5 7.5 11.5T587 576q0 7-2.5 13.5T577 601L397 781q-8 8-20.5 8.5T355 781q-9-9-9-21t9-21l163-163z"/></symbol>
     <symbol id="close" viewBox="0 0 24 24">
       <path d="M0 0h24v24H0V0z" fill="none"/>
       <path d="M18.3 5.71c-.39-.39-1.02-.39-1.41 0L12 10.59 7.11 5.7c-.39-.39-1.02-.39-1.41 0-.39.39-.39 1.02 0 1.41L10.59 12 5.7 16.89c-.39.39-.39 1.02 0 1.41.39.39 1.02.39 1.41 0L12 13.41l4.89 4.89c.39.39 1.02.39 1.41 0 .39-.39.39-1.02 0-1.41L13.41 12l4.89-4.89c.38-.38.38-1.02 0-1.4z"/>
@@ -39,7 +44,6 @@
       <path d="M0 0h24v24H0V0z" fill="none"/>
       <path d="M13.26 3C8.17 2.86 4 6.95 4 12H2.21c-.45 0-.67.54-.35.85l2.79 2.8c.2.2.51.2.71 0l2.79-2.8c.31-.31.09-.85-.36-.85H6c0-3.9 3.18-7.05 7.1-7 3.72.05 6.85 3.18 6.9 6.9.05 3.91-3.1 7.1-7 7.1-1.61 0-3.1-.55-4.28-1.48-.4-.31-.96-.28-1.32.08-.42.42-.39 1.13.08 1.49C9 20.29 10.91 21 13 21c5.05 0 9.14-4.17 9-9.26-.13-4.69-4.05-8.61-8.74-8.74zm-.51 5c-.41 0-.75.34-.75.75v3.68c0 .35.19.68.49.86l3.12 1.85c.36.21.82.09 1.03-.26.21-.36.09-.82-.26-1.03l-2.88-1.71v-3.4c0-.4-.34-.74-.75-.74z"/>
     </symbol>
-    <symbol id="house-siding" viewBox="0 0 960 1147"><path d="M274 796v90q0 13-8.5 21.5T244 916q-13 0-21.5-8.5T214 886V512l-94 71q-11 7-22.5 6T78 577q-7-10-6-22t12-20l352-266q10-7 21-10.5t23-3.5q12 0 23 3.5t21 10.5l352 266q10 8 12 20t-6 22q-8 11-19.5 12t-22.5-6l-93-71v374q0 13-9 21.5t-21 8.5q-13 0-21.5-8.5T687 886v-90H274zm0-215h413v-96H274v96zm0 155h413v-95H274v95zm54-311h304L480 312 328 425z"/></symbol>
 
     <symbol id="keyboard-arrow-down" viewBox="0 0 24 24">
       <path d="M8.12 9.29L12 13.17l3.88-3.88c.39-.39 1.02-.39 1.41 0 .39.39.39 1.02 0 1.41l-4.59 4.59c-.39.39-1.02.39-1.41 0L6.7 10.7c-.39-.39-.39-1.02 0-1.41.39-.38 1.03-.39 1.42 0z"/>
@@ -70,48 +74,52 @@
       <path d="M4.47 21h15.06c1.54 0 2.5-1.67 1.73-3L13.73 4.99c-.77-1.33-2.69-1.33-3.46 0L2.74 18c-.77 1.33.19 3 1.73 3zM12 14c-.55 0-1-.45-1-1v-2c0-.55.45-1 1-1s1 .45 1 1v2c0 .55-.45 1-1 1zm1 4h-2v-2h2v2z"/>
     </symbol>
 
-    <symbol viewBox="0 0 24 24" id="profile">
-      <path d="M2.1 20.5A14.2 14.2 90 016.5 17.6C8.2 16.9 10 16.5 12 16.5 13.9 16.5 15.8 16.9 17.4 17.6A14.2 14.2 90 0121.9 20.5V2.6A.4.4 90 0021.7 2.3.4.4 90 0021.4 2.1H2.6A.4.4 90 002.3 2.3.4.4 90 002.1 2.6V20.5ZM12 14.4C13.3 14.4 14.4 14 15.2 13.1S16.6 11.1 16.6 9.8C16.6 8.5 16.1 7.5 15.2 6.6S13.3 5.2 12 5.2C10.7 5.2 9.6 5.7 8.7 6.6S7.4 8.5 7.4 9.8C7.4 11.1 7.9 12.2 8.7 13.1S10.7 14.4 12 14.4ZM2.6 24C1.8 24 1.2 23.7.7 23.3.2 22.8 0 22.2 0 21.4V2.6C0 1.8.2 1.2.7.7 1.2.2 1.8 0 2.6 0H21.4C22.2 0 22.8.2 23.3.7 23.7 1.2 24 1.8 24 2.6V21.4C24 22.2 23.7 22.8 23.3 23.3 22.8 23.7 22.2 24 21.4 24H2.6ZM3.8 21.9H20.2C19 20.8 17.7 20 16.3 19.4A12 12 90 0012 18.6C10.6 18.6 9.1 18.9 7.7 19.4 6.3 20 4.9 20.8 3.8 21.9ZM12 12.3A2.4 2.4 90 0110.3 11.6 2.4 2.4 90 019.5 9.8C9.5 9.1 9.8 8.6 10.3 8.1A2.4 2.4 90 0112 7.3C12.7 7.3 13.3 7.6 13.7 8.1 14.2 8.6 14.5 9.1 14.5 9.8 14.5 10.5 14.2 11.1 13.7 11.6A2.4 2.4 90 0112 12.3Z"/>
+    <!-- Custom Icons -->
+    <symbol viewBox="0 0 32 32" id="logo">
+      <path d="M10.4 10.5l-3.9 4L16 24l9.6-9.5-3.9-4H10.4ZM16 29 4.7 22.5V9.5L16 3 27.3 9.5v13L16 29ZM2 8V24l14 8 14-8V8L16 0 2 8Z"/>
     </symbol>
-    <symbol viewBox="0 0 32 32" id="toast">
-      <path fill-rule="evenodd" clip-rule="evenodd" d="M16 30a14 14 0 1 0 0-28 14 14 0 0 0 0 28Zm0 2a16 16 0 1 0 0-32 16 16 0 0 0 0 32ZM8 16a1 1 0 0 0 1 1h11.586l-4.294 4.293a1.001 1.001 0 0 0 1.416 1.416l6-6a1 1 0 0 0 0-1.416l-6-6a1.002 1.002 0 0 0-1.416 1.416l4.294 4.292H9a1 1 0 0 0-1 1Z"/>
+    <symbol viewBox="0 0 32 32" id="gems"><!-- same as logo -->
+      <path d="M10.4 10.5l-3.9 4L16 24l9.6-9.5-3.9-4H10.4ZM16 29 4.7 22.5V9.5L16 3 27.3 9.5v13L16 29ZM2 8V24l14 8 14-8V8L16 0 2 8Z"/>
+    </symbol>
+    <symbol id="profile" viewBox="0 0 24 24">
+      <path d="M2.1 20.5A14.2 14.2 90 016.5 17.6C8.2 16.9 10 16.5 12 16.5 13.9 16.5 15.8 16.9 17.4 17.6A14.2 14.2 90 0121.9 20.5V2.6A.4.4 90 0021.7 2.3.4.4 90 0021.4 2.1H2.6A.4.4 90 002.3 2.3.4.4 90 002.1 2.6V20.5ZM12 14.4C13.3 14.4 14.4 14 15.2 13.1S16.6 11.1 16.6 9.8C16.6 8.5 16.1 7.5 15.2 6.6S13.3 5.2 12 5.2C10.7 5.2 9.6 5.7 8.7 6.6S7.4 8.5 7.4 9.8C7.4 11.1 7.9 12.2 8.7 13.1S10.7 14.4 12 14.4ZM2.6 24C1.8 24 1.2 23.7.7 23.3.2 22.8 0 22.2 0 21.4V2.6C0 1.8.2 1.2.7.7 1.2.2 1.8 0 2.6 0H21.4C22.2 0 22.8.2 23.3.7 23.7 1.2 24 1.8 24 2.6V21.4C24 22.2 23.7 22.8 23.3 23.3 22.8 23.7 22.2 24 21.4 24H2.6ZM3.8 21.9H20.2C19 20.8 17.7 20 16.3 19.4A12 12 90 0012 18.6C10.6 18.6 9.1 18.9 7.7 19.4 6.3 20 4.9 20.8 3.8 21.9ZM12 12.3A2.4 2.4 90 0110.3 11.6 2.4 2.4 90 019.5 9.8C9.5 9.1 9.8 8.6 10.3 8.1A2.4 2.4 90 0112 7.3C12.7 7.3 13.3 7.6 13.7 8.1 14.2 8.6 14.5 9.1 14.5 9.8 14.5 10.5 14.2 11.1 13.7 11.6A2.4 2.4 90 0112 12.3Z"/>
     </symbol>
-    <symbol viewBox="0 0 24 24" id="history">
+    <symbol id="history" viewBox="0 0 24 24">
       <path d="M12 23.9c-2.8 0-5.3-.9-7.4-2.6-2.1-1.7-3.5-3.9-4.1-6.6a.9.9 90 01.1-.8 1 1 90 01.7-.4 1.1 1.1 90 01.8.2c.2.2.4.4.5.7.5 2.2 1.7 3.9 3.4 5.3 1.8 1.4 3.8 2.1 6 2.1 2.7 0 5-1 6.9-2.9s2.9-4.2 2.9-6.9-1-5-2.9-6.9C17 3.2 14.7 2.2 12 2.2a9.4 9.4 90 00-4.3 1A10.6 10.6 90 004.2 6h2.6c.3 0 .5.1.7.3a1 1 90 01.3.7 1 1 90 01-.3.7 1 1 90 01-.7.3H2a1.2 1.2 90 01-.9-.4 1.2 1.2 90 01-.4-.9V2.1c0-.3.1-.5.3-.7a1 1 90 01.7-.3c.3 0 .5.1.7.3a1 1 90 01.3.7v2.3A11.9 11.9 90 017 1.2a11.7 11.7 90 015-1.1 11.6 11.6 90 014.6.9c1.4.6 2.7 1.5 3.8 2.5a12.1 12.1 90 012.5 3.8 11.6 11.6 90 01.9 4.6c0 1.7-.3 3.2-.9 4.6a12 12 90 01-2.5 3.8 12 12 90 01-3.8 2.5 11.6 11.6 90 01-4.6.9Zm1.1-12.3 3.8 3.9a1 1 90 01.3.7 1 1 90 01-.3.7 1 1 90 01-.7.3 1 1 90 01-.7-.3l-4.1-4.1a1.3 1.3 90 01-.4-.9V6.1c0-.3.1-.5.3-.7a1 1 90 01.7-.3c.3 0 .5.1.7.3a1 1 90 01.3.7v5.5Z"/>
     </symbol>
-    <symbol viewBox="0 0 60 60" id="ruby-central">
+    <symbol id="ruby-central" viewBox="0 0 60 60">
       <path fill-rule="evenodd" clip-rule="evenodd" d="M9.362 11.513a9.603 9.603 0 0 1 9.604-9.604h21.131a9.605 9.605 0 0 1 9.605 9.604v21.131a9.606 9.606 0 0 1-9.605 9.605h-21.13a9.605 9.605 0 0 1-9.605-9.605v-21.13ZM44.33 21.886c0 8.063-6.537 14.6-14.6 14.6s-14.599-6.537-14.599-14.6 6.536-14.6 14.6-14.6 14.599 6.537 14.599 14.6ZM27.164 13.05c-.984 0-1.92.418-2.577 1.149L21.4 17.742a3.467 3.467 0 0 0-.1 4.518l5.916 7.196a3.467 3.467 0 0 0 5.354 0l5.916-7.196a3.467 3.467 0 0 0-.1-4.518l-3.187-3.544a3.467 3.467 0 0 0-2.577-1.15h-5.458ZM26.591 16a.77.77 0 0 1 .573-.254h5.458c.219 0 .426.093.573.254l3.186 3.545a.77.77 0 0 1 .022 1.004l-5.915 7.197a.77.77 0 0 1-1.19 0l-5.915-7.197a.77.77 0 0 1 .022-1.004L26.591 16Zm32.113 40.033c.05.049.108.074.178.074h.868a.24.24 0 0 0 .177-.074.238.238 0 0 0 .073-.177v-6.917a.24.24 0 0 0-.073-.18.243.243 0 0 0-.177-.072h-.868a.245.245 0 0 0-.178.073.246.246 0 0 0-.073.179v6.917c0 .07.025.13.073.177Zm-4.164.178c-.361 0-.689-.07-.982-.209a1.907 1.907 0 0 1-.7-.576 1.403 1.403 0 0 1-.25-.814 1.365 1.365 0 0 1 .584-1.16c.397-.293.92-.488 1.568-.585l1.432-.21v-.218c0-.293-.073-.52-.22-.68-.146-.16-.397-.24-.752-.24a1.112 1.112 0 0 0-.617.156.91.91 0 0 0-.345.398.266.266 0 0 1-.24.135h-.826c-.076 0-.135-.02-.177-.062a.256.256 0 0 1-.053-.168 1.062 1.062 0 0 1 .137-.407c.083-.16.216-.314.397-.46.18-.153.414-.282.7-.386.286-.105.63-.157 1.034-.157.44 0 .808.055 1.109.167a1.862 1.862 0 0 1 .73.428c.182.181.314.395.398.638.083.243.125.501.125.773v3.282a.24.24 0 0 1-.073.177.243.243 0 0 1-.177.074h-.847a.258.258 0 0 1-.189-.074.267.267 0 0 1-.062-.177v-.408a1.655 1.655 0 0 1-.366.376 2.124 2.124 0 0 1-.565.283 2.533 2.533 0 0 1-.773.104Zm.356-.993c.244 0 .463-.052.658-.156a1.08 1.08 0 0 0 .47-.48c.119-.224.178-.503.178-.837v-.22l-1.045.167c-.41.063-.717.164-.92.303-.2.14-.303.31-.303.513a.61.61 0 0 0 .137.397.95.95 0 0 0 .365.24c.146.048.3.073.46.073Zm-5.827.815a.243.243 0 0 0 .177.074h.909c.077 0 .14-.025.188-.074a.243.243 0 0 0 .074-.177v-2.873c0-.328.09-.586.272-.774.187-.188.449-.283.783-.283h.815c.077 0 .136-.023.178-.073a.243.243 0 0 0 .073-.178v-.752a.243.243 0 0 0-.073-.177.222.222 0 0 0-.178-.073h-.428c-.335 0-.63.06-.889.177a1.579 1.579 0 0 0-.617.513v-.43a.237.237 0 0 0-.083-.187.243.243 0 0 0-.177-.073h-.847a.25.25 0 0 0-.25.26v4.923c0 .07.023.13.073.177Zm-1.774.074c-.418 0-.77-.074-1.056-.22a1.4 1.4 0 0 1-.637-.648c-.14-.292-.21-.654-.21-1.086V51.78h-.825a.243.243 0 0 1-.178-.073.246.246 0 0 1-.073-.179v-.606c0-.07.025-.129.073-.177a.243.243 0 0 1 .178-.073h.825v-1.734c0-.071.021-.13.064-.18a.256.256 0 0 1 .187-.072h.846a.246.246 0 0 1 .251.252v1.734h1.307c.07 0 .13.024.178.073a.243.243 0 0 1 .073.177v.606c0 .07-.025.13-.073.179a.243.243 0 0 1-.178.073H46.74v2.268c0 .285.05.507.147.668.105.16.283.24.533.24h.722c.07 0 .127.025.177.074a.243.243 0 0 1 .073.177v.648a.24.24 0 0 1-.073.177.245.245 0 0 1-.177.074h-.847Zm-8.542-.074a.243.243 0 0 0 .177.074h.92a.24.24 0 0 0 .178-.074.238.238 0 0 0 .073-.177V52.98c0-.403.108-.72.324-.95.216-.23.505-.346.867-.346.377 0 .662.116.857.345.202.23.304.548.304.951v2.875c0 .07.024.13.072.177.05.049.108.074.179.074h.918c.071 0 .13-.025.179-.074a.243.243 0 0 0 .073-.177v-2.937c0-.488-.088-.906-.262-1.253a1.844 1.844 0 0 0-.72-.806 2.053 2.053 0 0 0-1.108-.292c-.418 0-.77.076-1.056.23a2.18 2.18 0 0 0-.69.554v-.429a.243.243 0 0 0-.072-.177.24.24 0 0 0-.178-.073h-.858a.238.238 0 0 0-.177.073.243.243 0 0 0-.073.177v4.933c0 .07.024.13.073.177Zm-3.443.178c-.774 0-1.387-.223-1.84-.67-.453-.445-.696-1.079-.73-1.9a2.545 2.545 0 0 1-.012-.263c0-.111.004-.198.011-.26.027-.523.147-.976.355-1.36.216-.382.513-.675.889-.877.376-.208.818-.313 1.327-.313.563 0 1.037.118 1.42.355.384.23.674.554.869.972.194.411.291.888.291 1.431v.22a.238.238 0 0 1-.073.178.253.253 0 0 1-.187.073h-3.47v.083c.007.244.052.47.136.68a1.233 1.233 0 0 0 .387.49c.174.126.38.19.616.19a1.3 1.3 0 0 0 .491-.084 1.293 1.293 0 0 0 .502-.397c.063-.085.111-.133.146-.147a.407.407 0 0 1 .177-.03h.9c.069 0 .125.02.167.061a.174.174 0 0 1 .063.157c-.007.111-.067.248-.179.408a1.938 1.938 0 0 1-.459.47 2.71 2.71 0 0 1-.763.386 3.322 3.322 0 0 1-1.034.147Zm-1.15-3.292h2.309v-.03c0-.273-.045-.51-.135-.712a1.12 1.12 0 0 0-.397-.48 1.082 1.082 0 0 0-.627-.178 1.08 1.08 0 0 0-.627.178 1.112 1.112 0 0 0-.397.48 1.838 1.838 0 0 0-.126.711v.031Zm-6.727 2.958c.453.223 1.003.334 1.65.334.475 0 .9-.062 1.275-.187a3.02 3.02 0 0 0 .962-.513c.265-.222.47-.48.617-.773a2.222 2.222 0 0 0 .23-.951.17.17 0 0 0-.063-.157.211.211 0 0 0-.157-.063h-.993a.313.313 0 0 0-.187.052c-.05.035-.085.102-.106.199-.11.453-.303.767-.574.94-.272.168-.61.251-1.013.251-.467 0-.84-.129-1.119-.386-.279-.265-.428-.697-.449-1.295a24.37 24.37 0 0 1 0-1.757c.021-.6.17-1.028.45-1.284.277-.266.651-.398 1.118-.398.403 0 .74.084 1.013.251.271.166.464.48.574.94a.354.354 0 0 0 .106.198.313.313 0 0 0 .187.054h.993a.211.211 0 0 0 .157-.064.171.171 0 0 0 .063-.156 2.218 2.218 0 0 0-.847-1.714 2.898 2.898 0 0 0-.962-.523 4.018 4.018 0 0 0-1.274-.188c-.64 0-1.188.115-1.641.345a2.408 2.408 0 0 0-1.034.972c-.237.425-.37.93-.397 1.515a37.886 37.886 0 0 0 0 1.86c.027.593.16 1.102.397 1.526.237.418.578.742 1.024.972Zm-7.801 2.216a.2.2 0 0 1-.147-.064.199.199 0 0 1-.063-.146V57.8a.474.474 0 0 1 .042-.083l.816-1.934-2.007-4.734a.482.482 0 0 1-.041-.147.25.25 0 0 1 .073-.156.196.196 0 0 1 .156-.073h.847c.083 0 .146.02.187.063a.424.424 0 0 1 .095.135l1.39 3.417 1.43-3.417a.314.314 0 0 1 .095-.135c.042-.042.104-.063.189-.063h.835a.2.2 0 0 1 .147.063.186.186 0 0 1 .073.145.468.468 0 0 1-.042.168l-2.957 6.845a.417.417 0 0 1-.105.135c-.041.043-.105.064-.188.064h-.825Zm-4.87-2.09c.272.138.61.208 1.013.208.37 0 .69-.058.962-.178.272-.125.498-.299.68-.522.18-.222.32-.484.417-.783a3.8 3.8 0 0 0 .168-1.003 6.92 6.92 0 0 0 .01-.335c0-.105-.004-.22-.01-.345a3.348 3.348 0 0 0-.158-.972 2.281 2.281 0 0 0-.428-.784 1.828 1.828 0 0 0-.679-.533 2.278 2.278 0 0 0-.962-.188 2.123 2.123 0 0 0-.96.199 1.983 1.983 0 0 0-.648.491v-2.32a.246.246 0 0 0-.074-.178.223.223 0 0 0-.177-.073h-.889a.243.243 0 0 0-.177.073.246.246 0 0 0-.074.179v6.917c0 .07.025.13.074.177a.243.243 0 0 0 .177.074h.826a.22.22 0 0 0 .177-.074.238.238 0 0 0 .073-.177v-.386c.175.216.394.393.66.532Zm1.327-1.098c-.167.126-.4.188-.7.188-.285 0-.519-.066-.7-.198a1.197 1.197 0 0 1-.387-.502 2.28 2.28 0 0 1-.135-.637 6.72 6.72 0 0 1 0-.805c.006-.21.055-.408.146-.595a1.2 1.2 0 0 1 .397-.482c.174-.125.4-.187.68-.187.298 0 .532.065.7.198a1 1 0 0 1 .354.502c.077.208.122.438.137.69.013.208.013.417 0 .627a2.39 2.39 0 0 1-.137.689 1.065 1.065 0 0 1-.355.512ZM8.603 56.21c-.425 0-.794-.094-1.108-.282a1.93 1.93 0 0 1-.71-.815 2.912 2.912 0 0 1-.25-1.254v-2.937c0-.07.023-.129.073-.177a.238.238 0 0 1 .177-.073h.92a.22.22 0 0 1 .177.073.243.243 0 0 1 .073.177v2.874c0 .864.38 1.296 1.139 1.296.362 0 .648-.116.857-.345.216-.23.324-.547.324-.951v-2.874c0-.07.024-.129.074-.177a.238.238 0 0 1 .177-.073h.92c.07 0 .129.023.177.073a.243.243 0 0 1 .074.177v4.933c0 .07-.025.13-.074.177a.243.243 0 0 1-.177.074h-.847a.258.258 0 0 1-.188-.074.267.267 0 0 1-.062-.177v-.428a2.031 2.031 0 0 1-.7.574c-.28.14-.627.209-1.046.209Zm-8.53-.178c.05.05.109.074.178.074h.951c.077 0 .136-.024.177-.074a.238.238 0 0 0 .074-.177v-2.509h1.453l1.348 2.478a.84.84 0 0 0 .147.187c.062.064.152.095.27.095h.952a.199.199 0 0 0 .145-.062.197.197 0 0 0 .074-.158.252.252 0 0 0-.031-.114l-1.526-2.665a2.12 2.12 0 0 0 1.014-.742c.257-.342.386-.77.386-1.285 0-.746-.243-1.315-.73-1.704-.489-.39-1.154-.585-1.997-.585H.251a.238.238 0 0 0-.177.073.253.253 0 0 0-.074.188v6.803c0 .07.025.13.074.177Zm2.853-3.866H1.453V49.95h1.473c.432 0 .75.102.952.303.209.196.313.467.313.816s-.104.62-.313.815c-.21.188-.526.282-.952.282Z"/>
     </symbol>
-    <symbol viewBox="0 0 60 60" id="dnsimple">
+    <symbol id="dnsimple" viewBox="0 0 60 60">
       <path fill-rule="evenodd" clip-rule="evenodd" d="M6.175 24.787a3.92 3.92 0 0 0-.843.075v2.802c-.392-.151-.844-.226-1.446-.226-2.139 0-3.887 1.461-3.887 3.811 0 2.41 1.597 3.736 3.947 3.736 1.16 0 2.35-.316 3.088-.708v-9.415a4.242 4.242 0 0 0-.859-.075Zm-2.259 8.707c-1.296 0-2.184-.874-2.184-2.275 0-1.386.949-2.275 2.214-2.275.512 0 .979.061 1.386.317v4.007a3.742 3.742 0 0 1-1.416.226Zm8.421-6.086c-1.537 0-2.787.602-3.42 1.13v6.221c.286.06.573.075.844.075.286 0 .587-.015.858-.075v-5.393c.332-.196.919-.391 1.582-.391 1.1 0 1.732.497 1.732 1.807v3.977c.302.06.573.075.859.075.271 0 .573-.015.859-.075v-4.384c0-1.641-1.01-2.967-3.314-2.967ZM19.974 35c1.958 0 3.103-.904 3.103-2.395 0-1.416-1.129-1.943-2.681-2.184-1.22-.196-1.537-.422-1.537-.889 0-.452.392-.738 1.296-.738.859 0 1.597.256 2.094.542.346-.271.572-.693.648-1.22-.467-.332-1.386-.693-2.682-.693-1.808 0-2.998.904-2.998 2.229 0 1.507 1.206 1.974 2.471 2.17 1.28.195 1.687.467 1.687.949 0 .482-.361.858-1.371.858-1.13 0-1.762-.391-2.199-.708-.362.226-.648.633-.783 1.175.406.347 1.355.904 2.952.904Zm5.483-8.451a1.09 1.09 0 0 0 1.085-1.084 1.09 1.09 0 0 0-1.085-1.085c-.617 0-1.114.482-1.114 1.085 0 .602.497 1.084 1.114 1.084Zm0 8.285c.287 0 .573-.015.844-.075v-7.125a4.01 4.01 0 0 0-.844-.075c-.286 0-.572.015-.858.075v7.125c.286.06.587.075.858.075Zm10.892-7.426c-.964 0-1.838.376-2.426.828-.527-.512-1.31-.828-2.335-.828-1.491 0-2.786.633-3.359 1.13v6.221c.286.06.573.075.844.075.286 0 .587-.015.858-.075v-5.393a2.92 2.92 0 0 1 1.462-.391c1.16 0 1.596.738 1.596 1.762v4.022c.287.06.573.075.874.075.271 0 .573-.015.844-.075v-4.534c0-.226-.03-.452-.076-.663.347-.286.829-.587 1.522-.587 1.16 0 1.612.738 1.612 1.762v4.022c.271.06.557.075.858.075.272 0 .573-.015.844-.075v-4.534c0-1.552-1.055-2.817-3.118-2.817Zm8.134.015c-1.355 0-2.485.527-3.178 1.1v9.023c.301.06.572.075.858.075.287 0 .573-.015.844-.075v-2.772c.452.151.934.211 1.537.211 1.988 0 3.781-1.401 3.781-3.811 0-2.471-1.657-3.751-3.842-3.751Zm-.06 6.041c-.557 0-1.009-.091-1.416-.287v-3.841a2.842 2.842 0 0 1 1.401-.346c1.311 0 2.199.828 2.199 2.199 0 1.416-.888 2.275-2.184 2.275Zm6.312 1.37c.286 0 .587-.015.859-.075v-9.882a4.308 4.308 0 0 0-.874-.075c-.286 0-.573.015-.844.075v9.882c.301.06.588.075.859.075Zm9.264-4.187c0-1.913-1.356-3.224-3.269-3.224-2.033 0-3.585 1.597-3.585 3.811 0 2.335 1.537 3.751 3.676 3.751 1.431 0 2.365-.527 2.967-1.009a1.76 1.76 0 0 0-.738-1.16c-.467.331-1.069.738-2.109.738-1.19 0-1.913-.723-2.048-1.898h5.046c.045-.392.06-.633.06-1.009Zm-5.091-.121c.12-.979.768-1.717 1.822-1.717 1.16.015 1.597.874 1.597 1.717h-3.419Z"/>
     </symbol>
-    <symbol viewBox="0 0 60 60" id="datadog">
+    <symbol id="datadog" viewBox="0 0 60 60">
       <path d="M58.339 56.312v2.096c-.384.101-.728.15-1.03.15-2.034 0-3.05-1.075-3.05-3.224 0-1.986 1.078-2.978 3.233-2.978.898 0 1.735.167 2.51.503v-1.505c-.775-.29-1.653-.438-2.636-.438-3.221 0-4.834 1.471-4.834 4.418 0 3.109 1.584 4.666 4.751 4.666 1.09 0 1.995-.159 2.718-.476V54.84h-2.686l-.561 1.473h1.585Zm-11.376 2.245c1.807 0 2.71-1.041 2.71-3.124 0-2.051-.903-3.078-2.71-3.078-1.854 0-2.78 1.027-2.78 3.078 0 2.083.926 3.124 2.78 3.124Zm-4.508-3.086c0-3.038 1.504-4.555 4.508-4.555 2.957 0 4.436 1.517 4.436 4.555 0 3.02-1.479 4.529-4.436 4.529-2.871 0-4.373-1.51-4.508-4.53Zm-7.56 3.024h1.978c1.86 0 2.793-1.094 2.793-3.282 0-1.864-.932-2.794-2.793-2.794h-1.978v6.076Zm2.229 1.44h-3.89V50.98h3.89c2.803 0 4.205 1.412 4.205 4.233 0 3.148-1.402 4.723-4.205 4.723Zm-12.777 0h-1.709l3.81-8.955h1.79l3.89 8.956H30.34l-1.13-2.443h-2.874l.57-1.44h1.865L27.3 52.69l-2.954 7.246Zm-7.665-8.955h6.81v1.44h-2.574v7.516h-1.661V52.42h-2.575v-1.44ZM9.84 59.936H8.133l3.81-8.956h1.787l3.892 8.956h-1.789l-1.13-2.443H11.83l.571-1.44h1.864l-1.47-3.363-2.954 7.246Zm-8.176-1.441H3.64c1.863 0 2.792-1.094 2.792-3.282 0-1.864-.93-2.794-2.792-2.794H1.665v6.076Zm2.227 1.44H.002V50.98h3.89c2.803 0 4.206 1.412 4.206 4.233 0 3.148-1.403 4.723-4.206 4.723ZM29.864 14.47c.32-.304-1.597-.704-3.085.31-1.097.75-1.132 2.354-.082 3.264.105.09.192.154.273.206a9.513 9.513 0 0 1 2.767-.816c.223-.248.482-.686.417-1.477-.087-1.075-.902-.905-.29-1.486Zm10.065 5.833c-.18-.1-1.03-.06-1.627.01-1.137.135-2.364.529-2.633.739-.49.378-.268 1.037.095 1.307 1.012.757 1.9 1.264 2.838 1.14.575-.075 1.082-.986 1.442-1.813.245-.569.245-1.183-.115-1.383Zm-3.882-6.725c-.066.15-.169.248-.015.734l.01.028.025.063.064.146c.278.569.584 1.105 1.095 1.38.133-.023.269-.038.41-.045.481-.021.784.055.976.159a2.14 2.14 0 0 0 .01-.442c-.038-.721.142-1.947-1.243-2.592-.523-.242-1.257-.168-1.5.136a.634.634 0 0 1 .115.025c.37.128.12.256.053.408Zm14.266 9.879-1.194.227L46.828.002 7.77 4.53l4.812 39.046 4.571-.664c-.364-.52-.932-1.152-1.904-1.959-1.346-1.118-.87-3.018-.076-4.218 1.05-2.027 6.464-4.603 6.158-7.843-.11-1.178-.297-2.712-1.391-3.763-.04.436.033.856.033.856s-.45-.572-.673-1.354c-.222-.3-.396-.395-.633-.795-.168.463-.146 1-.146 1s-.368-.868-.426-1.6c-.219.327-.274.95-.274.95s-.477-1.368-.368-2.105c-.218-.642-.863-1.914-.681-4.807 1.192.835 3.816.637 4.838-.87.34-.499.573-1.86-.168-4.546-.477-1.721-1.656-4.284-2.117-5.257l-.054.04c.242.783.742 2.425.933 3.222.58 2.415.736 3.256.464 4.37-.232.968-.788 1.601-2.196 2.309-1.409.71-3.279-1.018-3.397-1.114-1.368-1.09-2.426-2.869-2.544-3.733-.123-.946.544-1.514.882-2.287a8.6 8.6 0 0 0-1.02.383s.642-.664 1.432-1.238a8.26 8.26 0 0 0 .864-.641c-.5-.009-.904.005-.904.005s.832-.45 1.695-.777c-.63-.029-1.236-.005-1.236-.005s1.858-.832 3.328-1.442c1.009-.414 1.995-.291 2.55.51.727 1.05 1.49 1.62 3.11 1.973.995-.44 1.297-.667 2.545-1.007 1.1-1.21 1.963-1.366 1.963-1.366s-.427.393-.542 1.01c.623-.491 1.306-.902 1.306-.902s-.264.327-.51.846l.057.085c.728-.436 1.583-.78 1.583-.78s-.244.31-.531.709c.548-.005 1.66.023 2.092.072 2.55.056 3.078-2.722 4.056-3.07 1.225-.438 1.773-.702 3.86 1.348 1.79 1.76 3.19 4.91 2.495 5.615-.583.586-1.732-.228-3.005-1.816a6.865 6.865 0 0 1-1.42-3.097 3.043 3.043 0 0 0-.984-1.684s.453 1.012.453 1.904c0 .488.061 2.31.843 3.332-.078.15-.114.74-.2.853-.908-1.099-2.861-1.885-3.178-2.117 1.076.883 3.553 2.911 4.504 4.855.9 1.838.37 3.523.825 3.96.129.125 1.935 2.374 2.282 3.504.607 1.97.036 4.04-.757 5.324l-2.214.345c-.324-.09-.543-.135-.834-.303.161-.283.48-.99.483-1.136l-.125-.219c-.69.976-1.844 1.924-2.803 2.469-1.256.712-2.702.602-3.644.31-2.673-.824-5.202-2.63-5.81-3.105 0 0-.02.379.095.464.674.76 2.218 2.135 3.71 3.094l-3.181.35 1.504 11.712c-.666.096-.77.143-1.5.247-.644-2.274-1.875-3.758-3.22-4.622-1.186-.763-2.823-.935-4.39-.624l-.1.116c1.089-.113 2.374.044 3.695.88 1.297.82 2.341 2.938 2.726 4.212.493 1.63.832 3.372-.493 5.22-.942 1.313-3.695 2.038-5.918.468.594.955 1.396 1.737 2.477 1.884 1.605.218 3.129-.061 4.176-1.137.895-.92 1.37-2.845 1.245-4.872l1.417-.205.511 3.637 23.449-2.823-1.913-18.66ZM27.86 28.834l2.951-.406c.477.215.81.297 1.382.442.89.232 1.924.455 3.451-.314.356-.177 1.096-.854 1.395-1.24l12.087-2.193 1.233 14.924-20.708 3.732-1.79-14.945Zm17.149 4.953-3.96-2.611-3.301 5.517-3.842-1.123-3.382 5.161.174 1.625 18.388-3.388-1.07-11.489-3.007 6.308Z"/>
     </symbol>
-    <symbol viewBox="0 0 60 60" id="fastly">
+    <symbol id="fastly" viewBox="0 0 60 60">
       <path d="M40.845 36.419h4.699v-2.393h-1.558V18.379h-3.141v18.04ZM.008 34.026h1.6v-7.55h-1.6v-2.078l1.6-.263v-2.103c0-2.546.554-3.653 3.797-3.653.698 0 1.533.103 2.264.24l-.434 2.561a6.106 6.106 0 0 0-1.047-.093c-1.141 0-1.43.11-1.43 1.234v1.822h2.375v2.342H4.758v7.55h1.584v2.393H.016v-2.402H.008Zm39.228-.757c-.494.102-.92.093-1.235.102-1.294.034-1.183-.391-1.183-1.617v-5.278h2.469v-2.342h-2.469V18.38h-3.15v14.029c0 2.759.681 4.01 3.644 4.01.698 0 1.668-.18 2.392-.34l-.468-2.81Zm19.563.775c.664 0 1.2.528 1.2 1.192 0 .663-.536 1.183-1.2 1.183a1.186 1.186 0 0 1-1.101-.728 1.186 1.186 0 0 1-.091-.456c0-.672.536-1.191 1.192-1.191Zm0 2.187a1 1 0 0 0 .996-1.004.99.99 0 0 0-.996-.987.983.983 0 0 0-.996.987c0 .553.451 1.004.996 1.004Zm.221-.417-.238-.348h-.17v.349h-.264v-1.167h.485c.29 0 .468.145.468.4 0 .188-.094.315-.247.366l.29.4h-.324Zm-.409-.587h.214c.118 0 .204-.05.204-.179 0-.119-.085-.17-.196-.17h-.222v.349Zm-28.868-8.76v-.417c-.953-.17-1.897-.179-2.409-.179-1.464 0-1.642.775-1.642 1.2 0 .597.204.92 1.787 1.27 2.324.518 4.648 1.063 4.648 3.94 0 2.733-1.405 4.138-4.358 4.138-1.975 0-3.899-.426-5.364-.8v-2.35h2.384v.418c1.03.195 2.103.178 2.665.178 1.566 0 1.813-.843 1.813-1.285 0-.622-.451-.92-1.916-1.218-2.758-.468-4.954-1.413-4.954-4.214 0-2.656 1.78-3.695 4.733-3.695 2.001 0 3.525.307 4.989.682v2.332h-2.376Zm-14.752 1.882-1.158 1.012a.616.616 0 0 0-.639 1.014.616.616 0 0 0 1.033-.299.617.617 0 0 0-.02-.34l1.022-1.14-.238-.248Z"/>
       <path d="M20.068 23.47h-3.15v.886a6.38 6.38 0 0 0-2.12-.792v-1.073h.383v-.8h-3.167v.8h.384v1.081a6.48 6.48 0 0 0-5.261 6.368 6.469 6.469 0 0 0 1.899 4.588 6.48 6.48 0 0 0 4.587 1.9c1.209 0 2.35-.333 3.32-.912l.562.911h3.329v-3.15h-.766V23.47Zm-3.116 6.657a3.343 3.343 0 0 1-3.15 3.142v-.375h-.375v.375a3.332 3.332 0 0 1-3.124-3.15h.375v-.374h-.375a3.342 3.342 0 0 1 3.124-3.124v.374h.375v-.375a3.333 3.333 0 0 1 3.15 3.141h-.375v.375h.375v-.009Zm36.555-5.992h6.495v2.34h-1.549l-3.984 9.8c-1.141 2.749-3.013 5.345-5.874 5.345-.698 0-1.635-.076-2.282-.23l.281-2.86c.418.076.962.128 1.243.128 1.328 0 2.818-.818 3.286-2.248l-4.035-9.935h-1.55v-2.341h6.496v2.341h-1.549l2.29 5.627 2.29-5.627h-1.55v-2.341h-.008Z"/>
     </symbol>
-    <symbol viewBox="0 0 60 60" id="honeybadger">
+    <symbol id="honeybadger" viewBox="0 0 60 60">
       <path fill-rule="evenodd" clip-rule="evenodd" d="m37.902 14.22 7.608 7.607-15.506 15.507-1.687-1.687-2.292 2.29 2.451 2.452a2.161 2.161 0 0 0 3.056 0l17.034-17.034a2.16 2.16 0 0 0 0-3.055l-9.3-9.298-1.364 3.218Zm-.284-4.866-1.364 3.218-2.87-2.87 2.291-2.29 1.943 1.942Zm-3.47-3.472-2.616-2.615a2.161 2.161 0 0 0-3.056 0L11.444 20.3a2.161 2.161 0 0 0 0 3.055l9.984 9.984 1.462-3.119-8.391-8.393L30.004 6.323l1.853 1.85 2.29-2.29ZM23.051 34.964l1.462-3.12 2.276 2.275-2.293 2.29-1.445-1.445Z"/>
       <path d="M39.405 5.158c.232-.546-.459-1.013-.879-.592L19.967 23.125h7.56l-6.016 14.81c-.221.547.466 1.003.882.586L40.49 20.424h-7.561l6.476-15.266Z"/>
       <path fill-rule="evenodd" clip-rule="evenodd" d="m5.662 57.367 1.744-11.959H5.465l-.715 4.864H2.989l.715-4.864H1.762L.004 57.367h1.941l.78-5.308h1.762l-.78 5.308h1.955Zm3.62-2.397c1.942 0 2.705-.82 3.107-3.75.375-2.783-.276-3.697-2.08-3.697-1.913 0-2.732.941-3.078 3.804-.36 2.81.374 3.643 2.052 3.643Zm.196-1.371c-.486 0-.611-.47-.348-2.285.25-1.882.486-2.432 1.04-2.432.486 0 .583.442.333 2.298-.249 1.84-.486 2.419-1.025 2.419Zm5.672-5.323c.43-.404 1.054-.753 1.608-.753 1.124 0 1.513.766 1.318 2.11l-.777 5.175h-1.803l.736-4.972c.068-.484-.028-.727-.388-.727-.278 0-.541.243-.707.404l-.778 5.295h-1.802l1.04-7.124h1.526l.027.592Zm22.967-.592-.21.525a1.545 1.545 0 0 0-1.33-.686c-1.318 0-2.122 1.05-2.455 3.83-.333 2.756.306 3.617 1.345 3.617.624 0 1.11-.296 1.47-.712l.014.55h1.665l1.053-7.124h-1.552Zm-1.056 5.39c-.151.19-.442.39-.692.39-.445 0-.583-.417-.347-2.15.25-1.841.513-2.272.956-2.272.265 0 .486.188.611.39l-.528 3.643Zm8.558-7.666-1.387 9.4h-1.65l-.015-.55c-.36.43-.86.712-1.47.712-1.04 0-1.692-.86-1.344-3.617.333-2.78 1.122-3.83 2.454-3.83.514 0 .915.215 1.206.552l.403-2.667h1.803Zm-3.967 5.906c-.249 1.733-.097 2.15.347 2.15.236 0 .541-.2.693-.39l.527-3.642c-.125-.202-.36-.39-.61-.39-.444 0-.707.43-.957 2.272Zm-15.81 6.05h21.502a2.584 2.584 0 0 0 2.559-2.223l1.054-7.457h-1.553l-.166.538c-.278-.39-.75-.699-1.262-.699-1.4 0-2.164.766-2.552 3.75-.374 2.715.236 3.548 1.332 3.548.554 0 1.067-.24 1.413-.644l-.055.51c-.149.639-.804 1.145-1.882 1.145H26.71c-.255.603-.503 1.09-.797 1.45l-.07.082Zm21.842-4.02c-.444 0-.61-.39-.374-2.084.236-1.774.513-2.218.97-2.218.25 0 .473.188.596.377l-.512 3.535c-.152.188-.445.39-.68.39Zm7.461.994c-.734.43-1.498.632-2.164.632-1.553 0-2.26-1.344-1.955-3.63.36-2.741 1.387-3.817 3.148-3.817 1.096 0 1.775.565 1.775 1.56 0 1.33-.749 2.782-3.189 3.226 0 .072.004.126.008.174.003.04.005.079.005.12.013.552.306.848.791.848.333 0 .72-.108 1.276-.363l.305 1.25Zm-1.18-5.484c-.428 0-.818.645-1.053 2.07a1.557 1.557 0 0 0 1.414-1.546c0-.323-.11-.524-.36-.524Zm3.46 5.954.734-4.879c.36-.322.763-.497 1.165-.497.112 0 .208 0 .32.013l.36-1.733a.932.932 0 0 0-.568-.189c-.528 0-.985.418-1.318 1.009l-.027-.848h-1.415l-1.055 7.124h1.804Zm-34.924-.47c-.736.43-1.498.632-2.164.632-1.553 0-2.26-1.344-1.954-3.63.36-2.741 1.385-3.817 3.146-3.817 1.097 0 1.776.565 1.776 1.56 0 1.33-.749 2.782-3.189 3.226 0 .072.004.126.007.174.003.04.006.079.006.12.015.552.305.848.791.848.333 0 .721-.108 1.275-.363l.306 1.25Zm-1.18-5.484c-.429 0-.817.645-1.052 2.07a1.557 1.557 0 0 0 1.413-1.546c0-.323-.11-.524-.36-.524Zm9.85 6.116c1.58 0 2.19-1.25 2.524-4.167.318-2.608-.195-3.28-1.29-3.28-.554 0-1.04.23-1.47.565l.36-2.482h-1.802l-1.346 9.202h1.637l.166-.537c.236.39.666.7 1.22.7Zm-.347-1.506a.675.675 0 0 1-.624-.39l.541-3.655c.208-.215.484-.377.749-.377.416 0 .499.416.319 1.828-.166 1.681-.444 2.594-.985 2.594Zm-5.516-.59 1.566-5.19h1.859L25.96 54.89c-.764 1.962-1.193 2.474-2.4 2.474H6.626l.225-1.532h16.414c.557 0 .864-.387.864-.89l-.624-7.258h1.956l-.153 5.19Z"/>
     </symbol>
-    <symbol viewBox="0 0 60 60" id="domainr">
+    <symbol id="domainr" viewBox="0 0 60 60">
       <path d="M30.02 0a22.501 22.501 0 0 1 15.899 6.582A22.515 22.515 0 0 1 52.5 22.473c0 5.96-2.378 11.676-6.582 15.89a22.5 22.5 0 0 1-15.899 6.583H10.236a.733.733 0 0 1-.626-.35.887.887 0 0 1-.11-.354c0-.125.025-.25.086-.361l1.152-2.306a.959.959 0 0 1 .883-.537H30.02a18.57 18.57 0 0 0 18.57-18.565A18.57 18.57 0 0 0 30.02 3.91H14.048a.409.409 0 0 0-.184.046.466.466 0 0 0-.135.129.309.309 0 0 0-.049.179c-.012.064.012.126.037.184l1.066 2.12a.429.429 0 0 0 .184.199c.074.049.16.073.258.073H30.02a15.64 15.64 0 0 1 15.641 15.634A15.647 15.647 0 0 1 30.02 38.106H13.656a.733.733 0 0 1-.626-.35.887.887 0 0 1-.11-.352.75.75 0 0 1 .086-.363l4.572-9.145a.96.96 0 0 1 .87-.538H30.02a4.89 4.89 0 0 0 4.89-4.885 4.89 4.89 0 0 0-4.89-4.885h-9.132a.405.405 0 0 0-.184.047.466.466 0 0 0-.135.129.309.309 0 0 0-.049.179c-.012.062.012.125.037.182l1.066 2.121c.037.08.098.15.172.199a.525.525 0 0 0 .27.073h7.955c.527 0 1.017.206 1.385.573.368.367.576.864.576 1.382 0 .518-.208 1.015-.576 1.382a1.949 1.949 0 0 1-1.385.572h-10.1a.999.999 0 0 1-.515-.147 1.054 1.054 0 0 1-.356-.39l-4.584-9.145a.735.735 0 0 1-.074-.362c0-.126.037-.248.11-.356a.671.671 0 0 1 .258-.256.744.744 0 0 1 .368-.092H30.02a8.81 8.81 0 0 1 6.227 2.576 8.82 8.82 0 0 1 2.574 6.218 8.819 8.819 0 0 1-2.574 6.218 8.809 8.809 0 0 1-6.227 2.576h-9.426a.503.503 0 0 0-.442.274l-1.066 2.12a.462.462 0 0 0-.037.183.32.32 0 0 0 .061.178.29.29 0 0 0 .135.13c.05.03.11.046.172.046H30.02a11.75 11.75 0 0 0 8.299-3.435 11.743 11.743 0 0 0 3.432-8.29 11.743 11.743 0 0 0-3.432-8.291 11.75 11.75 0 0 0-8.299-3.434H13.08a.999.999 0 0 1-.515-.147 1.053 1.053 0 0 1-.356-.39L7.625 1.065A.735.735 0 0 1 7.55.703a.62.62 0 0 1 .11-.354.757.757 0 0 1 .258-.256.745.745 0 0 1 .368-.094H30.02ZM6.423 59.86h-2.17l.013-1.39h2.157c.638 0 1.153-.137 1.582-.412.429-.274.747-.668.968-1.18.208-.511.319-1.122.319-1.83v-.55c0-.55-.062-1.037-.184-1.46a3.019 3.019 0 0 0-.54-1.068 2.397 2.397 0 0 0-.882-.657 3.022 3.022 0 0 0-1.201-.223H4.217v-1.398h2.268c.674 0 1.299.114 1.85.343a4.016 4.016 0 0 1 1.447.97c.417.424.723.932.944 1.522.22.592.33 1.253.33 1.984v.538c0 .73-.11 1.391-.33 1.983a4.233 4.233 0 0 1-.944 1.521c-.404.42-.895.743-1.459.971-.564.225-1.2.336-1.9.336Zm-1.2-10.168V59.86H3.468V49.692h1.753Zm7.109 6.474v-.161c0-.544.073-1.05.233-1.515.159-.47.392-.878.686-1.222a3.16 3.16 0 0 1 1.103-.81 3.62 3.62 0 0 1 1.483-.293c.552 0 1.042.098 1.471.293.442.19.81.46 1.116.81.306.344.527.751.686 1.222.16.466.246.97.246 1.515v.16c0 .546-.086 1.051-.246 1.516-.159.465-.38.872-.686 1.222a3.27 3.27 0 0 1-1.103.81A3.58 3.58 0 0 1 15.85 60a3.74 3.74 0 0 1-1.496-.287 3.27 3.27 0 0 1-1.103-.81 3.783 3.783 0 0 1-.686-1.222 4.64 4.64 0 0 1-.233-1.515Zm1.68-.161v.16c0 .34.036.661.097.964.074.303.184.569.331.797.147.228.343.407.576.537.233.13.515.196.834.196.306 0 .576-.065.809-.196.233-.13.417-.31.576-.537.147-.228.257-.494.319-.797a4.07 4.07 0 0 0 .11-.963v-.161c0-.335-.037-.652-.11-.95a2.173 2.173 0 0 0-.331-.803 1.59 1.59 0 0 0-.576-.544 1.554 1.554 0 0 0-.81-.202c-.318 0-.6.067-.833.202-.22.13-.417.311-.564.544s-.257.501-.33.803a4.706 4.706 0 0 0-.099.95Zm8.433-2.165v6.02h-1.68v-7.556h1.581l.099 1.536Zm-.27 1.963-.576-.008c0-.52.061-1.002.196-1.445.135-.442.319-.826.576-1.152.245-.331.564-.584.932-.761.38-.182.809-.272 1.311-.272.343 0 .65.051.944.153.282.098.527.254.748.468.208.215.368.49.478.824.122.336.184.74.184 1.215v5.035h-1.692v-4.888c0-.368-.049-.656-.16-.866a.973.973 0 0 0-.465-.447 1.73 1.73 0 0 0-.723-.14c-.319 0-.589.061-.81.182-.22.12-.404.286-.539.496-.134.21-.245.451-.306.726a4.033 4.033 0 0 0-.098.88Zm4.682-.448-.784.176c0-.456.061-.888.184-1.292a3.4 3.4 0 0 1 .564-1.075c.257-.313.564-.557.931-.733a2.854 2.854 0 0 1 1.263-.266c.392 0 .735.054 1.03.16.318.103.576.266.784.49.22.222.38.513.49.872.11.354.172.782.172 1.285v4.888h-1.692v-4.896c0-.38-.06-.676-.171-.886a.836.836 0 0 0-.454-.433 1.884 1.884 0 0 0-.723-.126c-.257 0-.49.05-.686.147a1.383 1.383 0 0 0-.503.399 1.839 1.839 0 0 0-.306.578c-.062.22-.099.457-.099.712Zm10.628 2.99v-3.604c0-.27-.049-.502-.147-.698a1.066 1.066 0 0 0-.454-.454 1.526 1.526 0 0 0-.735-.16c-.282 0-.515.046-.711.14a1.206 1.206 0 0 0-.478.377.91.91 0 0 0-.16.537h-1.679c0-.298.074-.586.22-.866.148-.28.356-.528.626-.748.27-.218.6-.39.98-.516s.81-.188 1.288-.188c.564 0 1.079.095 1.508.286.44.19.796.48 1.041.866.258.381.38.862.38 1.438v3.36c0 .344.025.653.074.928.049.27.123.505.22.706v.111H37.73a2.797 2.797 0 0 1-.184-.691 4.8 4.8 0 0 1-.06-.824Zm.233-3.08.025 1.04h-1.214c-.306 0-.588.031-.821.091a1.69 1.69 0 0 0-.6.251c-.148.112-.27.248-.356.406-.074.158-.11.337-.11.537 0 .201.048.385.134.552.098.163.233.291.405.384.183.094.404.14.662.14a1.835 1.835 0 0 0 1.507-.734c.147-.208.233-.407.245-.593l.54.747a2.3 2.3 0 0 1-.282.615c-.135.219-.319.427-.54.628a2.616 2.616 0 0 1-1.801.67 2.92 2.92 0 0 1-1.324-.293 2.395 2.395 0 0 1-.907-.803 2.067 2.067 0 0 1-.331-1.152c0-.4.073-.754.233-1.062.147-.311.367-.572.661-.782a3.338 3.338 0 0 1 1.091-.474c.43-.112.92-.168 1.471-.168h1.312Zm5.014-2.96v7.555H41.04v-7.556h1.692ZM40.93 50.32c0-.256.085-.468.245-.635.184-.173.417-.259.723-.259.294 0 .527.086.699.259a.848.848 0 0 1 .257.635c0 .251-.086.46-.257.629-.172.168-.405.251-.699.251-.306 0-.54-.083-.723-.251a.883.883 0 0 1-.245-.629Zm5.307 3.596v5.943h-1.679v-7.556h1.594l.085 1.613Zm-.294 1.886-.54-.008c0-.534.074-1.026.221-1.473.148-.446.356-.831.613-1.152.27-.321.576-.568.944-.74a2.82 2.82 0 0 1 1.238-.265c.356 0 .687.051.98.153.295.098.553.258.76.482.222.224.38.514.491.874.11.353.172.788.172 1.305v4.881H49.13v-4.888c0-.363-.061-.65-.16-.86a.946.946 0 0 0-.453-.453 1.711 1.711 0 0 0-.735-.14 1.59 1.59 0 0 0-.772.182 1.74 1.74 0 0 0-.589.496c-.147.21-.27.451-.355.726a2.938 2.938 0 0 0-.123.88Zm8.287-2.06v6.117h-1.692v-7.556h1.606l.086 1.438Zm2.304-1.488-.012 1.564a4.306 4.306 0 0 0-.687-.055c-.282 0-.539.042-.76.125a1.418 1.418 0 0 0-.882.894 2.574 2.574 0 0 0-.147.72l-.38.028c0-.476.049-.915.135-1.32a3.48 3.48 0 0 1 .429-1.068c.183-.308.429-.548.71-.72.282-.173.613-.258.993-.258a2.13 2.13 0 0 1 .601.09Z"/>
     </symbol>
-    <symbol viewBox="0 0 60 60" id="mend-io">
+    <symbol id="mend-io" viewBox="0 0 60 60">
       <path d="M43.39 27.355c-2.24 5.173-7.39 8.79-13.39 8.79-.25 0-.49-.006-.73-.018-7.72-.38-13.87-6.763-13.87-14.58 0-1.31.18-2.576.5-3.78.33-.352.79-.57 1.31-.57.99 0 1.81.818 1.81 1.824v.587c0 .01-.01.02-.01.028v4.44a3.33 3.33 0 0 0 3.32 3.331 3.33 3.33 0 0 0 3.32-3.331v-3.582c0-.012-.01-.022-.01-.035v-1.438c0-1.006.81-1.825 1.81-1.825s1.81.82 1.81 1.825v5.055c0 1.837 1.49 3.331 3.31 3.331a3.33 3.33 0 0 0 3.32-3.331V19.02c0-1.006.81-1.825 1.81-1.825.99 0 1.8.82 1.8 1.825v5.055a3.33 3.33 0 0 0 3.32 3.331c.19 0 .38-.02.57-.052Z"/>
       <path d="M44.59 21.55c0 1.322-.18 2.598-.5 3.818v.006c-.01.002-.01.005-.01.005v.002c-.33.32-.77.52-1.27.52-.99 0-1.8-.819-1.8-1.824v-5.055a3.331 3.331 0 0 0-3.32-3.332c-1.83 0-3.31 1.496-3.31 3.333v5.055c0 1.006-.81 1.825-1.81 1.825s-1.81-.82-1.81-1.825v-5.055c0-1.837-1.48-3.333-3.31-3.333a3.331 3.331 0 0 0-3.32 3.333v5.055c0 1.006-.81 1.825-1.8 1.825-1 0-1.81-.82-1.81-1.825v-5.055c0-1.836-1.49-3.33-3.31-3.332h-.01c-.2 0-.4.021-.6.057C18.85 10.573 24 6.956 30 6.956c.07 0 .15 0 .23.002 7.95.126 14.36 6.61 14.36 14.594M.11 52.772a.408.408 0 0 1-.11-.289v-7.528c0-.117.04-.214.11-.289a.4.4 0 0 1 .29-.111h1.75c.11 0 .21.038.28.111a.38.38 0 0 1 .12.289v.544c.24-.32.57-.584.98-.792.41-.209.87-.313 1.39-.313 1.17 0 1.98.459 2.43 1.378.26-.406.61-.737 1.07-.994.46-.256.95-.384 1.48-.384.87 0 1.58.296 2.13.89.55.592.83 1.476.83 2.651v4.548c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121H10.6a.421.421 0 0 1-.3-.112.376.376 0 0 1-.12-.289v-4.436c0-.534-.11-.918-.32-1.154-.22-.234-.52-.352-.89-.352-.35 0-.63.12-.85.36-.23.241-.34.623-.34 1.146v4.436c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121H5.52a.414.414 0 0 1-.29-.112.408.408 0 0 1-.11-.289v-4.436c0-.523-.11-.905-.34-1.146a1.15 1.15 0 0 0-.87-.36c-.36 0-.63.12-.86.36-.23.241-.35.617-.35 1.129v4.453c0 .107-.03.2-.11.28a.367.367 0 0 1-.29.121H.4a.382.382 0 0 1-.29-.112Zm15.07-.768c-.74-.694-1.13-1.703-1.16-3.028v-.56c.05-1.26.44-2.246 1.18-2.955.74-.71 1.74-1.066 2.99-1.066.91 0 1.67.185 2.3.553.62.368 1.09.873 1.41 1.513.31.641.47 1.378.47 2.211v.384c0 .107-.04.199-.11.28-.08.08-.17.12-.29.12h-5.13v.112c.02.502.15.908.37 1.217.23.31.55.464.98.464.27 0 .48-.056.66-.168.17-.112.32-.248.46-.408.1-.117.17-.19.23-.216.06-.026.15-.04.28-.04h1.99c.09 0 .18.029.25.088s.1.136.1.232c0 .278-.16.598-.47.961-.32.364-.77.678-1.37.945-.6.267-1.3.4-2.12.4-1.28 0-2.29-.347-3.02-1.041v.002Zm4.37-4.133v-.031c0-.523-.12-.938-.36-1.241-.24-.305-.57-.457-1-.457-.43 0-.75.152-.99.457-.24.303-.36.718-.36 1.241v.031h2.71Zm4.1 4.901a.408.408 0 0 1-.11-.289v-7.528c0-.117.04-.214.11-.289a.418.418 0 0 1 .29-.111h1.85c.11 0 .21.038.29.111a.38.38 0 0 1 .12.289v.608c.29-.352.66-.635 1.11-.849.46-.214.97-.32 1.55-.32.94 0 1.7.318 2.29.954.59.635.88 1.524.88 2.666v4.469c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121h-2.02c-.1 0-.2-.04-.28-.121a.383.383 0 0 1-.12-.28v-4.372c0-.503-.12-.89-.37-1.162-.24-.273-.59-.408-1.05-.408-.46 0-.8.135-1.06.408-.26.272-.38.659-.38 1.162v4.372c0 .107-.04.2-.12.28a.36.36 0 0 1-.28.121h-2.01a.414.414 0 0 1-.29-.112Zm10.53-.712c-.58-.657-.9-1.583-.95-2.78l-.02-.561.02-.577c.04-1.153.36-2.066.95-2.739.59-.672 1.41-1.009 2.44-1.009.97 0 1.76.316 2.36.945v-3.428a.382.382 0 0 1 .4-.4h1.95c.12 0 .21.038.29.112.07.075.11.171.11.288v10.572c0 .106-.04.199-.11.279a.382.382 0 0 1-.29.121h-1.81c-.11 0-.2-.04-.28-.121a.383.383 0 0 1-.12-.279v-.514c-.59.715-1.42 1.073-2.5 1.073s-1.86-.328-2.44-.985v.003Zm4.4-1.618c.23-.305.36-.696.4-1.177.01-.139.01-.342.01-.608 0-.267 0-.454-.01-.593-.03-.437-.16-.8-.4-1.089-.25-.288-.61-.433-1.08-.433-.5 0-.86.15-1.08.448-.22.3-.34.711-.37 1.234-.02.107-.02.272-.02.497 0 .224 0 .389.02.496.03.523.15.934.37 1.234.22.299.58.448 1.08.448.51 0 .84-.152 1.08-.457Zm9.06-7.2c-.08-.075-.11-.17-.11-.288v-1.442c0-.117.03-.214.11-.288a.382.382 0 0 1 .29-.112h1.92c.12 0 .21.038.29.112.07.074.11.171.11.288v1.442c0 .117-.04.213-.11.288a.397.397 0 0 1-.29.112h-1.92a.382.382 0 0 1-.29-.112Zm.02 9.53a.376.376 0 0 1-.12-.288v-7.529c0-.117.04-.213.12-.288a.374.374 0 0 1 .28-.112h1.89c.12 0 .22.038.29.112a.37.37 0 0 1 .11.288v7.529c0 .106-.03.199-.11.28a.37.37 0 0 1-.29.12h-1.89a.374.374 0 0 1-.28-.112Zm5.02-.672c-.72-.631-1.11-1.517-1.17-2.659-.01-.139-.02-.379-.02-.721 0-.341.01-.581.02-.72.06-1.131.46-2.015 1.2-2.651.74-.636 1.74-.954 3.03-.954 1.28 0 2.3.318 3.04.954.74.636 1.14 1.519 1.2 2.651.01.139.02.379.02.72 0 .342-.01.583-.02.721-.06 1.142-.45 2.028-1.17 2.659-.71.63-1.74.944-3.07.944-1.34 0-2.35-.314-3.06-.944Zm4.1-1.433c.22-.284.35-.719.38-1.305.01-.107.02-.32.02-.642 0-.321-.01-.533-.02-.641-.03-.577-.16-1.008-.39-1.297-.23-.289-.57-.433-1.03-.433-.89 0-1.36.577-1.41 1.73l-.02.641.02.642c.02.588.14 1.023.37 1.305.23.283.58.424 1.04.424.46 0 .81-.141 1.04-.424Zm-12.16 2.217a1.45 1.45 0 1 0 0-2.9 1.45 1.45 0 0 0 0 2.9Z"/>
     </symbol>
-    <symbol viewBox="0 0 24 24" id="github">
-      <path d="M12 0c6.63 0 12 5.37 12 12a12.024 12.024 0 0 1-8.175 11.385c-.6.12-.825-.255-.825-.57 0-.405.015-1.695.015-3.3 0-1.125-.375-1.845-.81-2.22 2.67-.3 5.475-1.32 5.475-5.925 0-1.32-.465-2.385-1.23-3.225.12-.3.54-1.53-.12-3.18 0 0-1.005-.33-3.3 1.23-.96-.27-1.98-.405-3-.405s-2.04.135-3 .405c-2.295-1.545-3.3-1.23-3.3-1.23-.66 1.65-.24 2.88-.12 3.18-.765.84-1.23 1.92-1.23 3.225 0 4.59 2.79 5.625 5.46 5.925-.345.3-.66.825-.765 1.605-.69.315-2.415.825-3.495-.99-.225-.36-.9-1.245-1.845-1.23-1.005.015-.405.57.015.795.51.285 1.095 1.35 1.23 1.695.24.675 1.02 1.965 4.035 1.41 0 1.005.015 1.95.015 2.235 0 .315-.225.675-.825.57A11.995 11.995 0 0 1 0 12C0 5.37 5.37 0 12 0Z"/>
+    <symbol id="github" viewBox="0 0 24 24">
+      <path d="M12 2C17.525 2 22 6.58819 22 12.2529C21.9995 14.4012 21.3419 16.4952 20.1198 18.2402C18.8977 19.9852 17.1727 21.2933 15.1875 21.9804C14.6875 22.0829 14.5 21.7625 14.5 21.4934C14.5 21.1474 14.5125 20.0452 14.5125 18.6738C14.5125 17.7126 14.2 17.0974 13.8375 16.777C16.0625 16.5207 18.4 15.6492 18.4 11.7147C18.4 10.5868 18.0125 9.67689 17.375 8.95918C17.475 8.70286 17.825 7.65193 17.275 6.24215C17.275 6.24215 16.4375 5.9602 14.525 7.29308C13.725 7.06239 12.875 6.94704 12.025 6.94704C11.175 6.94704 10.325 7.06239 9.525 7.29308C7.6125 5.97301 6.775 6.24215 6.775 6.24215C6.225 7.65193 6.575 8.70286 6.675 8.95918C6.0375 9.67689 5.65 10.5997 5.65 11.7147C5.65 15.6364 7.975 16.5207 10.2 16.777C9.9125 17.0334 9.65 17.4819 9.5625 18.1484C8.9875 18.4175 7.55 18.8533 6.65 17.3025C6.4625 16.9949 5.9 16.2388 5.1125 16.2516C4.275 16.2644 4.775 16.7386 5.125 16.9308C5.55 17.1743 6.0375 18.0843 6.15 18.3791C6.35 18.9558 7 20.058 9.5125 19.5838C9.5125 20.4425 9.525 21.2499 9.525 21.4934C9.525 21.7625 9.3375 22.0701 8.8375 21.9804C6.8458 21.3007 5.11342 19.9952 3.88611 18.2492C2.65881 16.5031 1.9989 14.4052 2 12.2529C2 6.58819 6.475 2 12 2Z"/>
     </symbol>
-    <symbol viewBox="0 0 24 24" id="mastodon">
+    <symbol id="mastodon" viewBox="0 0 24 24">
       <path d="M23.193 7.879c0-5.207-3.411-6.732-3.411-6.732C18.062.357 15.109.025 12.04 0h-.076c-3.068.025-6.019.357-7.74 1.147 0 0-3.411 1.526-3.411 6.732 0 1.191-.023 2.617.015 4.129.123 5.092.933 10.111 5.641 11.356 2.171.575 4.034.695 5.534.613 2.722-.152 4.249-.972 4.249-.972l-.09-1.975s-1.945.614-4.129.539c-2.165-.075-4.448-.233-4.799-2.891a5.626 5.626 0 0 1-.048-.745s2.124.519 4.817.643c1.646.076 3.19-.096 4.759-.283 3.007-.359 5.625-2.211 5.954-3.905.52-2.668.477-6.509.477-6.509Zm-4.023 6.709h-2.498v-6.12c0-1.289-.542-1.944-1.628-1.944-1.2 0-1.802.777-1.802 2.312v3.35H10.76v-3.35c0-1.535-.601-2.312-1.803-2.312-1.086 0-1.628.655-1.628 1.944v6.12H4.832V8.284c0-1.289.327-2.313.987-3.07.68-.757 1.569-1.146 2.674-1.146 1.278 0 2.247.491 2.886 1.473L12 6.585l.623-1.044c.64-.982 1.609-1.473 2.887-1.473 1.104 0 1.994.389 2.674 1.146.658.757.986 1.781.986 3.07v6.304Z"/>
     </symbol>
-    <symbol viewBox="0 0 24 24" id="x-twitter">
-      <path d="M14.286 10.664 23.222.5h-2.117l-7.763 8.824L7.147.5H0l9.37 13.344L0 24.5h2.117l8.192-9.319 6.544 9.32H24M2.88 2.061h3.253l14.97 20.953H17.85"/>
+    <symbol id="x-twitter" viewBox="0 0 24 24">
+      <path d="M16.39 19.89h2.44L7.6 4.17H5.16M21 21H15.64l-4.91-6.99L4.59 21H3l7.03-7.99L3 3H8.36l4.65 6.62L18.83 3h1.59l-6.71 7.62"/>
     </symbol>
   </defs>
 </svg>
diff --git a/app/helpers/icon_helper.rb b/app/helpers/icon_helper.rb
index a33031e6365..88a2a9f4847 100644
--- a/app/helpers/icon_helper.rb
+++ b/app/helpers/icon_helper.rb
@@ -8,7 +8,7 @@ def icon_tag(name, size: 6, **options)
     options[:role] ||= "graphics-symbol"
 
     tag.svg(**options) do
-      concat tag.use(href: "#{asset_path('/images/icons.svg')}##{name}")
+      concat tag.use(href: "#{image_path('icons.svg')}##{name}")
     end
   end
 end
diff --git a/public/images/icons.svg b/public/images/icons.svg
deleted file mode 100644
index 1b91eb5e461..00000000000
--- a/public/images/icons.svg
+++ /dev/null
@@ -1,125 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<svg xmlns="http://www.w3.org/2000/svg">
-  <defs>
-    <!-- Material icons (updated) -->
-    <symbol id="warning" viewBox="0 -960 960 960"><path d="M137.02-140q-10.17 0-18.27-4.97t-12.59-13.11q-4.68-8.08-5.15-17.5-.47-9.42 5.08-18.66l342.43-591.52q5.56-9.24 13.9-13.66 8.35-4.42 17.58-4.42 9.23 0 17.58 4.42 8.34 4.42 13.9 13.66l342.43 591.52q5.55 9.24 5.08 18.66-.47 9.42-5.15 17.5-4.49 8.14-12.59 13.11-8.1 4.97-18.27 4.97H137.02ZM178-200h604L480-720 178-200Zm302-47.69q13.73 0 23.02-9.29t9.29-23.02q0-13.73-9.29-23.02T480-312.31q-13.73 0-23.02 9.29T447.69-280q0 13.73 9.29 23.02t23.02 9.29Zm.01-104.62q12.76 0 21.37-8.62 8.62-8.63 8.62-21.38v-140q0-12.75-8.63-21.37-8.63-8.63-21.38-8.63-12.76 0-21.37 8.63-8.62 8.62-8.62 21.37v140q0 12.75 8.63 21.38 8.63 8.62 21.38 8.62ZM480-460Z"/></symbol>
-    <symbol id="error" viewBox="0 -960 960 960"><path d="M480-290.77q13.73 0 23.02-9.29t9.29-23.02q0-13.73-9.29-23.02-9.29-9.28-23.02-9.28t-23.02 9.28q-9.29 9.29-9.29 23.02t9.29 23.02q9.29 9.29 23.02 9.29Zm.01-146.15q12.76 0 21.37-8.63 8.62-8.62 8.62-21.37v-180q0-12.75-8.63-21.38-8.63-8.62-21.38-8.62-12.76 0-21.37 8.62-8.62 8.63-8.62 21.38v180q0 12.75 8.63 21.37 8.63 8.63 21.38 8.63Zm.06 336.92q-78.84 0-148.21-29.92t-120.68-81.21q-51.31-51.29-81.25-120.63Q100-401.1 100-479.93q0-78.84 29.92-148.21t81.21-120.68q51.29-51.31 120.63-81.25Q401.1-860 479.93-860q78.84 0 148.21 29.92t120.68 81.21q51.31 51.29 81.25 120.63Q860-558.9 860-480.07q0 78.84-29.92 148.21t-81.21 120.68q-51.29 51.31-120.63 81.25Q558.9-100 480.07-100Zm-.07-60q134 0 227-93t93-227q0-134-93-227t-227-93q-134 0-227 93t-93 227q0 134 93 227t227 93Zm0-320Z"/></symbol>
-    <symbol id="arrow-circle-right" viewBox="0 -960 960 960"><path d="m512.23-450-53.31 53.31q-8.3 8.31-8.11 20.69.19 12.38 8.5 20.69t20.95 8.31q12.64 0 20.82-8.31l99.38-99.38q10.85-10.85 10.85-25.31 0-14.46-10.85-25.31l-99.77-99.77q-8.31-8.3-20.69-8.3t-20.69 8.3q-8.31 8.31-8.31 20.95 0 12.64 8.31 20.82L512.23-510H360q-12.75 0-21.37 8.63-8.63 8.63-8.63 21.38 0 12.76 8.63 21.37Q347.25-450 360-450h152.23Zm-32.16 350q-78.84 0-148.21-29.92t-120.68-81.21q-51.31-51.29-81.25-120.63Q100-401.1 100-479.93q0-78.84 29.92-148.21t81.21-120.68q51.29-51.31 120.63-81.25Q401.1-860 479.93-860q78.84 0 148.21 29.92t120.68 81.21q51.31 51.29 81.25 120.63Q860-558.9 860-480.07q0 78.84-29.92 148.21t-81.21 120.68q-51.29 51.31-120.63 81.25Q558.9-100 480.07-100Zm-.07-60q134 0 227-93t93-227q0-134-93-227t-227-93q-134 0-227 93t-93 227q0 134 93 227t227 93Zm0-320Z"/></symbol>
-    <symbol id="house-siding" viewBox="0 -960 960 960"><path d="M273.85-260v90q0 12.75-8.63 21.37-8.63 8.63-21.39 8.63-12.75 0-21.37-8.63-8.61-8.62-8.61-21.37v-374.08L120-473.46q-10.54 7.31-22.31 6.19-11.77-1.12-19.46-11.65-7.69-10.54-6.27-22.31 1.43-11.77 11.96-19.46L436-787.23q9.85-7.23 21.08-10.65 11.24-3.43 22.92-3.43 11.68 0 22.92 3.43 11.23 3.42 21.08 10.65l352.46 266.54q9.92 7.69 11.65 19.46 1.73 11.77-5.96 22.31-7.69 10.53-19.46 11.65-11.77 1.12-22.31-6.19l-93.84-70.62V-170q0 12.75-8.63 21.37-8.63 8.63-21.39 8.63-12.75 0-21.37-8.63-8.61-8.62-8.61-21.37v-90H273.85Zm0-215.38h412.69v-95.39H273.85v95.39Zm0 155.38h412.69v-95.39H273.85V-320Zm54.61-310.77h303.08L480-744.39 328.46-630.77Z"/></symbol>
-    <symbol id="arrow-circle-down" viewBox="0 -960 960 960"><path d="m454-447.84-49.31-49.31q-8.31-8.31-18.19-8.31t-18.19 8.31q-8.31 8.3-8.31 18.44 0 10.15 8.31 18.32l89.91 89.91q9.7 9.71 22.35 9.71 12.64 0 22.12-9.85l89.77-89.77q8.31-8.17 8.31-18.32 0-10.14-8.31-18.44-8.31-8.31-18.45-8.31-10.14 0-18.32 8.31l-49.31 49.31v-138.52q0-10.93-7.41-18.32-7.42-7.4-18.39-7.4-10.96 0-18.77 7.4-7.81 7.39-7.81 18.32v138.52ZM480.34-116q-75.11 0-141.48-28.42-66.37-28.42-116.18-78.21-49.81-49.79-78.25-116.09Q116-405.01 116-480.39q0-75.38 28.42-141.25t78.21-115.68q49.79-49.81 116.09-78.25Q405.01-844 480.39-844q75.38 0 141.25 28.42t115.68 78.21q49.81 49.79 78.25 115.85Q844-555.45 844-480.34q0 75.11-28.42 141.48-28.42 66.37-78.21 116.18-49.79 49.81-115.85 78.25Q555.45-116 480.34-116Zm-.34-52q130 0 221-91t91-221q0-130-91-221t-221-91q-130 0-221 91t-91 221q0 130 91 221t221 91Zm0-312Z"/></symbol>
-    <symbol id="check-circle" viewBox="0 -960 960 960"><path d="m423.23-394.15-92.92-92.93q-8.31-8.3-20.89-8.5-12.57-.19-21.27 8.5-8.69 8.7-8.69 21.08 0 12.38 8.69 21.08l109.77 109.77q10.85 10.84 25.31 10.84 14.46 0 25.31-10.84l222.54-222.54q8.3-8.31 8.5-20.89.19-12.57-8.5-21.27-8.7-8.69-21.08-8.69-12.38 0-21.08 8.69l-205.69 205.7ZM480.07-100q-78.84 0-148.21-29.92t-120.68-81.21q-51.31-51.29-81.25-120.63Q100-401.1 100-479.93q0-78.84 29.92-148.21t81.21-120.68q51.29-51.31 120.63-81.25Q401.1-860 479.93-860q78.84 0 148.21 29.92t120.68 81.21q51.31 51.29 81.25 120.63Q860-558.9 860-480.07q0 78.84-29.92 148.21t-81.21 120.68q-51.29 51.31-120.63 81.25Q558.9-100 480.07-100Zm-.07-60q134 0 227-93t93-227q0-134-93-227t-227-93q-134 0-227 93t-93 227q0 134 93 227t227 93Zm0-320Z"/></symbol>
-    <symbol id="logout" viewBox="0 -960 960 960"><path d="M224.62-160q-27.62 0-46.12-18.5Q160-197 160-224.62v-510.76q0-27.62 18.5-46.12Q197-800 224.62-800h236.15q8.54 0 14.27 5.73t5.73 14.27q0 8.54-5.73 14.27T460.77-760H224.62q-9.24 0-16.93 7.69-7.69 7.69-7.69 16.93v510.76q0 9.24 7.69 16.93 7.69 7.69 16.93 7.69h236.15q8.54 0 14.27 5.73t5.73 14.27q0 8.54-5.73 14.27T460.77-160H224.62Zm497.76-300H387.69q-8.54 0-14.27-5.73T367.69-480q0-8.54 5.73-14.27t14.27-5.73h334.69l-78.84-78.85q-5.62-5.61-6-13.53-.39-7.93 6-14.54 6.38-6.62 14.15-6.73 7.77-.12 14.39 6.5l104.54 104.53q9.69 9.7 9.69 22.62 0 12.92-9.69 22.62L672.08-352.85q-5.85 5.85-13.89 6.12-8.04.27-14.65-6.35-6.39-6.61-6.27-14.27.11-7.65 6.5-14.03L722.38-460Z"/></symbol>
-
-    <symbol id="chevron-right" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="size-6">
-      <path stroke-linecap="round" stroke-linejoin="round" d="m8.25 4.5 7.5 7.5-7.5 7.5" />
-    </symbol>
-
-    <symbol id="chevron-forward" viewBox="0 0 960 1147"><path d="M518 576L355 413q-8-8-8.5-20.5T355 371q9-9 21-9t21 9l180 180q5 5 7.5 11.5T587 576q0 7-2.5 13.5T577 601L397 781q-8 8-20.5 8.5T355 781q-9-9-9-21t9-21l163-163z"/></symbol>
-    <symbol id="rss-feed" viewBox="0 0 960 1147"><path d="M205 916q-27 0-46-19t-19-46q0-26 19-45t46-19q26 0 45 19t19 45q0 27-19 46t-45 19zm530 0q-19 0-32-14.5T688 867q-9-100-50-186.5T529 527q-67-68-153.5-109T189 368q-20-2-34.5-15T140 321q0-20 14-32.5t33-10.5q119 9 222.5 57.5T593 463q79 80 127.5 183.5T778 869q2 19-10.5 33T735 916zm-230 0q-19 0-32.5-13.5T456 870q-8-53-31-98.5T366 690q-36-36-81.5-59T186 600q-19-3-32.5-16.5T140 551q0-19 14-31.5t33-9.5q71 8 132.5 38T429 627q49 48 79 109.5T546 869q3 19-9.5 33T505 916z"/></symbol>
-    <symbol id="mail" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="size-6">
-      <path stroke-linecap="round" stroke-linejoin="round" d="M21.75 6.75v10.5a2.25 2.25 0 0 1-2.25 2.25h-15a2.25 2.25 0 0 1-2.25-2.25V6.75m19.5 0A2.25 2.25 0 0 0 19.5 4.5h-15a2.25 2.25 0 0 0-2.25 2.25m19.5 0v.243a2.25 2.25 0 0 1-1.07 1.916l-7.5 4.615a2.25 2.25 0 0 1-2.36 0L3.32 8.91a2.25 2.25 0 0 1-1.07-1.916V6.75" />
-    </symbol>
-
-    <!-- Material icons (wrong weight) -->
-    <symbol id="arrow-drop-down" viewBox="0 0 24 24">
-      <path d="M0 0h24v24H0V0z" fill="none"/>
-      <path d="M8.71 11.71l2.59 2.59c.39.39 1.02.39 1.41 0l2.59-2.59c.63-.63.18-1.71-.71-1.71H9.41c-.89 0-1.33 1.08-.7 1.71z"/>
-    </symbol>
-    <symbol id="close" viewBox="0 0 24 24">
-      <path d="M0 0h24v24H0V0z" fill="none"/>
-      <path d="M18.3 5.71c-.39-.39-1.02-.39-1.41 0L12 10.59 7.11 5.7c-.39-.39-1.02-.39-1.41 0-.39.39-.39 1.02 0 1.41L10.59 12 5.7 16.89c-.39.39-.39 1.02 0 1.41.39.39 1.02.39 1.41 0L12 13.41l4.89 4.89c.39.39 1.02.39 1.41 0 .39-.39.39-1.02 0-1.41L13.41 12l4.89-4.89c.38-.38.38-1.02 0-1.4z"/>
-    </symbol>
-    <symbol id="error" viewBox="0 0 24 24">
-      <path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm0 11c-.55 0-1-.45-1-1V8c0-.55.45-1 1-1s1 .45 1 1v4c0 .55-.45 1-1 1zm1 4h-2v-2h2v2z"/>
-    </symbol>
-    <symbol id="content-copy" viewBox="0 0 24 24" enable-background="new 0 0 24 24">
-      <g>
-        <rect fill="none" height="24" width="24"/>
-      </g>
-      <g>
-        <path d="M15,20H5V7c0-0.55-0.45-1-1-1h0C3.45,6,3,6.45,3,7v13c0,1.1,0.9,2,2,2h10c0.55,0,1-0.45,1-1v0C16,20.45,15.55,20,15,20z M20,16V4c0-1.1-0.9-2-2-2H9C7.9,2,7,2.9,7,4v12c0,1.1,0.9,2,2,2h9C19.1,18,20,17.1,20,16z M18,16H9V4h9V16z"/>
-      </g>
-    </symbol>
-    <symbol id="history" viewBox="0 0 24 24">
-      <path d="M0 0h24v24H0V0z" fill="none"/>
-      <path d="M13.26 3C8.17 2.86 4 6.95 4 12H2.21c-.45 0-.67.54-.35.85l2.79 2.8c.2.2.51.2.71 0l2.79-2.8c.31-.31.09-.85-.36-.85H6c0-3.9 3.18-7.05 7.1-7 3.72.05 6.85 3.18 6.9 6.9.05 3.91-3.1 7.1-7 7.1-1.61 0-3.1-.55-4.28-1.48-.4-.31-.96-.28-1.32.08-.42.42-.39 1.13.08 1.49C9 20.29 10.91 21 13 21c5.05 0 9.14-4.17 9-9.26-.13-4.69-4.05-8.61-8.74-8.74zm-.51 5c-.41 0-.75.34-.75.75v3.68c0 .35.19.68.49.86l3.12 1.85c.36.21.82.09 1.03-.26.21-.36.09-.82-.26-1.03l-2.88-1.71v-3.4c0-.4-.34-.74-.75-.74z"/>
-    </symbol>
-
-    <symbol id="keyboard-arrow-down" viewBox="0 0 24 24">
-      <path d="M8.12 9.29L12 13.17l3.88-3.88c.39-.39 1.02-.39 1.41 0 .39.39.39 1.02 0 1.41l-4.59 4.59c-.39.39-1.02.39-1.41 0L6.7 10.7c-.39-.39-.39-1.02 0-1.41.39-.38 1.03-.39 1.42 0z"/>
-    </symbol>
-    <symbol id="keyboard-arrow-up" viewBox="0 0 24 24">
-      <path d="M8.12 14.71L12 10.83l3.88 3.88c.39.39 1.02.39 1.41 0 .39-.39.39-1.02 0-1.41L12.7 8.71c-.39-.39-1.02-.39-1.41 0L6.7 13.3c-.39.39-.39 1.02 0 1.41.39.38 1.03.39 1.42 0z"/>
-    </symbol>
-    <symbol id="language" viewBox="0 0 24 24">
-      <path d="M0 0h24v24H0V0z" fill="none"/>
-      <path d="M11.99 2C6.47 2 2 6.48 2 12s4.47 10 9.99 10C17.52 22 22 17.52 22 12S17.52 2 11.99 2zm6.93 6h-2.95c-.32-1.25-.78-2.45-1.38-3.56 1.84.63 3.37 1.91 4.33 3.56zM12 4.04c.83 1.2 1.48 2.53 1.91 3.96h-3.82c.43-1.43 1.08-2.76 1.91-3.96zM4.26 14C4.1 13.36 4 12.69 4 12s.1-1.36.26-2h3.38c-.08.66-.14 1.32-.14 2s.06 1.34.14 2H4.26zm.82 2h2.95c.32 1.25.78 2.45 1.38 3.56-1.84-.63-3.37-1.9-4.33-3.56zm2.95-8H5.08c.96-1.66 2.49-2.93 4.33-3.56C8.81 5.55 8.35 6.75 8.03 8zM12 19.96c-.83-1.2-1.48-2.53-1.91-3.96h3.82c-.43 1.43-1.08 2.76-1.91 3.96zM14.34 14H9.66c-.09-.66-.16-1.32-.16-2s.07-1.35.16-2h4.68c.09.65.16 1.32.16 2s-.07 1.34-.16 2zm.25 5.56c.6-1.11 1.06-2.31 1.38-3.56h2.95c-.96 1.65-2.49 2.93-4.33 3.56zM16.36 14c.08-.66.14-1.32.14-2s-.06-1.34-.14-2h3.38c.16.64.26 1.31.26 2s-.1 1.36-.26 2h-3.38z"/>
-    </symbol>
-    <symbol id="menu" viewBox="0 0 24 24">
-      <path d="M0 0h24v24H0V0z" fill="none"/>
-      <path d="M4 18h16c.55 0 1-.45 1-1s-.45-1-1-1H4c-.55 0-1 .45-1 1s.45 1 1 1zm0-5h16c.55 0 1-.45 1-1s-.45-1-1-1H4c-.55 0-1 .45-1 1s.45 1 1 1zM3 7c0 .55.45 1 1 1h16c.55 0 1-.45 1-1s-.45-1-1-1H4c-.55 0-1 .45-1 1z"/>
-    </symbol>
-    <symbol id="search" viewBox="0 0 24 24">
-      <path d="M9.7 14.1c-1.3 0-2.4-.4-3.3-1.3-.9-.9-1.3-2-1.3-3.3s.4-2.4 1.3-3.3c.9-.9 2-1.3 3.3-1.3 1.3 0 2.4.4 3.3 1.3.9.9 1.3 2 1.3 3.3s-.4 2.4-1.3 3.3c-.9.9-2 1.3-3.3 1.3Zm0 1.5c.7 0 1.4-.1 2-.3.7-.3 1.2-.6 1.7-1l5.8 5.8c.1.1.3.2.5.2s.4-.1.5-.2c.2-.2.3-.4.2-.6 0-.2 0-.4-.2-.5l-5.7-5.8c.4-.4.7-1 .9-1.7.3-.6.4-1.3.4-2 0-1.7-.6-3.2-1.8-4.3C12.8 4 11.4 3.4 9.7 3.4 8 3.4 6.5 4 5.3 5.2 4.2 6.3 3.6 7.8 3.6 9.5s.6 3.2 1.7 4.3C6.5 15 8 15.6 9.7 15.6Z"/>
-    </symbol>
-    <symbol id="settings" viewBox="0 0 24 24" enable-background="new 0 0 24 24">
-      <rect fill="none" height="24" width="24"/>
-      <path d="M19.5,12c0-0.23-0.01-0.45-0.03-0.68l1.86-1.41c0.4-0.3,0.51-0.86,0.26-1.3l-1.87-3.23c-0.25-0.44-0.79-0.62-1.25-0.42 l-2.15,0.91c-0.37-0.26-0.76-0.49-1.17-0.68l-0.29-2.31C14.8,2.38,14.37,2,13.87,2h-3.73C9.63,2,9.2,2.38,9.14,2.88L8.85,5.19 c-0.41,0.19-0.8,0.42-1.17,0.68L5.53,4.96c-0.46-0.2-1-0.02-1.25,0.42L2.41,8.62c-0.25,0.44-0.14,0.99,0.26,1.3l1.86,1.41 C4.51,11.55,4.5,11.77,4.5,12s0.01,0.45,0.03,0.68l-1.86,1.41c-0.4,0.3-0.51,0.86-0.26,1.3l1.87,3.23c0.25,0.44,0.79,0.62,1.25,0.42 l2.15-0.91c0.37,0.26,0.76,0.49,1.17,0.68l0.29,2.31C9.2,21.62,9.63,22,10.13,22h3.73c0.5,0,0.93-0.38,0.99-0.88l0.29-2.31 c0.41-0.19,0.8-0.42,1.17-0.68l2.15,0.91c0.46,0.2,1,0.02,1.25-0.42l1.87-3.23c0.25-0.44,0.14-0.99-0.26-1.3l-1.86-1.41 C19.49,12.45,19.5,12.23,19.5,12z M12.04,15.5c-1.93,0-3.5-1.57-3.5-3.5s1.57-3.5,3.5-3.5s3.5,1.57,3.5,3.5S13.97,15.5,12.04,15.5z"/>
-    </symbol>
-    <symbol id="tune" viewBox="0 0 24 24">
-      <path d="M0 0h24v24H0V0z" fill="none"/>
-      <path d="M3 18c0 .55.45 1 1 1h5v-2H4c-.55 0-1 .45-1 1zM3 6c0 .55.45 1 1 1h9V5H4c-.55 0-1 .45-1 1zm10 14v-1h7c.55 0 1-.45 1-1s-.45-1-1-1h-7v-1c0-.55-.45-1-1-1s-1 .45-1 1v4c0 .55.45 1 1 1s1-.45 1-1zM7 10v1H4c-.55 0-1 .45-1 1s.45 1 1 1h3v1c0 .55.45 1 1 1s1-.45 1-1v-4c0-.55-.45-1-1-1s-1 .45-1 1zm14 2c0-.55-.45-1-1-1h-9v2h9c.55 0 1-.45 1-1zm-5-3c.55 0 1-.45 1-1V7h3c.55 0 1-.45 1-1s-.45-1-1-1h-3V4c0-.55-.45-1-1-1s-1 .45-1 1v4c0 .55.45 1 1 1z"/>
-    </symbol>
-    <symbol id="warning" viewBox="0 0 24 24">
-      <path d="M4.47 21h15.06c1.54 0 2.5-1.67 1.73-3L13.73 4.99c-.77-1.33-2.69-1.33-3.46 0L2.74 18c-.77 1.33.19 3 1.73 3zM12 14c-.55 0-1-.45-1-1v-2c0-.55.45-1 1-1s1 .45 1 1v2c0 .55-.45 1-1 1zm1 4h-2v-2h2v2z"/>
-    </symbol>
-
-    <!-- Custom Icons -->
-    <symbol viewBox="0 0 32 32" id="logo">
-      <path d="M10.4 10.5l-3.9 4L16 24l9.6-9.5-3.9-4H10.4ZM16 29 4.7 22.5V9.5L16 3 27.3 9.5v13L16 29ZM2 8V24l14 8 14-8V8L16 0 2 8Z"/>
-    </symbol>
-    <symbol viewBox="0 0 32 32" id="gems"><!-- same as logo -->
-      <path d="M10.4 10.5l-3.9 4L16 24l9.6-9.5-3.9-4H10.4ZM16 29 4.7 22.5V9.5L16 3 27.3 9.5v13L16 29ZM2 8V24l14 8 14-8V8L16 0 2 8Z"/>
-    </symbol>
-    <symbol id="profile" viewBox="0 0 24 24">
-      <path d="M2.1 20.5A14.2 14.2 90 016.5 17.6C8.2 16.9 10 16.5 12 16.5 13.9 16.5 15.8 16.9 17.4 17.6A14.2 14.2 90 0121.9 20.5V2.6A.4.4 90 0021.7 2.3.4.4 90 0021.4 2.1H2.6A.4.4 90 002.3 2.3.4.4 90 002.1 2.6V20.5ZM12 14.4C13.3 14.4 14.4 14 15.2 13.1S16.6 11.1 16.6 9.8C16.6 8.5 16.1 7.5 15.2 6.6S13.3 5.2 12 5.2C10.7 5.2 9.6 5.7 8.7 6.6S7.4 8.5 7.4 9.8C7.4 11.1 7.9 12.2 8.7 13.1S10.7 14.4 12 14.4ZM2.6 24C1.8 24 1.2 23.7.7 23.3.2 22.8 0 22.2 0 21.4V2.6C0 1.8.2 1.2.7.7 1.2.2 1.8 0 2.6 0H21.4C22.2 0 22.8.2 23.3.7 23.7 1.2 24 1.8 24 2.6V21.4C24 22.2 23.7 22.8 23.3 23.3 22.8 23.7 22.2 24 21.4 24H2.6ZM3.8 21.9H20.2C19 20.8 17.7 20 16.3 19.4A12 12 90 0012 18.6C10.6 18.6 9.1 18.9 7.7 19.4 6.3 20 4.9 20.8 3.8 21.9ZM12 12.3A2.4 2.4 90 0110.3 11.6 2.4 2.4 90 019.5 9.8C9.5 9.1 9.8 8.6 10.3 8.1A2.4 2.4 90 0112 7.3C12.7 7.3 13.3 7.6 13.7 8.1 14.2 8.6 14.5 9.1 14.5 9.8 14.5 10.5 14.2 11.1 13.7 11.6A2.4 2.4 90 0112 12.3Z"/>
-    </symbol>
-    <symbol id="history" viewBox="0 0 24 24">
-      <path d="M12 23.9c-2.8 0-5.3-.9-7.4-2.6-2.1-1.7-3.5-3.9-4.1-6.6a.9.9 90 01.1-.8 1 1 90 01.7-.4 1.1 1.1 90 01.8.2c.2.2.4.4.5.7.5 2.2 1.7 3.9 3.4 5.3 1.8 1.4 3.8 2.1 6 2.1 2.7 0 5-1 6.9-2.9s2.9-4.2 2.9-6.9-1-5-2.9-6.9C17 3.2 14.7 2.2 12 2.2a9.4 9.4 90 00-4.3 1A10.6 10.6 90 004.2 6h2.6c.3 0 .5.1.7.3a1 1 90 01.3.7 1 1 90 01-.3.7 1 1 90 01-.7.3H2a1.2 1.2 90 01-.9-.4 1.2 1.2 90 01-.4-.9V2.1c0-.3.1-.5.3-.7a1 1 90 01.7-.3c.3 0 .5.1.7.3a1 1 90 01.3.7v2.3A11.9 11.9 90 017 1.2a11.7 11.7 90 015-1.1 11.6 11.6 90 014.6.9c1.4.6 2.7 1.5 3.8 2.5a12.1 12.1 90 012.5 3.8 11.6 11.6 90 01.9 4.6c0 1.7-.3 3.2-.9 4.6a12 12 90 01-2.5 3.8 12 12 90 01-3.8 2.5 11.6 11.6 90 01-4.6.9Zm1.1-12.3 3.8 3.9a1 1 90 01.3.7 1 1 90 01-.3.7 1 1 90 01-.7.3 1 1 90 01-.7-.3l-4.1-4.1a1.3 1.3 90 01-.4-.9V6.1c0-.3.1-.5.3-.7a1 1 90 01.7-.3c.3 0 .5.1.7.3a1 1 90 01.3.7v5.5Z"/>
-    </symbol>
-    <symbol id="ruby-central" viewBox="0 0 60 60">
-      <path fill-rule="evenodd" clip-rule="evenodd" d="M9.362 11.513a9.603 9.603 0 0 1 9.604-9.604h21.131a9.605 9.605 0 0 1 9.605 9.604v21.131a9.606 9.606 0 0 1-9.605 9.605h-21.13a9.605 9.605 0 0 1-9.605-9.605v-21.13ZM44.33 21.886c0 8.063-6.537 14.6-14.6 14.6s-14.599-6.537-14.599-14.6 6.536-14.6 14.6-14.6 14.599 6.537 14.599 14.6ZM27.164 13.05c-.984 0-1.92.418-2.577 1.149L21.4 17.742a3.467 3.467 0 0 0-.1 4.518l5.916 7.196a3.467 3.467 0 0 0 5.354 0l5.916-7.196a3.467 3.467 0 0 0-.1-4.518l-3.187-3.544a3.467 3.467 0 0 0-2.577-1.15h-5.458ZM26.591 16a.77.77 0 0 1 .573-.254h5.458c.219 0 .426.093.573.254l3.186 3.545a.77.77 0 0 1 .022 1.004l-5.915 7.197a.77.77 0 0 1-1.19 0l-5.915-7.197a.77.77 0 0 1 .022-1.004L26.591 16Zm32.113 40.033c.05.049.108.074.178.074h.868a.24.24 0 0 0 .177-.074.238.238 0 0 0 .073-.177v-6.917a.24.24 0 0 0-.073-.18.243.243 0 0 0-.177-.072h-.868a.245.245 0 0 0-.178.073.246.246 0 0 0-.073.179v6.917c0 .07.025.13.073.177Zm-4.164.178c-.361 0-.689-.07-.982-.209a1.907 1.907 0 0 1-.7-.576 1.403 1.403 0 0 1-.25-.814 1.365 1.365 0 0 1 .584-1.16c.397-.293.92-.488 1.568-.585l1.432-.21v-.218c0-.293-.073-.52-.22-.68-.146-.16-.397-.24-.752-.24a1.112 1.112 0 0 0-.617.156.91.91 0 0 0-.345.398.266.266 0 0 1-.24.135h-.826c-.076 0-.135-.02-.177-.062a.256.256 0 0 1-.053-.168 1.062 1.062 0 0 1 .137-.407c.083-.16.216-.314.397-.46.18-.153.414-.282.7-.386.286-.105.63-.157 1.034-.157.44 0 .808.055 1.109.167a1.862 1.862 0 0 1 .73.428c.182.181.314.395.398.638.083.243.125.501.125.773v3.282a.24.24 0 0 1-.073.177.243.243 0 0 1-.177.074h-.847a.258.258 0 0 1-.189-.074.267.267 0 0 1-.062-.177v-.408a1.655 1.655 0 0 1-.366.376 2.124 2.124 0 0 1-.565.283 2.533 2.533 0 0 1-.773.104Zm.356-.993c.244 0 .463-.052.658-.156a1.08 1.08 0 0 0 .47-.48c.119-.224.178-.503.178-.837v-.22l-1.045.167c-.41.063-.717.164-.92.303-.2.14-.303.31-.303.513a.61.61 0 0 0 .137.397.95.95 0 0 0 .365.24c.146.048.3.073.46.073Zm-5.827.815a.243.243 0 0 0 .177.074h.909c.077 0 .14-.025.188-.074a.243.243 0 0 0 .074-.177v-2.873c0-.328.09-.586.272-.774.187-.188.449-.283.783-.283h.815c.077 0 .136-.023.178-.073a.243.243 0 0 0 .073-.178v-.752a.243.243 0 0 0-.073-.177.222.222 0 0 0-.178-.073h-.428c-.335 0-.63.06-.889.177a1.579 1.579 0 0 0-.617.513v-.43a.237.237 0 0 0-.083-.187.243.243 0 0 0-.177-.073h-.847a.25.25 0 0 0-.25.26v4.923c0 .07.023.13.073.177Zm-1.774.074c-.418 0-.77-.074-1.056-.22a1.4 1.4 0 0 1-.637-.648c-.14-.292-.21-.654-.21-1.086V51.78h-.825a.243.243 0 0 1-.178-.073.246.246 0 0 1-.073-.179v-.606c0-.07.025-.129.073-.177a.243.243 0 0 1 .178-.073h.825v-1.734c0-.071.021-.13.064-.18a.256.256 0 0 1 .187-.072h.846a.246.246 0 0 1 .251.252v1.734h1.307c.07 0 .13.024.178.073a.243.243 0 0 1 .073.177v.606c0 .07-.025.13-.073.179a.243.243 0 0 1-.178.073H46.74v2.268c0 .285.05.507.147.668.105.16.283.24.533.24h.722c.07 0 .127.025.177.074a.243.243 0 0 1 .073.177v.648a.24.24 0 0 1-.073.177.245.245 0 0 1-.177.074h-.847Zm-8.542-.074a.243.243 0 0 0 .177.074h.92a.24.24 0 0 0 .178-.074.238.238 0 0 0 .073-.177V52.98c0-.403.108-.72.324-.95.216-.23.505-.346.867-.346.377 0 .662.116.857.345.202.23.304.548.304.951v2.875c0 .07.024.13.072.177.05.049.108.074.179.074h.918c.071 0 .13-.025.179-.074a.243.243 0 0 0 .073-.177v-2.937c0-.488-.088-.906-.262-1.253a1.844 1.844 0 0 0-.72-.806 2.053 2.053 0 0 0-1.108-.292c-.418 0-.77.076-1.056.23a2.18 2.18 0 0 0-.69.554v-.429a.243.243 0 0 0-.072-.177.24.24 0 0 0-.178-.073h-.858a.238.238 0 0 0-.177.073.243.243 0 0 0-.073.177v4.933c0 .07.024.13.073.177Zm-3.443.178c-.774 0-1.387-.223-1.84-.67-.453-.445-.696-1.079-.73-1.9a2.545 2.545 0 0 1-.012-.263c0-.111.004-.198.011-.26.027-.523.147-.976.355-1.36.216-.382.513-.675.889-.877.376-.208.818-.313 1.327-.313.563 0 1.037.118 1.42.355.384.23.674.554.869.972.194.411.291.888.291 1.431v.22a.238.238 0 0 1-.073.178.253.253 0 0 1-.187.073h-3.47v.083c.007.244.052.47.136.68a1.233 1.233 0 0 0 .387.49c.174.126.38.19.616.19a1.3 1.3 0 0 0 .491-.084 1.293 1.293 0 0 0 .502-.397c.063-.085.111-.133.146-.147a.407.407 0 0 1 .177-.03h.9c.069 0 .125.02.167.061a.174.174 0 0 1 .063.157c-.007.111-.067.248-.179.408a1.938 1.938 0 0 1-.459.47 2.71 2.71 0 0 1-.763.386 3.322 3.322 0 0 1-1.034.147Zm-1.15-3.292h2.309v-.03c0-.273-.045-.51-.135-.712a1.12 1.12 0 0 0-.397-.48 1.082 1.082 0 0 0-.627-.178 1.08 1.08 0 0 0-.627.178 1.112 1.112 0 0 0-.397.48 1.838 1.838 0 0 0-.126.711v.031Zm-6.727 2.958c.453.223 1.003.334 1.65.334.475 0 .9-.062 1.275-.187a3.02 3.02 0 0 0 .962-.513c.265-.222.47-.48.617-.773a2.222 2.222 0 0 0 .23-.951.17.17 0 0 0-.063-.157.211.211 0 0 0-.157-.063h-.993a.313.313 0 0 0-.187.052c-.05.035-.085.102-.106.199-.11.453-.303.767-.574.94-.272.168-.61.251-1.013.251-.467 0-.84-.129-1.119-.386-.279-.265-.428-.697-.449-1.295a24.37 24.37 0 0 1 0-1.757c.021-.6.17-1.028.45-1.284.277-.266.651-.398 1.118-.398.403 0 .74.084 1.013.251.271.166.464.48.574.94a.354.354 0 0 0 .106.198.313.313 0 0 0 .187.054h.993a.211.211 0 0 0 .157-.064.171.171 0 0 0 .063-.156 2.218 2.218 0 0 0-.847-1.714 2.898 2.898 0 0 0-.962-.523 4.018 4.018 0 0 0-1.274-.188c-.64 0-1.188.115-1.641.345a2.408 2.408 0 0 0-1.034.972c-.237.425-.37.93-.397 1.515a37.886 37.886 0 0 0 0 1.86c.027.593.16 1.102.397 1.526.237.418.578.742 1.024.972Zm-7.801 2.216a.2.2 0 0 1-.147-.064.199.199 0 0 1-.063-.146V57.8a.474.474 0 0 1 .042-.083l.816-1.934-2.007-4.734a.482.482 0 0 1-.041-.147.25.25 0 0 1 .073-.156.196.196 0 0 1 .156-.073h.847c.083 0 .146.02.187.063a.424.424 0 0 1 .095.135l1.39 3.417 1.43-3.417a.314.314 0 0 1 .095-.135c.042-.042.104-.063.189-.063h.835a.2.2 0 0 1 .147.063.186.186 0 0 1 .073.145.468.468 0 0 1-.042.168l-2.957 6.845a.417.417 0 0 1-.105.135c-.041.043-.105.064-.188.064h-.825Zm-4.87-2.09c.272.138.61.208 1.013.208.37 0 .69-.058.962-.178.272-.125.498-.299.68-.522.18-.222.32-.484.417-.783a3.8 3.8 0 0 0 .168-1.003 6.92 6.92 0 0 0 .01-.335c0-.105-.004-.22-.01-.345a3.348 3.348 0 0 0-.158-.972 2.281 2.281 0 0 0-.428-.784 1.828 1.828 0 0 0-.679-.533 2.278 2.278 0 0 0-.962-.188 2.123 2.123 0 0 0-.96.199 1.983 1.983 0 0 0-.648.491v-2.32a.246.246 0 0 0-.074-.178.223.223 0 0 0-.177-.073h-.889a.243.243 0 0 0-.177.073.246.246 0 0 0-.074.179v6.917c0 .07.025.13.074.177a.243.243 0 0 0 .177.074h.826a.22.22 0 0 0 .177-.074.238.238 0 0 0 .073-.177v-.386c.175.216.394.393.66.532Zm1.327-1.098c-.167.126-.4.188-.7.188-.285 0-.519-.066-.7-.198a1.197 1.197 0 0 1-.387-.502 2.28 2.28 0 0 1-.135-.637 6.72 6.72 0 0 1 0-.805c.006-.21.055-.408.146-.595a1.2 1.2 0 0 1 .397-.482c.174-.125.4-.187.68-.187.298 0 .532.065.7.198a1 1 0 0 1 .354.502c.077.208.122.438.137.69.013.208.013.417 0 .627a2.39 2.39 0 0 1-.137.689 1.065 1.065 0 0 1-.355.512ZM8.603 56.21c-.425 0-.794-.094-1.108-.282a1.93 1.93 0 0 1-.71-.815 2.912 2.912 0 0 1-.25-1.254v-2.937c0-.07.023-.129.073-.177a.238.238 0 0 1 .177-.073h.92a.22.22 0 0 1 .177.073.243.243 0 0 1 .073.177v2.874c0 .864.38 1.296 1.139 1.296.362 0 .648-.116.857-.345.216-.23.324-.547.324-.951v-2.874c0-.07.024-.129.074-.177a.238.238 0 0 1 .177-.073h.92c.07 0 .129.023.177.073a.243.243 0 0 1 .074.177v4.933c0 .07-.025.13-.074.177a.243.243 0 0 1-.177.074h-.847a.258.258 0 0 1-.188-.074.267.267 0 0 1-.062-.177v-.428a2.031 2.031 0 0 1-.7.574c-.28.14-.627.209-1.046.209Zm-8.53-.178c.05.05.109.074.178.074h.951c.077 0 .136-.024.177-.074a.238.238 0 0 0 .074-.177v-2.509h1.453l1.348 2.478a.84.84 0 0 0 .147.187c.062.064.152.095.27.095h.952a.199.199 0 0 0 .145-.062.197.197 0 0 0 .074-.158.252.252 0 0 0-.031-.114l-1.526-2.665a2.12 2.12 0 0 0 1.014-.742c.257-.342.386-.77.386-1.285 0-.746-.243-1.315-.73-1.704-.489-.39-1.154-.585-1.997-.585H.251a.238.238 0 0 0-.177.073.253.253 0 0 0-.074.188v6.803c0 .07.025.13.074.177Zm2.853-3.866H1.453V49.95h1.473c.432 0 .75.102.952.303.209.196.313.467.313.816s-.104.62-.313.815c-.21.188-.526.282-.952.282Z"/>
-    </symbol>
-    <symbol id="dnsimple" viewBox="0 0 60 60">
-      <path fill-rule="evenodd" clip-rule="evenodd" d="M6.175 24.787a3.92 3.92 0 0 0-.843.075v2.802c-.392-.151-.844-.226-1.446-.226-2.139 0-3.887 1.461-3.887 3.811 0 2.41 1.597 3.736 3.947 3.736 1.16 0 2.35-.316 3.088-.708v-9.415a4.242 4.242 0 0 0-.859-.075Zm-2.259 8.707c-1.296 0-2.184-.874-2.184-2.275 0-1.386.949-2.275 2.214-2.275.512 0 .979.061 1.386.317v4.007a3.742 3.742 0 0 1-1.416.226Zm8.421-6.086c-1.537 0-2.787.602-3.42 1.13v6.221c.286.06.573.075.844.075.286 0 .587-.015.858-.075v-5.393c.332-.196.919-.391 1.582-.391 1.1 0 1.732.497 1.732 1.807v3.977c.302.06.573.075.859.075.271 0 .573-.015.859-.075v-4.384c0-1.641-1.01-2.967-3.314-2.967ZM19.974 35c1.958 0 3.103-.904 3.103-2.395 0-1.416-1.129-1.943-2.681-2.184-1.22-.196-1.537-.422-1.537-.889 0-.452.392-.738 1.296-.738.859 0 1.597.256 2.094.542.346-.271.572-.693.648-1.22-.467-.332-1.386-.693-2.682-.693-1.808 0-2.998.904-2.998 2.229 0 1.507 1.206 1.974 2.471 2.17 1.28.195 1.687.467 1.687.949 0 .482-.361.858-1.371.858-1.13 0-1.762-.391-2.199-.708-.362.226-.648.633-.783 1.175.406.347 1.355.904 2.952.904Zm5.483-8.451a1.09 1.09 0 0 0 1.085-1.084 1.09 1.09 0 0 0-1.085-1.085c-.617 0-1.114.482-1.114 1.085 0 .602.497 1.084 1.114 1.084Zm0 8.285c.287 0 .573-.015.844-.075v-7.125a4.01 4.01 0 0 0-.844-.075c-.286 0-.572.015-.858.075v7.125c.286.06.587.075.858.075Zm10.892-7.426c-.964 0-1.838.376-2.426.828-.527-.512-1.31-.828-2.335-.828-1.491 0-2.786.633-3.359 1.13v6.221c.286.06.573.075.844.075.286 0 .587-.015.858-.075v-5.393a2.92 2.92 0 0 1 1.462-.391c1.16 0 1.596.738 1.596 1.762v4.022c.287.06.573.075.874.075.271 0 .573-.015.844-.075v-4.534c0-.226-.03-.452-.076-.663.347-.286.829-.587 1.522-.587 1.16 0 1.612.738 1.612 1.762v4.022c.271.06.557.075.858.075.272 0 .573-.015.844-.075v-4.534c0-1.552-1.055-2.817-3.118-2.817Zm8.134.015c-1.355 0-2.485.527-3.178 1.1v9.023c.301.06.572.075.858.075.287 0 .573-.015.844-.075v-2.772c.452.151.934.211 1.537.211 1.988 0 3.781-1.401 3.781-3.811 0-2.471-1.657-3.751-3.842-3.751Zm-.06 6.041c-.557 0-1.009-.091-1.416-.287v-3.841a2.842 2.842 0 0 1 1.401-.346c1.311 0 2.199.828 2.199 2.199 0 1.416-.888 2.275-2.184 2.275Zm6.312 1.37c.286 0 .587-.015.859-.075v-9.882a4.308 4.308 0 0 0-.874-.075c-.286 0-.573.015-.844.075v9.882c.301.06.588.075.859.075Zm9.264-4.187c0-1.913-1.356-3.224-3.269-3.224-2.033 0-3.585 1.597-3.585 3.811 0 2.335 1.537 3.751 3.676 3.751 1.431 0 2.365-.527 2.967-1.009a1.76 1.76 0 0 0-.738-1.16c-.467.331-1.069.738-2.109.738-1.19 0-1.913-.723-2.048-1.898h5.046c.045-.392.06-.633.06-1.009Zm-5.091-.121c.12-.979.768-1.717 1.822-1.717 1.16.015 1.597.874 1.597 1.717h-3.419Z"/>
-    </symbol>
-    <symbol id="datadog" viewBox="0 0 60 60">
-      <path d="M58.339 56.312v2.096c-.384.101-.728.15-1.03.15-2.034 0-3.05-1.075-3.05-3.224 0-1.986 1.078-2.978 3.233-2.978.898 0 1.735.167 2.51.503v-1.505c-.775-.29-1.653-.438-2.636-.438-3.221 0-4.834 1.471-4.834 4.418 0 3.109 1.584 4.666 4.751 4.666 1.09 0 1.995-.159 2.718-.476V54.84h-2.686l-.561 1.473h1.585Zm-11.376 2.245c1.807 0 2.71-1.041 2.71-3.124 0-2.051-.903-3.078-2.71-3.078-1.854 0-2.78 1.027-2.78 3.078 0 2.083.926 3.124 2.78 3.124Zm-4.508-3.086c0-3.038 1.504-4.555 4.508-4.555 2.957 0 4.436 1.517 4.436 4.555 0 3.02-1.479 4.529-4.436 4.529-2.871 0-4.373-1.51-4.508-4.53Zm-7.56 3.024h1.978c1.86 0 2.793-1.094 2.793-3.282 0-1.864-.932-2.794-2.793-2.794h-1.978v6.076Zm2.229 1.44h-3.89V50.98h3.89c2.803 0 4.205 1.412 4.205 4.233 0 3.148-1.402 4.723-4.205 4.723Zm-12.777 0h-1.709l3.81-8.955h1.79l3.89 8.956H30.34l-1.13-2.443h-2.874l.57-1.44h1.865L27.3 52.69l-2.954 7.246Zm-7.665-8.955h6.81v1.44h-2.574v7.516h-1.661V52.42h-2.575v-1.44ZM9.84 59.936H8.133l3.81-8.956h1.787l3.892 8.956h-1.789l-1.13-2.443H11.83l.571-1.44h1.864l-1.47-3.363-2.954 7.246Zm-8.176-1.441H3.64c1.863 0 2.792-1.094 2.792-3.282 0-1.864-.93-2.794-2.792-2.794H1.665v6.076Zm2.227 1.44H.002V50.98h3.89c2.803 0 4.206 1.412 4.206 4.233 0 3.148-1.403 4.723-4.206 4.723ZM29.864 14.47c.32-.304-1.597-.704-3.085.31-1.097.75-1.132 2.354-.082 3.264.105.09.192.154.273.206a9.513 9.513 0 0 1 2.767-.816c.223-.248.482-.686.417-1.477-.087-1.075-.902-.905-.29-1.486Zm10.065 5.833c-.18-.1-1.03-.06-1.627.01-1.137.135-2.364.529-2.633.739-.49.378-.268 1.037.095 1.307 1.012.757 1.9 1.264 2.838 1.14.575-.075 1.082-.986 1.442-1.813.245-.569.245-1.183-.115-1.383Zm-3.882-6.725c-.066.15-.169.248-.015.734l.01.028.025.063.064.146c.278.569.584 1.105 1.095 1.38.133-.023.269-.038.41-.045.481-.021.784.055.976.159a2.14 2.14 0 0 0 .01-.442c-.038-.721.142-1.947-1.243-2.592-.523-.242-1.257-.168-1.5.136a.634.634 0 0 1 .115.025c.37.128.12.256.053.408Zm14.266 9.879-1.194.227L46.828.002 7.77 4.53l4.812 39.046 4.571-.664c-.364-.52-.932-1.152-1.904-1.959-1.346-1.118-.87-3.018-.076-4.218 1.05-2.027 6.464-4.603 6.158-7.843-.11-1.178-.297-2.712-1.391-3.763-.04.436.033.856.033.856s-.45-.572-.673-1.354c-.222-.3-.396-.395-.633-.795-.168.463-.146 1-.146 1s-.368-.868-.426-1.6c-.219.327-.274.95-.274.95s-.477-1.368-.368-2.105c-.218-.642-.863-1.914-.681-4.807 1.192.835 3.816.637 4.838-.87.34-.499.573-1.86-.168-4.546-.477-1.721-1.656-4.284-2.117-5.257l-.054.04c.242.783.742 2.425.933 3.222.58 2.415.736 3.256.464 4.37-.232.968-.788 1.601-2.196 2.309-1.409.71-3.279-1.018-3.397-1.114-1.368-1.09-2.426-2.869-2.544-3.733-.123-.946.544-1.514.882-2.287a8.6 8.6 0 0 0-1.02.383s.642-.664 1.432-1.238a8.26 8.26 0 0 0 .864-.641c-.5-.009-.904.005-.904.005s.832-.45 1.695-.777c-.63-.029-1.236-.005-1.236-.005s1.858-.832 3.328-1.442c1.009-.414 1.995-.291 2.55.51.727 1.05 1.49 1.62 3.11 1.973.995-.44 1.297-.667 2.545-1.007 1.1-1.21 1.963-1.366 1.963-1.366s-.427.393-.542 1.01c.623-.491 1.306-.902 1.306-.902s-.264.327-.51.846l.057.085c.728-.436 1.583-.78 1.583-.78s-.244.31-.531.709c.548-.005 1.66.023 2.092.072 2.55.056 3.078-2.722 4.056-3.07 1.225-.438 1.773-.702 3.86 1.348 1.79 1.76 3.19 4.91 2.495 5.615-.583.586-1.732-.228-3.005-1.816a6.865 6.865 0 0 1-1.42-3.097 3.043 3.043 0 0 0-.984-1.684s.453 1.012.453 1.904c0 .488.061 2.31.843 3.332-.078.15-.114.74-.2.853-.908-1.099-2.861-1.885-3.178-2.117 1.076.883 3.553 2.911 4.504 4.855.9 1.838.37 3.523.825 3.96.129.125 1.935 2.374 2.282 3.504.607 1.97.036 4.04-.757 5.324l-2.214.345c-.324-.09-.543-.135-.834-.303.161-.283.48-.99.483-1.136l-.125-.219c-.69.976-1.844 1.924-2.803 2.469-1.256.712-2.702.602-3.644.31-2.673-.824-5.202-2.63-5.81-3.105 0 0-.02.379.095.464.674.76 2.218 2.135 3.71 3.094l-3.181.35 1.504 11.712c-.666.096-.77.143-1.5.247-.644-2.274-1.875-3.758-3.22-4.622-1.186-.763-2.823-.935-4.39-.624l-.1.116c1.089-.113 2.374.044 3.695.88 1.297.82 2.341 2.938 2.726 4.212.493 1.63.832 3.372-.493 5.22-.942 1.313-3.695 2.038-5.918.468.594.955 1.396 1.737 2.477 1.884 1.605.218 3.129-.061 4.176-1.137.895-.92 1.37-2.845 1.245-4.872l1.417-.205.511 3.637 23.449-2.823-1.913-18.66ZM27.86 28.834l2.951-.406c.477.215.81.297 1.382.442.89.232 1.924.455 3.451-.314.356-.177 1.096-.854 1.395-1.24l12.087-2.193 1.233 14.924-20.708 3.732-1.79-14.945Zm17.149 4.953-3.96-2.611-3.301 5.517-3.842-1.123-3.382 5.161.174 1.625 18.388-3.388-1.07-11.489-3.007 6.308Z"/>
-    </symbol>
-    <symbol id="fastly" viewBox="0 0 60 60">
-      <path d="M40.845 36.419h4.699v-2.393h-1.558V18.379h-3.141v18.04ZM.008 34.026h1.6v-7.55h-1.6v-2.078l1.6-.263v-2.103c0-2.546.554-3.653 3.797-3.653.698 0 1.533.103 2.264.24l-.434 2.561a6.106 6.106 0 0 0-1.047-.093c-1.141 0-1.43.11-1.43 1.234v1.822h2.375v2.342H4.758v7.55h1.584v2.393H.016v-2.402H.008Zm39.228-.757c-.494.102-.92.093-1.235.102-1.294.034-1.183-.391-1.183-1.617v-5.278h2.469v-2.342h-2.469V18.38h-3.15v14.029c0 2.759.681 4.01 3.644 4.01.698 0 1.668-.18 2.392-.34l-.468-2.81Zm19.563.775c.664 0 1.2.528 1.2 1.192 0 .663-.536 1.183-1.2 1.183a1.186 1.186 0 0 1-1.101-.728 1.186 1.186 0 0 1-.091-.456c0-.672.536-1.191 1.192-1.191Zm0 2.187a1 1 0 0 0 .996-1.004.99.99 0 0 0-.996-.987.983.983 0 0 0-.996.987c0 .553.451 1.004.996 1.004Zm.221-.417-.238-.348h-.17v.349h-.264v-1.167h.485c.29 0 .468.145.468.4 0 .188-.094.315-.247.366l.29.4h-.324Zm-.409-.587h.214c.118 0 .204-.05.204-.179 0-.119-.085-.17-.196-.17h-.222v.349Zm-28.868-8.76v-.417c-.953-.17-1.897-.179-2.409-.179-1.464 0-1.642.775-1.642 1.2 0 .597.204.92 1.787 1.27 2.324.518 4.648 1.063 4.648 3.94 0 2.733-1.405 4.138-4.358 4.138-1.975 0-3.899-.426-5.364-.8v-2.35h2.384v.418c1.03.195 2.103.178 2.665.178 1.566 0 1.813-.843 1.813-1.285 0-.622-.451-.92-1.916-1.218-2.758-.468-4.954-1.413-4.954-4.214 0-2.656 1.78-3.695 4.733-3.695 2.001 0 3.525.307 4.989.682v2.332h-2.376Zm-14.752 1.882-1.158 1.012a.616.616 0 0 0-.639 1.014.616.616 0 0 0 1.033-.299.617.617 0 0 0-.02-.34l1.022-1.14-.238-.248Z"/>
-      <path d="M20.068 23.47h-3.15v.886a6.38 6.38 0 0 0-2.12-.792v-1.073h.383v-.8h-3.167v.8h.384v1.081a6.48 6.48 0 0 0-5.261 6.368 6.469 6.469 0 0 0 1.899 4.588 6.48 6.48 0 0 0 4.587 1.9c1.209 0 2.35-.333 3.32-.912l.562.911h3.329v-3.15h-.766V23.47Zm-3.116 6.657a3.343 3.343 0 0 1-3.15 3.142v-.375h-.375v.375a3.332 3.332 0 0 1-3.124-3.15h.375v-.374h-.375a3.342 3.342 0 0 1 3.124-3.124v.374h.375v-.375a3.333 3.333 0 0 1 3.15 3.141h-.375v.375h.375v-.009Zm36.555-5.992h6.495v2.34h-1.549l-3.984 9.8c-1.141 2.749-3.013 5.345-5.874 5.345-.698 0-1.635-.076-2.282-.23l.281-2.86c.418.076.962.128 1.243.128 1.328 0 2.818-.818 3.286-2.248l-4.035-9.935h-1.55v-2.341h6.496v2.341h-1.549l2.29 5.627 2.29-5.627h-1.55v-2.341h-.008Z"/>
-    </symbol>
-    <symbol id="honeybadger" viewBox="0 0 60 60">
-      <path fill-rule="evenodd" clip-rule="evenodd" d="m37.902 14.22 7.608 7.607-15.506 15.507-1.687-1.687-2.292 2.29 2.451 2.452a2.161 2.161 0 0 0 3.056 0l17.034-17.034a2.16 2.16 0 0 0 0-3.055l-9.3-9.298-1.364 3.218Zm-.284-4.866-1.364 3.218-2.87-2.87 2.291-2.29 1.943 1.942Zm-3.47-3.472-2.616-2.615a2.161 2.161 0 0 0-3.056 0L11.444 20.3a2.161 2.161 0 0 0 0 3.055l9.984 9.984 1.462-3.119-8.391-8.393L30.004 6.323l1.853 1.85 2.29-2.29ZM23.051 34.964l1.462-3.12 2.276 2.275-2.293 2.29-1.445-1.445Z"/>
-      <path d="M39.405 5.158c.232-.546-.459-1.013-.879-.592L19.967 23.125h7.56l-6.016 14.81c-.221.547.466 1.003.882.586L40.49 20.424h-7.561l6.476-15.266Z"/>
-      <path fill-rule="evenodd" clip-rule="evenodd" d="m5.662 57.367 1.744-11.959H5.465l-.715 4.864H2.989l.715-4.864H1.762L.004 57.367h1.941l.78-5.308h1.762l-.78 5.308h1.955Zm3.62-2.397c1.942 0 2.705-.82 3.107-3.75.375-2.783-.276-3.697-2.08-3.697-1.913 0-2.732.941-3.078 3.804-.36 2.81.374 3.643 2.052 3.643Zm.196-1.371c-.486 0-.611-.47-.348-2.285.25-1.882.486-2.432 1.04-2.432.486 0 .583.442.333 2.298-.249 1.84-.486 2.419-1.025 2.419Zm5.672-5.323c.43-.404 1.054-.753 1.608-.753 1.124 0 1.513.766 1.318 2.11l-.777 5.175h-1.803l.736-4.972c.068-.484-.028-.727-.388-.727-.278 0-.541.243-.707.404l-.778 5.295h-1.802l1.04-7.124h1.526l.027.592Zm22.967-.592-.21.525a1.545 1.545 0 0 0-1.33-.686c-1.318 0-2.122 1.05-2.455 3.83-.333 2.756.306 3.617 1.345 3.617.624 0 1.11-.296 1.47-.712l.014.55h1.665l1.053-7.124h-1.552Zm-1.056 5.39c-.151.19-.442.39-.692.39-.445 0-.583-.417-.347-2.15.25-1.841.513-2.272.956-2.272.265 0 .486.188.611.39l-.528 3.643Zm8.558-7.666-1.387 9.4h-1.65l-.015-.55c-.36.43-.86.712-1.47.712-1.04 0-1.692-.86-1.344-3.617.333-2.78 1.122-3.83 2.454-3.83.514 0 .915.215 1.206.552l.403-2.667h1.803Zm-3.967 5.906c-.249 1.733-.097 2.15.347 2.15.236 0 .541-.2.693-.39l.527-3.642c-.125-.202-.36-.39-.61-.39-.444 0-.707.43-.957 2.272Zm-15.81 6.05h21.502a2.584 2.584 0 0 0 2.559-2.223l1.054-7.457h-1.553l-.166.538c-.278-.39-.75-.699-1.262-.699-1.4 0-2.164.766-2.552 3.75-.374 2.715.236 3.548 1.332 3.548.554 0 1.067-.24 1.413-.644l-.055.51c-.149.639-.804 1.145-1.882 1.145H26.71c-.255.603-.503 1.09-.797 1.45l-.07.082Zm21.842-4.02c-.444 0-.61-.39-.374-2.084.236-1.774.513-2.218.97-2.218.25 0 .473.188.596.377l-.512 3.535c-.152.188-.445.39-.68.39Zm7.461.994c-.734.43-1.498.632-2.164.632-1.553 0-2.26-1.344-1.955-3.63.36-2.741 1.387-3.817 3.148-3.817 1.096 0 1.775.565 1.775 1.56 0 1.33-.749 2.782-3.189 3.226 0 .072.004.126.008.174.003.04.005.079.005.12.013.552.306.848.791.848.333 0 .72-.108 1.276-.363l.305 1.25Zm-1.18-5.484c-.428 0-.818.645-1.053 2.07a1.557 1.557 0 0 0 1.414-1.546c0-.323-.11-.524-.36-.524Zm3.46 5.954.734-4.879c.36-.322.763-.497 1.165-.497.112 0 .208 0 .32.013l.36-1.733a.932.932 0 0 0-.568-.189c-.528 0-.985.418-1.318 1.009l-.027-.848h-1.415l-1.055 7.124h1.804Zm-34.924-.47c-.736.43-1.498.632-2.164.632-1.553 0-2.26-1.344-1.954-3.63.36-2.741 1.385-3.817 3.146-3.817 1.097 0 1.776.565 1.776 1.56 0 1.33-.749 2.782-3.189 3.226 0 .072.004.126.007.174.003.04.006.079.006.12.015.552.305.848.791.848.333 0 .721-.108 1.275-.363l.306 1.25Zm-1.18-5.484c-.429 0-.817.645-1.052 2.07a1.557 1.557 0 0 0 1.413-1.546c0-.323-.11-.524-.36-.524Zm9.85 6.116c1.58 0 2.19-1.25 2.524-4.167.318-2.608-.195-3.28-1.29-3.28-.554 0-1.04.23-1.47.565l.36-2.482h-1.802l-1.346 9.202h1.637l.166-.537c.236.39.666.7 1.22.7Zm-.347-1.506a.675.675 0 0 1-.624-.39l.541-3.655c.208-.215.484-.377.749-.377.416 0 .499.416.319 1.828-.166 1.681-.444 2.594-.985 2.594Zm-5.516-.59 1.566-5.19h1.859L25.96 54.89c-.764 1.962-1.193 2.474-2.4 2.474H6.626l.225-1.532h16.414c.557 0 .864-.387.864-.89l-.624-7.258h1.956l-.153 5.19Z"/>
-    </symbol>
-    <symbol id="domainr" viewBox="0 0 60 60">
-      <path d="M30.02 0a22.501 22.501 0 0 1 15.899 6.582A22.515 22.515 0 0 1 52.5 22.473c0 5.96-2.378 11.676-6.582 15.89a22.5 22.5 0 0 1-15.899 6.583H10.236a.733.733 0 0 1-.626-.35.887.887 0 0 1-.11-.354c0-.125.025-.25.086-.361l1.152-2.306a.959.959 0 0 1 .883-.537H30.02a18.57 18.57 0 0 0 18.57-18.565A18.57 18.57 0 0 0 30.02 3.91H14.048a.409.409 0 0 0-.184.046.466.466 0 0 0-.135.129.309.309 0 0 0-.049.179c-.012.064.012.126.037.184l1.066 2.12a.429.429 0 0 0 .184.199c.074.049.16.073.258.073H30.02a15.64 15.64 0 0 1 15.641 15.634A15.647 15.647 0 0 1 30.02 38.106H13.656a.733.733 0 0 1-.626-.35.887.887 0 0 1-.11-.352.75.75 0 0 1 .086-.363l4.572-9.145a.96.96 0 0 1 .87-.538H30.02a4.89 4.89 0 0 0 4.89-4.885 4.89 4.89 0 0 0-4.89-4.885h-9.132a.405.405 0 0 0-.184.047.466.466 0 0 0-.135.129.309.309 0 0 0-.049.179c-.012.062.012.125.037.182l1.066 2.121c.037.08.098.15.172.199a.525.525 0 0 0 .27.073h7.955c.527 0 1.017.206 1.385.573.368.367.576.864.576 1.382 0 .518-.208 1.015-.576 1.382a1.949 1.949 0 0 1-1.385.572h-10.1a.999.999 0 0 1-.515-.147 1.054 1.054 0 0 1-.356-.39l-4.584-9.145a.735.735 0 0 1-.074-.362c0-.126.037-.248.11-.356a.671.671 0 0 1 .258-.256.744.744 0 0 1 .368-.092H30.02a8.81 8.81 0 0 1 6.227 2.576 8.82 8.82 0 0 1 2.574 6.218 8.819 8.819 0 0 1-2.574 6.218 8.809 8.809 0 0 1-6.227 2.576h-9.426a.503.503 0 0 0-.442.274l-1.066 2.12a.462.462 0 0 0-.037.183.32.32 0 0 0 .061.178.29.29 0 0 0 .135.13c.05.03.11.046.172.046H30.02a11.75 11.75 0 0 0 8.299-3.435 11.743 11.743 0 0 0 3.432-8.29 11.743 11.743 0 0 0-3.432-8.291 11.75 11.75 0 0 0-8.299-3.434H13.08a.999.999 0 0 1-.515-.147 1.053 1.053 0 0 1-.356-.39L7.625 1.065A.735.735 0 0 1 7.55.703a.62.62 0 0 1 .11-.354.757.757 0 0 1 .258-.256.745.745 0 0 1 .368-.094H30.02ZM6.423 59.86h-2.17l.013-1.39h2.157c.638 0 1.153-.137 1.582-.412.429-.274.747-.668.968-1.18.208-.511.319-1.122.319-1.83v-.55c0-.55-.062-1.037-.184-1.46a3.019 3.019 0 0 0-.54-1.068 2.397 2.397 0 0 0-.882-.657 3.022 3.022 0 0 0-1.201-.223H4.217v-1.398h2.268c.674 0 1.299.114 1.85.343a4.016 4.016 0 0 1 1.447.97c.417.424.723.932.944 1.522.22.592.33 1.253.33 1.984v.538c0 .73-.11 1.391-.33 1.983a4.233 4.233 0 0 1-.944 1.521c-.404.42-.895.743-1.459.971-.564.225-1.2.336-1.9.336Zm-1.2-10.168V59.86H3.468V49.692h1.753Zm7.109 6.474v-.161c0-.544.073-1.05.233-1.515.159-.47.392-.878.686-1.222a3.16 3.16 0 0 1 1.103-.81 3.62 3.62 0 0 1 1.483-.293c.552 0 1.042.098 1.471.293.442.19.81.46 1.116.81.306.344.527.751.686 1.222.16.466.246.97.246 1.515v.16c0 .546-.086 1.051-.246 1.516-.159.465-.38.872-.686 1.222a3.27 3.27 0 0 1-1.103.81A3.58 3.58 0 0 1 15.85 60a3.74 3.74 0 0 1-1.496-.287 3.27 3.27 0 0 1-1.103-.81 3.783 3.783 0 0 1-.686-1.222 4.64 4.64 0 0 1-.233-1.515Zm1.68-.161v.16c0 .34.036.661.097.964.074.303.184.569.331.797.147.228.343.407.576.537.233.13.515.196.834.196.306 0 .576-.065.809-.196.233-.13.417-.31.576-.537.147-.228.257-.494.319-.797a4.07 4.07 0 0 0 .11-.963v-.161c0-.335-.037-.652-.11-.95a2.173 2.173 0 0 0-.331-.803 1.59 1.59 0 0 0-.576-.544 1.554 1.554 0 0 0-.81-.202c-.318 0-.6.067-.833.202-.22.13-.417.311-.564.544s-.257.501-.33.803a4.706 4.706 0 0 0-.099.95Zm8.433-2.165v6.02h-1.68v-7.556h1.581l.099 1.536Zm-.27 1.963-.576-.008c0-.52.061-1.002.196-1.445.135-.442.319-.826.576-1.152.245-.331.564-.584.932-.761.38-.182.809-.272 1.311-.272.343 0 .65.051.944.153.282.098.527.254.748.468.208.215.368.49.478.824.122.336.184.74.184 1.215v5.035h-1.692v-4.888c0-.368-.049-.656-.16-.866a.973.973 0 0 0-.465-.447 1.73 1.73 0 0 0-.723-.14c-.319 0-.589.061-.81.182-.22.12-.404.286-.539.496-.134.21-.245.451-.306.726a4.033 4.033 0 0 0-.098.88Zm4.682-.448-.784.176c0-.456.061-.888.184-1.292a3.4 3.4 0 0 1 .564-1.075c.257-.313.564-.557.931-.733a2.854 2.854 0 0 1 1.263-.266c.392 0 .735.054 1.03.16.318.103.576.266.784.49.22.222.38.513.49.872.11.354.172.782.172 1.285v4.888h-1.692v-4.896c0-.38-.06-.676-.171-.886a.836.836 0 0 0-.454-.433 1.884 1.884 0 0 0-.723-.126c-.257 0-.49.05-.686.147a1.383 1.383 0 0 0-.503.399 1.839 1.839 0 0 0-.306.578c-.062.22-.099.457-.099.712Zm10.628 2.99v-3.604c0-.27-.049-.502-.147-.698a1.066 1.066 0 0 0-.454-.454 1.526 1.526 0 0 0-.735-.16c-.282 0-.515.046-.711.14a1.206 1.206 0 0 0-.478.377.91.91 0 0 0-.16.537h-1.679c0-.298.074-.586.22-.866.148-.28.356-.528.626-.748.27-.218.6-.39.98-.516s.81-.188 1.288-.188c.564 0 1.079.095 1.508.286.44.19.796.48 1.041.866.258.381.38.862.38 1.438v3.36c0 .344.025.653.074.928.049.27.123.505.22.706v.111H37.73a2.797 2.797 0 0 1-.184-.691 4.8 4.8 0 0 1-.06-.824Zm.233-3.08.025 1.04h-1.214c-.306 0-.588.031-.821.091a1.69 1.69 0 0 0-.6.251c-.148.112-.27.248-.356.406-.074.158-.11.337-.11.537 0 .201.048.385.134.552.098.163.233.291.405.384.183.094.404.14.662.14a1.835 1.835 0 0 0 1.507-.734c.147-.208.233-.407.245-.593l.54.747a2.3 2.3 0 0 1-.282.615c-.135.219-.319.427-.54.628a2.616 2.616 0 0 1-1.801.67 2.92 2.92 0 0 1-1.324-.293 2.395 2.395 0 0 1-.907-.803 2.067 2.067 0 0 1-.331-1.152c0-.4.073-.754.233-1.062.147-.311.367-.572.661-.782a3.338 3.338 0 0 1 1.091-.474c.43-.112.92-.168 1.471-.168h1.312Zm5.014-2.96v7.555H41.04v-7.556h1.692ZM40.93 50.32c0-.256.085-.468.245-.635.184-.173.417-.259.723-.259.294 0 .527.086.699.259a.848.848 0 0 1 .257.635c0 .251-.086.46-.257.629-.172.168-.405.251-.699.251-.306 0-.54-.083-.723-.251a.883.883 0 0 1-.245-.629Zm5.307 3.596v5.943h-1.679v-7.556h1.594l.085 1.613Zm-.294 1.886-.54-.008c0-.534.074-1.026.221-1.473.148-.446.356-.831.613-1.152.27-.321.576-.568.944-.74a2.82 2.82 0 0 1 1.238-.265c.356 0 .687.051.98.153.295.098.553.258.76.482.222.224.38.514.491.874.11.353.172.788.172 1.305v4.881H49.13v-4.888c0-.363-.061-.65-.16-.86a.946.946 0 0 0-.453-.453 1.711 1.711 0 0 0-.735-.14 1.59 1.59 0 0 0-.772.182 1.74 1.74 0 0 0-.589.496c-.147.21-.27.451-.355.726a2.938 2.938 0 0 0-.123.88Zm8.287-2.06v6.117h-1.692v-7.556h1.606l.086 1.438Zm2.304-1.488-.012 1.564a4.306 4.306 0 0 0-.687-.055c-.282 0-.539.042-.76.125a1.418 1.418 0 0 0-.882.894 2.574 2.574 0 0 0-.147.72l-.38.028c0-.476.049-.915.135-1.32a3.48 3.48 0 0 1 .429-1.068c.183-.308.429-.548.71-.72.282-.173.613-.258.993-.258a2.13 2.13 0 0 1 .601.09Z"/>
-    </symbol>
-    <symbol id="mend-io" viewBox="0 0 60 60">
-      <path d="M43.39 27.355c-2.24 5.173-7.39 8.79-13.39 8.79-.25 0-.49-.006-.73-.018-7.72-.38-13.87-6.763-13.87-14.58 0-1.31.18-2.576.5-3.78.33-.352.79-.57 1.31-.57.99 0 1.81.818 1.81 1.824v.587c0 .01-.01.02-.01.028v4.44a3.33 3.33 0 0 0 3.32 3.331 3.33 3.33 0 0 0 3.32-3.331v-3.582c0-.012-.01-.022-.01-.035v-1.438c0-1.006.81-1.825 1.81-1.825s1.81.82 1.81 1.825v5.055c0 1.837 1.49 3.331 3.31 3.331a3.33 3.33 0 0 0 3.32-3.331V19.02c0-1.006.81-1.825 1.81-1.825.99 0 1.8.82 1.8 1.825v5.055a3.33 3.33 0 0 0 3.32 3.331c.19 0 .38-.02.57-.052Z"/>
-      <path d="M44.59 21.55c0 1.322-.18 2.598-.5 3.818v.006c-.01.002-.01.005-.01.005v.002c-.33.32-.77.52-1.27.52-.99 0-1.8-.819-1.8-1.824v-5.055a3.331 3.331 0 0 0-3.32-3.332c-1.83 0-3.31 1.496-3.31 3.333v5.055c0 1.006-.81 1.825-1.81 1.825s-1.81-.82-1.81-1.825v-5.055c0-1.837-1.48-3.333-3.31-3.333a3.331 3.331 0 0 0-3.32 3.333v5.055c0 1.006-.81 1.825-1.8 1.825-1 0-1.81-.82-1.81-1.825v-5.055c0-1.836-1.49-3.33-3.31-3.332h-.01c-.2 0-.4.021-.6.057C18.85 10.573 24 6.956 30 6.956c.07 0 .15 0 .23.002 7.95.126 14.36 6.61 14.36 14.594M.11 52.772a.408.408 0 0 1-.11-.289v-7.528c0-.117.04-.214.11-.289a.4.4 0 0 1 .29-.111h1.75c.11 0 .21.038.28.111a.38.38 0 0 1 .12.289v.544c.24-.32.57-.584.98-.792.41-.209.87-.313 1.39-.313 1.17 0 1.98.459 2.43 1.378.26-.406.61-.737 1.07-.994.46-.256.95-.384 1.48-.384.87 0 1.58.296 2.13.89.55.592.83 1.476.83 2.651v4.548c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121H10.6a.421.421 0 0 1-.3-.112.376.376 0 0 1-.12-.289v-4.436c0-.534-.11-.918-.32-1.154-.22-.234-.52-.352-.89-.352-.35 0-.63.12-.85.36-.23.241-.34.623-.34 1.146v4.436c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121H5.52a.414.414 0 0 1-.29-.112.408.408 0 0 1-.11-.289v-4.436c0-.523-.11-.905-.34-1.146a1.15 1.15 0 0 0-.87-.36c-.36 0-.63.12-.86.36-.23.241-.35.617-.35 1.129v4.453c0 .107-.03.2-.11.28a.367.367 0 0 1-.29.121H.4a.382.382 0 0 1-.29-.112Zm15.07-.768c-.74-.694-1.13-1.703-1.16-3.028v-.56c.05-1.26.44-2.246 1.18-2.955.74-.71 1.74-1.066 2.99-1.066.91 0 1.67.185 2.3.553.62.368 1.09.873 1.41 1.513.31.641.47 1.378.47 2.211v.384c0 .107-.04.199-.11.28-.08.08-.17.12-.29.12h-5.13v.112c.02.502.15.908.37 1.217.23.31.55.464.98.464.27 0 .48-.056.66-.168.17-.112.32-.248.46-.408.1-.117.17-.19.23-.216.06-.026.15-.04.28-.04h1.99c.09 0 .18.029.25.088s.1.136.1.232c0 .278-.16.598-.47.961-.32.364-.77.678-1.37.945-.6.267-1.3.4-2.12.4-1.28 0-2.29-.347-3.02-1.041v.002Zm4.37-4.133v-.031c0-.523-.12-.938-.36-1.241-.24-.305-.57-.457-1-.457-.43 0-.75.152-.99.457-.24.303-.36.718-.36 1.241v.031h2.71Zm4.1 4.901a.408.408 0 0 1-.11-.289v-7.528c0-.117.04-.214.11-.289a.418.418 0 0 1 .29-.111h1.85c.11 0 .21.038.29.111a.38.38 0 0 1 .12.289v.608c.29-.352.66-.635 1.11-.849.46-.214.97-.32 1.55-.32.94 0 1.7.318 2.29.954.59.635.88 1.524.88 2.666v4.469c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121h-2.02c-.1 0-.2-.04-.28-.121a.383.383 0 0 1-.12-.28v-4.372c0-.503-.12-.89-.37-1.162-.24-.273-.59-.408-1.05-.408-.46 0-.8.135-1.06.408-.26.272-.38.659-.38 1.162v4.372c0 .107-.04.2-.12.28a.36.36 0 0 1-.28.121h-2.01a.414.414 0 0 1-.29-.112Zm10.53-.712c-.58-.657-.9-1.583-.95-2.78l-.02-.561.02-.577c.04-1.153.36-2.066.95-2.739.59-.672 1.41-1.009 2.44-1.009.97 0 1.76.316 2.36.945v-3.428a.382.382 0 0 1 .4-.4h1.95c.12 0 .21.038.29.112.07.075.11.171.11.288v10.572c0 .106-.04.199-.11.279a.382.382 0 0 1-.29.121h-1.81c-.11 0-.2-.04-.28-.121a.383.383 0 0 1-.12-.279v-.514c-.59.715-1.42 1.073-2.5 1.073s-1.86-.328-2.44-.985v.003Zm4.4-1.618c.23-.305.36-.696.4-1.177.01-.139.01-.342.01-.608 0-.267 0-.454-.01-.593-.03-.437-.16-.8-.4-1.089-.25-.288-.61-.433-1.08-.433-.5 0-.86.15-1.08.448-.22.3-.34.711-.37 1.234-.02.107-.02.272-.02.497 0 .224 0 .389.02.496.03.523.15.934.37 1.234.22.299.58.448 1.08.448.51 0 .84-.152 1.08-.457Zm9.06-7.2c-.08-.075-.11-.17-.11-.288v-1.442c0-.117.03-.214.11-.288a.382.382 0 0 1 .29-.112h1.92c.12 0 .21.038.29.112.07.074.11.171.11.288v1.442c0 .117-.04.213-.11.288a.397.397 0 0 1-.29.112h-1.92a.382.382 0 0 1-.29-.112Zm.02 9.53a.376.376 0 0 1-.12-.288v-7.529c0-.117.04-.213.12-.288a.374.374 0 0 1 .28-.112h1.89c.12 0 .22.038.29.112a.37.37 0 0 1 .11.288v7.529c0 .106-.03.199-.11.28a.37.37 0 0 1-.29.12h-1.89a.374.374 0 0 1-.28-.112Zm5.02-.672c-.72-.631-1.11-1.517-1.17-2.659-.01-.139-.02-.379-.02-.721 0-.341.01-.581.02-.72.06-1.131.46-2.015 1.2-2.651.74-.636 1.74-.954 3.03-.954 1.28 0 2.3.318 3.04.954.74.636 1.14 1.519 1.2 2.651.01.139.02.379.02.72 0 .342-.01.583-.02.721-.06 1.142-.45 2.028-1.17 2.659-.71.63-1.74.944-3.07.944-1.34 0-2.35-.314-3.06-.944Zm4.1-1.433c.22-.284.35-.719.38-1.305.01-.107.02-.32.02-.642 0-.321-.01-.533-.02-.641-.03-.577-.16-1.008-.39-1.297-.23-.289-.57-.433-1.03-.433-.89 0-1.36.577-1.41 1.73l-.02.641.02.642c.02.588.14 1.023.37 1.305.23.283.58.424 1.04.424.46 0 .81-.141 1.04-.424Zm-12.16 2.217a1.45 1.45 0 1 0 0-2.9 1.45 1.45 0 0 0 0 2.9Z"/>
-    </symbol>
-    <symbol id="github" viewBox="0 0 24 24">
-      <path d="M12 2C17.525 2 22 6.58819 22 12.2529C21.9995 14.4012 21.3419 16.4952 20.1198 18.2402C18.8977 19.9852 17.1727 21.2933 15.1875 21.9804C14.6875 22.0829 14.5 21.7625 14.5 21.4934C14.5 21.1474 14.5125 20.0452 14.5125 18.6738C14.5125 17.7126 14.2 17.0974 13.8375 16.777C16.0625 16.5207 18.4 15.6492 18.4 11.7147C18.4 10.5868 18.0125 9.67689 17.375 8.95918C17.475 8.70286 17.825 7.65193 17.275 6.24215C17.275 6.24215 16.4375 5.9602 14.525 7.29308C13.725 7.06239 12.875 6.94704 12.025 6.94704C11.175 6.94704 10.325 7.06239 9.525 7.29308C7.6125 5.97301 6.775 6.24215 6.775 6.24215C6.225 7.65193 6.575 8.70286 6.675 8.95918C6.0375 9.67689 5.65 10.5997 5.65 11.7147C5.65 15.6364 7.975 16.5207 10.2 16.777C9.9125 17.0334 9.65 17.4819 9.5625 18.1484C8.9875 18.4175 7.55 18.8533 6.65 17.3025C6.4625 16.9949 5.9 16.2388 5.1125 16.2516C4.275 16.2644 4.775 16.7386 5.125 16.9308C5.55 17.1743 6.0375 18.0843 6.15 18.3791C6.35 18.9558 7 20.058 9.5125 19.5838C9.5125 20.4425 9.525 21.2499 9.525 21.4934C9.525 21.7625 9.3375 22.0701 8.8375 21.9804C6.8458 21.3007 5.11342 19.9952 3.88611 18.2492C2.65881 16.5031 1.9989 14.4052 2 12.2529C2 6.58819 6.475 2 12 2Z"/>
-    </symbol>
-    <symbol id="mastodon" viewBox="0 0 24 24">
-      <path d="M23.193 7.879c0-5.207-3.411-6.732-3.411-6.732C18.062.357 15.109.025 12.04 0h-.076c-3.068.025-6.019.357-7.74 1.147 0 0-3.411 1.526-3.411 6.732 0 1.191-.023 2.617.015 4.129.123 5.092.933 10.111 5.641 11.356 2.171.575 4.034.695 5.534.613 2.722-.152 4.249-.972 4.249-.972l-.09-1.975s-1.945.614-4.129.539c-2.165-.075-4.448-.233-4.799-2.891a5.626 5.626 0 0 1-.048-.745s2.124.519 4.817.643c1.646.076 3.19-.096 4.759-.283 3.007-.359 5.625-2.211 5.954-3.905.52-2.668.477-6.509.477-6.509Zm-4.023 6.709h-2.498v-6.12c0-1.289-.542-1.944-1.628-1.944-1.2 0-1.802.777-1.802 2.312v3.35H10.76v-3.35c0-1.535-.601-2.312-1.803-2.312-1.086 0-1.628.655-1.628 1.944v6.12H4.832V8.284c0-1.289.327-2.313.987-3.07.68-.757 1.569-1.146 2.674-1.146 1.278 0 2.247.491 2.886 1.473L12 6.585l.623-1.044c.64-.982 1.609-1.473 2.887-1.473 1.104 0 1.994.389 2.674 1.146.658.757.986 1.781.986 3.07v6.304Z"/>
-    </symbol>
-    <symbol id="x-twitter" viewBox="0 0 24 24">
-      <path d="M16.39 19.89h2.44L7.6 4.17H5.16M21 21H15.64l-4.91-6.99L4.59 21H3l7.03-7.99L3 3H8.36l4.65 6.62L18.83 3h1.59l-6.71 7.62"/>
-    </symbol>
-  </defs>
-</svg>

From a29acea98f194ac163be56d32e6b109992ca1ebd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 02:26:59 +0000
Subject: [PATCH 329/381] Bump selenium-webdriver from 4.25.0 to 4.26.0 (#5178)

---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index f1fee731abe..803ed761e25 100644
--- a/Gemfile
+++ b/Gemfile
@@ -137,7 +137,7 @@ group :test do
   gem "mocha", "~> 2.5", require: false
   gem "shoulda-context", "~> 3.0.0.rc1"
   gem "shoulda-matchers", "~> 6.4"
-  gem "selenium-webdriver", "~> 4.25"
+  gem "selenium-webdriver", "~> 4.26"
   gem "webmock", "~> 3.24"
   gem "simplecov", "~> 0.22", require: false
   gem "simplecov-cobertura", "~> 2.1", require: false
diff --git a/Gemfile.lock b/Gemfile.lock
index 5c06644f004..a3f73d33f43 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -739,7 +739,7 @@ GEM
       activemodel (>= 6.1)
       hashie
     securerandom (0.3.1)
-    selenium-webdriver (4.25.0)
+    selenium-webdriver (4.26.0)
       base64 (~> 0.2)
       logger (~> 1.4)
       rexml (~> 3.2, >= 3.2.5)
@@ -957,7 +957,7 @@ DEPENDENCIES
   rubocop-rails (~> 2.25)
   ruby-magic (~> 0.6)
   searchkick (~> 5.4)
-  selenium-webdriver (~> 4.25)
+  selenium-webdriver (~> 4.26)
   shoryuken (~> 6.2)
   shoulda-context (~> 3.0.0.rc1)
   shoulda-matchers (~> 6.4)
@@ -1253,7 +1253,7 @@ CHECKSUMS
   sawyer (0.9.2) sha256=fa3a72d62a4525517b18857ddb78926aab3424de0129be6772a8e2ba240e7aca
   searchkick (5.4.0) sha256=75d7256d3ec2af2dc11c2ba8160c86d80451f3f86447aae2ace1f79553de0bf3
   securerandom (0.3.1) sha256=98f0450c0ea46d2f9a4b6db4f391dbd83dc08049592eada155739f40e0341bde
-  selenium-webdriver (4.25.0) sha256=7e11abf2b0fd56df61d98b6d59d621781cf103261d941df3510837547bd4a0d5
+  selenium-webdriver (4.26.0) sha256=bb0426ffe50e5940a6a5ed2978b4dfb1cb29e0e1c4d0a420d6aabf0f6c8e0690
   semantic (1.6.1) sha256=3cdbb48f59198ebb782a3fdfb87b559e0822a311610db153bae22777a7d0c163
   semantic_logger (4.16.0) sha256=ffba0bd0e008ceaf6be26da588f610a61208b9a9f55676b32729e962904023d9
   shoryuken (6.2.1) sha256=95ddc0a717624a54e799d25a0a05100cb5a0c3728a96211935c214faaf16b3b6

From 9e924657d9c56c791769e2573fdcea68867c3e68 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 02:27:10 +0000
Subject: [PATCH 330/381] Bump statsd-instrument from 3.9.3 to 3.9.5 (#5179)

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index a3f73d33f43..cc1623316cf 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -768,7 +768,7 @@ GEM
     snaky_hash (2.0.1)
       hashie
       version_gem (~> 1.1, >= 1.1.1)
-    statsd-instrument (3.9.3)
+    statsd-instrument (3.9.5)
     stimulus-rails (1.3.4)
       railties (>= 6.0.0)
     stringio (3.1.1)
@@ -1265,7 +1265,7 @@ CHECKSUMS
   simplecov_json_formatter (0.1.4) sha256=529418fbe8de1713ac2b2d612aa3daa56d316975d307244399fa4838c601b428
   smart_properties (1.17.0) sha256=f9323f8122e932341756ddec8e0ac9ec6e238408a7661508be99439ca6d6384b
   snaky_hash (2.0.1) sha256=1ac87ec157fcfe7a460e821e0cd48ae1e6f5e3e082ab520f03f31a9259dbdc31
-  statsd-instrument (3.9.3) sha256=b23508e3565b61129fe4464a52b155e5761b2612ec052d50cde16af8ea0e2e30
+  statsd-instrument (3.9.5) sha256=4d0219d820365f2df89ca0fe61f7b7b60db25a89fcc9277d5e4688ac1a646f73
   stimulus-rails (1.3.4) sha256=765676ffa1f33af64ce026d26b48e8ffb2e0b94e0f50e9119e11d6107d67cb06
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
   strong_migrations (2.0.1) sha256=86ed89bb62ff1861240ab4628a2500ef50cd8bbf03d4c8f7368fda2dd94636b9

From 3da993d95592885acc951b6a7955e1ef28785b1b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 02:27:56 +0000
Subject: [PATCH 331/381] Bump clearance from 2.8.0 to 2.9.1 (#5180)

---
 Gemfile      |  2 +-
 Gemfile.lock | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Gemfile b/Gemfile
index 803ed761e25..4763cc0a2c4 100644
--- a/Gemfile
+++ b/Gemfile
@@ -8,7 +8,7 @@ gem "rails-i18n", "~> 7.0"
 gem "aws-sdk-s3", "~> 1.169"
 gem "aws-sdk-sqs", "~> 1.87"
 gem "bootsnap", "~> 1.18"
-gem "clearance", "~> 2.8"
+gem "clearance", "~> 2.9"
 gem "dalli", "~> 3.2"
 gem "datadog", "~> 2.4"
 gem "dogstatsd-ruby", "~> 5.6"
diff --git a/Gemfile.lock b/Gemfile.lock
index cc1623316cf..22eb4e2f4aa 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -190,7 +190,7 @@ GEM
     childprocess (5.0.0)
     choice (0.2.0)
     chunky_png (1.4.0)
-    clearance (2.8.0)
+    clearance (2.9.1)
       actionmailer (>= 5.0)
       activemodel (>= 5.0)
       activerecord (>= 5.0)
@@ -478,7 +478,7 @@ GEM
     mutex_m (0.2.0)
     net-http (0.4.1)
       uri
-    net-imap (0.4.17)
+    net-imap (0.5.0)
       date
       net-protocol
     net-pop (0.1.2)
@@ -876,7 +876,7 @@ DEPENDENCIES
   browser (~> 6.0)
   capybara (~> 3.40)
   chartkick (~> 5.1)
-  clearance (~> 2.8)
+  clearance (~> 2.9)
   compact_index (~> 0.15.0)
   csv (~> 3.3)
   dalli (~> 3.2)
@@ -1033,7 +1033,7 @@ CHECKSUMS
   childprocess (5.0.0) sha256=0746b7ab1d6c68156e64a3767631d7124121516192c0492929a7f0af7310d835
   choice (0.2.0) sha256=a19617f7dfd4921b38a85d0616446620de685a113ec6d1ecc85bdb67bf38c974
   chunky_png (1.4.0) sha256=89d5b31b55c0cf4da3cf89a2b4ebc3178d8abe8cbaf116a1dba95668502fdcfe
-  clearance (2.8.0) sha256=ec89e99f737a1b115a30624d27daa0501830a991acd93aa0eef7f2414540df52
+  clearance (2.9.1) sha256=fb30b78c36a542555ea6913f2ca3814fb72a2f145133d3407254c8eb74aca08e
   coderay (1.1.3) sha256=dc530018a4684512f8f38143cd2a096c9f02a1fc2459edcfe534787a7fc77d4b
   compact_index (0.15.0) sha256=5c6c404afca8928a7d9f4dde9524f6e1610db17e675330803055db282da84a8b
   concurrent-ruby (1.3.4) sha256=d4aa926339b0a86b5b5054a0a8c580163e6f5dcbdfd0f4bb916b1a2570731c32
@@ -1154,7 +1154,7 @@ CHECKSUMS
   multipart-post (2.4.1) sha256=9872d03a8e552020ca096adadbf5e3cb1cd1cdd6acd3c161136b8a5737cdb4a8
   mutex_m (0.2.0) sha256=b6ef0c6c842ede846f2ec0ade9e266b1a9dac0bc151682b04835e8ebd54840d5
   net-http (0.4.1) sha256=a96efc5ea18bcb9715e24dda4159d10f67ff0345c8a980d04630028055b2c282
-  net-imap (0.4.17) sha256=127bcaf2ccd40503b8fc6e1f4c122485d6e9feeb90dd49e4618e5ffbc8741598
+  net-imap (0.5.0) sha256=b8281598f3c1860679a88de19287673c6835bed6cf0fe1710fb96a5ffcb94aa0
   net-pop (0.1.2) sha256=848b4e982013c15b2f0382792268763b748cce91c9e91e36b0f27ed26420dff3
   net-protocol (0.2.2) sha256=aa73e0cba6a125369de9837b8d8ef82a61849360eba0521900e2c3713aa162a8
   net-smtp (0.5.0) sha256=5fc0415e6ea1cc0b3dfea7270438ec22b278ca8d524986a3ae4e5ae8d087b42a

From b3eecc8669b9c04b42e349bd3f0c5585bf08c3fb Mon Sep 17 00:00:00 2001
From: Tony Liao <kuanchiliao@gmail.com>
Date: Wed, 30 Oct 2024 19:31:24 -0700
Subject: [PATCH 332/381] Add bcrypt password validation (#5160)

Prevent passwords longer than 72 bytes from being created since bcrypt silently truncates them.

Fixes #5093
---
 app/models/user.rb       | 8 +++++++-
 config/locales/de.yml    | 2 ++
 config/locales/en.yml    | 2 ++
 config/locales/es.yml    | 2 ++
 config/locales/fr.yml    | 2 ++
 config/locales/ja.yml    | 2 ++
 config/locales/nl.yml    | 2 ++
 config/locales/pt-BR.yml | 2 ++
 config/locales/zh-CN.yml | 2 ++
 config/locales/zh-TW.yml | 2 ++
 test/models/user_test.rb | 4 ++--
 11 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index a740033e4a3..d8b3ee84303 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -81,7 +81,7 @@ class User < ApplicationRecord
   }, allow_nil: true, length: { within: 0..20 }
 
   validates :password,
-    length: { within: 10..200 },
+    length: { minimum: 10 },
     unpwn: true,
     allow_blank: true, # avoid double errors with can't be blank
     unless: :skip_password_validation?
@@ -90,6 +90,7 @@ class User < ApplicationRecord
 
   validate :unconfirmed_email_uniqueness
   validate :toxic_email_domain, on: :create
+  validate :password_byte_length
 
   def self.authenticate(who, password)
     # Avoid exceptions when string is invalid in the given encoding, _or_ cannot be converted
@@ -321,6 +322,11 @@ def toxic_email_domain
     errors.add(:email, I18n.t("activerecord.errors.messages.blocked", domain: domain)) if toxic
   end
 
+  def password_byte_length
+    return if skip_password_validation? || password.blank?
+    errors.add(:password, :bcrypt_length) if password.bytesize > 72
+  end
+
   def expire_all_api_keys
     api_keys.expire_all!
   end
diff --git a/config/locales/de.yml b/config/locales/de.yml
index 982ff33eced..9ddec255b4c 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -121,6 +121,8 @@ de:
           attributes:
             handle:
               invalid:
+            password:
+              bcrypt_length:
         version:
           attributes:
             gem_full_name:
diff --git a/config/locales/en.yml b/config/locales/en.yml
index c2e04a5298f..810411f3362 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -116,6 +116,8 @@ en:
           attributes:
             handle:
               invalid: "must start with a letter and can only contain letters, numbers, underscores, and dashes"
+            password:
+              bcrypt_length: is too long (maximum is 72 bytes)
         version:
           attributes:
             gem_full_name:
diff --git a/config/locales/es.yml b/config/locales/es.yml
index a223d9f20e3..8f3cc3e7a4e 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -119,6 +119,8 @@ es:
           attributes:
             handle:
               invalid:
+            password:
+              bcrypt_length:
         version:
           attributes:
             gem_full_name:
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index 8149c79b7ff..b261d415f75 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -117,6 +117,8 @@ fr:
           attributes:
             handle:
               invalid:
+            password:
+              bcrypt_length:
         version:
           attributes:
             gem_full_name:
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index f3b08ba0bb6..8e21b186883 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -110,6 +110,8 @@ ja:
           attributes:
             handle:
               invalid:
+            password:
+              bcrypt_length:
         version:
           attributes:
             gem_full_name:
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index 53b9966d822..7f1a0c65e86 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -109,6 +109,8 @@ nl:
           attributes:
             handle:
               invalid:
+            password:
+              bcrypt_length:
         version:
           attributes:
             gem_full_name:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index dd6691234cf..2805d5aca03 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -116,6 +116,8 @@ pt-BR:
           attributes:
             handle:
               invalid:
+            password:
+              bcrypt_length:
         version:
           attributes:
             gem_full_name:
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index f6f6d61608a..9bb1f2258d1 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -111,6 +111,8 @@ zh-CN:
           attributes:
             handle:
               invalid:
+            password:
+              bcrypt_length:
         version:
           attributes:
             gem_full_name:
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index c536c74792c..de097630a59 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -110,6 +110,8 @@ zh-TW:
           attributes:
             handle:
               invalid:
+            password:
+              bcrypt_length:
         version:
           attributes:
             gem_full_name:
diff --git a/test/models/user_test.rb b/test/models/user_test.rb
index 67662129d1d..add6d52b9a5 100644
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@@ -173,7 +173,7 @@ class UserTest < ActiveSupport::TestCase
     end
 
     context "password" do
-      should "be between 10 and 200 characters" do
+      should "be between 10 characters and 72 bytes" do
         user = build(:user, password: "%5a&12ed/")
 
         refute_predicate user, :valid?
@@ -182,7 +182,7 @@ class UserTest < ActiveSupport::TestCase
         user.password = "#{'a8b5d2d451' * 20}a"
 
         refute_predicate user, :valid?
-        assert_contains user.errors[:password], "is too long (maximum is 200 characters)"
+        assert_contains user.errors[:password], "is too long (maximum is 72 bytes)"
 
         user.password = "633!cdf7b3426c9%f6dd1a0b62d4ce44c4f544e%"
         user.valid?

From 49b3a704a700a1824c411c52d1cb2709cfc966ed Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 02:40:19 +0000
Subject: [PATCH 333/381] Bump rails-i18n from 7.0.9 to 7.0.10 (#5176)

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 22eb4e2f4aa..6660e067566 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -635,7 +635,7 @@ GEM
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    rails-i18n (7.0.9)
+    rails-i18n (7.0.10)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 8)
     rails_semantic_logger (4.17.0)
@@ -1211,7 +1211,7 @@ CHECKSUMS
   rails-dom-testing (2.2.0) sha256=e515712e48df1f687a1d7c380fd7b07b8558faa26464474da64183a7426fa93b
   rails-erd (1.7.2) sha256=0b17d0fba25d319d8da8af7a3e5e2149d02d6187cc7351e8be43423f07c48bcd
   rails-html-sanitizer (1.6.0) sha256=86e9f19d2e6748890dcc2633c8945ca45baa08a1df9d8c215ce17b3b0afaa4de
-  rails-i18n (7.0.9) sha256=c184db80a7c7bf21c14e0e400fe9e27c4c20312f019aaff5b364a82858dc1369
+  rails-i18n (7.0.10) sha256=efae16e0ac28c0f42e98555c8db1327d69ab02058c8b535e0933cb106dd931ca
   rails_semantic_logger (4.17.0) sha256=cc10cca01491736596cd5ab40b52b3bbf98338d9d1f5a7916b2be10231615047
   railties (7.2.1.1) sha256=16ac9ddd079b8e8c4c3386234512c301ab7a302bce3cbe0560ac44cec7d88453
   rainbow (3.1.1) sha256=039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a

From c063b9e0ac69827d2bbbf4eb62abf198b67936e5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 02:45:25 +0000
Subject: [PATCH 334/381] Bump chartkick from 5.1.1 to 5.1.2 (#5181)

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 6660e067566..95bddc07db9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -186,7 +186,7 @@ GEM
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
     cbor (0.5.9.8)
-    chartkick (5.1.1)
+    chartkick (5.1.2)
     childprocess (5.0.0)
     choice (0.2.0)
     chunky_png (1.4.0)
@@ -1029,7 +1029,7 @@ CHECKSUMS
   byebug (11.1.3) sha256=2485944d2bb21283c593d562f9ae1019bf80002143cc3a255aaffd4e9cf4a35b
   capybara (3.40.0) sha256=42dba720578ea1ca65fd7a41d163dd368502c191804558f6e0f71b391054aeef
   cbor (0.5.9.8) sha256=9ee097fc58d9bc5e406d112cd2d4e112c7354ec16f8b6ff34e4732c1e44b4eb7
-  chartkick (5.1.1) sha256=936b215a991fe638fc1c4b998495c9bf92b58df6f7d411e06517ef93b063e7f2
+  chartkick (5.1.2) sha256=1bb981ebb567c6bc6d1f555fba3dc5b4a7d1e7d170ea7d6980b4badf0032305a
   childprocess (5.0.0) sha256=0746b7ab1d6c68156e64a3767631d7124121516192c0492929a7f0af7310d835
   choice (0.2.0) sha256=a19617f7dfd4921b38a85d0616446620de685a113ec6d1ecc85bdb67bf38c974
   chunky_png (1.4.0) sha256=89d5b31b55c0cf4da3cf89a2b4ebc3178d8abe8cbaf116a1dba95668502fdcfe

From 6ef77c7e24d0282b2365e7d43bc91e91d02a0631 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 10:48:51 -0700
Subject: [PATCH 335/381] Bump strong_migrations from 2.0.1 to 2.0.2 (#5184)

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 95bddc07db9..1e203ed9cce 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -772,7 +772,7 @@ GEM
     stimulus-rails (1.3.4)
       railties (>= 6.0.0)
     stringio (3.1.1)
-    strong_migrations (2.0.1)
+    strong_migrations (2.0.2)
       activerecord (>= 6.1)
     swd (2.0.3)
       activesupport (>= 3)
@@ -1268,7 +1268,7 @@ CHECKSUMS
   statsd-instrument (3.9.5) sha256=4d0219d820365f2df89ca0fe61f7b7b60db25a89fcc9277d5e4688ac1a646f73
   stimulus-rails (1.3.4) sha256=765676ffa1f33af64ce026d26b48e8ffb2e0b94e0f50e9119e11d6107d67cb06
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
-  strong_migrations (2.0.1) sha256=86ed89bb62ff1861240ab4628a2500ef50cd8bbf03d4c8f7368fda2dd94636b9
+  strong_migrations (2.0.2) sha256=888a71d04580169d6fe4ab9e7f0ce5293a9a70b3624be912c4de9e9609ed378c
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
   tailwindcss-rails (3.0.0) sha256=ee9e5956411968fa445d2bb514c8fb70b239ca2e6f2d5bae06b161e2bee19446
   tailwindcss-ruby (3.4.14) sha256=80e0eb4f369ca48c00b688f88730c5fefe2ea9821f16f03a86dd2a6bf56dda3a

From 0d925a94fb88d4d145301fa83cb17013b45ade68 Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Thu, 31 Oct 2024 11:11:48 -0700
Subject: [PATCH 336/381] Dashboard "subject" layout with sidebar for current
 user (#5182)

---
 app/assets/images/icons.svg                   | 150 +++---------
 app/assets/stylesheets/hammy.css              |  11 +
 app/controllers/dashboards_controller.rb      |   3 +-
 app/controllers/subscriptions_controller.rb   |   2 +-
 .../controllers/scroll_controller.js          |  15 ++
 app/views/components/card_component.rb        |   2 +-
 app/views/components/subject/nav_component.rb |  38 +++
 app/views/dashboards/_subject.html.erb        |  42 ++++
 app/views/dashboards/show.html.erb            | 218 ++++++++----------
 app/views/layouts/_breadcrumbs.html.erb       |   4 +-
 app/views/layouts/_session.html.erb           |   2 +-
 app/views/layouts/hammy.html.erb              |  42 ++--
 app/views/layouts/subject.html.erb            |  42 ++++
 app/views/subscriptions/index.html.erb        |  14 +-
 config/locales/de.yml                         |  27 +--
 config/locales/en.yml                         |   1 +
 config/locales/es.yml                         |   1 +
 config/locales/fr.yml                         |   1 +
 config/locales/ja.yml                         |   1 +
 config/locales/nl.yml                         |   1 +
 config/locales/pt-BR.yml                      |   1 +
 config/locales/zh-CN.yml                      |   1 +
 config/locales/zh-TW.yml                      |   1 +
 23 files changed, 336 insertions(+), 284 deletions(-)
 create mode 100644 app/javascript/controllers/scroll_controller.js
 create mode 100644 app/views/components/subject/nav_component.rb
 create mode 100644 app/views/dashboards/_subject.html.erb
 create mode 100644 app/views/layouts/subject.html.erb

diff --git a/app/assets/images/icons.svg b/app/assets/images/icons.svg
index 1b91eb5e461..dd7abfcf2f0 100644
--- a/app/assets/images/icons.svg
+++ b/app/assets/images/icons.svg
@@ -1,125 +1,45 @@
 <?xml version="1.0" encoding="utf-8"?>
 <svg xmlns="http://www.w3.org/2000/svg">
   <defs>
-    <!-- Material icons (updated) -->
-    <symbol id="warning" viewBox="0 -960 960 960"><path d="M137.02-140q-10.17 0-18.27-4.97t-12.59-13.11q-4.68-8.08-5.15-17.5-.47-9.42 5.08-18.66l342.43-591.52q5.56-9.24 13.9-13.66 8.35-4.42 17.58-4.42 9.23 0 17.58 4.42 8.34 4.42 13.9 13.66l342.43 591.52q5.55 9.24 5.08 18.66-.47 9.42-5.15 17.5-4.49 8.14-12.59 13.11-8.1 4.97-18.27 4.97H137.02ZM178-200h604L480-720 178-200Zm302-47.69q13.73 0 23.02-9.29t9.29-23.02q0-13.73-9.29-23.02T480-312.31q-13.73 0-23.02 9.29T447.69-280q0 13.73 9.29 23.02t23.02 9.29Zm.01-104.62q12.76 0 21.37-8.62 8.62-8.63 8.62-21.38v-140q0-12.75-8.63-21.37-8.63-8.63-21.38-8.63-12.76 0-21.37 8.63-8.62 8.62-8.62 21.37v140q0 12.75 8.63 21.38 8.63 8.62 21.38 8.62ZM480-460Z"/></symbol>
-    <symbol id="error" viewBox="0 -960 960 960"><path d="M480-290.77q13.73 0 23.02-9.29t9.29-23.02q0-13.73-9.29-23.02-9.29-9.28-23.02-9.28t-23.02 9.28q-9.29 9.29-9.29 23.02t9.29 23.02q9.29 9.29 23.02 9.29Zm.01-146.15q12.76 0 21.37-8.63 8.62-8.62 8.62-21.37v-180q0-12.75-8.63-21.38-8.63-8.62-21.38-8.62-12.76 0-21.37 8.62-8.62 8.63-8.62 21.38v180q0 12.75 8.63 21.37 8.63 8.63 21.38 8.63Zm.06 336.92q-78.84 0-148.21-29.92t-120.68-81.21q-51.31-51.29-81.25-120.63Q100-401.1 100-479.93q0-78.84 29.92-148.21t81.21-120.68q51.29-51.31 120.63-81.25Q401.1-860 479.93-860q78.84 0 148.21 29.92t120.68 81.21q51.31 51.29 81.25 120.63Q860-558.9 860-480.07q0 78.84-29.92 148.21t-81.21 120.68q-51.29 51.31-120.63 81.25Q558.9-100 480.07-100Zm-.07-60q134 0 227-93t93-227q0-134-93-227t-227-93q-134 0-227 93t-93 227q0 134 93 227t227 93Zm0-320Z"/></symbol>
-    <symbol id="arrow-circle-right" viewBox="0 -960 960 960"><path d="m512.23-450-53.31 53.31q-8.3 8.31-8.11 20.69.19 12.38 8.5 20.69t20.95 8.31q12.64 0 20.82-8.31l99.38-99.38q10.85-10.85 10.85-25.31 0-14.46-10.85-25.31l-99.77-99.77q-8.31-8.3-20.69-8.3t-20.69 8.3q-8.31 8.31-8.31 20.95 0 12.64 8.31 20.82L512.23-510H360q-12.75 0-21.37 8.63-8.63 8.63-8.63 21.38 0 12.76 8.63 21.37Q347.25-450 360-450h152.23Zm-32.16 350q-78.84 0-148.21-29.92t-120.68-81.21q-51.31-51.29-81.25-120.63Q100-401.1 100-479.93q0-78.84 29.92-148.21t81.21-120.68q51.29-51.31 120.63-81.25Q401.1-860 479.93-860q78.84 0 148.21 29.92t120.68 81.21q51.31 51.29 81.25 120.63Q860-558.9 860-480.07q0 78.84-29.92 148.21t-81.21 120.68q-51.29 51.31-120.63 81.25Q558.9-100 480.07-100Zm-.07-60q134 0 227-93t93-227q0-134-93-227t-227-93q-134 0-227 93t-93 227q0 134 93 227t227 93Zm0-320Z"/></symbol>
-    <symbol id="house-siding" viewBox="0 -960 960 960"><path d="M273.85-260v90q0 12.75-8.63 21.37-8.63 8.63-21.39 8.63-12.75 0-21.37-8.63-8.61-8.62-8.61-21.37v-374.08L120-473.46q-10.54 7.31-22.31 6.19-11.77-1.12-19.46-11.65-7.69-10.54-6.27-22.31 1.43-11.77 11.96-19.46L436-787.23q9.85-7.23 21.08-10.65 11.24-3.43 22.92-3.43 11.68 0 22.92 3.43 11.23 3.42 21.08 10.65l352.46 266.54q9.92 7.69 11.65 19.46 1.73 11.77-5.96 22.31-7.69 10.53-19.46 11.65-11.77 1.12-22.31-6.19l-93.84-70.62V-170q0 12.75-8.63 21.37-8.63 8.63-21.39 8.63-12.75 0-21.37-8.63-8.61-8.62-8.61-21.37v-90H273.85Zm0-215.38h412.69v-95.39H273.85v95.39Zm0 155.38h412.69v-95.39H273.85V-320Zm54.61-310.77h303.08L480-744.39 328.46-630.77Z"/></symbol>
+    <!-- Material icons, 300 weight, optical size 24px (with a few exceptions) -->
+    <symbol id="account-box" viewBox="0 -960 960 960"><path d="M190.26-224.1q56.97-54.49 130.5-87.01 73.54-32.53 159.17-32.53 85.63 0 159.24 32.53 73.6 32.52 130.57 87.01v-533.33q0-4.62-3.84-8.47-3.85-3.84-8.47-3.84H202.57q-4.62 0-8.47 3.84-3.84 3.85-3.84 8.47v533.33Zm290.69-205.03q54.02 0 91.54-37.51Q610-504.15 610-558.18q0-54.02-37.51-91.54-37.52-37.51-91.54-37.51-54.03 0-91.54 37.51-37.51 37.52-37.51 91.54 0 54.03 37.51 91.54 37.51 37.51 91.54 37.51ZM202.57-140q-25.79 0-44.18-18.39T140-202.57v-554.86q0-25.79 18.39-44.18T202.57-820h554.86q25.79 0 44.18 18.39T820-757.43v554.86q0 25.79-18.39 44.18T757.43-140H202.57Zm22.04-50.26h510.37q-59.85-53.46-123.89-78.29-64.04-24.84-131.22-24.84-66.41 0-130.91 24.84-64.5 24.83-124.35 78.29Zm256.47-289.12q-32.82 0-55.88-23.05-23.05-23.06-23.05-55.75t23.05-55.74q23.06-23.05 55.75-23.05t55.74 23.1q23.05 23.11 23.05 55.56 0 32.82-23.1 55.88-23.11 23.05-55.56 23.05ZM480-497.26Z"/></symbol>
     <symbol id="arrow-circle-down" viewBox="0 -960 960 960"><path d="m454-447.84-49.31-49.31q-8.31-8.31-18.19-8.31t-18.19 8.31q-8.31 8.3-8.31 18.44 0 10.15 8.31 18.32l89.91 89.91q9.7 9.71 22.35 9.71 12.64 0 22.12-9.85l89.77-89.77q8.31-8.17 8.31-18.32 0-10.14-8.31-18.44-8.31-8.31-18.45-8.31-10.14 0-18.32 8.31l-49.31 49.31v-138.52q0-10.93-7.41-18.32-7.42-7.4-18.39-7.4-10.96 0-18.77 7.4-7.81 7.39-7.81 18.32v138.52ZM480.34-116q-75.11 0-141.48-28.42-66.37-28.42-116.18-78.21-49.81-49.79-78.25-116.09Q116-405.01 116-480.39q0-75.38 28.42-141.25t78.21-115.68q49.79-49.81 116.09-78.25Q405.01-844 480.39-844q75.38 0 141.25 28.42t115.68 78.21q49.81 49.79 78.25 115.85Q844-555.45 844-480.34q0 75.11-28.42 141.48-28.42 66.37-78.21 116.18-49.79 49.81-115.85 78.25Q555.45-116 480.34-116Zm-.34-52q130 0 221-91t91-221q0-130-91-221t-221-91q-130 0-221 91t-91 221q0 130 91 221t221 91Zm0-312Z"/></symbol>
+    <symbol id="arrow-circle-right" viewBox="0 -960 960 960"><path d="m512.23-450-53.31 53.31q-8.3 8.31-8.11 20.69.19 12.38 8.5 20.69t20.95 8.31q12.64 0 20.82-8.31l99.38-99.38q10.85-10.85 10.85-25.31 0-14.46-10.85-25.31l-99.77-99.77q-8.31-8.3-20.69-8.3t-20.69 8.3q-8.31 8.31-8.31 20.95 0 12.64 8.31 20.82L512.23-510H360q-12.75 0-21.37 8.63-8.63 8.63-8.63 21.38 0 12.76 8.63 21.37Q347.25-450 360-450h152.23Zm-32.16 350q-78.84 0-148.21-29.92t-120.68-81.21q-51.31-51.29-81.25-120.63Q100-401.1 100-479.93q0-78.84 29.92-148.21t81.21-120.68q51.29-51.31 120.63-81.25Q401.1-860 479.93-860q78.84 0 148.21 29.92t120.68 81.21q51.31 51.29 81.25 120.63Q860-558.9 860-480.07q0 78.84-29.92 148.21t-81.21 120.68q-51.29 51.31-120.63 81.25Q558.9-100 480.07-100Zm-.07-60q134 0 227-93t93-227q0-134-93-227t-227-93q-134 0-227 93t-93 227q0 134 93 227t227 93Zm0-320Z"/></symbol>
+    <symbol id="arrow-drop-down" viewBox="0 -960 960 960"><path d="M460.81-393.04 334.76-519.08q-2.6-2.61-4.1-5.83-1.5-3.21-1.5-6.89 0-7.35 4.97-12.78 4.97-5.42 13.1-5.42h265.54q8.13 0 13.1 5.48 4.97 5.47 4.97 12.77 0 1.83-5.61 12.67L499.19-393.04q-4.34 4.35-8.98 6.35-4.64 2-10.21 2-5.57 0-10.21-2-4.64-2-8.98-6.35Z"/></symbol>
+    <symbol id="arrow-forward-ios" viewBox="0 -960 960 960"><path d="M593.23-480 291.92-781.31q-11.92-11.92-11.61-28.38.31-16.46 12.23-28.39Q304.46-850 320.92-850t28.39 11.92l306.23 306.85q10.84 10.85 16.07 24.31 5.24 13.46 5.24 26.92t-5.24 26.92q-5.23 13.46-16.07 24.31L348.69-121.92q-11.92 11.92-28.07 11.61-16.16-.31-28.08-12.23-11.92-11.92-11.92-28.38t11.92-28.39L593.23-480Z"/></symbol>
     <symbol id="check-circle" viewBox="0 -960 960 960"><path d="m423.23-394.15-92.92-92.93q-8.31-8.3-20.89-8.5-12.57-.19-21.27 8.5-8.69 8.7-8.69 21.08 0 12.38 8.69 21.08l109.77 109.77q10.85 10.84 25.31 10.84 14.46 0 25.31-10.84l222.54-222.54q8.3-8.31 8.5-20.89.19-12.57-8.5-21.27-8.7-8.69-21.08-8.69-12.38 0-21.08 8.69l-205.69 205.7ZM480.07-100q-78.84 0-148.21-29.92t-120.68-81.21q-51.31-51.29-81.25-120.63Q100-401.1 100-479.93q0-78.84 29.92-148.21t81.21-120.68q51.29-51.31 120.63-81.25Q401.1-860 479.93-860q78.84 0 148.21 29.92t120.68 81.21q51.31 51.29 81.25 120.63Q860-558.9 860-480.07q0 78.84-29.92 148.21t-81.21 120.68q-51.29 51.31-120.63 81.25Q558.9-100 480.07-100Zm-.07-60q134 0 227-93t93-227q0-134-93-227t-227-93q-134 0-227 93t-93 227q0 134 93 227t227 93Zm0-320Z"/></symbol>
+    <symbol id="chevron-right" viewBox="0 -960 960 960"><path d="M517.85-480 354.92-642.92q-8.3-8.31-8.5-20.89-.19-12.57 8.5-21.27 8.7-8.69 21.08-8.69 12.38 0 21.08 8.69l179.77 179.77q5.61 5.62 7.92 11.85 2.31 6.23 2.31 13.46t-2.31 13.46q-2.31 6.23-7.92 11.85L397.08-274.92q-8.31 8.3-20.89 8.5-12.57.19-21.27-8.5-8.69-8.7-8.69-21.08 0-12.38 8.69-21.08L517.85-480Z"/></symbol>
+    <symbol id="close" viewBox="0 -960 960 960"><path d="M480-437.85 277.08-234.92q-8.31 8.3-20.89 8.5-12.57.19-21.27-8.5-8.69-8.7-8.69-21.08 0-12.38 8.69-21.08L437.85-480 234.92-682.92q-8.3-8.31-8.5-20.89-.19-12.57 8.5-21.27 8.7-8.69 21.08-8.69 12.38 0 21.08 8.69L480-522.15l202.92-202.93q8.31-8.3 20.89-8.5 12.57-.19 21.27 8.5 8.69 8.7 8.69 21.08 0 12.38-8.69 21.08L522.15-480l202.93 202.92q8.3 8.31 8.5 20.89.19 12.57-8.5 21.27-8.7 8.69-21.08 8.69-12.38 0-21.08-8.69L480-437.85Z"/></symbol>
+    <symbol id="content-copy" viewBox="0 -960 960 960"><path d="M362.31-260Q332-260 311-281q-21-21-21-51.31v-455.38Q290-818 311-839q21-21 51.31-21h335.38Q728-860 749-839q21 21 21 51.31v455.38Q770-302 749-281q-21 21-51.31 21H362.31Zm0-60h335.38q4.62 0 8.46-3.85 3.85-3.84 3.85-8.46v-455.38q0-4.62-3.85-8.46-3.84-3.85-8.46-3.85H362.31q-4.62 0-8.46 3.85-3.85 3.84-3.85 8.46v455.38q0 4.62 3.85 8.46 3.84 3.85 8.46 3.85Zm-140 200Q192-120 171-141q-21-21-21-51.31v-485.38q0-12.77 8.62-21.39 8.61-8.61 21.38-8.61t21.39 8.61q8.61 8.62 8.61 21.39v485.38q0 4.62 3.85 8.46 3.84 3.85 8.46 3.85h365.38q12.77 0 21.39 8.61 8.61 8.62 8.61 21.39 0 12.77-8.61 21.38-8.62 8.62-21.39 8.62H222.31ZM350-320v-480 480Z"/></symbol>
+    <symbol id="error" viewBox="0 -960 960 960"><path d="M480-290.77q13.73 0 23.02-9.29t9.29-23.02q0-13.73-9.29-23.02-9.29-9.28-23.02-9.28t-23.02 9.28q-9.29 9.29-9.29 23.02t9.29 23.02q9.29 9.29 23.02 9.29Zm.01-146.15q12.76 0 21.37-8.63 8.62-8.62 8.62-21.37v-180q0-12.75-8.63-21.38-8.63-8.62-21.38-8.62-12.76 0-21.37 8.62-8.62 8.63-8.62 21.38v180q0 12.75 8.63 21.37 8.63 8.63 21.38 8.63Zm.06 336.92q-78.84 0-148.21-29.92t-120.68-81.21q-51.31-51.29-81.25-120.63Q100-401.1 100-479.93q0-78.84 29.92-148.21t81.21-120.68q51.29-51.31 120.63-81.25Q401.1-860 479.93-860q78.84 0 148.21 29.92t120.68 81.21q51.31 51.29 81.25 120.63Q860-558.9 860-480.07q0 78.84-29.92 148.21t-81.21 120.68q-51.29 51.31-120.63 81.25Q558.9-100 480.07-100Zm-.07-60q134 0 227-93t93-227q0-134-93-227t-227-93q-134 0-227 93t-93 227q0 134 93 227t227 93Zm0-320Z"/></symbol>
+    <symbol id="history" viewBox="0 -960 960 960"><path d="M479.23-140q-120.61 0-212.61-73.62-92-73.61-117.93-188.38-3.23-11.92 3.89-21.92 7.11-10 20.15-11.62 12.27-1.61 22 4.85t13.58 19Q231.15-319 306.73-259.5t172.5 59.5q117 0 198.5-81.5t81.5-198.5q0-117-81.5-198.5T479.23-760q-65.54 0-122.84 29.12-57.31 29.11-98.7 80.11h74.62q12.75 0 21.37 8.63 8.63 8.63 8.63 21.38 0 12.76-8.63 21.37-8.62 8.62-21.37 8.62H195.39q-15.37 0-25.76-10.4-10.4-10.39-10.4-25.76v-136.92q0-12.75 8.63-21.37 8.63-8.63 21.39-8.63 12.75 0 21.37 8.63 8.61 8.62 8.61 21.37v64.77q48.69-57.46 116.62-89.19Q403.77-820 479.23-820q70.8 0 132.63 26.77t107.83 72.77q46 46 72.77 107.82 26.77 61.83 26.77 132.62t-26.77 132.63q-26.77 61.85-72.77 107.85-46 46-107.83 72.77Q550.03-140 479.23-140Zm31.15-352.15 110 110q8.31 8.3 8.5 20.88.2 12.58-8.5 21.27-8.69 8.69-21.07 8.69-12.39 0-21.08-8.69l-117-117q-5.61-5.62-8.23-12.24-2.61-6.62-2.61-13.68V-650q0-12.75 8.62-21.38 8.63-8.62 21.39-8.62 12.75 0 21.37 8.62 8.61 8.63 8.61 21.38v157.85Z"/></symbol>
+    <symbol id="house-siding" viewBox="0 -960 960 960"><path d="M273.85-260v90q0 12.75-8.63 21.37-8.63 8.63-21.39 8.63-12.75 0-21.37-8.63-8.61-8.62-8.61-21.37v-374.08L120-473.46q-10.54 7.31-22.31 6.19-11.77-1.12-19.46-11.65-7.69-10.54-6.27-22.31 1.43-11.77 11.96-19.46L436-787.23q9.85-7.23 21.08-10.65 11.24-3.43 22.92-3.43 11.68 0 22.92 3.43 11.23 3.42 21.08 10.65l352.46 266.54q9.92 7.69 11.65 19.46 1.73 11.77-5.96 22.31-7.69 10.53-19.46 11.65-11.77 1.12-22.31-6.19l-93.84-70.62V-170q0 12.75-8.63 21.37-8.63 8.63-21.39 8.63-12.75 0-21.37-8.63-8.61-8.62-8.61-21.37v-90H273.85Zm0-215.38h412.69v-95.39H273.85v95.39Zm0 155.38h412.69v-95.39H273.85V-320Zm54.61-310.77h303.08L480-744.39 328.46-630.77Z"/></symbol>
+    <symbol id="keyboard-arrow-down" viewBox="0 -960 960 960"><path d="M480-372.92q-7.23 0-13.46-2.31t-11.85-7.92L274.92-562.92q-8.3-8.31-8.5-20.89-.19-12.57 8.5-21.27 8.7-8.69 21.08-8.69 12.38 0 21.08 8.69L480-442.15l162.92-162.93q8.31-8.3 20.89-8.5 12.57-.19 21.27 8.5 8.69 8.7 8.69 21.08 0 12.38-8.69 21.08L505.31-383.15q-5.62 5.61-11.85 7.92-6.23 2.31-13.46 2.31Z"/></symbol>
+    <symbol id="language" viewBox="0 -960 960 960"><path d="M480-100q-78.15 0-147.5-29.96t-120.96-81.58q-51.62-51.61-81.58-120.96T100-480q0-78.77 29.96-147.81t81.58-120.65q51.61-51.62 120.96-81.58T480-860q78.77 0 147.81 29.96t120.65 81.58q51.62 51.61 81.58 120.65T860-480q0 78.15-29.96 147.5t-81.58 120.96q-51.61 51.62-120.65 81.58T480-100Zm0-60.85q30.62-40.61 51.54-81.92 20.92-41.31 34.08-90.31H394.38q13.93 50.54 34.47 91.85 20.53 41.31 51.15 80.38Zm-77.46-11q-23-33-41.31-75.03-18.31-42.04-28.46-86.2H197.08q31.69 62.31 85 104.7 53.31 42.38 120.46 56.53Zm154.92 0q67.15-14.15 120.46-56.53 53.31-42.39 85-104.7H627.23q-12.08 44.54-30.39 86.58-18.3 42.04-39.38 74.65ZM171.92-393.08h148.7q-3.77-22.3-5.47-43.73-1.69-21.42-1.69-43.19 0-21.77 1.69-43.19 1.7-21.43 5.47-43.73h-148.7q-5.77 20.38-8.84 42.38-3.08 22-3.08 44.54t3.08 44.54q3.07 22 8.84 42.38Zm208.69 0h198.78q3.76-22.3 5.46-43.34 1.69-21.04 1.69-43.58t-1.69-43.58q-1.7-21.04-5.46-43.34H380.61q-3.76 22.3-5.46 43.34-1.69 21.04-1.69 43.58t1.69 43.58q1.7 21.04 5.46 43.34Zm258.77 0h148.7q5.77-20.38 8.84-42.38 3.08-22 3.08-44.54t-3.08-44.54q-3.07-22-8.84-42.38h-148.7q3.77 22.3 5.47 43.73 1.69 21.42 1.69 43.19 0 21.77-1.69 43.19-1.7 21.43-5.47 43.73Zm-12.15-233.84h135.69Q730.85-690 678.5-731.62q-52.35-41.61-121.04-56.92 23 34.92 40.92 76.39 17.93 41.46 28.85 85.23Zm-232.85 0h171.24q-13.93-50.16-35.04-92.43-21.12-42.27-50.58-79.8-29.46 37.53-50.58 79.8-21.11 42.27-35.04 92.43Zm-197.3 0h135.69q10.92-43.77 28.85-85.23 17.92-41.47 40.92-76.39-69.08 15.31-121.23 57.12-52.16 41.8-84.23 104.5Z"/></symbol>
     <symbol id="logout" viewBox="0 -960 960 960"><path d="M224.62-160q-27.62 0-46.12-18.5Q160-197 160-224.62v-510.76q0-27.62 18.5-46.12Q197-800 224.62-800h236.15q8.54 0 14.27 5.73t5.73 14.27q0 8.54-5.73 14.27T460.77-760H224.62q-9.24 0-16.93 7.69-7.69 7.69-7.69 16.93v510.76q0 9.24 7.69 16.93 7.69 7.69 16.93 7.69h236.15q8.54 0 14.27 5.73t5.73 14.27q0 8.54-5.73 14.27T460.77-160H224.62Zm497.76-300H387.69q-8.54 0-14.27-5.73T367.69-480q0-8.54 5.73-14.27t14.27-5.73h334.69l-78.84-78.85q-5.62-5.61-6-13.53-.39-7.93 6-14.54 6.38-6.62 14.15-6.73 7.77-.12 14.39 6.5l104.54 104.53q9.69 9.7 9.69 22.62 0 12.92-9.69 22.62L672.08-352.85q-5.85 5.85-13.89 6.12-8.04.27-14.65-6.35-6.39-6.61-6.27-14.27.11-7.65 6.5-14.03L722.38-460Z"/></symbol>
-
-    <symbol id="chevron-right" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="size-6">
-      <path stroke-linecap="round" stroke-linejoin="round" d="m8.25 4.5 7.5 7.5-7.5 7.5" />
-    </symbol>
-
-    <symbol id="chevron-forward" viewBox="0 0 960 1147"><path d="M518 576L355 413q-8-8-8.5-20.5T355 371q9-9 21-9t21 9l180 180q5 5 7.5 11.5T587 576q0 7-2.5 13.5T577 601L397 781q-8 8-20.5 8.5T355 781q-9-9-9-21t9-21l163-163z"/></symbol>
-    <symbol id="rss-feed" viewBox="0 0 960 1147"><path d="M205 916q-27 0-46-19t-19-46q0-26 19-45t46-19q26 0 45 19t19 45q0 27-19 46t-45 19zm530 0q-19 0-32-14.5T688 867q-9-100-50-186.5T529 527q-67-68-153.5-109T189 368q-20-2-34.5-15T140 321q0-20 14-32.5t33-10.5q119 9 222.5 57.5T593 463q79 80 127.5 183.5T778 869q2 19-10.5 33T735 916zm-230 0q-19 0-32.5-13.5T456 870q-8-53-31-98.5T366 690q-36-36-81.5-59T186 600q-19-3-32.5-16.5T140 551q0-19 14-31.5t33-9.5q71 8 132.5 38T429 627q49 48 79 109.5T546 869q3 19-9.5 33T505 916z"/></symbol>
-    <symbol id="mail" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class="size-6">
-      <path stroke-linecap="round" stroke-linejoin="round" d="M21.75 6.75v10.5a2.25 2.25 0 0 1-2.25 2.25h-15a2.25 2.25 0 0 1-2.25-2.25V6.75m19.5 0A2.25 2.25 0 0 0 19.5 4.5h-15a2.25 2.25 0 0 0-2.25 2.25m19.5 0v.243a2.25 2.25 0 0 1-1.07 1.916l-7.5 4.615a2.25 2.25 0 0 1-2.36 0L3.32 8.91a2.25 2.25 0 0 1-1.07-1.916V6.75" />
-    </symbol>
-
-    <!-- Material icons (wrong weight) -->
-    <symbol id="arrow-drop-down" viewBox="0 0 24 24">
-      <path d="M0 0h24v24H0V0z" fill="none"/>
-      <path d="M8.71 11.71l2.59 2.59c.39.39 1.02.39 1.41 0l2.59-2.59c.63-.63.18-1.71-.71-1.71H9.41c-.89 0-1.33 1.08-.7 1.71z"/>
-    </symbol>
-    <symbol id="close" viewBox="0 0 24 24">
-      <path d="M0 0h24v24H0V0z" fill="none"/>
-      <path d="M18.3 5.71c-.39-.39-1.02-.39-1.41 0L12 10.59 7.11 5.7c-.39-.39-1.02-.39-1.41 0-.39.39-.39 1.02 0 1.41L10.59 12 5.7 16.89c-.39.39-.39 1.02 0 1.41.39.39 1.02.39 1.41 0L12 13.41l4.89 4.89c.39.39 1.02.39 1.41 0 .39-.39.39-1.02 0-1.41L13.41 12l4.89-4.89c.38-.38.38-1.02 0-1.4z"/>
-    </symbol>
-    <symbol id="error" viewBox="0 0 24 24">
-      <path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm0 11c-.55 0-1-.45-1-1V8c0-.55.45-1 1-1s1 .45 1 1v4c0 .55-.45 1-1 1zm1 4h-2v-2h2v2z"/>
-    </symbol>
-    <symbol id="content-copy" viewBox="0 0 24 24" enable-background="new 0 0 24 24">
-      <g>
-        <rect fill="none" height="24" width="24"/>
-      </g>
-      <g>
-        <path d="M15,20H5V7c0-0.55-0.45-1-1-1h0C3.45,6,3,6.45,3,7v13c0,1.1,0.9,2,2,2h10c0.55,0,1-0.45,1-1v0C16,20.45,15.55,20,15,20z M20,16V4c0-1.1-0.9-2-2-2H9C7.9,2,7,2.9,7,4v12c0,1.1,0.9,2,2,2h9C19.1,18,20,17.1,20,16z M18,16H9V4h9V16z"/>
-      </g>
-    </symbol>
-    <symbol id="history" viewBox="0 0 24 24">
-      <path d="M0 0h24v24H0V0z" fill="none"/>
-      <path d="M13.26 3C8.17 2.86 4 6.95 4 12H2.21c-.45 0-.67.54-.35.85l2.79 2.8c.2.2.51.2.71 0l2.79-2.8c.31-.31.09-.85-.36-.85H6c0-3.9 3.18-7.05 7.1-7 3.72.05 6.85 3.18 6.9 6.9.05 3.91-3.1 7.1-7 7.1-1.61 0-3.1-.55-4.28-1.48-.4-.31-.96-.28-1.32.08-.42.42-.39 1.13.08 1.49C9 20.29 10.91 21 13 21c5.05 0 9.14-4.17 9-9.26-.13-4.69-4.05-8.61-8.74-8.74zm-.51 5c-.41 0-.75.34-.75.75v3.68c0 .35.19.68.49.86l3.12 1.85c.36.21.82.09 1.03-.26.21-.36.09-.82-.26-1.03l-2.88-1.71v-3.4c0-.4-.34-.74-.75-.74z"/>
-    </symbol>
-
-    <symbol id="keyboard-arrow-down" viewBox="0 0 24 24">
-      <path d="M8.12 9.29L12 13.17l3.88-3.88c.39-.39 1.02-.39 1.41 0 .39.39.39 1.02 0 1.41l-4.59 4.59c-.39.39-1.02.39-1.41 0L6.7 10.7c-.39-.39-.39-1.02 0-1.41.39-.38 1.03-.39 1.42 0z"/>
-    </symbol>
-    <symbol id="keyboard-arrow-up" viewBox="0 0 24 24">
-      <path d="M8.12 14.71L12 10.83l3.88 3.88c.39.39 1.02.39 1.41 0 .39-.39.39-1.02 0-1.41L12.7 8.71c-.39-.39-1.02-.39-1.41 0L6.7 13.3c-.39.39-.39 1.02 0 1.41.39.38 1.03.39 1.42 0z"/>
-    </symbol>
-    <symbol id="language" viewBox="0 0 24 24">
-      <path d="M0 0h24v24H0V0z" fill="none"/>
-      <path d="M11.99 2C6.47 2 2 6.48 2 12s4.47 10 9.99 10C17.52 22 22 17.52 22 12S17.52 2 11.99 2zm6.93 6h-2.95c-.32-1.25-.78-2.45-1.38-3.56 1.84.63 3.37 1.91 4.33 3.56zM12 4.04c.83 1.2 1.48 2.53 1.91 3.96h-3.82c.43-1.43 1.08-2.76 1.91-3.96zM4.26 14C4.1 13.36 4 12.69 4 12s.1-1.36.26-2h3.38c-.08.66-.14 1.32-.14 2s.06 1.34.14 2H4.26zm.82 2h2.95c.32 1.25.78 2.45 1.38 3.56-1.84-.63-3.37-1.9-4.33-3.56zm2.95-8H5.08c.96-1.66 2.49-2.93 4.33-3.56C8.81 5.55 8.35 6.75 8.03 8zM12 19.96c-.83-1.2-1.48-2.53-1.91-3.96h3.82c-.43 1.43-1.08 2.76-1.91 3.96zM14.34 14H9.66c-.09-.66-.16-1.32-.16-2s.07-1.35.16-2h4.68c.09.65.16 1.32.16 2s-.07 1.34-.16 2zm.25 5.56c.6-1.11 1.06-2.31 1.38-3.56h2.95c-.96 1.65-2.49 2.93-4.33 3.56zM16.36 14c.08-.66.14-1.32.14-2s-.06-1.34-.14-2h3.38c.16.64.26 1.31.26 2s-.1 1.36-.26 2h-3.38z"/>
-    </symbol>
-    <symbol id="menu" viewBox="0 0 24 24">
-      <path d="M0 0h24v24H0V0z" fill="none"/>
-      <path d="M4 18h16c.55 0 1-.45 1-1s-.45-1-1-1H4c-.55 0-1 .45-1 1s.45 1 1 1zm0-5h16c.55 0 1-.45 1-1s-.45-1-1-1H4c-.55 0-1 .45-1 1s.45 1 1 1zM3 7c0 .55.45 1 1 1h16c.55 0 1-.45 1-1s-.45-1-1-1H4c-.55 0-1 .45-1 1z"/>
-    </symbol>
-    <symbol id="search" viewBox="0 0 24 24">
-      <path d="M9.7 14.1c-1.3 0-2.4-.4-3.3-1.3-.9-.9-1.3-2-1.3-3.3s.4-2.4 1.3-3.3c.9-.9 2-1.3 3.3-1.3 1.3 0 2.4.4 3.3 1.3.9.9 1.3 2 1.3 3.3s-.4 2.4-1.3 3.3c-.9.9-2 1.3-3.3 1.3Zm0 1.5c.7 0 1.4-.1 2-.3.7-.3 1.2-.6 1.7-1l5.8 5.8c.1.1.3.2.5.2s.4-.1.5-.2c.2-.2.3-.4.2-.6 0-.2 0-.4-.2-.5l-5.7-5.8c.4-.4.7-1 .9-1.7.3-.6.4-1.3.4-2 0-1.7-.6-3.2-1.8-4.3C12.8 4 11.4 3.4 9.7 3.4 8 3.4 6.5 4 5.3 5.2 4.2 6.3 3.6 7.8 3.6 9.5s.6 3.2 1.7 4.3C6.5 15 8 15.6 9.7 15.6Z"/>
-    </symbol>
-    <symbol id="settings" viewBox="0 0 24 24" enable-background="new 0 0 24 24">
-      <rect fill="none" height="24" width="24"/>
-      <path d="M19.5,12c0-0.23-0.01-0.45-0.03-0.68l1.86-1.41c0.4-0.3,0.51-0.86,0.26-1.3l-1.87-3.23c-0.25-0.44-0.79-0.62-1.25-0.42 l-2.15,0.91c-0.37-0.26-0.76-0.49-1.17-0.68l-0.29-2.31C14.8,2.38,14.37,2,13.87,2h-3.73C9.63,2,9.2,2.38,9.14,2.88L8.85,5.19 c-0.41,0.19-0.8,0.42-1.17,0.68L5.53,4.96c-0.46-0.2-1-0.02-1.25,0.42L2.41,8.62c-0.25,0.44-0.14,0.99,0.26,1.3l1.86,1.41 C4.51,11.55,4.5,11.77,4.5,12s0.01,0.45,0.03,0.68l-1.86,1.41c-0.4,0.3-0.51,0.86-0.26,1.3l1.87,3.23c0.25,0.44,0.79,0.62,1.25,0.42 l2.15-0.91c0.37,0.26,0.76,0.49,1.17,0.68l0.29,2.31C9.2,21.62,9.63,22,10.13,22h3.73c0.5,0,0.93-0.38,0.99-0.88l0.29-2.31 c0.41-0.19,0.8-0.42,1.17-0.68l2.15,0.91c0.46,0.2,1,0.02,1.25-0.42l1.87-3.23c0.25-0.44,0.14-0.99-0.26-1.3l-1.86-1.41 C19.49,12.45,19.5,12.23,19.5,12z M12.04,15.5c-1.93,0-3.5-1.57-3.5-3.5s1.57-3.5,3.5-3.5s3.5,1.57,3.5,3.5S13.97,15.5,12.04,15.5z"/>
-    </symbol>
-    <symbol id="tune" viewBox="0 0 24 24">
-      <path d="M0 0h24v24H0V0z" fill="none"/>
-      <path d="M3 18c0 .55.45 1 1 1h5v-2H4c-.55 0-1 .45-1 1zM3 6c0 .55.45 1 1 1h9V5H4c-.55 0-1 .45-1 1zm10 14v-1h7c.55 0 1-.45 1-1s-.45-1-1-1h-7v-1c0-.55-.45-1-1-1s-1 .45-1 1v4c0 .55.45 1 1 1s1-.45 1-1zM7 10v1H4c-.55 0-1 .45-1 1s.45 1 1 1h3v1c0 .55.45 1 1 1s1-.45 1-1v-4c0-.55-.45-1-1-1s-1 .45-1 1zm14 2c0-.55-.45-1-1-1h-9v2h9c.55 0 1-.45 1-1zm-5-3c.55 0 1-.45 1-1V7h3c.55 0 1-.45 1-1s-.45-1-1-1h-3V4c0-.55-.45-1-1-1s-1 .45-1 1v4c0 .55.45 1 1 1z"/>
-    </symbol>
-    <symbol id="warning" viewBox="0 0 24 24">
-      <path d="M4.47 21h15.06c1.54 0 2.5-1.67 1.73-3L13.73 4.99c-.77-1.33-2.69-1.33-3.46 0L2.74 18c-.77 1.33.19 3 1.73 3zM12 14c-.55 0-1-.45-1-1v-2c0-.55.45-1 1-1s1 .45 1 1v2c0 .55-.45 1-1 1zm1 4h-2v-2h2v2z"/>
-    </symbol>
+    <symbol id="mail" viewBox="0 -960 960 960"><path d="M172.31-180Q142-180 121-201q-21-21-21-51.31v-455.38Q100-738 121-759q21-21 51.31-21h615.38Q818-780 839-759q21 21 21 51.31v455.38Q860-222 839-201q-21 21-51.31 21H172.31ZM800-662.31 499.46-469.92q-4.61 2.61-9.54 4.11-4.92 1.5-9.92 1.5t-9.92-1.5q-4.93-1.5-9.54-4.11L160-662.31v410q0 5.39 3.46 8.85t8.85 3.46h615.38q5.39 0 8.85-3.46t3.46-8.85v-410ZM480-520l313.85-200h-627.7L480-520ZM160-662.31v9.23-45.73 1.19V-720v22.38-1.27V-653.08v-9.23V-240v-422.31Z"/></symbol>
+    <symbol id="menu" viewBox="0 -960 960 960"><path d="M170-254.62q-12.75 0-21.37-8.63-8.63-8.62-8.63-21.38 0-12.75 8.63-21.37 8.62-8.61 21.37-8.61h620q12.75 0 21.37 8.62 8.63 8.63 8.63 21.39 0 12.75-8.63 21.37-8.62 8.61-21.37 8.61H170ZM170-450q-12.75 0-21.37-8.63-8.63-8.63-8.63-21.38 0-12.76 8.63-21.37Q157.25-510 170-510h620q12.75 0 21.37 8.63 8.63 8.63 8.63 21.38 0 12.76-8.63 21.37Q802.75-450 790-450H170Zm0-195.39q-12.75 0-21.37-8.62-8.63-8.63-8.63-21.39 0-12.75 8.63-21.37 8.62-8.61 21.37-8.61h620q12.75 0 21.37 8.63 8.63 8.62 8.63 21.38 0 12.75-8.63 21.37-8.62 8.61-21.37 8.61H170Z"/></symbol>
+    <symbol id="notifications" viewBox="0 -960 960 960"><path d="M210-204.62q-12.75 0-21.37-8.62-8.63-8.63-8.63-21.39 0-12.75 8.63-21.37 8.62-8.61 21.37-8.61h42.31v-298.47q0-80.69 49.81-142.69 49.8-62 127.88-79.31V-810q0-20.83 14.57-35.42Q459.14-860 479.95-860q20.82 0 35.43 14.58Q530-830.83 530-810v24.92q78.08 17.31 127.88 79.31 49.81 62 49.81 142.69v298.47H750q12.75 0 21.37 8.62 8.63 8.63 8.63 21.39 0 12.75-8.63 21.37-8.62 8.61-21.37 8.61H210Zm270-293.07Zm-.07 405.38q-29.85 0-51.04-21.24-21.2-21.24-21.2-51.07h144.62q0 29.93-21.26 51.12-21.26 21.19-51.12 21.19Zm-167.62-172.3h335.38v-298.47q0-69.46-49.11-118.57-49.12-49.12-118.58-49.12-69.46 0-118.58 49.12-49.11 49.11-49.11 118.57v298.47Z"/></symbol>
+    <symbol id="rss-feed" viewBox="0 -960 960 960"><path d="M204.62-140q-26.66 0-45.64-18.98T140-204.62q0-26.65 18.98-45.63 18.98-18.98 45.64-18.98 26.65 0 45.63 18.98 18.98 18.98 18.98 45.63 0 26.66-18.98 45.64T204.62-140Zm530.83 0q-19.53 0-32.42-14.66-12.9-14.66-15.11-34.73-8.69-99.3-50-186.11-41.3-86.81-108.46-153.96-67.15-67.16-153.96-108.46-86.81-41.31-186.11-50-20.07-2.23-34.73-15.21Q140-716.1 140-735.38q0-19.56 13.96-31.98 13.96-12.41 32.81-10.79 119.15 8.69 222.81 57.5 103.65 48.8 182.96 128.11 79.31 79.31 128.11 182.96 48.81 103.66 57.5 222.81 1.62 18.85-10.78 32.81Q754.98-140 735.45-140Zm-230.83 0q-18.85 0-32.04-13.66-13.19-13.65-16.66-32.49-7.46-53.24-30.53-98.39Q402.31-329.69 366-366q-36.31-36.31-81.46-59.39-45.15-23.07-98.39-30.53-18.84-3.47-32.49-16.66Q140-485.77 140-504.55q0-19.53 13.96-32.1 13.96-12.58 32.81-9.73 71.08 8.07 132.85 38.46 61.76 30.38 109.84 78.46 48.08 48.08 78.46 109.84 30.39 61.77 38.46 132.85 2.85 18.85-9.79 32.81Q523.95-140 504.62-140Z"/></symbol>
+    <symbol id="search" viewBox="0 -960 960 960"><path d="M379.69-339.85q-102.01 0-172.77-70.74t-70.76-171.85q0-101.1 70.74-171.84 70.74-70.74 171.99-70.74 101.25 0 171.97 70.74 70.73 70.74 70.73 171.85 0 42.3-14.39 81.84-14.38 39.54-40.53 70.69l239.07 238q7.23 6.94 7.43 17.89.19 10.96-7.43 18.45-7.61 7.48-18.38 7.48-10.76 0-18.08-7.61L530.87-394.1q-29.9 25.86-69.4 40.06-39.51 14.19-81.78 14.19Zm-.41-50.25q80.41 0 136.23-55.96 55.82-55.97 55.82-136.38t-55.82-136.37q-55.82-55.96-136.23-55.96-80.75 0-136.81 55.96t-56.06 136.37q0 80.41 56.06 136.38 56.06 55.96 136.81 55.96Z"/></symbol>
+    <symbol id="settings" viewBox="0 -960 960 960"><path d="M435.69-100q-20.46 0-35.34-13.58-14.89-13.57-18.12-33.42l-9.77-74.85q-16.07-5.38-32.96-15.07-16.88-9.7-30.19-20.77L240-228.23q-18.85 8.31-37.88 1.61-19.04-6.69-29.58-24.3l-45.08-78.16q-10.54-17.61-6.07-37.27 4.46-19.65 20.46-32.42l59.92-45q-1.38-8.92-1.96-17.92-.58-9-.58-17.93 0-8.53.58-17.34t1.96-19.27l-59.92-45q-16-12.77-20.27-32.62-4.27-19.84 6.27-37.46l44.69-77q10.54-17.23 29.58-24.11 19.03-6.89 37.88 1.42l68.92 29.08q14.47-11.46 30.89-20.96t32.27-15.27L382.23-813q3.23-19.85 18.12-33.42Q415.23-860 435.69-860h88.62q20.46 0 35.34 13.58 14.89 13.57 18.12 33.42l9.77 75.23q18 6.54 32.57 15.27 14.58 8.73 29.43 20.58L720.39-731q18.84-8.31 37.88-1.42 19.04 6.88 29.57 24.11l44.7 77.39q10.54 17.61 6.07 37.27-4.46 19.65-20.46 32.42l-61.46 46.15q2.15 9.69 2.35 18.12.19 8.42.19 16.96 0 8.15-.39 16.58-.38 8.42-2.76 19.27l60.3 45.38q16 12.77 20.66 32.42 4.65 19.66-5.89 37.27l-45.31 77.77q-10.53 17.62-29.76 24.31-19.23 6.69-38.08-1.62l-68.46-29.46q-14.85 11.85-30.31 20.96-15.46 9.12-31.69 14.89L577.77-147q-3.23 19.85-18.12 33.42Q544.77-100 524.31-100h-88.62Zm4.31-60h78.62L533-267.15q30.62-8 55.96-22.73 25.35-14.74 48.89-37.89L737.23-286l39.39-68-86.77-65.38q5-15.54 6.8-30.47 1.81-14.92 1.81-30.15 0-15.62-1.81-30.15-1.8-14.54-6.8-29.7L777.38-606 738-674l-100.54 42.38q-20.08-21.46-48.11-37.92-28.04-16.46-56.73-23.31L520-800h-79.38l-13.24 106.77q-30.61 7.23-56.53 22.15-25.93 14.93-49.47 38.46L222-674l-39.38 68L269-541.62q-5 14.24-7 29.62t-2 32.38q0 15.62 2 30.62 2 15 6.62 29.62l-86 65.38L222-286l99-42q22.77 23.38 48.69 38.31 25.93 14.92 57.31 22.92L440-160Zm40.46-200q49.92 0 84.96-35.04 35.04-35.04 35.04-84.96 0-49.92-35.04-84.96Q530.38-600 480.46-600q-50.54 0-85.27 35.04T360.46-480q0 49.92 34.73 84.96Q429.92-360 480.46-360ZM480-480Z"/></symbol>
+    <symbol id="space-dashboard" viewBox="0 -960 960 960"><path d="M212.31-140Q182-140 161-161q-21-21-21-51.31v-535.38Q140-778 161-799q21-21 51.31-21h535.38Q778-820 799-799q21 21 21 51.31v535.38Q820-182 799-161q-21 21-51.31 21H212.31Zm0-60H450v-560H212.31q-4.62 0-8.46 3.85-3.85 3.84-3.85 8.46v535.38q0 4.62 3.85 8.46 3.84 3.85 8.46 3.85ZM510-200h237.69q4.62 0 8.46-3.85 3.85-3.84 3.85-8.46V-480H510v280Zm0-340h250v-207.69q0-4.62-3.85-8.46-3.84-3.85-8.46-3.85H510v220Z"/></symbol>
+    <symbol id="tune" viewBox="0 -960 960 960"><path d="M479.99-130q-12.76 0-21.37-8.63Q450-147.25 450-160v-160q0-12.75 8.63-21.37 8.63-8.63 21.38-8.63 12.76 0 21.37 8.63Q510-332.75 510-320v50h290q12.75 0 21.37 8.63 8.63 8.63 8.63 21.38 0 12.76-8.63 21.37Q812.75-210 800-210H510v50q0 12.75-8.63 21.37-8.63 8.63-21.38 8.63ZM160-210q-12.75 0-21.37-8.63-8.63-8.63-8.63-21.38 0-12.76 8.63-21.37Q147.25-270 160-270h160q12.75 0 21.37 8.63 8.63 8.63 8.63 21.38 0 12.76-8.63 21.37Q332.75-210 320-210H160Zm159.99-160q-12.76 0-21.37-8.63Q290-387.25 290-400v-50H160q-12.75 0-21.37-8.63-8.63-8.63-8.63-21.38 0-12.76 8.63-21.37Q147.25-510 160-510h130v-50q0-12.75 8.63-21.37 8.63-8.63 21.38-8.63 12.76 0 21.37 8.63Q350-572.75 350-560v160q0 12.75-8.63 21.37-8.63 8.63-21.38 8.63ZM480-450q-12.75 0-21.37-8.63-8.63-8.63-8.63-21.38 0-12.76 8.63-21.37Q467.25-510 480-510h320q12.75 0 21.37 8.63 8.63 8.63 8.63 21.38 0 12.76-8.63 21.37Q812.75-450 800-450H480Zm159.99-160q-12.76 0-21.37-8.63Q610-627.25 610-640v-160q0-12.75 8.63-21.37 8.63-8.63 21.38-8.63 12.76 0 21.37 8.63Q670-812.75 670-800v50h130q12.75 0 21.37 8.63 8.63 8.63 8.63 21.38 0 12.76-8.63 21.37Q812.75-690 800-690H670v50q0 12.75-8.63 21.37-8.63 8.63-21.38 8.63ZM160-690q-12.75 0-21.37-8.63-8.63-8.63-8.63-21.38 0-12.76 8.63-21.37Q147.25-750 160-750h320q12.75 0 21.37 8.63 8.63 8.63 8.63 21.38 0 12.76-8.63 21.37Q492.75-690 480-690H160Z"/></symbol>
+    <symbol id="warning" viewBox="0 -960 960 960"><path d="M137.02-140q-10.17 0-18.27-4.97t-12.59-13.11q-4.68-8.08-5.15-17.5-.47-9.42 5.08-18.66l342.43-591.52q5.56-9.24 13.9-13.66 8.35-4.42 17.58-4.42 9.23 0 17.58 4.42 8.34 4.42 13.9 13.66l342.43 591.52q5.55 9.24 5.08 18.66-.47 9.42-5.15 17.5-4.49 8.14-12.59 13.11-8.1 4.97-18.27 4.97H137.02ZM178-200h604L480-720 178-200Zm302-47.69q13.73 0 23.02-9.29t9.29-23.02q0-13.73-9.29-23.02T480-312.31q-13.73 0-23.02 9.29T447.69-280q0 13.73 9.29 23.02t23.02 9.29Zm.01-104.62q12.76 0 21.37-8.62 8.62-8.63 8.62-21.38v-140q0-12.75-8.63-21.37-8.63-8.63-21.38-8.63-12.76 0-21.37 8.63-8.62 8.62-8.62 21.37v140q0 12.75 8.63 21.38 8.63 8.62 21.38 8.62ZM480-460Z"/></symbol>
 
     <!-- Custom Icons -->
-    <symbol viewBox="0 0 32 32" id="logo">
-      <path d="M10.4 10.5l-3.9 4L16 24l9.6-9.5-3.9-4H10.4ZM16 29 4.7 22.5V9.5L16 3 27.3 9.5v13L16 29ZM2 8V24l14 8 14-8V8L16 0 2 8Z"/>
-    </symbol>
-    <symbol viewBox="0 0 32 32" id="gems"><!-- same as logo -->
-      <path d="M10.4 10.5l-3.9 4L16 24l9.6-9.5-3.9-4H10.4ZM16 29 4.7 22.5V9.5L16 3 27.3 9.5v13L16 29ZM2 8V24l14 8 14-8V8L16 0 2 8Z"/>
-    </symbol>
-    <symbol id="profile" viewBox="0 0 24 24">
-      <path d="M2.1 20.5A14.2 14.2 90 016.5 17.6C8.2 16.9 10 16.5 12 16.5 13.9 16.5 15.8 16.9 17.4 17.6A14.2 14.2 90 0121.9 20.5V2.6A.4.4 90 0021.7 2.3.4.4 90 0021.4 2.1H2.6A.4.4 90 002.3 2.3.4.4 90 002.1 2.6V20.5ZM12 14.4C13.3 14.4 14.4 14 15.2 13.1S16.6 11.1 16.6 9.8C16.6 8.5 16.1 7.5 15.2 6.6S13.3 5.2 12 5.2C10.7 5.2 9.6 5.7 8.7 6.6S7.4 8.5 7.4 9.8C7.4 11.1 7.9 12.2 8.7 13.1S10.7 14.4 12 14.4ZM2.6 24C1.8 24 1.2 23.7.7 23.3.2 22.8 0 22.2 0 21.4V2.6C0 1.8.2 1.2.7.7 1.2.2 1.8 0 2.6 0H21.4C22.2 0 22.8.2 23.3.7 23.7 1.2 24 1.8 24 2.6V21.4C24 22.2 23.7 22.8 23.3 23.3 22.8 23.7 22.2 24 21.4 24H2.6ZM3.8 21.9H20.2C19 20.8 17.7 20 16.3 19.4A12 12 90 0012 18.6C10.6 18.6 9.1 18.9 7.7 19.4 6.3 20 4.9 20.8 3.8 21.9ZM12 12.3A2.4 2.4 90 0110.3 11.6 2.4 2.4 90 019.5 9.8C9.5 9.1 9.8 8.6 10.3 8.1A2.4 2.4 90 0112 7.3C12.7 7.3 13.3 7.6 13.7 8.1 14.2 8.6 14.5 9.1 14.5 9.8 14.5 10.5 14.2 11.1 13.7 11.6A2.4 2.4 90 0112 12.3Z"/>
-    </symbol>
-    <symbol id="history" viewBox="0 0 24 24">
-      <path d="M12 23.9c-2.8 0-5.3-.9-7.4-2.6-2.1-1.7-3.5-3.9-4.1-6.6a.9.9 90 01.1-.8 1 1 90 01.7-.4 1.1 1.1 90 01.8.2c.2.2.4.4.5.7.5 2.2 1.7 3.9 3.4 5.3 1.8 1.4 3.8 2.1 6 2.1 2.7 0 5-1 6.9-2.9s2.9-4.2 2.9-6.9-1-5-2.9-6.9C17 3.2 14.7 2.2 12 2.2a9.4 9.4 90 00-4.3 1A10.6 10.6 90 004.2 6h2.6c.3 0 .5.1.7.3a1 1 90 01.3.7 1 1 90 01-.3.7 1 1 90 01-.7.3H2a1.2 1.2 90 01-.9-.4 1.2 1.2 90 01-.4-.9V2.1c0-.3.1-.5.3-.7a1 1 90 01.7-.3c.3 0 .5.1.7.3a1 1 90 01.3.7v2.3A11.9 11.9 90 017 1.2a11.7 11.7 90 015-1.1 11.6 11.6 90 014.6.9c1.4.6 2.7 1.5 3.8 2.5a12.1 12.1 90 012.5 3.8 11.6 11.6 90 01.9 4.6c0 1.7-.3 3.2-.9 4.6a12 12 90 01-2.5 3.8 12 12 90 01-3.8 2.5 11.6 11.6 90 01-4.6.9Zm1.1-12.3 3.8 3.9a1 1 90 01.3.7 1 1 90 01-.3.7 1 1 90 01-.7.3 1 1 90 01-.7-.3l-4.1-4.1a1.3 1.3 90 01-.4-.9V6.1c0-.3.1-.5.3-.7a1 1 90 01.7-.3c.3 0 .5.1.7.3a1 1 90 01.3.7v5.5Z"/>
-    </symbol>
-    <symbol id="ruby-central" viewBox="0 0 60 60">
-      <path fill-rule="evenodd" clip-rule="evenodd" d="M9.362 11.513a9.603 9.603 0 0 1 9.604-9.604h21.131a9.605 9.605 0 0 1 9.605 9.604v21.131a9.606 9.606 0 0 1-9.605 9.605h-21.13a9.605 9.605 0 0 1-9.605-9.605v-21.13ZM44.33 21.886c0 8.063-6.537 14.6-14.6 14.6s-14.599-6.537-14.599-14.6 6.536-14.6 14.6-14.6 14.599 6.537 14.599 14.6ZM27.164 13.05c-.984 0-1.92.418-2.577 1.149L21.4 17.742a3.467 3.467 0 0 0-.1 4.518l5.916 7.196a3.467 3.467 0 0 0 5.354 0l5.916-7.196a3.467 3.467 0 0 0-.1-4.518l-3.187-3.544a3.467 3.467 0 0 0-2.577-1.15h-5.458ZM26.591 16a.77.77 0 0 1 .573-.254h5.458c.219 0 .426.093.573.254l3.186 3.545a.77.77 0 0 1 .022 1.004l-5.915 7.197a.77.77 0 0 1-1.19 0l-5.915-7.197a.77.77 0 0 1 .022-1.004L26.591 16Zm32.113 40.033c.05.049.108.074.178.074h.868a.24.24 0 0 0 .177-.074.238.238 0 0 0 .073-.177v-6.917a.24.24 0 0 0-.073-.18.243.243 0 0 0-.177-.072h-.868a.245.245 0 0 0-.178.073.246.246 0 0 0-.073.179v6.917c0 .07.025.13.073.177Zm-4.164.178c-.361 0-.689-.07-.982-.209a1.907 1.907 0 0 1-.7-.576 1.403 1.403 0 0 1-.25-.814 1.365 1.365 0 0 1 .584-1.16c.397-.293.92-.488 1.568-.585l1.432-.21v-.218c0-.293-.073-.52-.22-.68-.146-.16-.397-.24-.752-.24a1.112 1.112 0 0 0-.617.156.91.91 0 0 0-.345.398.266.266 0 0 1-.24.135h-.826c-.076 0-.135-.02-.177-.062a.256.256 0 0 1-.053-.168 1.062 1.062 0 0 1 .137-.407c.083-.16.216-.314.397-.46.18-.153.414-.282.7-.386.286-.105.63-.157 1.034-.157.44 0 .808.055 1.109.167a1.862 1.862 0 0 1 .73.428c.182.181.314.395.398.638.083.243.125.501.125.773v3.282a.24.24 0 0 1-.073.177.243.243 0 0 1-.177.074h-.847a.258.258 0 0 1-.189-.074.267.267 0 0 1-.062-.177v-.408a1.655 1.655 0 0 1-.366.376 2.124 2.124 0 0 1-.565.283 2.533 2.533 0 0 1-.773.104Zm.356-.993c.244 0 .463-.052.658-.156a1.08 1.08 0 0 0 .47-.48c.119-.224.178-.503.178-.837v-.22l-1.045.167c-.41.063-.717.164-.92.303-.2.14-.303.31-.303.513a.61.61 0 0 0 .137.397.95.95 0 0 0 .365.24c.146.048.3.073.46.073Zm-5.827.815a.243.243 0 0 0 .177.074h.909c.077 0 .14-.025.188-.074a.243.243 0 0 0 .074-.177v-2.873c0-.328.09-.586.272-.774.187-.188.449-.283.783-.283h.815c.077 0 .136-.023.178-.073a.243.243 0 0 0 .073-.178v-.752a.243.243 0 0 0-.073-.177.222.222 0 0 0-.178-.073h-.428c-.335 0-.63.06-.889.177a1.579 1.579 0 0 0-.617.513v-.43a.237.237 0 0 0-.083-.187.243.243 0 0 0-.177-.073h-.847a.25.25 0 0 0-.25.26v4.923c0 .07.023.13.073.177Zm-1.774.074c-.418 0-.77-.074-1.056-.22a1.4 1.4 0 0 1-.637-.648c-.14-.292-.21-.654-.21-1.086V51.78h-.825a.243.243 0 0 1-.178-.073.246.246 0 0 1-.073-.179v-.606c0-.07.025-.129.073-.177a.243.243 0 0 1 .178-.073h.825v-1.734c0-.071.021-.13.064-.18a.256.256 0 0 1 .187-.072h.846a.246.246 0 0 1 .251.252v1.734h1.307c.07 0 .13.024.178.073a.243.243 0 0 1 .073.177v.606c0 .07-.025.13-.073.179a.243.243 0 0 1-.178.073H46.74v2.268c0 .285.05.507.147.668.105.16.283.24.533.24h.722c.07 0 .127.025.177.074a.243.243 0 0 1 .073.177v.648a.24.24 0 0 1-.073.177.245.245 0 0 1-.177.074h-.847Zm-8.542-.074a.243.243 0 0 0 .177.074h.92a.24.24 0 0 0 .178-.074.238.238 0 0 0 .073-.177V52.98c0-.403.108-.72.324-.95.216-.23.505-.346.867-.346.377 0 .662.116.857.345.202.23.304.548.304.951v2.875c0 .07.024.13.072.177.05.049.108.074.179.074h.918c.071 0 .13-.025.179-.074a.243.243 0 0 0 .073-.177v-2.937c0-.488-.088-.906-.262-1.253a1.844 1.844 0 0 0-.72-.806 2.053 2.053 0 0 0-1.108-.292c-.418 0-.77.076-1.056.23a2.18 2.18 0 0 0-.69.554v-.429a.243.243 0 0 0-.072-.177.24.24 0 0 0-.178-.073h-.858a.238.238 0 0 0-.177.073.243.243 0 0 0-.073.177v4.933c0 .07.024.13.073.177Zm-3.443.178c-.774 0-1.387-.223-1.84-.67-.453-.445-.696-1.079-.73-1.9a2.545 2.545 0 0 1-.012-.263c0-.111.004-.198.011-.26.027-.523.147-.976.355-1.36.216-.382.513-.675.889-.877.376-.208.818-.313 1.327-.313.563 0 1.037.118 1.42.355.384.23.674.554.869.972.194.411.291.888.291 1.431v.22a.238.238 0 0 1-.073.178.253.253 0 0 1-.187.073h-3.47v.083c.007.244.052.47.136.68a1.233 1.233 0 0 0 .387.49c.174.126.38.19.616.19a1.3 1.3 0 0 0 .491-.084 1.293 1.293 0 0 0 .502-.397c.063-.085.111-.133.146-.147a.407.407 0 0 1 .177-.03h.9c.069 0 .125.02.167.061a.174.174 0 0 1 .063.157c-.007.111-.067.248-.179.408a1.938 1.938 0 0 1-.459.47 2.71 2.71 0 0 1-.763.386 3.322 3.322 0 0 1-1.034.147Zm-1.15-3.292h2.309v-.03c0-.273-.045-.51-.135-.712a1.12 1.12 0 0 0-.397-.48 1.082 1.082 0 0 0-.627-.178 1.08 1.08 0 0 0-.627.178 1.112 1.112 0 0 0-.397.48 1.838 1.838 0 0 0-.126.711v.031Zm-6.727 2.958c.453.223 1.003.334 1.65.334.475 0 .9-.062 1.275-.187a3.02 3.02 0 0 0 .962-.513c.265-.222.47-.48.617-.773a2.222 2.222 0 0 0 .23-.951.17.17 0 0 0-.063-.157.211.211 0 0 0-.157-.063h-.993a.313.313 0 0 0-.187.052c-.05.035-.085.102-.106.199-.11.453-.303.767-.574.94-.272.168-.61.251-1.013.251-.467 0-.84-.129-1.119-.386-.279-.265-.428-.697-.449-1.295a24.37 24.37 0 0 1 0-1.757c.021-.6.17-1.028.45-1.284.277-.266.651-.398 1.118-.398.403 0 .74.084 1.013.251.271.166.464.48.574.94a.354.354 0 0 0 .106.198.313.313 0 0 0 .187.054h.993a.211.211 0 0 0 .157-.064.171.171 0 0 0 .063-.156 2.218 2.218 0 0 0-.847-1.714 2.898 2.898 0 0 0-.962-.523 4.018 4.018 0 0 0-1.274-.188c-.64 0-1.188.115-1.641.345a2.408 2.408 0 0 0-1.034.972c-.237.425-.37.93-.397 1.515a37.886 37.886 0 0 0 0 1.86c.027.593.16 1.102.397 1.526.237.418.578.742 1.024.972Zm-7.801 2.216a.2.2 0 0 1-.147-.064.199.199 0 0 1-.063-.146V57.8a.474.474 0 0 1 .042-.083l.816-1.934-2.007-4.734a.482.482 0 0 1-.041-.147.25.25 0 0 1 .073-.156.196.196 0 0 1 .156-.073h.847c.083 0 .146.02.187.063a.424.424 0 0 1 .095.135l1.39 3.417 1.43-3.417a.314.314 0 0 1 .095-.135c.042-.042.104-.063.189-.063h.835a.2.2 0 0 1 .147.063.186.186 0 0 1 .073.145.468.468 0 0 1-.042.168l-2.957 6.845a.417.417 0 0 1-.105.135c-.041.043-.105.064-.188.064h-.825Zm-4.87-2.09c.272.138.61.208 1.013.208.37 0 .69-.058.962-.178.272-.125.498-.299.68-.522.18-.222.32-.484.417-.783a3.8 3.8 0 0 0 .168-1.003 6.92 6.92 0 0 0 .01-.335c0-.105-.004-.22-.01-.345a3.348 3.348 0 0 0-.158-.972 2.281 2.281 0 0 0-.428-.784 1.828 1.828 0 0 0-.679-.533 2.278 2.278 0 0 0-.962-.188 2.123 2.123 0 0 0-.96.199 1.983 1.983 0 0 0-.648.491v-2.32a.246.246 0 0 0-.074-.178.223.223 0 0 0-.177-.073h-.889a.243.243 0 0 0-.177.073.246.246 0 0 0-.074.179v6.917c0 .07.025.13.074.177a.243.243 0 0 0 .177.074h.826a.22.22 0 0 0 .177-.074.238.238 0 0 0 .073-.177v-.386c.175.216.394.393.66.532Zm1.327-1.098c-.167.126-.4.188-.7.188-.285 0-.519-.066-.7-.198a1.197 1.197 0 0 1-.387-.502 2.28 2.28 0 0 1-.135-.637 6.72 6.72 0 0 1 0-.805c.006-.21.055-.408.146-.595a1.2 1.2 0 0 1 .397-.482c.174-.125.4-.187.68-.187.298 0 .532.065.7.198a1 1 0 0 1 .354.502c.077.208.122.438.137.69.013.208.013.417 0 .627a2.39 2.39 0 0 1-.137.689 1.065 1.065 0 0 1-.355.512ZM8.603 56.21c-.425 0-.794-.094-1.108-.282a1.93 1.93 0 0 1-.71-.815 2.912 2.912 0 0 1-.25-1.254v-2.937c0-.07.023-.129.073-.177a.238.238 0 0 1 .177-.073h.92a.22.22 0 0 1 .177.073.243.243 0 0 1 .073.177v2.874c0 .864.38 1.296 1.139 1.296.362 0 .648-.116.857-.345.216-.23.324-.547.324-.951v-2.874c0-.07.024-.129.074-.177a.238.238 0 0 1 .177-.073h.92c.07 0 .129.023.177.073a.243.243 0 0 1 .074.177v4.933c0 .07-.025.13-.074.177a.243.243 0 0 1-.177.074h-.847a.258.258 0 0 1-.188-.074.267.267 0 0 1-.062-.177v-.428a2.031 2.031 0 0 1-.7.574c-.28.14-.627.209-1.046.209Zm-8.53-.178c.05.05.109.074.178.074h.951c.077 0 .136-.024.177-.074a.238.238 0 0 0 .074-.177v-2.509h1.453l1.348 2.478a.84.84 0 0 0 .147.187c.062.064.152.095.27.095h.952a.199.199 0 0 0 .145-.062.197.197 0 0 0 .074-.158.252.252 0 0 0-.031-.114l-1.526-2.665a2.12 2.12 0 0 0 1.014-.742c.257-.342.386-.77.386-1.285 0-.746-.243-1.315-.73-1.704-.489-.39-1.154-.585-1.997-.585H.251a.238.238 0 0 0-.177.073.253.253 0 0 0-.074.188v6.803c0 .07.025.13.074.177Zm2.853-3.866H1.453V49.95h1.473c.432 0 .75.102.952.303.209.196.313.467.313.816s-.104.62-.313.815c-.21.188-.526.282-.952.282Z"/>
-    </symbol>
-    <symbol id="dnsimple" viewBox="0 0 60 60">
-      <path fill-rule="evenodd" clip-rule="evenodd" d="M6.175 24.787a3.92 3.92 0 0 0-.843.075v2.802c-.392-.151-.844-.226-1.446-.226-2.139 0-3.887 1.461-3.887 3.811 0 2.41 1.597 3.736 3.947 3.736 1.16 0 2.35-.316 3.088-.708v-9.415a4.242 4.242 0 0 0-.859-.075Zm-2.259 8.707c-1.296 0-2.184-.874-2.184-2.275 0-1.386.949-2.275 2.214-2.275.512 0 .979.061 1.386.317v4.007a3.742 3.742 0 0 1-1.416.226Zm8.421-6.086c-1.537 0-2.787.602-3.42 1.13v6.221c.286.06.573.075.844.075.286 0 .587-.015.858-.075v-5.393c.332-.196.919-.391 1.582-.391 1.1 0 1.732.497 1.732 1.807v3.977c.302.06.573.075.859.075.271 0 .573-.015.859-.075v-4.384c0-1.641-1.01-2.967-3.314-2.967ZM19.974 35c1.958 0 3.103-.904 3.103-2.395 0-1.416-1.129-1.943-2.681-2.184-1.22-.196-1.537-.422-1.537-.889 0-.452.392-.738 1.296-.738.859 0 1.597.256 2.094.542.346-.271.572-.693.648-1.22-.467-.332-1.386-.693-2.682-.693-1.808 0-2.998.904-2.998 2.229 0 1.507 1.206 1.974 2.471 2.17 1.28.195 1.687.467 1.687.949 0 .482-.361.858-1.371.858-1.13 0-1.762-.391-2.199-.708-.362.226-.648.633-.783 1.175.406.347 1.355.904 2.952.904Zm5.483-8.451a1.09 1.09 0 0 0 1.085-1.084 1.09 1.09 0 0 0-1.085-1.085c-.617 0-1.114.482-1.114 1.085 0 .602.497 1.084 1.114 1.084Zm0 8.285c.287 0 .573-.015.844-.075v-7.125a4.01 4.01 0 0 0-.844-.075c-.286 0-.572.015-.858.075v7.125c.286.06.587.075.858.075Zm10.892-7.426c-.964 0-1.838.376-2.426.828-.527-.512-1.31-.828-2.335-.828-1.491 0-2.786.633-3.359 1.13v6.221c.286.06.573.075.844.075.286 0 .587-.015.858-.075v-5.393a2.92 2.92 0 0 1 1.462-.391c1.16 0 1.596.738 1.596 1.762v4.022c.287.06.573.075.874.075.271 0 .573-.015.844-.075v-4.534c0-.226-.03-.452-.076-.663.347-.286.829-.587 1.522-.587 1.16 0 1.612.738 1.612 1.762v4.022c.271.06.557.075.858.075.272 0 .573-.015.844-.075v-4.534c0-1.552-1.055-2.817-3.118-2.817Zm8.134.015c-1.355 0-2.485.527-3.178 1.1v9.023c.301.06.572.075.858.075.287 0 .573-.015.844-.075v-2.772c.452.151.934.211 1.537.211 1.988 0 3.781-1.401 3.781-3.811 0-2.471-1.657-3.751-3.842-3.751Zm-.06 6.041c-.557 0-1.009-.091-1.416-.287v-3.841a2.842 2.842 0 0 1 1.401-.346c1.311 0 2.199.828 2.199 2.199 0 1.416-.888 2.275-2.184 2.275Zm6.312 1.37c.286 0 .587-.015.859-.075v-9.882a4.308 4.308 0 0 0-.874-.075c-.286 0-.573.015-.844.075v9.882c.301.06.588.075.859.075Zm9.264-4.187c0-1.913-1.356-3.224-3.269-3.224-2.033 0-3.585 1.597-3.585 3.811 0 2.335 1.537 3.751 3.676 3.751 1.431 0 2.365-.527 2.967-1.009a1.76 1.76 0 0 0-.738-1.16c-.467.331-1.069.738-2.109.738-1.19 0-1.913-.723-2.048-1.898h5.046c.045-.392.06-.633.06-1.009Zm-5.091-.121c.12-.979.768-1.717 1.822-1.717 1.16.015 1.597.874 1.597 1.717h-3.419Z"/>
-    </symbol>
-    <symbol id="datadog" viewBox="0 0 60 60">
-      <path d="M58.339 56.312v2.096c-.384.101-.728.15-1.03.15-2.034 0-3.05-1.075-3.05-3.224 0-1.986 1.078-2.978 3.233-2.978.898 0 1.735.167 2.51.503v-1.505c-.775-.29-1.653-.438-2.636-.438-3.221 0-4.834 1.471-4.834 4.418 0 3.109 1.584 4.666 4.751 4.666 1.09 0 1.995-.159 2.718-.476V54.84h-2.686l-.561 1.473h1.585Zm-11.376 2.245c1.807 0 2.71-1.041 2.71-3.124 0-2.051-.903-3.078-2.71-3.078-1.854 0-2.78 1.027-2.78 3.078 0 2.083.926 3.124 2.78 3.124Zm-4.508-3.086c0-3.038 1.504-4.555 4.508-4.555 2.957 0 4.436 1.517 4.436 4.555 0 3.02-1.479 4.529-4.436 4.529-2.871 0-4.373-1.51-4.508-4.53Zm-7.56 3.024h1.978c1.86 0 2.793-1.094 2.793-3.282 0-1.864-.932-2.794-2.793-2.794h-1.978v6.076Zm2.229 1.44h-3.89V50.98h3.89c2.803 0 4.205 1.412 4.205 4.233 0 3.148-1.402 4.723-4.205 4.723Zm-12.777 0h-1.709l3.81-8.955h1.79l3.89 8.956H30.34l-1.13-2.443h-2.874l.57-1.44h1.865L27.3 52.69l-2.954 7.246Zm-7.665-8.955h6.81v1.44h-2.574v7.516h-1.661V52.42h-2.575v-1.44ZM9.84 59.936H8.133l3.81-8.956h1.787l3.892 8.956h-1.789l-1.13-2.443H11.83l.571-1.44h1.864l-1.47-3.363-2.954 7.246Zm-8.176-1.441H3.64c1.863 0 2.792-1.094 2.792-3.282 0-1.864-.93-2.794-2.792-2.794H1.665v6.076Zm2.227 1.44H.002V50.98h3.89c2.803 0 4.206 1.412 4.206 4.233 0 3.148-1.403 4.723-4.206 4.723ZM29.864 14.47c.32-.304-1.597-.704-3.085.31-1.097.75-1.132 2.354-.082 3.264.105.09.192.154.273.206a9.513 9.513 0 0 1 2.767-.816c.223-.248.482-.686.417-1.477-.087-1.075-.902-.905-.29-1.486Zm10.065 5.833c-.18-.1-1.03-.06-1.627.01-1.137.135-2.364.529-2.633.739-.49.378-.268 1.037.095 1.307 1.012.757 1.9 1.264 2.838 1.14.575-.075 1.082-.986 1.442-1.813.245-.569.245-1.183-.115-1.383Zm-3.882-6.725c-.066.15-.169.248-.015.734l.01.028.025.063.064.146c.278.569.584 1.105 1.095 1.38.133-.023.269-.038.41-.045.481-.021.784.055.976.159a2.14 2.14 0 0 0 .01-.442c-.038-.721.142-1.947-1.243-2.592-.523-.242-1.257-.168-1.5.136a.634.634 0 0 1 .115.025c.37.128.12.256.053.408Zm14.266 9.879-1.194.227L46.828.002 7.77 4.53l4.812 39.046 4.571-.664c-.364-.52-.932-1.152-1.904-1.959-1.346-1.118-.87-3.018-.076-4.218 1.05-2.027 6.464-4.603 6.158-7.843-.11-1.178-.297-2.712-1.391-3.763-.04.436.033.856.033.856s-.45-.572-.673-1.354c-.222-.3-.396-.395-.633-.795-.168.463-.146 1-.146 1s-.368-.868-.426-1.6c-.219.327-.274.95-.274.95s-.477-1.368-.368-2.105c-.218-.642-.863-1.914-.681-4.807 1.192.835 3.816.637 4.838-.87.34-.499.573-1.86-.168-4.546-.477-1.721-1.656-4.284-2.117-5.257l-.054.04c.242.783.742 2.425.933 3.222.58 2.415.736 3.256.464 4.37-.232.968-.788 1.601-2.196 2.309-1.409.71-3.279-1.018-3.397-1.114-1.368-1.09-2.426-2.869-2.544-3.733-.123-.946.544-1.514.882-2.287a8.6 8.6 0 0 0-1.02.383s.642-.664 1.432-1.238a8.26 8.26 0 0 0 .864-.641c-.5-.009-.904.005-.904.005s.832-.45 1.695-.777c-.63-.029-1.236-.005-1.236-.005s1.858-.832 3.328-1.442c1.009-.414 1.995-.291 2.55.51.727 1.05 1.49 1.62 3.11 1.973.995-.44 1.297-.667 2.545-1.007 1.1-1.21 1.963-1.366 1.963-1.366s-.427.393-.542 1.01c.623-.491 1.306-.902 1.306-.902s-.264.327-.51.846l.057.085c.728-.436 1.583-.78 1.583-.78s-.244.31-.531.709c.548-.005 1.66.023 2.092.072 2.55.056 3.078-2.722 4.056-3.07 1.225-.438 1.773-.702 3.86 1.348 1.79 1.76 3.19 4.91 2.495 5.615-.583.586-1.732-.228-3.005-1.816a6.865 6.865 0 0 1-1.42-3.097 3.043 3.043 0 0 0-.984-1.684s.453 1.012.453 1.904c0 .488.061 2.31.843 3.332-.078.15-.114.74-.2.853-.908-1.099-2.861-1.885-3.178-2.117 1.076.883 3.553 2.911 4.504 4.855.9 1.838.37 3.523.825 3.96.129.125 1.935 2.374 2.282 3.504.607 1.97.036 4.04-.757 5.324l-2.214.345c-.324-.09-.543-.135-.834-.303.161-.283.48-.99.483-1.136l-.125-.219c-.69.976-1.844 1.924-2.803 2.469-1.256.712-2.702.602-3.644.31-2.673-.824-5.202-2.63-5.81-3.105 0 0-.02.379.095.464.674.76 2.218 2.135 3.71 3.094l-3.181.35 1.504 11.712c-.666.096-.77.143-1.5.247-.644-2.274-1.875-3.758-3.22-4.622-1.186-.763-2.823-.935-4.39-.624l-.1.116c1.089-.113 2.374.044 3.695.88 1.297.82 2.341 2.938 2.726 4.212.493 1.63.832 3.372-.493 5.22-.942 1.313-3.695 2.038-5.918.468.594.955 1.396 1.737 2.477 1.884 1.605.218 3.129-.061 4.176-1.137.895-.92 1.37-2.845 1.245-4.872l1.417-.205.511 3.637 23.449-2.823-1.913-18.66ZM27.86 28.834l2.951-.406c.477.215.81.297 1.382.442.89.232 1.924.455 3.451-.314.356-.177 1.096-.854 1.395-1.24l12.087-2.193 1.233 14.924-20.708 3.732-1.79-14.945Zm17.149 4.953-3.96-2.611-3.301 5.517-3.842-1.123-3.382 5.161.174 1.625 18.388-3.388-1.07-11.489-3.007 6.308Z"/>
-    </symbol>
-    <symbol id="fastly" viewBox="0 0 60 60">
-      <path d="M40.845 36.419h4.699v-2.393h-1.558V18.379h-3.141v18.04ZM.008 34.026h1.6v-7.55h-1.6v-2.078l1.6-.263v-2.103c0-2.546.554-3.653 3.797-3.653.698 0 1.533.103 2.264.24l-.434 2.561a6.106 6.106 0 0 0-1.047-.093c-1.141 0-1.43.11-1.43 1.234v1.822h2.375v2.342H4.758v7.55h1.584v2.393H.016v-2.402H.008Zm39.228-.757c-.494.102-.92.093-1.235.102-1.294.034-1.183-.391-1.183-1.617v-5.278h2.469v-2.342h-2.469V18.38h-3.15v14.029c0 2.759.681 4.01 3.644 4.01.698 0 1.668-.18 2.392-.34l-.468-2.81Zm19.563.775c.664 0 1.2.528 1.2 1.192 0 .663-.536 1.183-1.2 1.183a1.186 1.186 0 0 1-1.101-.728 1.186 1.186 0 0 1-.091-.456c0-.672.536-1.191 1.192-1.191Zm0 2.187a1 1 0 0 0 .996-1.004.99.99 0 0 0-.996-.987.983.983 0 0 0-.996.987c0 .553.451 1.004.996 1.004Zm.221-.417-.238-.348h-.17v.349h-.264v-1.167h.485c.29 0 .468.145.468.4 0 .188-.094.315-.247.366l.29.4h-.324Zm-.409-.587h.214c.118 0 .204-.05.204-.179 0-.119-.085-.17-.196-.17h-.222v.349Zm-28.868-8.76v-.417c-.953-.17-1.897-.179-2.409-.179-1.464 0-1.642.775-1.642 1.2 0 .597.204.92 1.787 1.27 2.324.518 4.648 1.063 4.648 3.94 0 2.733-1.405 4.138-4.358 4.138-1.975 0-3.899-.426-5.364-.8v-2.35h2.384v.418c1.03.195 2.103.178 2.665.178 1.566 0 1.813-.843 1.813-1.285 0-.622-.451-.92-1.916-1.218-2.758-.468-4.954-1.413-4.954-4.214 0-2.656 1.78-3.695 4.733-3.695 2.001 0 3.525.307 4.989.682v2.332h-2.376Zm-14.752 1.882-1.158 1.012a.616.616 0 0 0-.639 1.014.616.616 0 0 0 1.033-.299.617.617 0 0 0-.02-.34l1.022-1.14-.238-.248Z"/>
-      <path d="M20.068 23.47h-3.15v.886a6.38 6.38 0 0 0-2.12-.792v-1.073h.383v-.8h-3.167v.8h.384v1.081a6.48 6.48 0 0 0-5.261 6.368 6.469 6.469 0 0 0 1.899 4.588 6.48 6.48 0 0 0 4.587 1.9c1.209 0 2.35-.333 3.32-.912l.562.911h3.329v-3.15h-.766V23.47Zm-3.116 6.657a3.343 3.343 0 0 1-3.15 3.142v-.375h-.375v.375a3.332 3.332 0 0 1-3.124-3.15h.375v-.374h-.375a3.342 3.342 0 0 1 3.124-3.124v.374h.375v-.375a3.333 3.333 0 0 1 3.15 3.141h-.375v.375h.375v-.009Zm36.555-5.992h6.495v2.34h-1.549l-3.984 9.8c-1.141 2.749-3.013 5.345-5.874 5.345-.698 0-1.635-.076-2.282-.23l.281-2.86c.418.076.962.128 1.243.128 1.328 0 2.818-.818 3.286-2.248l-4.035-9.935h-1.55v-2.341h6.496v2.341h-1.549l2.29 5.627 2.29-5.627h-1.55v-2.341h-.008Z"/>
-    </symbol>
-    <symbol id="honeybadger" viewBox="0 0 60 60">
-      <path fill-rule="evenodd" clip-rule="evenodd" d="m37.902 14.22 7.608 7.607-15.506 15.507-1.687-1.687-2.292 2.29 2.451 2.452a2.161 2.161 0 0 0 3.056 0l17.034-17.034a2.16 2.16 0 0 0 0-3.055l-9.3-9.298-1.364 3.218Zm-.284-4.866-1.364 3.218-2.87-2.87 2.291-2.29 1.943 1.942Zm-3.47-3.472-2.616-2.615a2.161 2.161 0 0 0-3.056 0L11.444 20.3a2.161 2.161 0 0 0 0 3.055l9.984 9.984 1.462-3.119-8.391-8.393L30.004 6.323l1.853 1.85 2.29-2.29ZM23.051 34.964l1.462-3.12 2.276 2.275-2.293 2.29-1.445-1.445Z"/>
-      <path d="M39.405 5.158c.232-.546-.459-1.013-.879-.592L19.967 23.125h7.56l-6.016 14.81c-.221.547.466 1.003.882.586L40.49 20.424h-7.561l6.476-15.266Z"/>
-      <path fill-rule="evenodd" clip-rule="evenodd" d="m5.662 57.367 1.744-11.959H5.465l-.715 4.864H2.989l.715-4.864H1.762L.004 57.367h1.941l.78-5.308h1.762l-.78 5.308h1.955Zm3.62-2.397c1.942 0 2.705-.82 3.107-3.75.375-2.783-.276-3.697-2.08-3.697-1.913 0-2.732.941-3.078 3.804-.36 2.81.374 3.643 2.052 3.643Zm.196-1.371c-.486 0-.611-.47-.348-2.285.25-1.882.486-2.432 1.04-2.432.486 0 .583.442.333 2.298-.249 1.84-.486 2.419-1.025 2.419Zm5.672-5.323c.43-.404 1.054-.753 1.608-.753 1.124 0 1.513.766 1.318 2.11l-.777 5.175h-1.803l.736-4.972c.068-.484-.028-.727-.388-.727-.278 0-.541.243-.707.404l-.778 5.295h-1.802l1.04-7.124h1.526l.027.592Zm22.967-.592-.21.525a1.545 1.545 0 0 0-1.33-.686c-1.318 0-2.122 1.05-2.455 3.83-.333 2.756.306 3.617 1.345 3.617.624 0 1.11-.296 1.47-.712l.014.55h1.665l1.053-7.124h-1.552Zm-1.056 5.39c-.151.19-.442.39-.692.39-.445 0-.583-.417-.347-2.15.25-1.841.513-2.272.956-2.272.265 0 .486.188.611.39l-.528 3.643Zm8.558-7.666-1.387 9.4h-1.65l-.015-.55c-.36.43-.86.712-1.47.712-1.04 0-1.692-.86-1.344-3.617.333-2.78 1.122-3.83 2.454-3.83.514 0 .915.215 1.206.552l.403-2.667h1.803Zm-3.967 5.906c-.249 1.733-.097 2.15.347 2.15.236 0 .541-.2.693-.39l.527-3.642c-.125-.202-.36-.39-.61-.39-.444 0-.707.43-.957 2.272Zm-15.81 6.05h21.502a2.584 2.584 0 0 0 2.559-2.223l1.054-7.457h-1.553l-.166.538c-.278-.39-.75-.699-1.262-.699-1.4 0-2.164.766-2.552 3.75-.374 2.715.236 3.548 1.332 3.548.554 0 1.067-.24 1.413-.644l-.055.51c-.149.639-.804 1.145-1.882 1.145H26.71c-.255.603-.503 1.09-.797 1.45l-.07.082Zm21.842-4.02c-.444 0-.61-.39-.374-2.084.236-1.774.513-2.218.97-2.218.25 0 .473.188.596.377l-.512 3.535c-.152.188-.445.39-.68.39Zm7.461.994c-.734.43-1.498.632-2.164.632-1.553 0-2.26-1.344-1.955-3.63.36-2.741 1.387-3.817 3.148-3.817 1.096 0 1.775.565 1.775 1.56 0 1.33-.749 2.782-3.189 3.226 0 .072.004.126.008.174.003.04.005.079.005.12.013.552.306.848.791.848.333 0 .72-.108 1.276-.363l.305 1.25Zm-1.18-5.484c-.428 0-.818.645-1.053 2.07a1.557 1.557 0 0 0 1.414-1.546c0-.323-.11-.524-.36-.524Zm3.46 5.954.734-4.879c.36-.322.763-.497 1.165-.497.112 0 .208 0 .32.013l.36-1.733a.932.932 0 0 0-.568-.189c-.528 0-.985.418-1.318 1.009l-.027-.848h-1.415l-1.055 7.124h1.804Zm-34.924-.47c-.736.43-1.498.632-2.164.632-1.553 0-2.26-1.344-1.954-3.63.36-2.741 1.385-3.817 3.146-3.817 1.097 0 1.776.565 1.776 1.56 0 1.33-.749 2.782-3.189 3.226 0 .072.004.126.007.174.003.04.006.079.006.12.015.552.305.848.791.848.333 0 .721-.108 1.275-.363l.306 1.25Zm-1.18-5.484c-.429 0-.817.645-1.052 2.07a1.557 1.557 0 0 0 1.413-1.546c0-.323-.11-.524-.36-.524Zm9.85 6.116c1.58 0 2.19-1.25 2.524-4.167.318-2.608-.195-3.28-1.29-3.28-.554 0-1.04.23-1.47.565l.36-2.482h-1.802l-1.346 9.202h1.637l.166-.537c.236.39.666.7 1.22.7Zm-.347-1.506a.675.675 0 0 1-.624-.39l.541-3.655c.208-.215.484-.377.749-.377.416 0 .499.416.319 1.828-.166 1.681-.444 2.594-.985 2.594Zm-5.516-.59 1.566-5.19h1.859L25.96 54.89c-.764 1.962-1.193 2.474-2.4 2.474H6.626l.225-1.532h16.414c.557 0 .864-.387.864-.89l-.624-7.258h1.956l-.153 5.19Z"/>
-    </symbol>
-    <symbol id="domainr" viewBox="0 0 60 60">
-      <path d="M30.02 0a22.501 22.501 0 0 1 15.899 6.582A22.515 22.515 0 0 1 52.5 22.473c0 5.96-2.378 11.676-6.582 15.89a22.5 22.5 0 0 1-15.899 6.583H10.236a.733.733 0 0 1-.626-.35.887.887 0 0 1-.11-.354c0-.125.025-.25.086-.361l1.152-2.306a.959.959 0 0 1 .883-.537H30.02a18.57 18.57 0 0 0 18.57-18.565A18.57 18.57 0 0 0 30.02 3.91H14.048a.409.409 0 0 0-.184.046.466.466 0 0 0-.135.129.309.309 0 0 0-.049.179c-.012.064.012.126.037.184l1.066 2.12a.429.429 0 0 0 .184.199c.074.049.16.073.258.073H30.02a15.64 15.64 0 0 1 15.641 15.634A15.647 15.647 0 0 1 30.02 38.106H13.656a.733.733 0 0 1-.626-.35.887.887 0 0 1-.11-.352.75.75 0 0 1 .086-.363l4.572-9.145a.96.96 0 0 1 .87-.538H30.02a4.89 4.89 0 0 0 4.89-4.885 4.89 4.89 0 0 0-4.89-4.885h-9.132a.405.405 0 0 0-.184.047.466.466 0 0 0-.135.129.309.309 0 0 0-.049.179c-.012.062.012.125.037.182l1.066 2.121c.037.08.098.15.172.199a.525.525 0 0 0 .27.073h7.955c.527 0 1.017.206 1.385.573.368.367.576.864.576 1.382 0 .518-.208 1.015-.576 1.382a1.949 1.949 0 0 1-1.385.572h-10.1a.999.999 0 0 1-.515-.147 1.054 1.054 0 0 1-.356-.39l-4.584-9.145a.735.735 0 0 1-.074-.362c0-.126.037-.248.11-.356a.671.671 0 0 1 .258-.256.744.744 0 0 1 .368-.092H30.02a8.81 8.81 0 0 1 6.227 2.576 8.82 8.82 0 0 1 2.574 6.218 8.819 8.819 0 0 1-2.574 6.218 8.809 8.809 0 0 1-6.227 2.576h-9.426a.503.503 0 0 0-.442.274l-1.066 2.12a.462.462 0 0 0-.037.183.32.32 0 0 0 .061.178.29.29 0 0 0 .135.13c.05.03.11.046.172.046H30.02a11.75 11.75 0 0 0 8.299-3.435 11.743 11.743 0 0 0 3.432-8.29 11.743 11.743 0 0 0-3.432-8.291 11.75 11.75 0 0 0-8.299-3.434H13.08a.999.999 0 0 1-.515-.147 1.053 1.053 0 0 1-.356-.39L7.625 1.065A.735.735 0 0 1 7.55.703a.62.62 0 0 1 .11-.354.757.757 0 0 1 .258-.256.745.745 0 0 1 .368-.094H30.02ZM6.423 59.86h-2.17l.013-1.39h2.157c.638 0 1.153-.137 1.582-.412.429-.274.747-.668.968-1.18.208-.511.319-1.122.319-1.83v-.55c0-.55-.062-1.037-.184-1.46a3.019 3.019 0 0 0-.54-1.068 2.397 2.397 0 0 0-.882-.657 3.022 3.022 0 0 0-1.201-.223H4.217v-1.398h2.268c.674 0 1.299.114 1.85.343a4.016 4.016 0 0 1 1.447.97c.417.424.723.932.944 1.522.22.592.33 1.253.33 1.984v.538c0 .73-.11 1.391-.33 1.983a4.233 4.233 0 0 1-.944 1.521c-.404.42-.895.743-1.459.971-.564.225-1.2.336-1.9.336Zm-1.2-10.168V59.86H3.468V49.692h1.753Zm7.109 6.474v-.161c0-.544.073-1.05.233-1.515.159-.47.392-.878.686-1.222a3.16 3.16 0 0 1 1.103-.81 3.62 3.62 0 0 1 1.483-.293c.552 0 1.042.098 1.471.293.442.19.81.46 1.116.81.306.344.527.751.686 1.222.16.466.246.97.246 1.515v.16c0 .546-.086 1.051-.246 1.516-.159.465-.38.872-.686 1.222a3.27 3.27 0 0 1-1.103.81A3.58 3.58 0 0 1 15.85 60a3.74 3.74 0 0 1-1.496-.287 3.27 3.27 0 0 1-1.103-.81 3.783 3.783 0 0 1-.686-1.222 4.64 4.64 0 0 1-.233-1.515Zm1.68-.161v.16c0 .34.036.661.097.964.074.303.184.569.331.797.147.228.343.407.576.537.233.13.515.196.834.196.306 0 .576-.065.809-.196.233-.13.417-.31.576-.537.147-.228.257-.494.319-.797a4.07 4.07 0 0 0 .11-.963v-.161c0-.335-.037-.652-.11-.95a2.173 2.173 0 0 0-.331-.803 1.59 1.59 0 0 0-.576-.544 1.554 1.554 0 0 0-.81-.202c-.318 0-.6.067-.833.202-.22.13-.417.311-.564.544s-.257.501-.33.803a4.706 4.706 0 0 0-.099.95Zm8.433-2.165v6.02h-1.68v-7.556h1.581l.099 1.536Zm-.27 1.963-.576-.008c0-.52.061-1.002.196-1.445.135-.442.319-.826.576-1.152.245-.331.564-.584.932-.761.38-.182.809-.272 1.311-.272.343 0 .65.051.944.153.282.098.527.254.748.468.208.215.368.49.478.824.122.336.184.74.184 1.215v5.035h-1.692v-4.888c0-.368-.049-.656-.16-.866a.973.973 0 0 0-.465-.447 1.73 1.73 0 0 0-.723-.14c-.319 0-.589.061-.81.182-.22.12-.404.286-.539.496-.134.21-.245.451-.306.726a4.033 4.033 0 0 0-.098.88Zm4.682-.448-.784.176c0-.456.061-.888.184-1.292a3.4 3.4 0 0 1 .564-1.075c.257-.313.564-.557.931-.733a2.854 2.854 0 0 1 1.263-.266c.392 0 .735.054 1.03.16.318.103.576.266.784.49.22.222.38.513.49.872.11.354.172.782.172 1.285v4.888h-1.692v-4.896c0-.38-.06-.676-.171-.886a.836.836 0 0 0-.454-.433 1.884 1.884 0 0 0-.723-.126c-.257 0-.49.05-.686.147a1.383 1.383 0 0 0-.503.399 1.839 1.839 0 0 0-.306.578c-.062.22-.099.457-.099.712Zm10.628 2.99v-3.604c0-.27-.049-.502-.147-.698a1.066 1.066 0 0 0-.454-.454 1.526 1.526 0 0 0-.735-.16c-.282 0-.515.046-.711.14a1.206 1.206 0 0 0-.478.377.91.91 0 0 0-.16.537h-1.679c0-.298.074-.586.22-.866.148-.28.356-.528.626-.748.27-.218.6-.39.98-.516s.81-.188 1.288-.188c.564 0 1.079.095 1.508.286.44.19.796.48 1.041.866.258.381.38.862.38 1.438v3.36c0 .344.025.653.074.928.049.27.123.505.22.706v.111H37.73a2.797 2.797 0 0 1-.184-.691 4.8 4.8 0 0 1-.06-.824Zm.233-3.08.025 1.04h-1.214c-.306 0-.588.031-.821.091a1.69 1.69 0 0 0-.6.251c-.148.112-.27.248-.356.406-.074.158-.11.337-.11.537 0 .201.048.385.134.552.098.163.233.291.405.384.183.094.404.14.662.14a1.835 1.835 0 0 0 1.507-.734c.147-.208.233-.407.245-.593l.54.747a2.3 2.3 0 0 1-.282.615c-.135.219-.319.427-.54.628a2.616 2.616 0 0 1-1.801.67 2.92 2.92 0 0 1-1.324-.293 2.395 2.395 0 0 1-.907-.803 2.067 2.067 0 0 1-.331-1.152c0-.4.073-.754.233-1.062.147-.311.367-.572.661-.782a3.338 3.338 0 0 1 1.091-.474c.43-.112.92-.168 1.471-.168h1.312Zm5.014-2.96v7.555H41.04v-7.556h1.692ZM40.93 50.32c0-.256.085-.468.245-.635.184-.173.417-.259.723-.259.294 0 .527.086.699.259a.848.848 0 0 1 .257.635c0 .251-.086.46-.257.629-.172.168-.405.251-.699.251-.306 0-.54-.083-.723-.251a.883.883 0 0 1-.245-.629Zm5.307 3.596v5.943h-1.679v-7.556h1.594l.085 1.613Zm-.294 1.886-.54-.008c0-.534.074-1.026.221-1.473.148-.446.356-.831.613-1.152.27-.321.576-.568.944-.74a2.82 2.82 0 0 1 1.238-.265c.356 0 .687.051.98.153.295.098.553.258.76.482.222.224.38.514.491.874.11.353.172.788.172 1.305v4.881H49.13v-4.888c0-.363-.061-.65-.16-.86a.946.946 0 0 0-.453-.453 1.711 1.711 0 0 0-.735-.14 1.59 1.59 0 0 0-.772.182 1.74 1.74 0 0 0-.589.496c-.147.21-.27.451-.355.726a2.938 2.938 0 0 0-.123.88Zm8.287-2.06v6.117h-1.692v-7.556h1.606l.086 1.438Zm2.304-1.488-.012 1.564a4.306 4.306 0 0 0-.687-.055c-.282 0-.539.042-.76.125a1.418 1.418 0 0 0-.882.894 2.574 2.574 0 0 0-.147.72l-.38.028c0-.476.049-.915.135-1.32a3.48 3.48 0 0 1 .429-1.068c.183-.308.429-.548.71-.72.282-.173.613-.258.993-.258a2.13 2.13 0 0 1 .601.09Z"/>
-    </symbol>
-    <symbol id="mend-io" viewBox="0 0 60 60">
-      <path d="M43.39 27.355c-2.24 5.173-7.39 8.79-13.39 8.79-.25 0-.49-.006-.73-.018-7.72-.38-13.87-6.763-13.87-14.58 0-1.31.18-2.576.5-3.78.33-.352.79-.57 1.31-.57.99 0 1.81.818 1.81 1.824v.587c0 .01-.01.02-.01.028v4.44a3.33 3.33 0 0 0 3.32 3.331 3.33 3.33 0 0 0 3.32-3.331v-3.582c0-.012-.01-.022-.01-.035v-1.438c0-1.006.81-1.825 1.81-1.825s1.81.82 1.81 1.825v5.055c0 1.837 1.49 3.331 3.31 3.331a3.33 3.33 0 0 0 3.32-3.331V19.02c0-1.006.81-1.825 1.81-1.825.99 0 1.8.82 1.8 1.825v5.055a3.33 3.33 0 0 0 3.32 3.331c.19 0 .38-.02.57-.052Z"/>
-      <path d="M44.59 21.55c0 1.322-.18 2.598-.5 3.818v.006c-.01.002-.01.005-.01.005v.002c-.33.32-.77.52-1.27.52-.99 0-1.8-.819-1.8-1.824v-5.055a3.331 3.331 0 0 0-3.32-3.332c-1.83 0-3.31 1.496-3.31 3.333v5.055c0 1.006-.81 1.825-1.81 1.825s-1.81-.82-1.81-1.825v-5.055c0-1.837-1.48-3.333-3.31-3.333a3.331 3.331 0 0 0-3.32 3.333v5.055c0 1.006-.81 1.825-1.8 1.825-1 0-1.81-.82-1.81-1.825v-5.055c0-1.836-1.49-3.33-3.31-3.332h-.01c-.2 0-.4.021-.6.057C18.85 10.573 24 6.956 30 6.956c.07 0 .15 0 .23.002 7.95.126 14.36 6.61 14.36 14.594M.11 52.772a.408.408 0 0 1-.11-.289v-7.528c0-.117.04-.214.11-.289a.4.4 0 0 1 .29-.111h1.75c.11 0 .21.038.28.111a.38.38 0 0 1 .12.289v.544c.24-.32.57-.584.98-.792.41-.209.87-.313 1.39-.313 1.17 0 1.98.459 2.43 1.378.26-.406.61-.737 1.07-.994.46-.256.95-.384 1.48-.384.87 0 1.58.296 2.13.89.55.592.83 1.476.83 2.651v4.548c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121H10.6a.421.421 0 0 1-.3-.112.376.376 0 0 1-.12-.289v-4.436c0-.534-.11-.918-.32-1.154-.22-.234-.52-.352-.89-.352-.35 0-.63.12-.85.36-.23.241-.34.623-.34 1.146v4.436c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121H5.52a.414.414 0 0 1-.29-.112.408.408 0 0 1-.11-.289v-4.436c0-.523-.11-.905-.34-1.146a1.15 1.15 0 0 0-.87-.36c-.36 0-.63.12-.86.36-.23.241-.35.617-.35 1.129v4.453c0 .107-.03.2-.11.28a.367.367 0 0 1-.29.121H.4a.382.382 0 0 1-.29-.112Zm15.07-.768c-.74-.694-1.13-1.703-1.16-3.028v-.56c.05-1.26.44-2.246 1.18-2.955.74-.71 1.74-1.066 2.99-1.066.91 0 1.67.185 2.3.553.62.368 1.09.873 1.41 1.513.31.641.47 1.378.47 2.211v.384c0 .107-.04.199-.11.28-.08.08-.17.12-.29.12h-5.13v.112c.02.502.15.908.37 1.217.23.31.55.464.98.464.27 0 .48-.056.66-.168.17-.112.32-.248.46-.408.1-.117.17-.19.23-.216.06-.026.15-.04.28-.04h1.99c.09 0 .18.029.25.088s.1.136.1.232c0 .278-.16.598-.47.961-.32.364-.77.678-1.37.945-.6.267-1.3.4-2.12.4-1.28 0-2.29-.347-3.02-1.041v.002Zm4.37-4.133v-.031c0-.523-.12-.938-.36-1.241-.24-.305-.57-.457-1-.457-.43 0-.75.152-.99.457-.24.303-.36.718-.36 1.241v.031h2.71Zm4.1 4.901a.408.408 0 0 1-.11-.289v-7.528c0-.117.04-.214.11-.289a.418.418 0 0 1 .29-.111h1.85c.11 0 .21.038.29.111a.38.38 0 0 1 .12.289v.608c.29-.352.66-.635 1.11-.849.46-.214.97-.32 1.55-.32.94 0 1.7.318 2.29.954.59.635.88 1.524.88 2.666v4.469c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121h-2.02c-.1 0-.2-.04-.28-.121a.383.383 0 0 1-.12-.28v-4.372c0-.503-.12-.89-.37-1.162-.24-.273-.59-.408-1.05-.408-.46 0-.8.135-1.06.408-.26.272-.38.659-.38 1.162v4.372c0 .107-.04.2-.12.28a.36.36 0 0 1-.28.121h-2.01a.414.414 0 0 1-.29-.112Zm10.53-.712c-.58-.657-.9-1.583-.95-2.78l-.02-.561.02-.577c.04-1.153.36-2.066.95-2.739.59-.672 1.41-1.009 2.44-1.009.97 0 1.76.316 2.36.945v-3.428a.382.382 0 0 1 .4-.4h1.95c.12 0 .21.038.29.112.07.075.11.171.11.288v10.572c0 .106-.04.199-.11.279a.382.382 0 0 1-.29.121h-1.81c-.11 0-.2-.04-.28-.121a.383.383 0 0 1-.12-.279v-.514c-.59.715-1.42 1.073-2.5 1.073s-1.86-.328-2.44-.985v.003Zm4.4-1.618c.23-.305.36-.696.4-1.177.01-.139.01-.342.01-.608 0-.267 0-.454-.01-.593-.03-.437-.16-.8-.4-1.089-.25-.288-.61-.433-1.08-.433-.5 0-.86.15-1.08.448-.22.3-.34.711-.37 1.234-.02.107-.02.272-.02.497 0 .224 0 .389.02.496.03.523.15.934.37 1.234.22.299.58.448 1.08.448.51 0 .84-.152 1.08-.457Zm9.06-7.2c-.08-.075-.11-.17-.11-.288v-1.442c0-.117.03-.214.11-.288a.382.382 0 0 1 .29-.112h1.92c.12 0 .21.038.29.112.07.074.11.171.11.288v1.442c0 .117-.04.213-.11.288a.397.397 0 0 1-.29.112h-1.92a.382.382 0 0 1-.29-.112Zm.02 9.53a.376.376 0 0 1-.12-.288v-7.529c0-.117.04-.213.12-.288a.374.374 0 0 1 .28-.112h1.89c.12 0 .22.038.29.112a.37.37 0 0 1 .11.288v7.529c0 .106-.03.199-.11.28a.37.37 0 0 1-.29.12h-1.89a.374.374 0 0 1-.28-.112Zm5.02-.672c-.72-.631-1.11-1.517-1.17-2.659-.01-.139-.02-.379-.02-.721 0-.341.01-.581.02-.72.06-1.131.46-2.015 1.2-2.651.74-.636 1.74-.954 3.03-.954 1.28 0 2.3.318 3.04.954.74.636 1.14 1.519 1.2 2.651.01.139.02.379.02.72 0 .342-.01.583-.02.721-.06 1.142-.45 2.028-1.17 2.659-.71.63-1.74.944-3.07.944-1.34 0-2.35-.314-3.06-.944Zm4.1-1.433c.22-.284.35-.719.38-1.305.01-.107.02-.32.02-.642 0-.321-.01-.533-.02-.641-.03-.577-.16-1.008-.39-1.297-.23-.289-.57-.433-1.03-.433-.89 0-1.36.577-1.41 1.73l-.02.641.02.642c.02.588.14 1.023.37 1.305.23.283.58.424 1.04.424.46 0 .81-.141 1.04-.424Zm-12.16 2.217a1.45 1.45 0 1 0 0-2.9 1.45 1.45 0 0 0 0 2.9Z"/>
-    </symbol>
-    <symbol id="github" viewBox="0 0 24 24">
-      <path d="M12 2C17.525 2 22 6.58819 22 12.2529C21.9995 14.4012 21.3419 16.4952 20.1198 18.2402C18.8977 19.9852 17.1727 21.2933 15.1875 21.9804C14.6875 22.0829 14.5 21.7625 14.5 21.4934C14.5 21.1474 14.5125 20.0452 14.5125 18.6738C14.5125 17.7126 14.2 17.0974 13.8375 16.777C16.0625 16.5207 18.4 15.6492 18.4 11.7147C18.4 10.5868 18.0125 9.67689 17.375 8.95918C17.475 8.70286 17.825 7.65193 17.275 6.24215C17.275 6.24215 16.4375 5.9602 14.525 7.29308C13.725 7.06239 12.875 6.94704 12.025 6.94704C11.175 6.94704 10.325 7.06239 9.525 7.29308C7.6125 5.97301 6.775 6.24215 6.775 6.24215C6.225 7.65193 6.575 8.70286 6.675 8.95918C6.0375 9.67689 5.65 10.5997 5.65 11.7147C5.65 15.6364 7.975 16.5207 10.2 16.777C9.9125 17.0334 9.65 17.4819 9.5625 18.1484C8.9875 18.4175 7.55 18.8533 6.65 17.3025C6.4625 16.9949 5.9 16.2388 5.1125 16.2516C4.275 16.2644 4.775 16.7386 5.125 16.9308C5.55 17.1743 6.0375 18.0843 6.15 18.3791C6.35 18.9558 7 20.058 9.5125 19.5838C9.5125 20.4425 9.525 21.2499 9.525 21.4934C9.525 21.7625 9.3375 22.0701 8.8375 21.9804C6.8458 21.3007 5.11342 19.9952 3.88611 18.2492C2.65881 16.5031 1.9989 14.4052 2 12.2529C2 6.58819 6.475 2 12 2Z"/>
-    </symbol>
-    <symbol id="mastodon" viewBox="0 0 24 24">
-      <path d="M23.193 7.879c0-5.207-3.411-6.732-3.411-6.732C18.062.357 15.109.025 12.04 0h-.076c-3.068.025-6.019.357-7.74 1.147 0 0-3.411 1.526-3.411 6.732 0 1.191-.023 2.617.015 4.129.123 5.092.933 10.111 5.641 11.356 2.171.575 4.034.695 5.534.613 2.722-.152 4.249-.972 4.249-.972l-.09-1.975s-1.945.614-4.129.539c-2.165-.075-4.448-.233-4.799-2.891a5.626 5.626 0 0 1-.048-.745s2.124.519 4.817.643c1.646.076 3.19-.096 4.759-.283 3.007-.359 5.625-2.211 5.954-3.905.52-2.668.477-6.509.477-6.509Zm-4.023 6.709h-2.498v-6.12c0-1.289-.542-1.944-1.628-1.944-1.2 0-1.802.777-1.802 2.312v3.35H10.76v-3.35c0-1.535-.601-2.312-1.803-2.312-1.086 0-1.628.655-1.628 1.944v6.12H4.832V8.284c0-1.289.327-2.313.987-3.07.68-.757 1.569-1.146 2.674-1.146 1.278 0 2.247.491 2.886 1.473L12 6.585l.623-1.044c.64-.982 1.609-1.473 2.887-1.473 1.104 0 1.994.389 2.674 1.146.658.757.986 1.781.986 3.07v6.304Z"/>
-    </symbol>
-    <symbol id="x-twitter" viewBox="0 0 24 24">
-      <path d="M16.39 19.89h2.44L7.6 4.17H5.16M21 21H15.64l-4.91-6.99L4.59 21H3l7.03-7.99L3 3H8.36l4.65 6.62L18.83 3h1.59l-6.71 7.62"/>
-    </symbol>
+    <symbol id="logo" viewBox="0 0 32 32"><path d="M10.4 10.5l-3.9 4L16 24l9.6-9.5-3.9-4H10.4ZM16 29 4.7 22.5V9.5L16 3 27.3 9.5v13L16 29ZM2 8V24l14 8 14-8V8L16 0 2 8Z"/></symbol>
+    <symbol id="gems" viewBox="0 0 24 24"><path d="m8.22 8.29-2.63 2.7L12 17.4l6.48-6.41-2.63-2.7H8.22ZM12 20.77 4.37 16.39V7.61L12 3.23l7.63 4.38v8.78L12 20.77ZM2.55 6.6V17.4L12 22.8l9.45-5.4V6.6L12 1.2 2.55 6.6Z"/></symbol>
+    <symbol id="organizations" viewBox="0 0 24 24"><path fill-rule="evenodd" clip-rule="evenodd" d="M10.59 13.45c-.39-.4-.59-.88-.59-1.44 0-.57.2-1.05.59-1.44s.87-.58 1.43-.58c.57 0 1.05.19 1.44.58.39.39.58.87.58 1.44 0 .56-.19 1.04-.58 1.44-.39.39-.87.59-1.44.59-.56 0-1.04-.2-1.43-.59Zm5.87.86c-.26-.26-.39-.58-.39-.95 0-.38.13-.7.39-.96.27-.26.58-.39.95-.39.39 0 .71.13.97.39.25.26.38.58.38.96 0 .37-.13.69-.38.95-.26.27-.58.4-.97.4-.37 0-.68-.13-.95-.4Zm-10.79 0c-.26-.26-.39-.58-.39-.95 0-.38.13-.7.39-.96.27-.26.59-.39.96-.39.38 0 .7.13.96.39s.39.58.39.96c0 .37-.13.69-.39.95-.26.27-.58.4-.96.4-.37 0-.69-.13-.96-.4ZM2.57 6.62V17.41l9.44 5.39 9.44-5.39V6.62l-9.44-5.4-9.44 5.4Zm1.35 10 .06.04c.1-.33.33-.61.7-.83.5-.3 1.15-.45 1.95-.45.14 0 .28.01.42.01.13.01.26.02.39.04-.16.23-.28.47-.36.73s-.12.53-.12.82v1.38l1.02.58V16.98c0-.73.37-1.32 1.12-1.77.74-.44 1.72-.67 2.92-.67 1.21 0 2.19.23 2.93.67.75.45 1.12 1.04 1.12 1.77v1.95l1.01-.58V16.98c0-.29-.04-.56-.11-.82-.07-.26-.18-.5-.33-.73.12-.02.25-.03.38-.04.13 0 .26-.01.39-.01.81 0 1.47.15 1.96.45.36.22.59.49.69.82l.04-.03V7.4L12.01 2.78 3.92 7.4v9.22Z"/></symbol>
+    <symbol id="ruby-central" viewBox="0 0 60 60"><path fill-rule="evenodd" clip-rule="evenodd" d="M9.362 11.513a9.603 9.603 0 0 1 9.604-9.604h21.131a9.605 9.605 0 0 1 9.605 9.604v21.131a9.606 9.606 0 0 1-9.605 9.605h-21.13a9.605 9.605 0 0 1-9.605-9.605v-21.13ZM44.33 21.886c0 8.063-6.537 14.6-14.6 14.6s-14.599-6.537-14.599-14.6 6.536-14.6 14.6-14.6 14.599 6.537 14.599 14.6ZM27.164 13.05c-.984 0-1.92.418-2.577 1.149L21.4 17.742a3.467 3.467 0 0 0-.1 4.518l5.916 7.196a3.467 3.467 0 0 0 5.354 0l5.916-7.196a3.467 3.467 0 0 0-.1-4.518l-3.187-3.544a3.467 3.467 0 0 0-2.577-1.15h-5.458ZM26.591 16a.77.77 0 0 1 .573-.254h5.458c.219 0 .426.093.573.254l3.186 3.545a.77.77 0 0 1 .022 1.004l-5.915 7.197a.77.77 0 0 1-1.19 0l-5.915-7.197a.77.77 0 0 1 .022-1.004L26.591 16Zm32.113 40.033c.05.049.108.074.178.074h.868a.24.24 0 0 0 .177-.074.238.238 0 0 0 .073-.177v-6.917a.24.24 0 0 0-.073-.18.243.243 0 0 0-.177-.072h-.868a.245.245 0 0 0-.178.073.246.246 0 0 0-.073.179v6.917c0 .07.025.13.073.177Zm-4.164.178c-.361 0-.689-.07-.982-.209a1.907 1.907 0 0 1-.7-.576 1.403 1.403 0 0 1-.25-.814 1.365 1.365 0 0 1 .584-1.16c.397-.293.92-.488 1.568-.585l1.432-.21v-.218c0-.293-.073-.52-.22-.68-.146-.16-.397-.24-.752-.24a1.112 1.112 0 0 0-.617.156.91.91 0 0 0-.345.398.266.266 0 0 1-.24.135h-.826c-.076 0-.135-.02-.177-.062a.256.256 0 0 1-.053-.168 1.062 1.062 0 0 1 .137-.407c.083-.16.216-.314.397-.46.18-.153.414-.282.7-.386.286-.105.63-.157 1.034-.157.44 0 .808.055 1.109.167a1.862 1.862 0 0 1 .73.428c.182.181.314.395.398.638.083.243.125.501.125.773v3.282a.24.24 0 0 1-.073.177.243.243 0 0 1-.177.074h-.847a.258.258 0 0 1-.189-.074.267.267 0 0 1-.062-.177v-.408a1.655 1.655 0 0 1-.366.376 2.124 2.124 0 0 1-.565.283 2.533 2.533 0 0 1-.773.104Zm.356-.993c.244 0 .463-.052.658-.156a1.08 1.08 0 0 0 .47-.48c.119-.224.178-.503.178-.837v-.22l-1.045.167c-.41.063-.717.164-.92.303-.2.14-.303.31-.303.513a.61.61 0 0 0 .137.397.95.95 0 0 0 .365.24c.146.048.3.073.46.073Zm-5.827.815a.243.243 0 0 0 .177.074h.909c.077 0 .14-.025.188-.074a.243.243 0 0 0 .074-.177v-2.873c0-.328.09-.586.272-.774.187-.188.449-.283.783-.283h.815c.077 0 .136-.023.178-.073a.243.243 0 0 0 .073-.178v-.752a.243.243 0 0 0-.073-.177.222.222 0 0 0-.178-.073h-.428c-.335 0-.63.06-.889.177a1.579 1.579 0 0 0-.617.513v-.43a.237.237 0 0 0-.083-.187.243.243 0 0 0-.177-.073h-.847a.25.25 0 0 0-.25.26v4.923c0 .07.023.13.073.177Zm-1.774.074c-.418 0-.77-.074-1.056-.22a1.4 1.4 0 0 1-.637-.648c-.14-.292-.21-.654-.21-1.086V51.78h-.825a.243.243 0 0 1-.178-.073.246.246 0 0 1-.073-.179v-.606c0-.07.025-.129.073-.177a.243.243 0 0 1 .178-.073h.825v-1.734c0-.071.021-.13.064-.18a.256.256 0 0 1 .187-.072h.846a.246.246 0 0 1 .251.252v1.734h1.307c.07 0 .13.024.178.073a.243.243 0 0 1 .073.177v.606c0 .07-.025.13-.073.179a.243.243 0 0 1-.178.073H46.74v2.268c0 .285.05.507.147.668.105.16.283.24.533.24h.722c.07 0 .127.025.177.074a.243.243 0 0 1 .073.177v.648a.24.24 0 0 1-.073.177.245.245 0 0 1-.177.074h-.847Zm-8.542-.074a.243.243 0 0 0 .177.074h.92a.24.24 0 0 0 .178-.074.238.238 0 0 0 .073-.177V52.98c0-.403.108-.72.324-.95.216-.23.505-.346.867-.346.377 0 .662.116.857.345.202.23.304.548.304.951v2.875c0 .07.024.13.072.177.05.049.108.074.179.074h.918c.071 0 .13-.025.179-.074a.243.243 0 0 0 .073-.177v-2.937c0-.488-.088-.906-.262-1.253a1.844 1.844 0 0 0-.72-.806 2.053 2.053 0 0 0-1.108-.292c-.418 0-.77.076-1.056.23a2.18 2.18 0 0 0-.69.554v-.429a.243.243 0 0 0-.072-.177.24.24 0 0 0-.178-.073h-.858a.238.238 0 0 0-.177.073.243.243 0 0 0-.073.177v4.933c0 .07.024.13.073.177Zm-3.443.178c-.774 0-1.387-.223-1.84-.67-.453-.445-.696-1.079-.73-1.9a2.545 2.545 0 0 1-.012-.263c0-.111.004-.198.011-.26.027-.523.147-.976.355-1.36.216-.382.513-.675.889-.877.376-.208.818-.313 1.327-.313.563 0 1.037.118 1.42.355.384.23.674.554.869.972.194.411.291.888.291 1.431v.22a.238.238 0 0 1-.073.178.253.253 0 0 1-.187.073h-3.47v.083c.007.244.052.47.136.68a1.233 1.233 0 0 0 .387.49c.174.126.38.19.616.19a1.3 1.3 0 0 0 .491-.084 1.293 1.293 0 0 0 .502-.397c.063-.085.111-.133.146-.147a.407.407 0 0 1 .177-.03h.9c.069 0 .125.02.167.061a.174.174 0 0 1 .063.157c-.007.111-.067.248-.179.408a1.938 1.938 0 0 1-.459.47 2.71 2.71 0 0 1-.763.386 3.322 3.322 0 0 1-1.034.147Zm-1.15-3.292h2.309v-.03c0-.273-.045-.51-.135-.712a1.12 1.12 0 0 0-.397-.48 1.082 1.082 0 0 0-.627-.178 1.08 1.08 0 0 0-.627.178 1.112 1.112 0 0 0-.397.48 1.838 1.838 0 0 0-.126.711v.031Zm-6.727 2.958c.453.223 1.003.334 1.65.334.475 0 .9-.062 1.275-.187a3.02 3.02 0 0 0 .962-.513c.265-.222.47-.48.617-.773a2.222 2.222 0 0 0 .23-.951.17.17 0 0 0-.063-.157.211.211 0 0 0-.157-.063h-.993a.313.313 0 0 0-.187.052c-.05.035-.085.102-.106.199-.11.453-.303.767-.574.94-.272.168-.61.251-1.013.251-.467 0-.84-.129-1.119-.386-.279-.265-.428-.697-.449-1.295a24.37 24.37 0 0 1 0-1.757c.021-.6.17-1.028.45-1.284.277-.266.651-.398 1.118-.398.403 0 .74.084 1.013.251.271.166.464.48.574.94a.354.354 0 0 0 .106.198.313.313 0 0 0 .187.054h.993a.211.211 0 0 0 .157-.064.171.171 0 0 0 .063-.156 2.218 2.218 0 0 0-.847-1.714 2.898 2.898 0 0 0-.962-.523 4.018 4.018 0 0 0-1.274-.188c-.64 0-1.188.115-1.641.345a2.408 2.408 0 0 0-1.034.972c-.237.425-.37.93-.397 1.515a37.886 37.886 0 0 0 0 1.86c.027.593.16 1.102.397 1.526.237.418.578.742 1.024.972Zm-7.801 2.216a.2.2 0 0 1-.147-.064.199.199 0 0 1-.063-.146V57.8a.474.474 0 0 1 .042-.083l.816-1.934-2.007-4.734a.482.482 0 0 1-.041-.147.25.25 0 0 1 .073-.156.196.196 0 0 1 .156-.073h.847c.083 0 .146.02.187.063a.424.424 0 0 1 .095.135l1.39 3.417 1.43-3.417a.314.314 0 0 1 .095-.135c.042-.042.104-.063.189-.063h.835a.2.2 0 0 1 .147.063.186.186 0 0 1 .073.145.468.468 0 0 1-.042.168l-2.957 6.845a.417.417 0 0 1-.105.135c-.041.043-.105.064-.188.064h-.825Zm-4.87-2.09c.272.138.61.208 1.013.208.37 0 .69-.058.962-.178.272-.125.498-.299.68-.522.18-.222.32-.484.417-.783a3.8 3.8 0 0 0 .168-1.003 6.92 6.92 0 0 0 .01-.335c0-.105-.004-.22-.01-.345a3.348 3.348 0 0 0-.158-.972 2.281 2.281 0 0 0-.428-.784 1.828 1.828 0 0 0-.679-.533 2.278 2.278 0 0 0-.962-.188 2.123 2.123 0 0 0-.96.199 1.983 1.983 0 0 0-.648.491v-2.32a.246.246 0 0 0-.074-.178.223.223 0 0 0-.177-.073h-.889a.243.243 0 0 0-.177.073.246.246 0 0 0-.074.179v6.917c0 .07.025.13.074.177a.243.243 0 0 0 .177.074h.826a.22.22 0 0 0 .177-.074.238.238 0 0 0 .073-.177v-.386c.175.216.394.393.66.532Zm1.327-1.098c-.167.126-.4.188-.7.188-.285 0-.519-.066-.7-.198a1.197 1.197 0 0 1-.387-.502 2.28 2.28 0 0 1-.135-.637 6.72 6.72 0 0 1 0-.805c.006-.21.055-.408.146-.595a1.2 1.2 0 0 1 .397-.482c.174-.125.4-.187.68-.187.298 0 .532.065.7.198a1 1 0 0 1 .354.502c.077.208.122.438.137.69.013.208.013.417 0 .627a2.39 2.39 0 0 1-.137.689 1.065 1.065 0 0 1-.355.512ZM8.603 56.21c-.425 0-.794-.094-1.108-.282a1.93 1.93 0 0 1-.71-.815 2.912 2.912 0 0 1-.25-1.254v-2.937c0-.07.023-.129.073-.177a.238.238 0 0 1 .177-.073h.92a.22.22 0 0 1 .177.073.243.243 0 0 1 .073.177v2.874c0 .864.38 1.296 1.139 1.296.362 0 .648-.116.857-.345.216-.23.324-.547.324-.951v-2.874c0-.07.024-.129.074-.177a.238.238 0 0 1 .177-.073h.92c.07 0 .129.023.177.073a.243.243 0 0 1 .074.177v4.933c0 .07-.025.13-.074.177a.243.243 0 0 1-.177.074h-.847a.258.258 0 0 1-.188-.074.267.267 0 0 1-.062-.177v-.428a2.031 2.031 0 0 1-.7.574c-.28.14-.627.209-1.046.209Zm-8.53-.178c.05.05.109.074.178.074h.951c.077 0 .136-.024.177-.074a.238.238 0 0 0 .074-.177v-2.509h1.453l1.348 2.478a.84.84 0 0 0 .147.187c.062.064.152.095.27.095h.952a.199.199 0 0 0 .145-.062.197.197 0 0 0 .074-.158.252.252 0 0 0-.031-.114l-1.526-2.665a2.12 2.12 0 0 0 1.014-.742c.257-.342.386-.77.386-1.285 0-.746-.243-1.315-.73-1.704-.489-.39-1.154-.585-1.997-.585H.251a.238.238 0 0 0-.177.073.253.253 0 0 0-.074.188v6.803c0 .07.025.13.074.177Zm2.853-3.866H1.453V49.95h1.473c.432 0 .75.102.952.303.209.196.313.467.313.816s-.104.62-.313.815c-.21.188-.526.282-.952.282Z"/></symbol>
+    <symbol id="dnsimple" viewBox="0 0 60 60"><path fill-rule="evenodd" clip-rule="evenodd" d="M6.175 24.787a3.92 3.92 0 0 0-.843.075v2.802c-.392-.151-.844-.226-1.446-.226-2.139 0-3.887 1.461-3.887 3.811 0 2.41 1.597 3.736 3.947 3.736 1.16 0 2.35-.316 3.088-.708v-9.415a4.242 4.242 0 0 0-.859-.075Zm-2.259 8.707c-1.296 0-2.184-.874-2.184-2.275 0-1.386.949-2.275 2.214-2.275.512 0 .979.061 1.386.317v4.007a3.742 3.742 0 0 1-1.416.226Zm8.421-6.086c-1.537 0-2.787.602-3.42 1.13v6.221c.286.06.573.075.844.075.286 0 .587-.015.858-.075v-5.393c.332-.196.919-.391 1.582-.391 1.1 0 1.732.497 1.732 1.807v3.977c.302.06.573.075.859.075.271 0 .573-.015.859-.075v-4.384c0-1.641-1.01-2.967-3.314-2.967ZM19.974 35c1.958 0 3.103-.904 3.103-2.395 0-1.416-1.129-1.943-2.681-2.184-1.22-.196-1.537-.422-1.537-.889 0-.452.392-.738 1.296-.738.859 0 1.597.256 2.094.542.346-.271.572-.693.648-1.22-.467-.332-1.386-.693-2.682-.693-1.808 0-2.998.904-2.998 2.229 0 1.507 1.206 1.974 2.471 2.17 1.28.195 1.687.467 1.687.949 0 .482-.361.858-1.371.858-1.13 0-1.762-.391-2.199-.708-.362.226-.648.633-.783 1.175.406.347 1.355.904 2.952.904Zm5.483-8.451a1.09 1.09 0 0 0 1.085-1.084 1.09 1.09 0 0 0-1.085-1.085c-.617 0-1.114.482-1.114 1.085 0 .602.497 1.084 1.114 1.084Zm0 8.285c.287 0 .573-.015.844-.075v-7.125a4.01 4.01 0 0 0-.844-.075c-.286 0-.572.015-.858.075v7.125c.286.06.587.075.858.075Zm10.892-7.426c-.964 0-1.838.376-2.426.828-.527-.512-1.31-.828-2.335-.828-1.491 0-2.786.633-3.359 1.13v6.221c.286.06.573.075.844.075.286 0 .587-.015.858-.075v-5.393a2.92 2.92 0 0 1 1.462-.391c1.16 0 1.596.738 1.596 1.762v4.022c.287.06.573.075.874.075.271 0 .573-.015.844-.075v-4.534c0-.226-.03-.452-.076-.663.347-.286.829-.587 1.522-.587 1.16 0 1.612.738 1.612 1.762v4.022c.271.06.557.075.858.075.272 0 .573-.015.844-.075v-4.534c0-1.552-1.055-2.817-3.118-2.817Zm8.134.015c-1.355 0-2.485.527-3.178 1.1v9.023c.301.06.572.075.858.075.287 0 .573-.015.844-.075v-2.772c.452.151.934.211 1.537.211 1.988 0 3.781-1.401 3.781-3.811 0-2.471-1.657-3.751-3.842-3.751Zm-.06 6.041c-.557 0-1.009-.091-1.416-.287v-3.841a2.842 2.842 0 0 1 1.401-.346c1.311 0 2.199.828 2.199 2.199 0 1.416-.888 2.275-2.184 2.275Zm6.312 1.37c.286 0 .587-.015.859-.075v-9.882a4.308 4.308 0 0 0-.874-.075c-.286 0-.573.015-.844.075v9.882c.301.06.588.075.859.075Zm9.264-4.187c0-1.913-1.356-3.224-3.269-3.224-2.033 0-3.585 1.597-3.585 3.811 0 2.335 1.537 3.751 3.676 3.751 1.431 0 2.365-.527 2.967-1.009a1.76 1.76 0 0 0-.738-1.16c-.467.331-1.069.738-2.109.738-1.19 0-1.913-.723-2.048-1.898h5.046c.045-.392.06-.633.06-1.009Zm-5.091-.121c.12-.979.768-1.717 1.822-1.717 1.16.015 1.597.874 1.597 1.717h-3.419Z"/></symbol>
+    <symbol id="datadog" viewBox="0 0 60 60"><path d="M58.339 56.312v2.096c-.384.101-.728.15-1.03.15-2.034 0-3.05-1.075-3.05-3.224 0-1.986 1.078-2.978 3.233-2.978.898 0 1.735.167 2.51.503v-1.505c-.775-.29-1.653-.438-2.636-.438-3.221 0-4.834 1.471-4.834 4.418 0 3.109 1.584 4.666 4.751 4.666 1.09 0 1.995-.159 2.718-.476V54.84h-2.686l-.561 1.473h1.585Zm-11.376 2.245c1.807 0 2.71-1.041 2.71-3.124 0-2.051-.903-3.078-2.71-3.078-1.854 0-2.78 1.027-2.78 3.078 0 2.083.926 3.124 2.78 3.124Zm-4.508-3.086c0-3.038 1.504-4.555 4.508-4.555 2.957 0 4.436 1.517 4.436 4.555 0 3.02-1.479 4.529-4.436 4.529-2.871 0-4.373-1.51-4.508-4.53Zm-7.56 3.024h1.978c1.86 0 2.793-1.094 2.793-3.282 0-1.864-.932-2.794-2.793-2.794h-1.978v6.076Zm2.229 1.44h-3.89V50.98h3.89c2.803 0 4.205 1.412 4.205 4.233 0 3.148-1.402 4.723-4.205 4.723Zm-12.777 0h-1.709l3.81-8.955h1.79l3.89 8.956H30.34l-1.13-2.443h-2.874l.57-1.44h1.865L27.3 52.69l-2.954 7.246Zm-7.665-8.955h6.81v1.44h-2.574v7.516h-1.661V52.42h-2.575v-1.44ZM9.84 59.936H8.133l3.81-8.956h1.787l3.892 8.956h-1.789l-1.13-2.443H11.83l.571-1.44h1.864l-1.47-3.363-2.954 7.246Zm-8.176-1.441H3.64c1.863 0 2.792-1.094 2.792-3.282 0-1.864-.93-2.794-2.792-2.794H1.665v6.076Zm2.227 1.44H.002V50.98h3.89c2.803 0 4.206 1.412 4.206 4.233 0 3.148-1.403 4.723-4.206 4.723ZM29.864 14.47c.32-.304-1.597-.704-3.085.31-1.097.75-1.132 2.354-.082 3.264.105.09.192.154.273.206a9.513 9.513 0 0 1 2.767-.816c.223-.248.482-.686.417-1.477-.087-1.075-.902-.905-.29-1.486Zm10.065 5.833c-.18-.1-1.03-.06-1.627.01-1.137.135-2.364.529-2.633.739-.49.378-.268 1.037.095 1.307 1.012.757 1.9 1.264 2.838 1.14.575-.075 1.082-.986 1.442-1.813.245-.569.245-1.183-.115-1.383Zm-3.882-6.725c-.066.15-.169.248-.015.734l.01.028.025.063.064.146c.278.569.584 1.105 1.095 1.38.133-.023.269-.038.41-.045.481-.021.784.055.976.159a2.14 2.14 0 0 0 .01-.442c-.038-.721.142-1.947-1.243-2.592-.523-.242-1.257-.168-1.5.136a.634.634 0 0 1 .115.025c.37.128.12.256.053.408Zm14.266 9.879-1.194.227L46.828.002 7.77 4.53l4.812 39.046 4.571-.664c-.364-.52-.932-1.152-1.904-1.959-1.346-1.118-.87-3.018-.076-4.218 1.05-2.027 6.464-4.603 6.158-7.843-.11-1.178-.297-2.712-1.391-3.763-.04.436.033.856.033.856s-.45-.572-.673-1.354c-.222-.3-.396-.395-.633-.795-.168.463-.146 1-.146 1s-.368-.868-.426-1.6c-.219.327-.274.95-.274.95s-.477-1.368-.368-2.105c-.218-.642-.863-1.914-.681-4.807 1.192.835 3.816.637 4.838-.87.34-.499.573-1.86-.168-4.546-.477-1.721-1.656-4.284-2.117-5.257l-.054.04c.242.783.742 2.425.933 3.222.58 2.415.736 3.256.464 4.37-.232.968-.788 1.601-2.196 2.309-1.409.71-3.279-1.018-3.397-1.114-1.368-1.09-2.426-2.869-2.544-3.733-.123-.946.544-1.514.882-2.287a8.6 8.6 0 0 0-1.02.383s.642-.664 1.432-1.238a8.26 8.26 0 0 0 .864-.641c-.5-.009-.904.005-.904.005s.832-.45 1.695-.777c-.63-.029-1.236-.005-1.236-.005s1.858-.832 3.328-1.442c1.009-.414 1.995-.291 2.55.51.727 1.05 1.49 1.62 3.11 1.973.995-.44 1.297-.667 2.545-1.007 1.1-1.21 1.963-1.366 1.963-1.366s-.427.393-.542 1.01c.623-.491 1.306-.902 1.306-.902s-.264.327-.51.846l.057.085c.728-.436 1.583-.78 1.583-.78s-.244.31-.531.709c.548-.005 1.66.023 2.092.072 2.55.056 3.078-2.722 4.056-3.07 1.225-.438 1.773-.702 3.86 1.348 1.79 1.76 3.19 4.91 2.495 5.615-.583.586-1.732-.228-3.005-1.816a6.865 6.865 0 0 1-1.42-3.097 3.043 3.043 0 0 0-.984-1.684s.453 1.012.453 1.904c0 .488.061 2.31.843 3.332-.078.15-.114.74-.2.853-.908-1.099-2.861-1.885-3.178-2.117 1.076.883 3.553 2.911 4.504 4.855.9 1.838.37 3.523.825 3.96.129.125 1.935 2.374 2.282 3.504.607 1.97.036 4.04-.757 5.324l-2.214.345c-.324-.09-.543-.135-.834-.303.161-.283.48-.99.483-1.136l-.125-.219c-.69.976-1.844 1.924-2.803 2.469-1.256.712-2.702.602-3.644.31-2.673-.824-5.202-2.63-5.81-3.105 0 0-.02.379.095.464.674.76 2.218 2.135 3.71 3.094l-3.181.35 1.504 11.712c-.666.096-.77.143-1.5.247-.644-2.274-1.875-3.758-3.22-4.622-1.186-.763-2.823-.935-4.39-.624l-.1.116c1.089-.113 2.374.044 3.695.88 1.297.82 2.341 2.938 2.726 4.212.493 1.63.832 3.372-.493 5.22-.942 1.313-3.695 2.038-5.918.468.594.955 1.396 1.737 2.477 1.884 1.605.218 3.129-.061 4.176-1.137.895-.92 1.37-2.845 1.245-4.872l1.417-.205.511 3.637 23.449-2.823-1.913-18.66ZM27.86 28.834l2.951-.406c.477.215.81.297 1.382.442.89.232 1.924.455 3.451-.314.356-.177 1.096-.854 1.395-1.24l12.087-2.193 1.233 14.924-20.708 3.732-1.79-14.945Zm17.149 4.953-3.96-2.611-3.301 5.517-3.842-1.123-3.382 5.161.174 1.625 18.388-3.388-1.07-11.489-3.007 6.308Z"/></symbol>
+    <symbol id="fastly" viewBox="0 0 60 60"><path d="M40.845 36.419h4.699v-2.393h-1.558V18.379h-3.141v18.04ZM.008 34.026h1.6v-7.55h-1.6v-2.078l1.6-.263v-2.103c0-2.546.554-3.653 3.797-3.653.698 0 1.533.103 2.264.24l-.434 2.561a6.106 6.106 0 0 0-1.047-.093c-1.141 0-1.43.11-1.43 1.234v1.822h2.375v2.342H4.758v7.55h1.584v2.393H.016v-2.402H.008Zm39.228-.757c-.494.102-.92.093-1.235.102-1.294.034-1.183-.391-1.183-1.617v-5.278h2.469v-2.342h-2.469V18.38h-3.15v14.029c0 2.759.681 4.01 3.644 4.01.698 0 1.668-.18 2.392-.34l-.468-2.81Zm19.563.775c.664 0 1.2.528 1.2 1.192 0 .663-.536 1.183-1.2 1.183a1.186 1.186 0 0 1-1.101-.728 1.186 1.186 0 0 1-.091-.456c0-.672.536-1.191 1.192-1.191Zm0 2.187a1 1 0 0 0 .996-1.004.99.99 0 0 0-.996-.987.983.983 0 0 0-.996.987c0 .553.451 1.004.996 1.004Zm.221-.417-.238-.348h-.17v.349h-.264v-1.167h.485c.29 0 .468.145.468.4 0 .188-.094.315-.247.366l.29.4h-.324Zm-.409-.587h.214c.118 0 .204-.05.204-.179 0-.119-.085-.17-.196-.17h-.222v.349Zm-28.868-8.76v-.417c-.953-.17-1.897-.179-2.409-.179-1.464 0-1.642.775-1.642 1.2 0 .597.204.92 1.787 1.27 2.324.518 4.648 1.063 4.648 3.94 0 2.733-1.405 4.138-4.358 4.138-1.975 0-3.899-.426-5.364-.8v-2.35h2.384v.418c1.03.195 2.103.178 2.665.178 1.566 0 1.813-.843 1.813-1.285 0-.622-.451-.92-1.916-1.218-2.758-.468-4.954-1.413-4.954-4.214 0-2.656 1.78-3.695 4.733-3.695 2.001 0 3.525.307 4.989.682v2.332h-2.376Zm-14.752 1.882-1.158 1.012a.616.616 0 0 0-.639 1.014.616.616 0 0 0 1.033-.299.617.617 0 0 0-.02-.34l1.022-1.14-.238-.248Z"/><path d="M20.068 23.47h-3.15v.886a6.38 6.38 0 0 0-2.12-.792v-1.073h.383v-.8h-3.167v.8h.384v1.081a6.48 6.48 0 0 0-5.261 6.368 6.469 6.469 0 0 0 1.899 4.588 6.48 6.48 0 0 0 4.587 1.9c1.209 0 2.35-.333 3.32-.912l.562.911h3.329v-3.15h-.766V23.47Zm-3.116 6.657a3.343 3.343 0 0 1-3.15 3.142v-.375h-.375v.375a3.332 3.332 0 0 1-3.124-3.15h.375v-.374h-.375a3.342 3.342 0 0 1 3.124-3.124v.374h.375v-.375a3.333 3.333 0 0 1 3.15 3.141h-.375v.375h.375v-.009Zm36.555-5.992h6.495v2.34h-1.549l-3.984 9.8c-1.141 2.749-3.013 5.345-5.874 5.345-.698 0-1.635-.076-2.282-.23l.281-2.86c.418.076.962.128 1.243.128 1.328 0 2.818-.818 3.286-2.248l-4.035-9.935h-1.55v-2.341h6.496v2.341h-1.549l2.29 5.627 2.29-5.627h-1.55v-2.341h-.008Z"/></symbol>
+    <symbol id="honeybadger" viewBox="0 0 60 60"><path fill-rule="evenodd" clip-rule="evenodd" d="m37.902 14.22 7.608 7.607-15.506 15.507-1.687-1.687-2.292 2.29 2.451 2.452a2.161 2.161 0 0 0 3.056 0l17.034-17.034a2.16 2.16 0 0 0 0-3.055l-9.3-9.298-1.364 3.218Zm-.284-4.866-1.364 3.218-2.87-2.87 2.291-2.29 1.943 1.942Zm-3.47-3.472-2.616-2.615a2.161 2.161 0 0 0-3.056 0L11.444 20.3a2.161 2.161 0 0 0 0 3.055l9.984 9.984 1.462-3.119-8.391-8.393L30.004 6.323l1.853 1.85 2.29-2.29ZM23.051 34.964l1.462-3.12 2.276 2.275-2.293 2.29-1.445-1.445Z"/><path d="M39.405 5.158c.232-.546-.459-1.013-.879-.592L19.967 23.125h7.56l-6.016 14.81c-.221.547.466 1.003.882.586L40.49 20.424h-7.561l6.476-15.266Z"/><path fill-rule="evenodd" clip-rule="evenodd" d="m5.662 57.367 1.744-11.959H5.465l-.715 4.864H2.989l.715-4.864H1.762L.004 57.367h1.941l.78-5.308h1.762l-.78 5.308h1.955Zm3.62-2.397c1.942 0 2.705-.82 3.107-3.75.375-2.783-.276-3.697-2.08-3.697-1.913 0-2.732.941-3.078 3.804-.36 2.81.374 3.643 2.052 3.643Zm.196-1.371c-.486 0-.611-.47-.348-2.285.25-1.882.486-2.432 1.04-2.432.486 0 .583.442.333 2.298-.249 1.84-.486 2.419-1.025 2.419Zm5.672-5.323c.43-.404 1.054-.753 1.608-.753 1.124 0 1.513.766 1.318 2.11l-.777 5.175h-1.803l.736-4.972c.068-.484-.028-.727-.388-.727-.278 0-.541.243-.707.404l-.778 5.295h-1.802l1.04-7.124h1.526l.027.592Zm22.967-.592-.21.525a1.545 1.545 0 0 0-1.33-.686c-1.318 0-2.122 1.05-2.455 3.83-.333 2.756.306 3.617 1.345 3.617.624 0 1.11-.296 1.47-.712l.014.55h1.665l1.053-7.124h-1.552Zm-1.056 5.39c-.151.19-.442.39-.692.39-.445 0-.583-.417-.347-2.15.25-1.841.513-2.272.956-2.272.265 0 .486.188.611.39l-.528 3.643Zm8.558-7.666-1.387 9.4h-1.65l-.015-.55c-.36.43-.86.712-1.47.712-1.04 0-1.692-.86-1.344-3.617.333-2.78 1.122-3.83 2.454-3.83.514 0 .915.215 1.206.552l.403-2.667h1.803Zm-3.967 5.906c-.249 1.733-.097 2.15.347 2.15.236 0 .541-.2.693-.39l.527-3.642c-.125-.202-.36-.39-.61-.39-.444 0-.707.43-.957 2.272Zm-15.81 6.05h21.502a2.584 2.584 0 0 0 2.559-2.223l1.054-7.457h-1.553l-.166.538c-.278-.39-.75-.699-1.262-.699-1.4 0-2.164.766-2.552 3.75-.374 2.715.236 3.548 1.332 3.548.554 0 1.067-.24 1.413-.644l-.055.51c-.149.639-.804 1.145-1.882 1.145H26.71c-.255.603-.503 1.09-.797 1.45l-.07.082Zm21.842-4.02c-.444 0-.61-.39-.374-2.084.236-1.774.513-2.218.97-2.218.25 0 .473.188.596.377l-.512 3.535c-.152.188-.445.39-.68.39Zm7.461.994c-.734.43-1.498.632-2.164.632-1.553 0-2.26-1.344-1.955-3.63.36-2.741 1.387-3.817 3.148-3.817 1.096 0 1.775.565 1.775 1.56 0 1.33-.749 2.782-3.189 3.226 0 .072.004.126.008.174.003.04.005.079.005.12.013.552.306.848.791.848.333 0 .72-.108 1.276-.363l.305 1.25Zm-1.18-5.484c-.428 0-.818.645-1.053 2.07a1.557 1.557 0 0 0 1.414-1.546c0-.323-.11-.524-.36-.524Zm3.46 5.954.734-4.879c.36-.322.763-.497 1.165-.497.112 0 .208 0 .32.013l.36-1.733a.932.932 0 0 0-.568-.189c-.528 0-.985.418-1.318 1.009l-.027-.848h-1.415l-1.055 7.124h1.804Zm-34.924-.47c-.736.43-1.498.632-2.164.632-1.553 0-2.26-1.344-1.954-3.63.36-2.741 1.385-3.817 3.146-3.817 1.097 0 1.776.565 1.776 1.56 0 1.33-.749 2.782-3.189 3.226 0 .072.004.126.007.174.003.04.006.079.006.12.015.552.305.848.791.848.333 0 .721-.108 1.275-.363l.306 1.25Zm-1.18-5.484c-.429 0-.817.645-1.052 2.07a1.557 1.557 0 0 0 1.413-1.546c0-.323-.11-.524-.36-.524Zm9.85 6.116c1.58 0 2.19-1.25 2.524-4.167.318-2.608-.195-3.28-1.29-3.28-.554 0-1.04.23-1.47.565l.36-2.482h-1.802l-1.346 9.202h1.637l.166-.537c.236.39.666.7 1.22.7Zm-.347-1.506a.675.675 0 0 1-.624-.39l.541-3.655c.208-.215.484-.377.749-.377.416 0 .499.416.319 1.828-.166 1.681-.444 2.594-.985 2.594Zm-5.516-.59 1.566-5.19h1.859L25.96 54.89c-.764 1.962-1.193 2.474-2.4 2.474H6.626l.225-1.532h16.414c.557 0 .864-.387.864-.89l-.624-7.258h1.956l-.153 5.19Z"/></symbol>
+    <symbol id="domainr" viewBox="0 0 60 60"><path d="M30.02 0a22.501 22.501 0 0 1 15.899 6.582A22.515 22.515 0 0 1 52.5 22.473c0 5.96-2.378 11.676-6.582 15.89a22.5 22.5 0 0 1-15.899 6.583H10.236a.733.733 0 0 1-.626-.35.887.887 0 0 1-.11-.354c0-.125.025-.25.086-.361l1.152-2.306a.959.959 0 0 1 .883-.537H30.02a18.57 18.57 0 0 0 18.57-18.565A18.57 18.57 0 0 0 30.02 3.91H14.048a.409.409 0 0 0-.184.046.466.466 0 0 0-.135.129.309.309 0 0 0-.049.179c-.012.064.012.126.037.184l1.066 2.12a.429.429 0 0 0 .184.199c.074.049.16.073.258.073H30.02a15.64 15.64 0 0 1 15.641 15.634A15.647 15.647 0 0 1 30.02 38.106H13.656a.733.733 0 0 1-.626-.35.887.887 0 0 1-.11-.352.75.75 0 0 1 .086-.363l4.572-9.145a.96.96 0 0 1 .87-.538H30.02a4.89 4.89 0 0 0 4.89-4.885 4.89 4.89 0 0 0-4.89-4.885h-9.132a.405.405 0 0 0-.184.047.466.466 0 0 0-.135.129.309.309 0 0 0-.049.179c-.012.062.012.125.037.182l1.066 2.121c.037.08.098.15.172.199a.525.525 0 0 0 .27.073h7.955c.527 0 1.017.206 1.385.573.368.367.576.864.576 1.382 0 .518-.208 1.015-.576 1.382a1.949 1.949 0 0 1-1.385.572h-10.1a.999.999 0 0 1-.515-.147 1.054 1.054 0 0 1-.356-.39l-4.584-9.145a.735.735 0 0 1-.074-.362c0-.126.037-.248.11-.356a.671.671 0 0 1 .258-.256.744.744 0 0 1 .368-.092H30.02a8.81 8.81 0 0 1 6.227 2.576 8.82 8.82 0 0 1 2.574 6.218 8.819 8.819 0 0 1-2.574 6.218 8.809 8.809 0 0 1-6.227 2.576h-9.426a.503.503 0 0 0-.442.274l-1.066 2.12a.462.462 0 0 0-.037.183.32.32 0 0 0 .061.178.29.29 0 0 0 .135.13c.05.03.11.046.172.046H30.02a11.75 11.75 0 0 0 8.299-3.435 11.743 11.743 0 0 0 3.432-8.29 11.743 11.743 0 0 0-3.432-8.291 11.75 11.75 0 0 0-8.299-3.434H13.08a.999.999 0 0 1-.515-.147 1.053 1.053 0 0 1-.356-.39L7.625 1.065A.735.735 0 0 1 7.55.703a.62.62 0 0 1 .11-.354.757.757 0 0 1 .258-.256.745.745 0 0 1 .368-.094H30.02ZM6.423 59.86h-2.17l.013-1.39h2.157c.638 0 1.153-.137 1.582-.412.429-.274.747-.668.968-1.18.208-.511.319-1.122.319-1.83v-.55c0-.55-.062-1.037-.184-1.46a3.019 3.019 0 0 0-.54-1.068 2.397 2.397 0 0 0-.882-.657 3.022 3.022 0 0 0-1.201-.223H4.217v-1.398h2.268c.674 0 1.299.114 1.85.343a4.016 4.016 0 0 1 1.447.97c.417.424.723.932.944 1.522.22.592.33 1.253.33 1.984v.538c0 .73-.11 1.391-.33 1.983a4.233 4.233 0 0 1-.944 1.521c-.404.42-.895.743-1.459.971-.564.225-1.2.336-1.9.336Zm-1.2-10.168V59.86H3.468V49.692h1.753Zm7.109 6.474v-.161c0-.544.073-1.05.233-1.515.159-.47.392-.878.686-1.222a3.16 3.16 0 0 1 1.103-.81 3.62 3.62 0 0 1 1.483-.293c.552 0 1.042.098 1.471.293.442.19.81.46 1.116.81.306.344.527.751.686 1.222.16.466.246.97.246 1.515v.16c0 .546-.086 1.051-.246 1.516-.159.465-.38.872-.686 1.222a3.27 3.27 0 0 1-1.103.81A3.58 3.58 0 0 1 15.85 60a3.74 3.74 0 0 1-1.496-.287 3.27 3.27 0 0 1-1.103-.81 3.783 3.783 0 0 1-.686-1.222 4.64 4.64 0 0 1-.233-1.515Zm1.68-.161v.16c0 .34.036.661.097.964.074.303.184.569.331.797.147.228.343.407.576.537.233.13.515.196.834.196.306 0 .576-.065.809-.196.233-.13.417-.31.576-.537.147-.228.257-.494.319-.797a4.07 4.07 0 0 0 .11-.963v-.161c0-.335-.037-.652-.11-.95a2.173 2.173 0 0 0-.331-.803 1.59 1.59 0 0 0-.576-.544 1.554 1.554 0 0 0-.81-.202c-.318 0-.6.067-.833.202-.22.13-.417.311-.564.544s-.257.501-.33.803a4.706 4.706 0 0 0-.099.95Zm8.433-2.165v6.02h-1.68v-7.556h1.581l.099 1.536Zm-.27 1.963-.576-.008c0-.52.061-1.002.196-1.445.135-.442.319-.826.576-1.152.245-.331.564-.584.932-.761.38-.182.809-.272 1.311-.272.343 0 .65.051.944.153.282.098.527.254.748.468.208.215.368.49.478.824.122.336.184.74.184 1.215v5.035h-1.692v-4.888c0-.368-.049-.656-.16-.866a.973.973 0 0 0-.465-.447 1.73 1.73 0 0 0-.723-.14c-.319 0-.589.061-.81.182-.22.12-.404.286-.539.496-.134.21-.245.451-.306.726a4.033 4.033 0 0 0-.098.88Zm4.682-.448-.784.176c0-.456.061-.888.184-1.292a3.4 3.4 0 0 1 .564-1.075c.257-.313.564-.557.931-.733a2.854 2.854 0 0 1 1.263-.266c.392 0 .735.054 1.03.16.318.103.576.266.784.49.22.222.38.513.49.872.11.354.172.782.172 1.285v4.888h-1.692v-4.896c0-.38-.06-.676-.171-.886a.836.836 0 0 0-.454-.433 1.884 1.884 0 0 0-.723-.126c-.257 0-.49.05-.686.147a1.383 1.383 0 0 0-.503.399 1.839 1.839 0 0 0-.306.578c-.062.22-.099.457-.099.712Zm10.628 2.99v-3.604c0-.27-.049-.502-.147-.698a1.066 1.066 0 0 0-.454-.454 1.526 1.526 0 0 0-.735-.16c-.282 0-.515.046-.711.14a1.206 1.206 0 0 0-.478.377.91.91 0 0 0-.16.537h-1.679c0-.298.074-.586.22-.866.148-.28.356-.528.626-.748.27-.218.6-.39.98-.516s.81-.188 1.288-.188c.564 0 1.079.095 1.508.286.44.19.796.48 1.041.866.258.381.38.862.38 1.438v3.36c0 .344.025.653.074.928.049.27.123.505.22.706v.111H37.73a2.797 2.797 0 0 1-.184-.691 4.8 4.8 0 0 1-.06-.824Zm.233-3.08.025 1.04h-1.214c-.306 0-.588.031-.821.091a1.69 1.69 0 0 0-.6.251c-.148.112-.27.248-.356.406-.074.158-.11.337-.11.537 0 .201.048.385.134.552.098.163.233.291.405.384.183.094.404.14.662.14a1.835 1.835 0 0 0 1.507-.734c.147-.208.233-.407.245-.593l.54.747a2.3 2.3 0 0 1-.282.615c-.135.219-.319.427-.54.628a2.616 2.616 0 0 1-1.801.67 2.92 2.92 0 0 1-1.324-.293 2.395 2.395 0 0 1-.907-.803 2.067 2.067 0 0 1-.331-1.152c0-.4.073-.754.233-1.062.147-.311.367-.572.661-.782a3.338 3.338 0 0 1 1.091-.474c.43-.112.92-.168 1.471-.168h1.312Zm5.014-2.96v7.555H41.04v-7.556h1.692ZM40.93 50.32c0-.256.085-.468.245-.635.184-.173.417-.259.723-.259.294 0 .527.086.699.259a.848.848 0 0 1 .257.635c0 .251-.086.46-.257.629-.172.168-.405.251-.699.251-.306 0-.54-.083-.723-.251a.883.883 0 0 1-.245-.629Zm5.307 3.596v5.943h-1.679v-7.556h1.594l.085 1.613Zm-.294 1.886-.54-.008c0-.534.074-1.026.221-1.473.148-.446.356-.831.613-1.152.27-.321.576-.568.944-.74a2.82 2.82 0 0 1 1.238-.265c.356 0 .687.051.98.153.295.098.553.258.76.482.222.224.38.514.491.874.11.353.172.788.172 1.305v4.881H49.13v-4.888c0-.363-.061-.65-.16-.86a.946.946 0 0 0-.453-.453 1.711 1.711 0 0 0-.735-.14 1.59 1.59 0 0 0-.772.182 1.74 1.74 0 0 0-.589.496c-.147.21-.27.451-.355.726a2.938 2.938 0 0 0-.123.88Zm8.287-2.06v6.117h-1.692v-7.556h1.606l.086 1.438Zm2.304-1.488-.012 1.564a4.306 4.306 0 0 0-.687-.055c-.282 0-.539.042-.76.125a1.418 1.418 0 0 0-.882.894 2.574 2.574 0 0 0-.147.72l-.38.028c0-.476.049-.915.135-1.32a3.48 3.48 0 0 1 .429-1.068c.183-.308.429-.548.71-.72.282-.173.613-.258.993-.258a2.13 2.13 0 0 1 .601.09Z"/></symbol>
+    <symbol id="mend-io" viewBox="0 0 60 60"><path d="M43.39 27.355c-2.24 5.173-7.39 8.79-13.39 8.79-.25 0-.49-.006-.73-.018-7.72-.38-13.87-6.763-13.87-14.58 0-1.31.18-2.576.5-3.78.33-.352.79-.57 1.31-.57.99 0 1.81.818 1.81 1.824v.587c0 .01-.01.02-.01.028v4.44a3.33 3.33 0 0 0 3.32 3.331 3.33 3.33 0 0 0 3.32-3.331v-3.582c0-.012-.01-.022-.01-.035v-1.438c0-1.006.81-1.825 1.81-1.825s1.81.82 1.81 1.825v5.055c0 1.837 1.49 3.331 3.31 3.331a3.33 3.33 0 0 0 3.32-3.331V19.02c0-1.006.81-1.825 1.81-1.825.99 0 1.8.82 1.8 1.825v5.055a3.33 3.33 0 0 0 3.32 3.331c.19 0 .38-.02.57-.052Z"/><path d="M44.59 21.55c0 1.322-.18 2.598-.5 3.818v.006c-.01.002-.01.005-.01.005v.002c-.33.32-.77.52-1.27.52-.99 0-1.8-.819-1.8-1.824v-5.055a3.331 3.331 0 0 0-3.32-3.332c-1.83 0-3.31 1.496-3.31 3.333v5.055c0 1.006-.81 1.825-1.81 1.825s-1.81-.82-1.81-1.825v-5.055c0-1.837-1.48-3.333-3.31-3.333a3.331 3.331 0 0 0-3.32 3.333v5.055c0 1.006-.81 1.825-1.8 1.825-1 0-1.81-.82-1.81-1.825v-5.055c0-1.836-1.49-3.33-3.31-3.332h-.01c-.2 0-.4.021-.6.057C18.85 10.573 24 6.956 30 6.956c.07 0 .15 0 .23.002 7.95.126 14.36 6.61 14.36 14.594M.11 52.772a.408.408 0 0 1-.11-.289v-7.528c0-.117.04-.214.11-.289a.4.4 0 0 1 .29-.111h1.75c.11 0 .21.038.28.111a.38.38 0 0 1 .12.289v.544c.24-.32.57-.584.98-.792.41-.209.87-.313 1.39-.313 1.17 0 1.98.459 2.43 1.378.26-.406.61-.737 1.07-.994.46-.256.95-.384 1.48-.384.87 0 1.58.296 2.13.89.55.592.83 1.476.83 2.651v4.548c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121H10.6a.421.421 0 0 1-.3-.112.376.376 0 0 1-.12-.289v-4.436c0-.534-.11-.918-.32-1.154-.22-.234-.52-.352-.89-.352-.35 0-.63.12-.85.36-.23.241-.34.623-.34 1.146v4.436c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121H5.52a.414.414 0 0 1-.29-.112.408.408 0 0 1-.11-.289v-4.436c0-.523-.11-.905-.34-1.146a1.15 1.15 0 0 0-.87-.36c-.36 0-.63.12-.86.36-.23.241-.35.617-.35 1.129v4.453c0 .107-.03.2-.11.28a.367.367 0 0 1-.29.121H.4a.382.382 0 0 1-.29-.112Zm15.07-.768c-.74-.694-1.13-1.703-1.16-3.028v-.56c.05-1.26.44-2.246 1.18-2.955.74-.71 1.74-1.066 2.99-1.066.91 0 1.67.185 2.3.553.62.368 1.09.873 1.41 1.513.31.641.47 1.378.47 2.211v.384c0 .107-.04.199-.11.28-.08.08-.17.12-.29.12h-5.13v.112c.02.502.15.908.37 1.217.23.31.55.464.98.464.27 0 .48-.056.66-.168.17-.112.32-.248.46-.408.1-.117.17-.19.23-.216.06-.026.15-.04.28-.04h1.99c.09 0 .18.029.25.088s.1.136.1.232c0 .278-.16.598-.47.961-.32.364-.77.678-1.37.945-.6.267-1.3.4-2.12.4-1.28 0-2.29-.347-3.02-1.041v.002Zm4.37-4.133v-.031c0-.523-.12-.938-.36-1.241-.24-.305-.57-.457-1-.457-.43 0-.75.152-.99.457-.24.303-.36.718-.36 1.241v.031h2.71Zm4.1 4.901a.408.408 0 0 1-.11-.289v-7.528c0-.117.04-.214.11-.289a.418.418 0 0 1 .29-.111h1.85c.11 0 .21.038.29.111a.38.38 0 0 1 .12.289v.608c.29-.352.66-.635 1.11-.849.46-.214.97-.32 1.55-.32.94 0 1.7.318 2.29.954.59.635.88 1.524.88 2.666v4.469c0 .107-.04.2-.11.28a.382.382 0 0 1-.29.121h-2.02c-.1 0-.2-.04-.28-.121a.383.383 0 0 1-.12-.28v-4.372c0-.503-.12-.89-.37-1.162-.24-.273-.59-.408-1.05-.408-.46 0-.8.135-1.06.408-.26.272-.38.659-.38 1.162v4.372c0 .107-.04.2-.12.28a.36.36 0 0 1-.28.121h-2.01a.414.414 0 0 1-.29-.112Zm10.53-.712c-.58-.657-.9-1.583-.95-2.78l-.02-.561.02-.577c.04-1.153.36-2.066.95-2.739.59-.672 1.41-1.009 2.44-1.009.97 0 1.76.316 2.36.945v-3.428a.382.382 0 0 1 .4-.4h1.95c.12 0 .21.038.29.112.07.075.11.171.11.288v10.572c0 .106-.04.199-.11.279a.382.382 0 0 1-.29.121h-1.81c-.11 0-.2-.04-.28-.121a.383.383 0 0 1-.12-.279v-.514c-.59.715-1.42 1.073-2.5 1.073s-1.86-.328-2.44-.985v.003Zm4.4-1.618c.23-.305.36-.696.4-1.177.01-.139.01-.342.01-.608 0-.267 0-.454-.01-.593-.03-.437-.16-.8-.4-1.089-.25-.288-.61-.433-1.08-.433-.5 0-.86.15-1.08.448-.22.3-.34.711-.37 1.234-.02.107-.02.272-.02.497 0 .224 0 .389.02.496.03.523.15.934.37 1.234.22.299.58.448 1.08.448.51 0 .84-.152 1.08-.457Zm9.06-7.2c-.08-.075-.11-.17-.11-.288v-1.442c0-.117.03-.214.11-.288a.382.382 0 0 1 .29-.112h1.92c.12 0 .21.038.29.112.07.074.11.171.11.288v1.442c0 .117-.04.213-.11.288a.397.397 0 0 1-.29.112h-1.92a.382.382 0 0 1-.29-.112Zm.02 9.53a.376.376 0 0 1-.12-.288v-7.529c0-.117.04-.213.12-.288a.374.374 0 0 1 .28-.112h1.89c.12 0 .22.038.29.112a.37.37 0 0 1 .11.288v7.529c0 .106-.03.199-.11.28a.37.37 0 0 1-.29.12h-1.89a.374.374 0 0 1-.28-.112Zm5.02-.672c-.72-.631-1.11-1.517-1.17-2.659-.01-.139-.02-.379-.02-.721 0-.341.01-.581.02-.72.06-1.131.46-2.015 1.2-2.651.74-.636 1.74-.954 3.03-.954 1.28 0 2.3.318 3.04.954.74.636 1.14 1.519 1.2 2.651.01.139.02.379.02.72 0 .342-.01.583-.02.721-.06 1.142-.45 2.028-1.17 2.659-.71.63-1.74.944-3.07.944-1.34 0-2.35-.314-3.06-.944Zm4.1-1.433c.22-.284.35-.719.38-1.305.01-.107.02-.32.02-.642 0-.321-.01-.533-.02-.641-.03-.577-.16-1.008-.39-1.297-.23-.289-.57-.433-1.03-.433-.89 0-1.36.577-1.41 1.73l-.02.641.02.642c.02.588.14 1.023.37 1.305.23.283.58.424 1.04.424.46 0 .81-.141 1.04-.424Zm-12.16 2.217a1.45 1.45 0 1 0 0-2.9 1.45 1.45 0 0 0 0 2.9Z"/></symbol>
+    <symbol id="github" viewBox="0 0 24 24"><path d="M12 2C17.525 2 22 6.58819 22 12.2529C21.9995 14.4012 21.3419 16.4952 20.1198 18.2402C18.8977 19.9852 17.1727 21.2933 15.1875 21.9804C14.6875 22.0829 14.5 21.7625 14.5 21.4934C14.5 21.1474 14.5125 20.0452 14.5125 18.6738C14.5125 17.7126 14.2 17.0974 13.8375 16.777C16.0625 16.5207 18.4 15.6492 18.4 11.7147C18.4 10.5868 18.0125 9.67689 17.375 8.95918C17.475 8.70286 17.825 7.65193 17.275 6.24215C17.275 6.24215 16.4375 5.9602 14.525 7.29308C13.725 7.06239 12.875 6.94704 12.025 6.94704C11.175 6.94704 10.325 7.06239 9.525 7.29308C7.6125 5.97301 6.775 6.24215 6.775 6.24215C6.225 7.65193 6.575 8.70286 6.675 8.95918C6.0375 9.67689 5.65 10.5997 5.65 11.7147C5.65 15.6364 7.975 16.5207 10.2 16.777C9.9125 17.0334 9.65 17.4819 9.5625 18.1484C8.9875 18.4175 7.55 18.8533 6.65 17.3025C6.4625 16.9949 5.9 16.2388 5.1125 16.2516C4.275 16.2644 4.775 16.7386 5.125 16.9308C5.55 17.1743 6.0375 18.0843 6.15 18.3791C6.35 18.9558 7 20.058 9.5125 19.5838C9.5125 20.4425 9.525 21.2499 9.525 21.4934C9.525 21.7625 9.3375 22.0701 8.8375 21.9804C6.8458 21.3007 5.11342 19.9952 3.88611 18.2492C2.65881 16.5031 1.9989 14.4052 2 12.2529C2 6.58819 6.475 2 12 2Z"/></symbol>
+    <symbol id="mastodon" viewBox="0 0 24 24"><path d="M23.193 7.879c0-5.207-3.411-6.732-3.411-6.732C18.062.357 15.109.025 12.04 0h-.076c-3.068.025-6.019.357-7.74 1.147 0 0-3.411 1.526-3.411 6.732 0 1.191-.023 2.617.015 4.129.123 5.092.933 10.111 5.641 11.356 2.171.575 4.034.695 5.534.613 2.722-.152 4.249-.972 4.249-.972l-.09-1.975s-1.945.614-4.129.539c-2.165-.075-4.448-.233-4.799-2.891a5.626 5.626 0 0 1-.048-.745s2.124.519 4.817.643c1.646.076 3.19-.096 4.759-.283 3.007-.359 5.625-2.211 5.954-3.905.52-2.668.477-6.509.477-6.509Zm-4.023 6.709h-2.498v-6.12c0-1.289-.542-1.944-1.628-1.944-1.2 0-1.802.777-1.802 2.312v3.35H10.76v-3.35c0-1.535-.601-2.312-1.803-2.312-1.086 0-1.628.655-1.628 1.944v6.12H4.832V8.284c0-1.289.327-2.313.987-3.07.68-.757 1.569-1.146 2.674-1.146 1.278 0 2.247.491 2.886 1.473L12 6.585l.623-1.044c.64-.982 1.609-1.473 2.887-1.473 1.104 0 1.994.389 2.674 1.146.658.757.986 1.781.986 3.07v6.304Z"/></symbol>
+    <symbol id="x-twitter" viewBox="0 0 24 24"><path d="M16.39 19.89h2.44L7.6 4.17H5.16M21 21H15.64l-4.91-6.99L4.59 21H3l7.03-7.99L3 3H8.36l4.65 6.62L18.83 3h1.59l-6.71 7.62"/></symbol>
   </defs>
 </svg>
diff --git a/app/assets/stylesheets/hammy.css b/app/assets/stylesheets/hammy.css
index e54d84913b6..d783d05bab0 100644
--- a/app/assets/stylesheets/hammy.css
+++ b/app/assets/stylesheets/hammy.css
@@ -9,3 +9,14 @@
 dialog:modal {
   max-width: 100vw;
 }
+
+/* Hide scrollbar for Chrome, Safari and Opera */
+.no-scrollbar::-webkit-scrollbar {
+  display: none;
+}
+
+/* Hide scrollbar for IE, Edge and Firefox */
+.no-scrollbar {
+  -ms-overflow-style: none;  /* IE and Edge */
+  scrollbar-width: none;  /* Firefox */
+}
diff --git a/app/controllers/dashboards_controller.rb b/app/controllers/dashboards_controller.rb
index 241da3afaa5..4cf72c275cd 100644
--- a/app/controllers/dashboards_controller.rb
+++ b/app/controllers/dashboards_controller.rb
@@ -4,14 +4,13 @@ class DashboardsController < ApplicationController
   before_action :redirect_to_new_mfa, if: :mfa_required_not_yet_enabled?
   before_action :redirect_to_settings_strong_mfa_required, if: :mfa_required_weak_level_enabled?
 
-  layout "hammy"
+  layout "subject"
 
   def show
     add_breadcrumb t("breadcrumbs.dashboard")
 
     respond_to do |format|
       format.html do
-        @user = current_user
         find_my_gems
         find_subscribed_gems
         find_latest_updates
diff --git a/app/controllers/subscriptions_controller.rb b/app/controllers/subscriptions_controller.rb
index 442964a8f4b..3eeeb53a15c 100644
--- a/app/controllers/subscriptions_controller.rb
+++ b/app/controllers/subscriptions_controller.rb
@@ -5,7 +5,7 @@ class SubscriptionsController < ApplicationController
 
   before_action :find_rubygem, only: %i[create destroy]
 
-  layout "hammy"
+  layout "subject"
 
   def index
     add_breadcrumb t("breadcrumbs.dashboard"), dashboard_path
diff --git a/app/javascript/controllers/scroll_controller.js b/app/javascript/controllers/scroll_controller.js
new file mode 100644
index 00000000000..0970b5a2c6d
--- /dev/null
+++ b/app/javascript/controllers/scroll_controller.js
@@ -0,0 +1,15 @@
+/* A controller that, when loaded, causes the page to refresh periodically */
+
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static targets = ["scroll", "scrollLeft"]
+
+  scrollLeftTargetConnected() {
+    this.element.scrollLeft = this.scrollLeftTarget.offsetLeft + this.scrollLeftTarget.offsetWidth / 2 - this.element.offsetWidth / 2
+  }
+
+  scrollTargetConnected() {
+    this.scrollTarget.scrollIntoView({ behavior: "smooth" })
+  }
+}
diff --git a/app/views/components/card_component.rb b/app/views/components/card_component.rb
index 5d32d39cc2a..fec79c3f747 100644
--- a/app/views/components/card_component.rb
+++ b/app/views/components/card_component.rb
@@ -57,7 +57,7 @@ def list_item_to(url = nil, **options, &)
     li do
       link_to(url, **options) do
         span(class: "flex-1", &)
-        render_icon("chevron-forward", class: "w-8 h-8 ml-2 text-neutral-800 dark:text-white fill-current")
+        render_icon("arrow-forward-ios", class: "w-8 h-8 ml-2 -mr-2 text-neutral-800 dark:text-white fill-current")
       end
     end
   end
diff --git a/app/views/components/subject/nav_component.rb b/app/views/components/subject/nav_component.rb
new file mode 100644
index 00000000000..2730dc08372
--- /dev/null
+++ b/app/views/components/subject/nav_component.rb
@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+class Subject::NavComponent < ApplicationComponent
+  include Phlex::Rails::Helpers::LinkTo
+
+  attr_reader :current
+
+  def initialize(current: :dashboard)
+    @current = current
+    super()
+  end
+
+  def view_template(&)
+    div(class: "relative -mx-8 lg:mx-0") do
+      nav(data: { controller: "scroll" }, class: NAV, &)
+      div class: "#{GRADIENT} w-12 right-0 bg-gradient-to-l" # Gradient fade right
+      div class: "#{GRADIENT} w-8 left-0 bg-gradient-to-r" # Gradient fade left
+    end
+  end
+
+  NAV = "relative flex overflow-x-auto no-scrollbar whitespace-nowrap py-4 space-x-2 pl-8 pr-12 " \
+        "lg:flex-col lg:px-0 lg:space-x-0 lg:space-y-2"
+  GRADIENT = "lg:hidden absolute top-0 h-full pointer-events-none from-white dark:from-black"
+  LINK = "flex items-center space-x-2 h-12 lg:h-14 px-3 py-1 lg:px-6 lg:py-2 rounded"
+  ACTIVE_LINK = "#{LINK} bg-orange-100 dark:bg-orange-900 text-neutral-900 dark:text-white".freeze
+  INACTIVE_LINK = "#{LINK} bg-neutral-050 text-neutral-600 hover:bg-neutral-200 " \
+                  "dark:bg-neutral-950 dark:text-neutral-400 dark:hover:bg-neutral-800".freeze
+
+  def link(text, url, icon:, name: nil, **options)
+    is_current = name == current
+    data = { scroll_target: "scrollLeft" } if is_current
+    options[:class] = "#{options[:class]} #{is_current ? ACTIVE_LINK : INACTIVE_LINK}"
+    link_to(url, data:, **options) do
+      unsafe_raw helpers.icon_tag(icon, size: 7, class: is_current && "text-orange-500")
+      span { text }
+    end
+  end
+end
diff --git a/app/views/dashboards/_subject.html.erb b/app/views/dashboards/_subject.html.erb
new file mode 100644
index 00000000000..64981449be9
--- /dev/null
+++ b/app/views/dashboards/_subject.html.erb
@@ -0,0 +1,42 @@
+<%
+  user ||= @user || current_user
+  current ||= :dashboard
+%>
+
+<div class="flex flex-wrap lg:flex-col items-start mb-6 lg:mb-10">
+  <%= avatar 328, "user_gravatar", theme: :dark, class: "h-24 w-24 lg:h-40 lg:w-40 rounded-lg object-cover mr-4" %>
+
+  <div class="lg:w-full lg:mt-2">
+    <h2 class="font-bold text-h4"><%= user.display_handle %></h2>
+    <% if user.full_name.present? %>
+      <p class="text-neutral-500 text-b3"><%= user.full_name %></p>
+    <% end %>
+  </div>
+</div>
+
+<% if user.public_email? || user == current_user %>
+  <div class="flex items-center mb-4 text-b3 lg:text-b2">
+    <%= icon_tag("mail", color: :primary, class: "h-6 w-6 text-orange mr-3") %>
+    <p class="text-neutral-800 dark:text-white"><%=
+      mail_to(user.email, encode: "hex")
+    %></p>
+  </div>
+<% end %>
+
+<% if user.twitter_username.present? %>
+  <div class="flex items-center mb-4 text-b3 lg:text-b2">
+    <%= icon_tag("x-twitter", color: :primary, class: "w-6 text-orange mr-3") %>
+    <p class="text-neutral-800 dark:text-white"><%=
+      link_to(
+        twitter_username(user),
+        twitter_url(user)
+      )
+    %></p>
+  </div>
+<% end %>
+
+<%= render Subject::NavComponent.new(current:) do |nav| %>
+  <%= nav.link t("layouts.application.header.dashboard"), dashboard_path, name: :dashboard, icon: "space-dashboard" %>
+  <%= nav.link t("dashboards.show.my_subscriptions"), subscriptions_path, name: :subscriptions, icon: "notifications" %>
+  <%= nav.link t("layouts.application.header.settings"), edit_settings_path, name: :settings, icon: "settings" %>
+<% end %>
diff --git a/app/views/dashboards/show.html.erb b/app/views/dashboards/show.html.erb
index edeed535109..d47c6fa7d52 100644
--- a/app/views/dashboards/show.html.erb
+++ b/app/views/dashboards/show.html.erb
@@ -1,149 +1,111 @@
 <% @title = t('.title') %>
 
-<!-- Subscriptions -->
+<% content_for :subject do %>
+  <% render "dashboards/subject", user: current_user %>
+<% end %>
 
-<div class="flex flex-wrap space-y-4 lg:space-y-0 lg:space-x-20">
-  <aside class="w-full lg:w-96 lg:mb-32">
-    <%= render CardComponent.new do |c| %>
-      <!-- Profile Header -->
-      <div class="flex flex-wrap items-center mb-4">
-        <!-- Profile Picture -->
-        <%# <img src="https://via.placeholder.com/100" alt="Profile Picture" class="w-24 h-24 rounded-lg object-cover mr-4"> %>
-        <%= avatar 328, "user_gravatar", theme: :dark, class: "h-24 w-24 lg:h-40 lg:w-40 rounded-lg object-cover mr-4" %>
+<!-- Main Content -->
+<h1 class="text-h2 mb-10"><%= t(".title") %></h1>
 
-        <!-- Name and Title -->
-        <div class="lg:w-full lg:mt-2">
-          <h2 class="text-lg font-bold"><%= @user.display_handle %></h2>
-          <% if @user.full_name.present? %>
-            <p class="text-neutral-500"><%= @user.full_name %></p>
-          <% end %>
-        </div>
-      </div>
-
-      <!-- Contact Info -->
-      <div class="my-6">
-        <% if @user.public_email? || @user == current_user %>
-          <div class="flex items-center mb-2">
-            <%= icon_tag("mail", color: :primary, class: "h-6 w-6 text-orange mr-3") %>
-            <p class="text-neutral-800 dark:text-white"><%=
-              mail_to(
-                @user.email,
-                encode: "hex",
-                class: "profile__header__attribute t-link--black"
-              )
-            %></p>
-          </div>
-        <% end %>
-        <% if @user.twitter_username.present? %>
-          <div class="flex items-center mb-2">
-            <%= icon_tag("x-twitter", color: :primary, class: "w-6 text-orange mr-3") %>
-            <p class="text-neutral-800 dark:text-white"><%=
-              link_to(
-                twitter_username(@user),
-                twitter_url(@user)
-              )
-            %></p>
-          </div>
-        <% end %>
-      </div>
-
-      <% if @user.memberships.any? %>
-      <!-- Organizations -->
-        <div class="max-w-96 mb-2 space-y-2">
-          <h3 class="text-neutral-800 dark:text-white font-semibold text-b3 uppercase mb-2">Organizations</h3>
-          <% @user.memberships.preload(:organization).each do |membership| %>
-            <div class="flex justify-between">
-              <p class="text-neutral-800 dark:text-white"><%= membership.organization.name %></p>
-              <p class="text-neutral-500 capitalize"><%= membership.role %></p>
-            </div>
-          <% end %>
-        </div>
+<%= render CardComponent.new do |c| %>
+  <%= c.head(divide: true) do %>
+    <%= c.title t(".latest"), icon: :history %>
+    <div class="flex space-x-2 items-center">
+      <%= link_to dashboard_path(api_key: current_user.api_key, format: :atom), id: 'feed', title: t('.latest_title'), class: 'items-center' do %>
+        <%= icon_tag("rss-feed", size: 6, class: "w-6 h-6 fill-orange") %>
       <% end %>
-    <% end %>
-  </aside>
+    </div>
+  <% end %>
 
-  <div class="flex-1">
-    <%= render CardComponent.new do |c| %>
-      <%= c.head(divide: true) do %>
-        <%= c.title t(".latest"), icon: :history %>
-        <div class="flex space-x-2 items-center">
-          <%= link_to dashboard_path(api_key: current_user.api_key, format: :atom), id: 'feed', title: t('.latest_title'), class: 'items-center' do %>
-            <%= icon_tag("rss-feed", size: 6, class: "w-6 h-6 fill-orange") %>
+  <% if @latest_updates.empty? %>
+    <%= prose do %>
+      <i><%= t('.no_subscriptions_html', :gem_link => link_to(t('.gem_link_text'), rubygem_path("rake"))) %></i>
+    <% end %>
+  <% else %>
+    <%= c.scrollable do %>
+      <%= render Card::TimelineComponent.new do |t| %>
+        <% @latest_updates.each do |version| %>
+          <%
+            pusher_link = if version.pusher.present?
+              link_to_user(version.pusher)
+            elsif version.pusher_api_key&.owner.present?
+              link_to_pusher(version.pusher_api_key.owner)
+            end
+          %>
+          <%= t.timeline_item(version.authored_at, pusher_link) do %>
+              <div class="flex text-b1 text-neutral-800 dark:text-white"><%= link_to version.rubygem.name, rubygem_path(version.rubygem.slug) %></div>
+              <%= version_number(version) %>
           <% end %>
-        </div>
+        <% end %>
       <% end %>
+    <% end %>
+  <% end %>
+<% end %>
 
-      <% if @latest_updates.empty? %>
-        <%= prose do %>
-          <i><%= t('.no_subscriptions_html', :gem_link => link_to(t('.gem_link_text'), rubygem_path("rake"))) %></i>
-        <% end %>
-      <% else %>
-        <%= c.scrollable do %>
-          <%= render Card::TimelineComponent.new do |t| %>
-            <% @latest_updates.each do |version| %>
-              <%
-                pusher_link = if version.pusher.present?
-                  link_to_user(version.pusher)
-                elsif version.pusher_api_key&.owner.present?
-                  link_to_pusher(version.pusher_api_key.owner)
-                end
-              %>
-              <%= t.timeline_item(version.authored_at, pusher_link) do %>
-                  <div class="flex text-b1 text-neutral-800 dark:text-white"><%= link_to version.rubygem.name, rubygem_path(version.rubygem.slug) %></div>
-                  <%= version_number(version) %>
-              <% end %>
-            <% end %>
-          <% end %>
+<%= render CardComponent.new do |c| %>
+  <%= c.head do %>
+    <%= c.title t(".mine"), icon: "gems", count: @my_gems_count %>
+  <% end %>
+  <% if @my_gems.empty? %>
+    <%= prose do %>
+      <i><%= t('.no_owned_html', :creating_link => link_to(t('.creating_link_text'), "https://guides.rubygems.org/make-your-own-gem/")) %></i>
+    <% end %>
+  <% else %>
+    <%= c.divided_list do %>
+      <% @my_gems.each do |rubygem| %>
+        <%= c.list_item_to(
+          rubygem_path(rubygem.slug),
+          title: short_info(rubygem.most_recent_version),
+        ) do %>
+          <div class="flex flex-col w-full justify-between">
+            <div class="flex flex-row w-full items-center justify-between">
+              <h4 class="text-b1 flex"><%= rubygem.name %></h4>
+              <%= version_number(rubygem.most_recent_version) %>
+            </div>
+            <div class="flex flex-row w-full items-center justify-between">
+              <%= download_count_component(rubygem, class: "flex") %>
+              <div class="flex text-neutral-600"><%= version_date_component(rubygem.most_recent_version) %></div>
+            </div>
+          </div>
         <% end %>
       <% end %>
     <% end %>
+  <% end %>
+<% end %>
 
-    <%= render CardComponent.new do |c| %>
-      <%= c.head do %>
-        <%= c.title t(".mine"), icon: :gems, count: @my_gems_count %>
-      <% end %>
-      <% if @my_gems.empty? %>
-        <%= prose do %>
-          <i><%= t('.no_owned_html', :creating_link => link_to(t('.creating_link_text'), "https://guides.rubygems.org/make-your-own-gem/")) %></i>
-        <% end %>
-      <% else %>
-        <%= c.divided_list do %>
-          <% @my_gems.each do |rubygem| %>
-            <%= c.list_item_to(
-              rubygem_path(rubygem.slug),
-              title: short_info(rubygem.most_recent_version),
-            ) do %>
-              <div class="flex flex-col w-full justify-between">
-                <div class="flex flex-row w-full items-center justify-between">
-                  <h4 class="text-b1 flex"><%= rubygem.name %></h4>
-                  <%= version_number(rubygem.most_recent_version) %>
-                </div>
-                <div class="flex flex-row w-full items-center justify-between">
-                  <%= download_count_component(rubygem, class: "flex") %>
-                  <div class="flex text-neutral-600"><%= version_date_component(rubygem.most_recent_version) %></div>
-                </div>
-              </div>
-            <% end %>
-          <% end %>
+<% if @subscribed_gems.present? %>
+  <%= render CardComponent.new do |c| %>
+    <%= c.head do %>
+      <%= c.title t(".my_subscriptions"), icon: "notifications", count: @subscribed_gems_count %>
+      <%= link_to t("view_all"), subscriptions_path, class: "text-sm text-orange-500" %>
+    <% end %>
+    <%= c.list do %>
+      <% @subscribed_gems.each do |gem| %>
+        <%= c.list_item_to(rubygem_path(gem.slug), title: short_info(gem.most_recent_version)) do %>
+          <h3 class="text-b1"><%= gem.name %></h3>
+          <p class="text-b3 text-neutral-600"><%= short_info(gem.most_recent_version) %></p>
         <% end %>
       <% end %>
     <% end %>
+  <% end %>
+<% end %>
 
-    <% if @subscribed_gems.present? %>
-      <%= render CardComponent.new do |c| %>
-        <%= c.head do %>
-          <%= c.title t(".my_subscriptions"), icon: :gems, count: @subscribed_gems_count %>
-          <%= link_to t("view_all"), subscriptions_path, class: "text-sm text-orange-500" %>
-        <% end %>
-        <%= c.with_list(@subscribed_gems) do |gem| %>
-          <div class="flex flex-row w-full items-center justify-between">
-            <%= link_to rubygem_path(gem.slug), title: short_info(gem.most_recent_version) do %>
-              <h3 class="text-b1"><%= gem.name %></h3>
-              <p class="text-b3 text-neutral-600"><%= short_info(gem.most_recent_version) %></p>
-            <% end %>
+<% if current_user.memberships.any? %>
+  <!-- Organizations -->
+  <%= render CardComponent.new do |c| %>
+    <%= c.head do %>
+      <%= c.title t(".organizations"), icon: "organizations", count: current_user.memberships.count %>
+      <%= link_to t("view_all"), "#", class: "text-sm text-orange-500" %>
+    <% end %>
+    <%= c.divided_list do %>
+      <% current_user.memberships.preload(:organization).each do |membership| %>
+        <%= c.list_item_to("#") do %>
+          <div class="flex justify-between">
+            <p class="text-neutral-800 dark:text-white"><%= membership.organization.name %></p>
+            <p class="text-neutral-500 capitalize"><%= membership.role %></p>
           </div>
         <% end %>
       <% end %>
     <% end %>
-  </div>
-</div>
+  <% end %>
+<% end %>
diff --git a/app/views/layouts/_breadcrumbs.html.erb b/app/views/layouts/_breadcrumbs.html.erb
index 27896537c67..d59f3a3e87f 100644
--- a/app/views/layouts/_breadcrumbs.html.erb
+++ b/app/views/layouts/_breadcrumbs.html.erb
@@ -1,4 +1,4 @@
-<div class="clear-both w-full bg-neutral-050 dark:bg-neutral-950 px-8 py-1 text-neutral-800 dark:text-white">
+<div class="hidden lg:block w-full px-8 py-1 lg:pb-8 bg-neutral-050 dark:bg-neutral-950 text-neutral-800 dark:text-white">
   <div class="max-w-screen-xl mx-auto flex items-center">
     <nav class="flex justify-start items-center text-b2" aria-label="Breadcrumb">
       <!-- Home breadcrumb -->
@@ -7,7 +7,7 @@
       <% end %>
 
       <% breadcrumbs.each do |name, link| %>
-        <%= icon_tag "chevron-right", size: 6, class: "text-neutral-600 dark:text-neutral-700 fill-neutral-600 dark:fill-neutral-700", size: 6, aria: { hidden: "true" } %>
+        <%= icon_tag "chevron-right", size: 6, class: "text-neutral-600 dark:text-neutral-700 fill-neutral-600 dark:fill-neutral-700", aria: { hidden: "true" } %>
         <% if link %>
           <%= link_to name, link, class: "inline-block p-1 hover:text-neutral-600 dark:hover:text-neutral-400" %>
         <% else %>
diff --git a/app/views/layouts/_session.html.erb b/app/views/layouts/_session.html.erb
index ccb3796a353..677752bc08b 100644
--- a/app/views/layouts/_session.html.erb
+++ b/app/views/layouts/_session.html.erb
@@ -14,7 +14,7 @@
 
     <% sign_in_sign_up_path = Clearance.configuration.allow_sign_up? ? sign_up_path : sign_in_path %>
     <%= link_to sign_in_sign_up_path, class: "-mr-1 p-1 md:hidden text-neutral-800 dark:text-white hover:text-neutral-600 dark:hover:text-neutral-400 " do %>
-      <%= icon_tag "profile", size: 7 %>
+      <%= icon_tag "account-box", size: 7 %>
     <% end %>
   <% end %>
 
diff --git a/app/views/layouts/hammy.html.erb b/app/views/layouts/hammy.html.erb
index f753a007ed1..8c8ed47549a 100644
--- a/app/views/layouts/hammy.html.erb
+++ b/app/views/layouts/hammy.html.erb
@@ -23,10 +23,10 @@
   <%= yield :head %>
   <%= javascript_importmap_tags %>
 </head>
-<body data-turbo="true" class="bg-white dark:bg-black">
+<body data-turbo="true" class="bg-neutral-050 dark:bg-neutral-950">
   <div class="min-h-screen flex flex-col">
     <!-- Header -->
-    <header>
+    <header class="bg-white dark:bg-black">
       <!-- Header Nav -->
       <div class="py-4 px-8 border-b border-neutral-400 dark:border-neutral-800">
         <div class="flex flex-wrap justify-between max-w-screen-xl mx-auto" data-controller="reveal-search" data-reveal-search-toggle-class="bg-neutral-200 dark:bg-neutral-800 text-neutral-800 dark:text-neutral-200 border">
@@ -178,27 +178,31 @@
     </header>
 
     <!-- Content -->
-    <main class="flex-1 w-full px-8 py-6 flex-col bg-neutral-050 dark:bg-neutral-950 text-neutral-950 dark:text-neutral-050 text-b2 items-center inline-flex">
-      <div class="max-w-screen-xl w-full mx-auto mb-12 md:mb-16 lg:mb-28">
-        <!-- New design notice -->
-        <%= render AlertComponent.new(style: :neutral, closeable: true) do %>
-          Design Under Construction.
-          <a href="https://blog.rubygems.org/2024/10/15/our-new-design.html" class="text-blue-500 dark:text-blue-400 text-nowrap">Learn more</a>
-        <% end %>
-
-        <% flash.each do |name, msg| %>
-          <%= render AlertComponent.new(style: name, closeable: true) do %>
-            <%= flash_message(name, msg) %>
+    <% if content_for?(:main) %>
+      <%= yield :main %>
+    <% else %>
+      <main class="flex-1 w-full px-8 flex-col bg-neutral-050 dark:bg-neutral-950 text-neutral-950 dark:text-neutral-050 text-b2 items-center inline-flex">
+        <div class="max-w-screen-xl w-full mx-auto pt-8 pb-10 mb-12 md:mb-16 lg:mb-28">
+          <!-- New design notice -->
+          <%= render AlertComponent.new(style: :neutral, closeable: true) do %>
+            Design Under Construction.
+            <a href="https://blog.rubygems.org/2024/10/15/our-new-design.html" class="text-blue-500 dark:text-blue-400 text-nowrap">Learn more</a>
           <% end %>
-        <% end %>
 
-        <%= yield %>
-      </div>
-    </main>
+          <% flash.each do |name, msg| %>
+            <%= render AlertComponent.new(style: name, closeable: true) do %>
+              <%= flash_message(name, msg) %>
+            <% end %>
+          <% end %>
+
+          <%= yield %>
+        </div>
+      </main>
+    <% end %>
 
-      <!-- Footer -->
+    <!-- Footer -->
     <footer>
-      <div class="w-full px-8 py-8 bg-orange-100 dark:bg-orange-950 text-neutral-800 dark:text-neutral-200 flex-col items-center">
+      <div class="w-full px-8 py-8 bg-orange-100 dark:bg-orange-950 text-neutral-800 dark:text-neutral-200">
         <!-- Footer Nav -->
         <div class="max-w-screen-xl mx-auto flex flex-col md:flex-row justify-between">
           <nav class="mb-4 md:mb-0 justify-start">
diff --git a/app/views/layouts/subject.html.erb b/app/views/layouts/subject.html.erb
new file mode 100644
index 00000000000..82244f79b2f
--- /dev/null
+++ b/app/views/layouts/subject.html.erb
@@ -0,0 +1,42 @@
+<%#
+  This is a subject focused layout, like a profile or organization where
+  the user or organization stays on the left side while the main content changes.
+  On mobile, the subject connects to the header in color and spacing, making
+  it clear that the subject content is part of the page context.
+%>
+<% content_for :main do %>
+  <div class="w-full px-8 pt-10 lg:pt-0 flex-col bg-white dark:bg-black lg:bg-neutral-050 lg:dark:bg-neutral-950 text-neutral-950 dark:text-neutral-050 text-b2 items-center">
+    <div class="max-w-screen-xl w-full mx-auto">
+      <!-- New design notice -->
+      <%= render AlertComponent.new(style: :neutral, closeable: true) do %>
+        Design Under Construction.
+        <a href="https://blog.rubygems.org/2024/10/15/our-new-design.html" class="text-blue-500 dark:text-blue-400 text-nowrap">Learn more</a>
+      <% end %>
+
+      <% flash.each do |name, msg| %>
+        <%= render AlertComponent.new(style: name, closeable: true) do %>
+          <%= flash_message(name, msg) %>
+        <% end %>
+      <% end %>
+    </div>
+  </div>
+
+  <%# At desktop width, these outer 2 divs make the full content background with 2 columns of content %>
+  <div class="lg:w-full lg:px-8 bg-white dark:bg-black lg:bg-neutral-050 lg:dark:bg-neutral-950 text-neutral-950 dark:text-neutral-050 text-b2 items-center">
+    <div class="lg:max-w-screen-xl lg:w-full lg:mx-auto lg:flex lg:flex-row">
+      <%# At mobile width, the inner aside and main make two stacked full width sections %>
+      <aside class="w-full px-8 lg:px-0 pb-6 lg:w-72 lg:mx-0 lg:mb-32 bg-white dark:bg-black lg:bg-neutral-050 lg:dark:bg-neutral-950 border-b border-neutral-400 dark:border-neutral-800 lg:border-none">
+        <div class="flex flex-col max-w-screen-xl mx-auto w-full">
+          <%= yield :subject %>
+        </div>
+      </aside>
+
+      <main class="flex-1 w-full px-8 pt-10 lg:p-0 lg:ml-20 bg-neutral-050 dark:bg-neutral-950">
+        <div class="flex flex-col max-w-screen-xl w-full mx-auto">
+          <%= yield %>
+        </div>
+      </main>
+    </div>
+  </div>
+<% end %>
+<%= render template: "layouts/hammy" %>
diff --git a/app/views/subscriptions/index.html.erb b/app/views/subscriptions/index.html.erb
index e2ca69b101a..77ddebf2171 100644
--- a/app/views/subscriptions/index.html.erb
+++ b/app/views/subscriptions/index.html.erb
@@ -1,7 +1,17 @@
 <% @title = t("dashboards.show.my_subscriptions") %>
 
+<% content_for :subject do %>
+  <% render "dashboards/subject", user: current_user, current: :subscriptions %>
+<% end %>
+
+<h1 class="text-h2 mb-10 space-x-2">
+  <span><%= t("dashboards.show.my_subscriptions") %></span>
+  <% unless @subscribed_gems.size.zero? %>
+    <span class="font-light text-neutral-600"><%= @subscribed_gems.size %></span>
+  <% end %>
+</h1>
+
 <%= render CardComponent.new do |c| %>
-  <%= c.head(t("dashboards.show.my_subscriptions"), icon: :gems, count: @subscribed_gems.size) %>
   <% if @subscribed_gems.empty? %>
     <%= prose do %>
       <i><%= t("dashboards.show.no_subscriptions_html", :gem_link => link_to(t('dashboards.show.gem_link_text'), rubygem_path("rake"))) %></i>
@@ -17,7 +27,7 @@
           rubygem_subscription_path(gem.slug),
           method: :delete,
           title: t("rubygems.aside.links.unsubscribe"),
-          class: "h-8 w-8 ml-6 items-center justify-center outline-none",
+          class: "h-8 w-8 ml-6 items-center justify-center outline-none -mr-2",
           aria: { label: t("rubygems.aside.links.unsubscribe") }
         ) do %>
           <%= icon_tag "close", class: "w-6 h-6" %>
diff --git a/config/locales/de.yml b/config/locales/de.yml
index 9ddec255b4c..5b0869bd23a 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -224,6 +224,7 @@ de:
         auf %{creating_link}.
       no_subscriptions_html: Du hast noch keine Gems abonniert. Besuche %{gem_link}
         um das Gem zu abonnieren!
+      organizations:
       title: Dashboard
   dependencies:
     show:
@@ -471,23 +472,23 @@ de:
       logo_details: Klick einfach auf den Download-Button, um drei PNGs und eine SVG
         des RubyGems-Logos zu erhalten.
       founding_html: Das Projekt wurde im April 2009 von %{founder} gestartet und
-        ist seitdem dank %{contributors} und %{downloads} gewachsen. Mit dem Release von RubyGems
-        1.3.6 wurde die Website von Gemcutter zu %{title} umbenannt, um ihre zentrale
-        Rolle in der Ruby-Community zu verdeutlichen.
+        ist seitdem dank %{contributors} und %{downloads} gewachsen. Mit dem Release
+        von RubyGems 1.3.6 wurde die Website von Gemcutter zu %{title} umbenannt,
+        um ihre zentrale Rolle in der Ruby-Community zu verdeutlichen.
       support_html: Obwohl RubyGems.org nicht von einem zentralen Unternehmen geführt
         wird, haben viele Unternehmen uns bereits unterstützt. Das aktuelle Design,
-        die Illustrationen und die Frontend-Entwicklung wurden
-        von %{dockyard} erstellt. %{github} war auch von unschätzbarem Wert und hat uns sehr geholfen,
-        zusammenzuarbeiten und Code zu teilen.
-        Die Website wurde mit %{heroku} gestartet, großartiger Service dazu beitrug, RubyGems
-        als eine praktikable Lösung zu beweisen, auf die sich die gesamte Community verlassen kann.
-        Unsere Infrastruktur wird derzeit auf %{aws} gehostet.
+        die Illustrationen und die Frontend-Entwicklung wurden von %{dockyard} erstellt.
+        %{github} war auch von unschätzbarem Wert und hat uns sehr geholfen, zusammenzuarbeiten
+        und Code zu teilen. Die Website wurde mit %{heroku} gestartet, großartiger
+        Service dazu beitrug, RubyGems als eine praktikable Lösung zu beweisen, auf
+        die sich die gesamte Community verlassen kann. Unsere Infrastruktur wird derzeit
+        auf %{aws} gehostet.
       technical_html: 'Einige Einblicke in die technischen Aspekte dieser Webseite:
         Sie ist zu 100% in Ruby geschrieben. Die Hauptseite ist eine %{rails} App.
-        Die Gems werden auf %{s3} gehostet und über %{fastly} ausgeliefert, und die Zeit nach
-        der Veröffentlichung eines neuen Gems, bis es zur Installation bereit seht, beträgt
-        meistens nur einige wenige Sekunden. Für mehr Informationen %{source_code}, der mit der
-        %{license} auf GitHub bereitseht.'
+        Die Gems werden auf %{s3} gehostet und über %{fastly} ausgeliefert, und die
+        Zeit nach der Veröffentlichung eines neuen Gems, bis es zur Installation bereit
+        seht, beträgt meistens nur einige wenige Sekunden. Für mehr Informationen
+        %{source_code}, der mit der %{license} auf GitHub bereitseht.'
       title: Über uns
       purpose:
         better_api: Eine bessere API bereitzustellen, um mit Gems zu arbeiten
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 810411f3362..47e68fdab2d 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -212,6 +212,7 @@ en:
       my_subscriptions: Subscriptions
       no_owned_html: You haven't pushed any gems yet. Perhaps check out the guide on %{creating_link} a gem.
       no_subscriptions_html: You're not subscribed to any gems yet. Visit a %{gem_link} to subscribe to one!
+      organizations: Organizations
       title: Dashboard
   dependencies:
     show:
diff --git a/config/locales/es.yml b/config/locales/es.yml
index 8f3cc3e7a4e..fb5360fcb57 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -223,6 +223,7 @@ es:
         cómo %{creating_link}.
       no_subscriptions_html: Aún no te suscribiste a ninguna gema. ¡Visita la %{gem_link}
         para suscribirte!
+      organizations:
       title: Dashboard
   dependencies:
     show:
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index b261d415f75..288e9ed26ef 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -215,6 +215,7 @@ fr:
         guide de %{creating_link}.
       no_subscriptions_html: Vous n'avez pas encore d'abonnements. Visitez %{gem_link}
         pour vous y abonner !
+      organizations:
       title: Dashboard
   dependencies:
     show:
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index 8e21b186883..18c09db4ba0 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -206,6 +206,7 @@ ja:
       my_subscriptions: 購読
       no_owned_html: まだgemを公開していません。よろしければgemの%{creating_link}ガイドをご覧ください。
       no_subscriptions_html: まだgemを購読していません。%{gem_link}から何か購読してみてください。
+      organizations:
       title: ダッシュボード
   dependencies:
     show:
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index 7f1a0c65e86..3f1372ed102 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -207,6 +207,7 @@ nl:
         het %{creating_link} van een gem.
       no_subscriptions_html: Je bent nog niet geabonneerd op een of meerdere gems.
         Bezoek een %{gem_link} en abonneer je erop.
+      organizations:
       title: Dashboard
   dependencies:
     show:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index 2805d5aca03..397b0f64533 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -214,6 +214,7 @@ pt-BR:
         uma gem.
       no_subscriptions_html: Você ainda não está observando nenhuma gem. Visite uma
         %{gem_link} para poder observá-la!
+      organizations:
       title: Painel de Controle
   dependencies:
     show:
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index 9bb1f2258d1..63be6093073 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -207,6 +207,7 @@ zh-CN:
       my_subscriptions: 订阅
       no_owned_html: 您还没有发布过任何 Gem。可以看看 %{creating_link} 指南。
       no_subscriptions_html: 您没有订阅任何 Gem，访问 %{gem_link} 订阅一个！
+      organizations:
       title: 仪表盘
   dependencies:
     show:
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index de097630a59..02b07623951 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -206,6 +206,7 @@ zh-TW:
       my_subscriptions: 我的訂閱
       no_owned_html: 您尚未發佈任何 Gem。可以閱讀 %{creating_link} 教學。
       no_subscriptions_html: 您還沒有訂閱過 Gem，前往 %{gem_link} 來訂閱！
+      organizations:
       title: 控制台
   dependencies:
     show:

From 411b8343a1ab9c59e42f49a7b1227deae2d0f9a5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 17:50:16 +0000
Subject: [PATCH 337/381] Bump statsd-instrument from 3.9.5 to 3.9.6

Bumps [statsd-instrument](https://github.com/Shopify/statsd-instrument) from 3.9.5 to 3.9.6.
- [Changelog](https://github.com/Shopify/statsd-instrument/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Shopify/statsd-instrument/compare/v3.9.5...v3.9.6)

---
updated-dependencies:
- dependency-name: statsd-instrument
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 1e203ed9cce..377ddb1cc91 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -768,7 +768,7 @@ GEM
     snaky_hash (2.0.1)
       hashie
       version_gem (~> 1.1, >= 1.1.1)
-    statsd-instrument (3.9.5)
+    statsd-instrument (3.9.6)
     stimulus-rails (1.3.4)
       railties (>= 6.0.0)
     stringio (3.1.1)
@@ -1265,7 +1265,7 @@ CHECKSUMS
   simplecov_json_formatter (0.1.4) sha256=529418fbe8de1713ac2b2d612aa3daa56d316975d307244399fa4838c601b428
   smart_properties (1.17.0) sha256=f9323f8122e932341756ddec8e0ac9ec6e238408a7661508be99439ca6d6384b
   snaky_hash (2.0.1) sha256=1ac87ec157fcfe7a460e821e0cd48ae1e6f5e3e082ab520f03f31a9259dbdc31
-  statsd-instrument (3.9.5) sha256=4d0219d820365f2df89ca0fe61f7b7b60db25a89fcc9277d5e4688ac1a646f73
+  statsd-instrument (3.9.6) sha256=aa2151852a5ac2ea1ac6348c6e3eaebd053a72ac2184c4785ee4c536e8dde12d
   stimulus-rails (1.3.4) sha256=765676ffa1f33af64ce026d26b48e8ffb2e0b94e0f50e9119e11d6107d67cb06
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
   strong_migrations (2.0.2) sha256=888a71d04580169d6fe4ab9e7f0ce5293a9a70b3624be912c4de9e9609ed378c

From 9df8876fa1b9143f7ebea64753f9ed3083369b2e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 14:21:19 +0000
Subject: [PATCH 338/381] Bump ruby/setup-ruby from 1.197.0 to 1.198.0

Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.197.0 to 1.198.0.
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/7bae1d00b5db9166f4f0fc47985a3a5702cb58f0...98aefb3c83eea830993080938ed245dc8e2b843b)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 6df1b0621e3..764968d2a84 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@7bae1d00b5db9166f4f0fc47985a3a5702cb58f0 # v1.197.0
+      - uses: ruby/setup-ruby@98aefb3c83eea830993080938ed245dc8e2b843b # v1.198.0
         with:
           bundler-cache: true
       - name: Rubocop
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@7bae1d00b5db9166f4f0fc47985a3a5702cb58f0 # v1.197.0
+      - uses: ruby/setup-ruby@98aefb3c83eea830993080938ed245dc8e2b843b # v1.198.0
         with:
           bundler-cache: true
       - name: Brakeman
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@7bae1d00b5db9166f4f0fc47985a3a5702cb58f0 # v1.197.0
+      - uses: ruby/setup-ruby@98aefb3c83eea830993080938ed245dc8e2b843b # v1.198.0
         with:
           bundler-cache: true
       - name: Importmap Verify
@@ -51,7 +51,7 @@ jobs:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@7bae1d00b5db9166f4f0fc47985a3a5702cb58f0 # v1.197.0
+      - uses: ruby/setup-ruby@98aefb3c83eea830993080938ed245dc8e2b843b # v1.198.0
         with:
           bundler-cache: true
       - name: krane render

From 01bc6120657a68ed35756df7fe6c7300b452109f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 14:05:35 +0000
Subject: [PATCH 339/381] Bump launchdarkly-server-sdk from 8.8.0 to 8.8.1

Bumps [launchdarkly-server-sdk](https://github.com/launchdarkly/ruby-server-sdk) from 8.8.0 to 8.8.1.
- [Release notes](https://github.com/launchdarkly/ruby-server-sdk/releases)
- [Changelog](https://github.com/launchdarkly/ruby-server-sdk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/launchdarkly/ruby-server-sdk/compare/8.8.0...8.8.1)

---
updated-dependencies:
- dependency-name: launchdarkly-server-sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 377ddb1cc91..6523d87f11c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -356,7 +356,7 @@ GEM
     jmespath (1.6.2)
     job-iteration (1.5.1)
       activejob (>= 5.2)
-    json (2.7.2)
+    json (2.7.5)
     json-jwt (1.16.7)
       activesupport (>= 4.2)
       aes_key_wrap
@@ -378,7 +378,7 @@ GEM
       kaminari-core (= 1.2.2)
     kaminari-core (1.2.2)
     language_server-protocol (3.17.0.3)
-    launchdarkly-server-sdk (8.8.0)
+    launchdarkly-server-sdk (8.8.1)
       concurrent-ruby (~> 1.1)
       http (>= 4.4.0, < 6.0.0)
       json (~> 2.3)
@@ -1105,7 +1105,7 @@ CHECKSUMS
   irb (1.14.1) sha256=5975003b58d36efaf492380baa982ceedf5aed36967a4d5b40996bc5c66e80f8
   jmespath (1.6.2) sha256=238d774a58723d6c090494c8879b5e9918c19485f7e840f2c1c7532cf84ebcb1
   job-iteration (1.5.1) sha256=1428ad5b308adbaae8776c16b7792a846eb1ad7f4ab3c6e0f9668dd2ab1179e5
-  json (2.7.2) sha256=1898b5cbc81cd36c0fd4d0b7ad2682c39fb07c5ff682fc6265f678f550d4982c
+  json (2.7.5) sha256=eb3448f3884cb7c6d5a550db47fca9153dfbb2a941d1ac0ff245ffacf6df6c5e
   json-jwt (1.16.7) sha256=ccabff4c6d1a14276b23178e8bebe513ef236399b72a0b886d7ed94800d172a5
   jwt (2.7.1) sha256=07357cd2f180739b2f8184eda969e252d850ac996ed0a23f616e8ff0a90ae19b
   kaminari (1.2.2) sha256=c4076ff9adccc6109408333f87b5c4abbda5e39dc464bd4c66d06d9f73442a3e
@@ -1113,7 +1113,7 @@ CHECKSUMS
   kaminari-activerecord (1.2.2) sha256=0dd3a67bab356a356f36b3b7236bcb81cef313095365befe8e98057dd2472430
   kaminari-core (1.2.2) sha256=3bd26fec7370645af40ca73b9426a448d09b8a8ba7afa9ba3c3e0d39cdbb83ff
   language_server-protocol (3.17.0.3) sha256=3d5c58c02f44a20d972957a9febe386d7e7468ab3900ce6bd2b563dd910c6b3f
-  launchdarkly-server-sdk (8.8.0) sha256=75f05c3eb2b38a62bfa2f08697ac22fe9eaa2069bcd9a2ed1cb0d66584139283
+  launchdarkly-server-sdk (8.8.1) sha256=e344f6faac19233c89a7f976ea1b41619e73e560952802b86e6754e66c0c1494
   launchy (3.0.1) sha256=b7fa60bda0197cf57614e271a250a8ca1f6a34ab889a3c73f67ec5d57c8a7f2c
   ld-eventsource (2.2.2) sha256=5ea087a6f06bbd8e325d2c1aaead50f37f13d025b952985739e9380a78a96beb
   letter_opener (1.10.0) sha256=2ff33f2e3b5c3c26d1959be54b395c086ca6d44826e8bf41a14ff96fdf1bdbb2

From 946a297d5d8de85416ad54d7eec0506ae0a39c60 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 28 Oct 2024 20:12:28 +0000
Subject: [PATCH 340/381] Bump avo-advanced from 3.13.1 to 3.13.7

Bumps avo-advanced from 3.13.1 to 3.13.7.

---
updated-dependencies:
- dependency-name: avo-advanced
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile.lock | 53 ++++++++++++++++++++++++++--------------------------
 1 file changed, 27 insertions(+), 26 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 6523d87f11c..5082c5da941 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,29 +1,29 @@
 GEM
   remote: https://packager.dev/avo-hq/
   specs:
-    avo-advanced (3.13.1)
-      avo (= 3.13.1)
-      avo-dynamic_filters (= 3.13.1)
-      avo-pro (= 3.13.1)
+    avo-advanced (3.13.7)
+      avo (= 3.13.7)
+      avo-dynamic_filters (= 3.13.7)
+      avo-pro (= 3.13.7)
       zeitwerk (>= 2.6.12)
-    avo-dashboards (3.13.1)
-      avo (= 3.13.1)
+    avo-dashboards (3.13.7)
+      avo (= 3.13.7)
       turbo-rails
       view_component (>= 3.7.0)
       zeitwerk (>= 2.6.12)
-    avo-dynamic_filters (3.13.1)
-      avo (= 3.13.1)
+    avo-dynamic_filters (3.13.7)
+      avo (= 3.13.7)
       ransack (>= 4.2.0)
       view_component (>= 3.7.0)
       zeitwerk (>= 2.6.12)
-    avo-menu (3.13.1)
-      avo (= 3.13.1)
+    avo-menu (3.13.7)
+      avo (= 3.13.7)
       docile
       zeitwerk (>= 2.6.12)
-    avo-pro (3.13.1)
-      avo (= 3.13.1)
-      avo-dashboards (= 3.13.1)
-      avo-menu (= 3.13.1)
+    avo-pro (3.13.7)
+      avo (= 3.13.7)
+      avo-dashboards (= 3.13.7)
+      avo-menu (= 3.13.7)
       zeitwerk (>= 2.6.12)
 
 GEM
@@ -115,7 +115,7 @@ GEM
       ffi-compiler (~> 1.0)
     ast (2.4.2)
     attr_required (1.0.2)
-    avo (3.13.1)
+    avo (3.13.7)
       actionview (>= 6.1)
       active_link_to
       activerecord (>= 6.1)
@@ -123,9 +123,9 @@ GEM
       addressable
       docile
       inline_svg
-      literal (~> 0.2)
       meta-tags
       pagy (>= 7.0.0)
+      prop_initializer (>= 0.2.0)
       turbo-rails (>= 2.0.0)
       turbo_power (>= 0.6.0)
       view_component (>= 3.7.0)
@@ -415,7 +415,6 @@ GEM
     listen (3.9.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    literal (0.2.1)
     llhttp-ffi (0.5.0)
       ffi-compiler (~> 1.0)
       rake (~> 13.0)
@@ -561,6 +560,8 @@ GEM
     pp (0.5.0)
       prettyprint
     prettyprint (0.2.0)
+    prop_initializer (0.2.0)
+      zeitwerk (>= 2.6.18)
     propshaft (1.1.0)
       actionpack (>= 7.0.0)
       activesupport (>= 7.0.0)
@@ -798,7 +799,7 @@ GEM
       bindata (~> 2.4)
       openssl (> 2.0)
       openssl-signature_algorithm (~> 1.0)
-    turbo-rails (2.0.10)
+    turbo-rails (2.0.11)
       actionpack (>= 6.0.0)
       railties (>= 6.0.0)
     turbo_power (0.6.2)
@@ -999,12 +1000,12 @@ CHECKSUMS
   argon2 (2.3.0) sha256=980ef65172bf512ad37b6cbb0d61eef40b6dccab6a7db4e70557527e1dce9557
   ast (2.4.2) sha256=1e280232e6a33754cde542bc5ef85520b74db2aac73ec14acef453784447cc12
   attr_required (1.0.2) sha256=f0ebfc56b35e874f4d0ae799066dbc1f81efefe2364ca3803dc9ea6a4de6cb99
-  avo (3.13.1) sha256=6fd001bda35c4b307579fbc6f597de60d89846b04b96d2bc4cb06bcd54b5945b
-  avo-advanced (3.13.1) sha256=87d87a6e0837dbeab549428f3afbcb0e0c81e23e46de62dffd0a1270bffc1d0e
-  avo-dashboards (3.13.1) sha256=073cdbb7c7e9ad46693291d6d5976bdba1a900bf572376a88e02b793f9e4e528
-  avo-dynamic_filters (3.13.1) sha256=adb72eae45ca400c595e6999dcfcea7d28f3c2d513b0520599a3fe0d39538671
-  avo-menu (3.13.1) sha256=444fec35ccc1956bbbb6ff7489c48641d88350d8dfb55652681cadb03b87d901
-  avo-pro (3.13.1) sha256=c465c9886926f155dd9fd8d46bbb96018260cced9af8206bf64c428a25793f09
+  avo (3.13.7) sha256=28e226c8d838f249c16a91d8f0a02250a1d2356966014fd0cec894eeafd0777b
+  avo-advanced (3.13.7) sha256=ca673da1cd0693be1a50e00717a7fd9fd9673448a65b746c2c2440292936192f
+  avo-dashboards (3.13.7) sha256=6a91956df1071994a755cf979d907833689f2e92e9f9aa566672c6f3ce860944
+  avo-dynamic_filters (3.13.7) sha256=5e5c246fc5434544cc5813dc893d3ee1d9493e87450246925bb72b486c9f1b57
+  avo-menu (3.13.7) sha256=d1a2b43cfc1c42df91e44dedf2422b5510f2d7c8511e958fe218297423aa4443
+  avo-pro (3.13.7) sha256=ad1796fd2cfc9c9f9af3666088e508a998f7b6c57afe167ba076205990e8e655
   avo_upgrade (0.1.1) sha256=8d841083b9956392f5c8fe195f25bec0d139e3646d276f8a59e66b7d2e9ebf30
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
@@ -1127,7 +1128,6 @@ CHECKSUMS
   libddwaf (1.14.0.0.0-x86_64-darwin) sha256=33017c057fd6b4948ef4577c4a13bc89d878541961b205309fac1e71516433ff
   libddwaf (1.14.0.0.0-x86_64-linux) sha256=030640a4158ae05f9276cc1e09bfe9d19dda5af26703235cf17cf3752f1985b1
   listen (3.9.0) sha256=db9e4424e0e5834480385197c139cb6b0ae0ef28cc13310cfd1ca78377d59c67
-  literal (0.2.1) sha256=7544725886486ce6ae701fea1ea23bb7955ef218ef109f91ad4414f3b7921261
   llhttp-ffi (0.5.0) sha256=496f40ad44bcbf99de02da1f26b1ad64e6593cd487b931508a86228e2a3af0fa
   local_time (3.0.2) sha256=cb8abb2d56726ae285d00b0bd7f4c34bafc38c0c1cbc70ddc28f3a5661168d9d
   logger (1.6.1) sha256=3ad9587ed3940bf7897ea64a673971415523f4f7d6b22c5e3af5219705669653
@@ -1187,6 +1187,7 @@ CHECKSUMS
   phlex-rails (1.2.1) sha256=1d80709c02114cda869951d22bfca189b5f208d1eb89f2e6fafbe3c0240a822f
   pp (0.5.0) sha256=f8f40bc2ba9e1ab351b9458151da3a89f46034f7f599a8e0a06abb9b9f4411dd
   prettyprint (0.2.0) sha256=2bc9e15581a94742064a3cc8b0fb9d45aae3d03a1baa6ef80922627a0766f193
+  prop_initializer (0.2.0) sha256=bd27704d0df8c59c3baf0df5cf448eba2b140fb9934fb31b2e379b5c842d8820
   propshaft (1.1.0) sha256=d389361faf66aeb17e8d204828962c1e506edd14a1a17adb3fa475435c070f6b
   prosopite (1.4.2) sha256=b2e422e2d9dbf3ce20130ded3252fe14adb3833555eacd451f5015d8c9177e79
   pry (0.14.1) sha256=99b6df0665875dd5a39d85e0150aa5a12e2bb4fef401b6c4f64d32ee502f8454
@@ -1281,7 +1282,7 @@ CHECKSUMS
   timescaledb (0.3.0) sha256=9ce2b39417d30544054cb609fbd84e18e304c7b7952a793846b8f4489551a28f
   toxiproxy (2.0.2) sha256=2e3b53604fb921d40da3db8f78a52b3133fcae33e93d440725335b15974e440a
   tpm-key_attestation (0.12.0) sha256=e133d80cf24fef0e7a7dfad00fd6aeff01fc79875fbfc66cd8537bbd622b1e6d
-  turbo-rails (2.0.10) sha256=11cde241f9335ef6962322642dfd764178de192d0ba45101963da0f10f8e5738
+  turbo-rails (2.0.11) sha256=fc47674736372780abd2a4dc0d84bef242f5ca156a457cd7fa6308291e397fcf
   turbo_power (0.6.2) sha256=c9080d0d1bb79deed67bee2a7654dd38f9c903b57ad52b98d19d000958fde2cc
   tzinfo (2.0.6) sha256=8daf828cc77bcf7d63b0e3bdb6caa47e2272dcfaf4fbfe46f8c3a9df087a829b
   unicode-display_width (2.6.0) sha256=12279874bba6d5e4d2728cef814b19197dbb10d7a7837a869bab65da943b7f5a

From d248b29fdd4df97989f9e147340ae879840c9345 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Thu, 31 Oct 2024 21:27:35 +0100
Subject: [PATCH 341/381] Abandon Avo Literal types.

---
 Gemfile                                                      | 1 +
 Gemfile.lock                                                 | 1 +
 app/views/components/application_component.rb                | 1 +
 app/views/components/events/table_component.rb               | 4 +---
 app/views/components/events/table_details_component.rb       | 4 ++--
 app/views/components/oidc/api_key_role/table_component.rb    | 3 +--
 .../components/oidc/id_token/key_value_pairs_component.rb    | 3 +--
 app/views/components/oidc/id_token/table_component.rb        | 3 +--
 .../oidc/trusted_publisher/github_action/form_component.rb   | 4 +---
 .../oidc/trusted_publisher/github_action/table_component.rb  | 4 +---
 app/views/oidc/id_tokens/show_view.rb                        | 3 +--
 app/views/oidc/pending_trusted_publishers/index_view.rb      | 3 +--
 app/views/oidc/pending_trusted_publishers/new_view.rb        | 4 +---
 app/views/oidc/rubygem_trusted_publishers/index_view.rb      | 5 ++---
 app/views/oidc/rubygem_trusted_publishers/new_view.rb        | 4 +---
 app/views/profiles/security_events_view.rb                   | 3 +--
 app/views/rubygems/security_events_view.rb                   | 5 ++---
 .../github_action/form_component_preview.rb                  | 4 ++--
 18 files changed, 22 insertions(+), 37 deletions(-)

diff --git a/Gemfile b/Gemfile
index 4763cc0a2c4..17ea76c871b 100644
--- a/Gemfile
+++ b/Gemfile
@@ -68,6 +68,7 @@ gem "view_component", "~> 3.14.0"
 gem "pundit", "~> 2.4"
 gem "chartkick", "~> 5.1"
 gem "groupdate", "~> 6.5"
+gem "prop_initializer", "~> 0.2"
 
 group :avo, optional: true do
   source "https://packager.dev/avo-hq/" do
diff --git a/Gemfile.lock b/Gemfile.lock
index 5082c5da941..b3a8322337e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -930,6 +930,7 @@ DEPENDENCIES
   pghero (~> 3.6)
   phlex-rails (~> 1.2)
   pp (= 0.5.0)
+  prop_initializer (~> 0.2)
   propshaft (~> 1.1.0)
   prosopite (~> 1.4)
   pry-byebug (~> 3.10)
diff --git a/app/views/components/application_component.rb b/app/views/components/application_component.rb
index 75773f70368..8e8d1aa0d40 100644
--- a/app/views/components/application_component.rb
+++ b/app/views/components/application_component.rb
@@ -2,6 +2,7 @@
 
 class ApplicationComponent < Phlex::HTML
   include Phlex::Rails::Helpers::Routes
+  extend PropInitializer::Properties
 
   class TranslationHelper
     include ActionView::Helpers::TranslationHelper
diff --git a/app/views/components/events/table_component.rb b/app/views/components/events/table_component.rb
index 56bf86d57b0..ea1fef7b768 100644
--- a/app/views/components/events/table_component.rb
+++ b/app/views/components/events/table_component.rb
@@ -12,9 +12,7 @@ class Events::TableComponent < ApplicationComponent
   register_value_helper :page_entries_info
   register_value_helper :paginate
 
-  extend Literal::Properties
-
-  prop :security_events, _Union(ActiveRecord::Relation, Array), reader: :private
+  prop :security_events, reader: :public
 
   def view_template
     header(class: "gems__header push--s") do
diff --git a/app/views/components/events/table_details_component.rb b/app/views/components/events/table_details_component.rb
index d3d8db5f1ab..49e07e748ce 100644
--- a/app/views/components/events/table_details_component.rb
+++ b/app/views/components/events/table_details_component.rb
@@ -1,7 +1,7 @@
 class Events::TableDetailsComponent < ApplicationComponent
-  extend Literal::Properties
+  extend PropInitializer::Properties
 
-  prop :event, _Any, reader: :private
+  prop :event, reader: :public
   delegate :additional, :rubygem, to: :event
 
   def view_template
diff --git a/app/views/components/oidc/api_key_role/table_component.rb b/app/views/components/oidc/api_key_role/table_component.rb
index 53dd5e64a52..e00a87474eb 100644
--- a/app/views/components/oidc/api_key_role/table_component.rb
+++ b/app/views/components/oidc/api_key_role/table_component.rb
@@ -2,9 +2,8 @@
 
 class OIDC::ApiKeyRole::TableComponent < ApplicationComponent
   include Phlex::Rails::Helpers::LinkTo
-  extend Literal::Properties
 
-  prop :api_key_roles, _Any, reader: :private
+  prop :api_key_roles, reader: :public
 
   def view_template
     table(class: "t-body") do
diff --git a/app/views/components/oidc/id_token/key_value_pairs_component.rb b/app/views/components/oidc/id_token/key_value_pairs_component.rb
index 51c6ef0c1a3..8052eb446ad 100644
--- a/app/views/components/oidc/id_token/key_value_pairs_component.rb
+++ b/app/views/components/oidc/id_token/key_value_pairs_component.rb
@@ -1,8 +1,7 @@
 # frozen_string_literal: true
 
 class OIDC::IdToken::KeyValuePairsComponent < ApplicationComponent
-  extend Literal::Properties
-  prop :pairs, _Any, reader: :private
+  prop :pairs, reader: :public
 
   def view_template
     dl(class: "t-body provider_attributes full-width overflow-wrap") do
diff --git a/app/views/components/oidc/id_token/table_component.rb b/app/views/components/oidc/id_token/table_component.rb
index a59ee0c8549..8c8541afdf8 100644
--- a/app/views/components/oidc/id_token/table_component.rb
+++ b/app/views/components/oidc/id_token/table_component.rb
@@ -1,8 +1,7 @@
 # frozen_string_literal: true
 
 class OIDC::IdToken::TableComponent < ApplicationComponent
-  extend Literal::Properties
-  prop :id_tokens, _Any, reader: :private
+  prop :id_tokens, reader: :public
 
   include Phlex::Rails::Helpers::TimeTag
   include Phlex::Rails::Helpers::LinkToUnlessCurrent
diff --git a/app/views/components/oidc/trusted_publisher/github_action/form_component.rb b/app/views/components/oidc/trusted_publisher/github_action/form_component.rb
index 34fa0f5fb05..de52e3282be 100644
--- a/app/views/components/oidc/trusted_publisher/github_action/form_component.rb
+++ b/app/views/components/oidc/trusted_publisher/github_action/form_component.rb
@@ -1,9 +1,7 @@
 # frozen_string_literal: true
 
 class OIDC::TrustedPublisher::GitHubAction::FormComponent < ApplicationComponent
-  extend Literal::Properties
-
-  prop :github_action_form, _Any, reader: :private
+  prop :github_action_form, reader: :public
 
   def view_template
     github_action_form.fields_for :trusted_publisher do |trusted_publisher_form|
diff --git a/app/views/components/oidc/trusted_publisher/github_action/table_component.rb b/app/views/components/oidc/trusted_publisher/github_action/table_component.rb
index be63e206bdd..ecb8e83242b 100644
--- a/app/views/components/oidc/trusted_publisher/github_action/table_component.rb
+++ b/app/views/components/oidc/trusted_publisher/github_action/table_component.rb
@@ -1,7 +1,5 @@
 class OIDC::TrustedPublisher::GitHubAction::TableComponent < ApplicationComponent
-  extend Literal::Properties
-
-  prop :github_action, _Any, reader: :private
+  prop :github_action, reader: :public
 
   def view_template
     dl(class: "tw-flex tw-flex-col sm:tw-grid sm:tw-grid-cols-2 tw-items-baseline tw-gap-4 full-width overflow-wrap") do
diff --git a/app/views/oidc/id_tokens/show_view.rb b/app/views/oidc/id_tokens/show_view.rb
index a11162e281f..a151197509c 100644
--- a/app/views/oidc/id_tokens/show_view.rb
+++ b/app/views/oidc/id_tokens/show_view.rb
@@ -1,11 +1,10 @@
 # frozen_string_literal: true
 
 class OIDC::IdTokens::ShowView < ApplicationView
-  extend Literal::Properties
   include Phlex::Rails::Helpers::TimeTag
   include Phlex::Rails::Helpers::LinkTo
 
-  prop :id_token, OIDC::IdToken, reader: :private
+  prop :id_token, reader: :public
 
   def view_template # rubocop:disable Metrics/AbcSize
     self.title = t(".title")
diff --git a/app/views/oidc/pending_trusted_publishers/index_view.rb b/app/views/oidc/pending_trusted_publishers/index_view.rb
index ed8239fa0a4..903f15db369 100644
--- a/app/views/oidc/pending_trusted_publishers/index_view.rb
+++ b/app/views/oidc/pending_trusted_publishers/index_view.rb
@@ -5,9 +5,8 @@ class OIDC::PendingTrustedPublishers::IndexView < ApplicationView
   include Phlex::Rails::Helpers::ContentFor
   include Phlex::Rails::Helpers::DistanceOfTimeInWordsToNow
   include Phlex::Rails::Helpers::LinkTo
-  extend Literal::Properties
 
-  prop :trusted_publishers, _Any, reader: :private
+  prop :trusted_publishers, reader: :public
 
   def view_template
     title_content
diff --git a/app/views/oidc/pending_trusted_publishers/new_view.rb b/app/views/oidc/pending_trusted_publishers/new_view.rb
index 2a573de4ec5..76b2b259b02 100644
--- a/app/views/oidc/pending_trusted_publishers/new_view.rb
+++ b/app/views/oidc/pending_trusted_publishers/new_view.rb
@@ -6,9 +6,7 @@ class OIDC::PendingTrustedPublishers::NewView < ApplicationView
   include Phlex::Rails::Helpers::OptionsForSelect
   include Phlex::Rails::Helpers::FormWith
 
-  extend Literal::Properties
-
-  prop :pending_trusted_publisher, OIDC::PendingTrustedPublisher, reader: :private
+  prop :pending_trusted_publisher, reader: :public
 
   def view_template
     self.title = t(".title")
diff --git a/app/views/oidc/rubygem_trusted_publishers/index_view.rb b/app/views/oidc/rubygem_trusted_publishers/index_view.rb
index bd4ac10c09e..42816591196 100644
--- a/app/views/oidc/rubygem_trusted_publishers/index_view.rb
+++ b/app/views/oidc/rubygem_trusted_publishers/index_view.rb
@@ -5,10 +5,9 @@ class OIDC::RubygemTrustedPublishers::IndexView < ApplicationView
   include Phlex::Rails::Helpers::LinkTo
   include Phlex::Rails::Helpers::ContentFor
   include OIDC::RubygemTrustedPublishers::Concerns::Title
-  extend Literal::Properties
 
-  prop :rubygem, Rubygem, reader: :private
-  prop :trusted_publishers, _Any, reader: :private
+  prop :rubygem, reader: :public
+  prop :trusted_publishers, reader: :public
 
   def view_template
     title_content
diff --git a/app/views/oidc/rubygem_trusted_publishers/new_view.rb b/app/views/oidc/rubygem_trusted_publishers/new_view.rb
index 5d207a9fdc2..0c976a06ae9 100644
--- a/app/views/oidc/rubygem_trusted_publishers/new_view.rb
+++ b/app/views/oidc/rubygem_trusted_publishers/new_view.rb
@@ -8,9 +8,7 @@ class OIDC::RubygemTrustedPublishers::NewView < ApplicationView
   include Phlex::Rails::Helpers::SelectTag
   include OIDC::RubygemTrustedPublishers::Concerns::Title
 
-  extend Literal::Properties
-
-  prop :rubygem_trusted_publisher, OIDC::RubygemTrustedPublisher, reader: :private
+  prop :rubygem_trusted_publisher, reader: :public
 
   def view_template
     title_content
diff --git a/app/views/profiles/security_events_view.rb b/app/views/profiles/security_events_view.rb
index aad7a7fe957..46cbd8a78e7 100644
--- a/app/views/profiles/security_events_view.rb
+++ b/app/views/profiles/security_events_view.rb
@@ -6,9 +6,8 @@ class Profiles::SecurityEventsView < ApplicationView
   include Phlex::Rails::Helpers::DistanceOfTimeInWordsToNow
   include Phlex::Rails::Helpers::TimeTag
   include Phlex::Rails::Helpers::LinkTo
-  extend Literal::Properties
 
-  prop :security_events, _Any, reader: :private
+  prop :security_events, reader: :public
 
   def view_template
     title_content
diff --git a/app/views/rubygems/security_events_view.rb b/app/views/rubygems/security_events_view.rb
index 9d0b387a3f9..613c4c28b86 100644
--- a/app/views/rubygems/security_events_view.rb
+++ b/app/views/rubygems/security_events_view.rb
@@ -4,10 +4,9 @@ class Rubygems::SecurityEventsView < ApplicationView
   include Phlex::Rails::Helpers::ButtonTo
   include Phlex::Rails::Helpers::ContentFor
   include Phlex::Rails::Helpers::LinkTo
-  extend Literal::Properties
 
-  prop :rubygem, Rubygem, reader: :private
-  prop :security_events, _Any, reader: :private
+  prop :rubygem, reader: :public
+  prop :security_events, reader: :public
 
   def view_template
     title_content
diff --git a/test/components/previews/oidc/trusted_publisher/github_action/form_component_preview.rb b/test/components/previews/oidc/trusted_publisher/github_action/form_component_preview.rb
index af54a967d96..c2df0ed77c0 100644
--- a/test/components/previews/oidc/trusted_publisher/github_action/form_component_preview.rb
+++ b/test/components/previews/oidc/trusted_publisher/github_action/form_component_preview.rb
@@ -9,8 +9,8 @@ def default(factory: :oidc_rubygem_trusted_publisher, environment: nil, reposito
   class Wrapper < Phlex::HTML
     include Phlex::Rails::Helpers::FormWith
 
-    extend Literal::Properties
-    prop :form_object, _Any
+    extend PropInitializer::Properties
+    prop :form_object
 
     def view_template
       form_with(model: @form_object, url: "/") do |github_action_form|

From e32dde3c8ba5cc0df5dad7697511b13c2cea5038 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Nov 2024 12:05:23 -0700
Subject: [PATCH 342/381] Bump ruby/setup-ruby from 1.198.0 to 1.199.0 (#5191)

Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.198.0 to 1.199.0.
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/98aefb3c83eea830993080938ed245dc8e2b843b...7d3497fd78c07c0d84ebafa58d8dac60cd1f0763)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/lint.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 764968d2a84..85e2652cbb4 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@98aefb3c83eea830993080938ed245dc8e2b843b # v1.198.0
+      - uses: ruby/setup-ruby@7d3497fd78c07c0d84ebafa58d8dac60cd1f0763 # v1.199.0
         with:
           bundler-cache: true
       - name: Rubocop
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@98aefb3c83eea830993080938ed245dc8e2b843b # v1.198.0
+      - uses: ruby/setup-ruby@7d3497fd78c07c0d84ebafa58d8dac60cd1f0763 # v1.199.0
         with:
           bundler-cache: true
       - name: Brakeman
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@98aefb3c83eea830993080938ed245dc8e2b843b # v1.198.0
+      - uses: ruby/setup-ruby@7d3497fd78c07c0d84ebafa58d8dac60cd1f0763 # v1.199.0
         with:
           bundler-cache: true
       - name: Importmap Verify
@@ -51,7 +51,7 @@ jobs:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@98aefb3c83eea830993080938ed245dc8e2b843b # v1.198.0
+      - uses: ruby/setup-ruby@7d3497fd78c07c0d84ebafa58d8dac60cd1f0763 # v1.199.0
         with:
           bundler-cache: true
       - name: krane render

From 7f52ae776e1c7c8ca7f072d86e322cf7c0b13e65 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Fri, 1 Nov 2024 11:51:22 -0700
Subject: [PATCH 343/381] Attempt to fix CI for external PRs

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 Dockerfile                | 2 +-
 test/system/admin_test.rb | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 4def663466f..76a69e15d16 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -56,7 +56,7 @@ RUN --mount=type=cache,id=bld-gem-cache,sharing=locked,target=/srv/vendor \
   set -ex
 
   bundle config set --local without 'development test'
-  bundle config set --local with ${BUNDLE_WITH:-}
+  [ -z ${BUNDLE_WITH:-} ] || bundle config set --local with ${BUNDLE_WITH}
   bundle config set --local path /srv/vendor
   bundle install --jobs 20 --retry 5
   bundle clean
diff --git a/test/system/admin_test.rb b/test/system/admin_test.rb
index 64f6f1a4dbf..9fb440cba5f 100644
--- a/test/system/admin_test.rb
+++ b/test/system/admin_test.rb
@@ -2,6 +2,8 @@
 
 class AdminTest < ApplicationSystemTestCase
   test "development login as an admin" do
+    requires_avo_pro
+
     @admin_user = create(:admin_github_user, :is_admin)
 
     visit "/admin"

From 4c88dd61a69ab32b3b2e721f7b9959bd91ca888e Mon Sep 17 00:00:00 2001
From: Kairo Araujo <kairo@dearaujo.nl>
Date: Sun, 13 Oct 2024 10:01:03 +0200
Subject: [PATCH 344/381] Add new RSTUF state `PRE_RUN` to check job

Add a new RSTUF state `PRE_RUN` to check the job.
This state is right after being received by the RSTUF Worker and should retry.
---
 app/jobs/rstuf/check_job.rb       |  2 +-
 test/jobs/rstuf/check_job_test.rb | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/app/jobs/rstuf/check_job.rb b/app/jobs/rstuf/check_job.rb
index c66da399fe2..82e2bc1b7c8 100644
--- a/app/jobs/rstuf/check_job.rb
+++ b/app/jobs/rstuf/check_job.rb
@@ -14,7 +14,7 @@ def perform(task_id)
       raise FailureException, "RSTUF job failed, please check payload and retry"
     when "ERRORED", "REVOKED", "REJECTED"
       raise ErrorException, "RSTUF internal problem, please check RSTUF health"
-    when "PENDING", "RUNNING", "RECEIVED", "STARTED"
+    when "PENDING", "PRE_RUN", "RUNNING", "RECEIVED", "STARTED"
       raise RetryException
     else
       Rails.logger.info "RSTUF job returned unexpected state #{status}"
diff --git a/test/jobs/rstuf/check_job_test.rb b/test/jobs/rstuf/check_job_test.rb
index d45a535de96..9298770393d 100644
--- a/test/jobs/rstuf/check_job_test.rb
+++ b/test/jobs/rstuf/check_job_test.rb
@@ -47,6 +47,16 @@ class Rstuf::CheckJobTest < ActiveJob::TestCase
     end
   end
 
+  test "perform raises a retry exception on pre_run state and retries" do
+    retry_response = { "data" => { "state" => "PRE_RUN" } }
+    stub_request(:get, "#{Rstuf.base_url}/api/v1/task/?task_id=#{@task_id}")
+      .to_return(status: 200, body: retry_response.to_json, headers: { "Content-Type" => "application/json" })
+
+    assert_enqueued_with(job: Rstuf::CheckJob, args: [@task_id]) do
+      Rstuf::CheckJob.perform_now(@task_id)
+    end
+  end
+
   test "perform raises a retry exception on retry state and retries" do
     retry_response = { "data" => { "state" => "UNKNOWN" } }
     stub_request(:get, "#{Rstuf.base_url}/api/v1/task/?task_id=#{@task_id}")

From a42cec739f9a976a6559469fa8227917c426071d Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Mon, 4 Nov 2024 10:54:15 -0800
Subject: [PATCH 345/381] Simply allow unsafe-inline for style-src is CSP
 (#5194)

I noticed that GitHub.com does the same, so I interpret the risk
as very minimal. We don't interpret user input for display anywhere
on the site, and it removes this ugly script and fixes some other
minor bugs with inline svgs in tailwind.css

Also removes nonces from styles in CSP, which should be unused when
allowing unsafe-inline.
---
 .../initializers/content_security_policy.rb   |  9 ++---
 script/turbo_rails_hash                       | 33 -------------------
 2 files changed, 2 insertions(+), 40 deletions(-)
 delete mode 100755 script/turbo_rails_hash

diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 331f03e0fec..a1c056048c3 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -14,12 +14,7 @@
     # NOTE: This scirpt_src is overridden for all requests in ApplicationController
     # This is the baseline in case the override is ever skipped
     policy.script_src :self, "https://secure.gaug.es", "https://www.fastly-insights.com"
-    policy.style_src :self, "https://fonts.googleapis.com",
-      # This hardcoded value is the SHA256 of the style tag injected by turbo-rails ProgressBar.
-      # We don't want to rely on the nonce because it gets cached and then turbo can't reliably navigate.
-      # This is because new turbo responses and old cached responses will have different nonces, making CSP fail.
-      # You can regenerate this value by looking at script/turbo_rails_hash in this repo.
-      "'sha256-WAyOw4V+FqDc35lQPyRADLBWbuNK8ahvYEaQIYF1+Ps='"
+    policy.style_src :self, :unsafe_inline, "https://fonts.googleapis.com"
     policy.connect_src :self, "https://s3-us-west-2.amazonaws.com/rubygems-dumps/", "https://*.fastly-insights.com", "https://fastly-insights.com",
       "https://api.github.com", "http://localhost:*"
     policy.form_action :self, "https://github.com/login/oauth/authorize"
@@ -60,4 +55,4 @@
   request.session.send(:load_for_write!) # force session to be created
   request.session.id.to_s.presence || SecureRandom.base64(16)
 }
-Rails.application.config.content_security_policy_nonce_directives = %w[script-src style-src]
+Rails.application.config.content_security_policy_nonce_directives = %w[script-src]
diff --git a/script/turbo_rails_hash b/script/turbo_rails_hash
deleted file mode 100755
index 3a2e748a768..00000000000
--- a/script/turbo_rails_hash
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/usr/bin/env ruby
-
-require "digest"
-
-# when you copy the src here, make sure you don't change the indentation or start/end spacing.
-css = ".turbo-progress-bar {
-  position: fixed;
-  display: block;
-  top: 0;
-  left: 0;
-  height: 3px;
-  background: #0076ff;
-  z-index: 2147483647;
-  transition:
-    width 300ms ease-out,
-    opacity 150ms 150ms ease-in;
-  transform: translate3d(0, 0, 0);
-}
-"
-
-puts <<~INSTRUCTIONS
-  This script generates a Content Security Policy (CSP) hash for the Turbo ProgressBar CSS.
-  The CSS is hardcoded into this script because it is generated by the Turbo JavaScript code.
-  You can copy it directly from the <style> tag injected at the top of the <head> on a page with Turbo.
-  It's dynamically generated so we can't just copy it from the source code.
-  The CSS is generated inside the ProgressBar class, example link here:
-
-  https://github.com/hotwired/turbo-rails/blob/b733dfc3d08b6c64be68b6699250cf402e1cd631/app/assets/javascripts/turbo.js#L2306
-
-  Once updated, add this to config/initializers/content_security_policy.rb in the style-src directive:
-
-  policy.style_src :self, ..., "'sha256-#{Digest::SHA256.base64digest(css)}'"
-INSTRUCTIONS

From 4ef97b26b9feb40bbcf62a7332b509f9b1897e56 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Nov 2024 23:07:52 +0000
Subject: [PATCH 346/381] Bump avo-advanced from 3.13.7 to 3.14.0 (#5202)

---
 Gemfile      |  2 +-
 Gemfile.lock | 48 ++++++++++++++++++++++++------------------------
 2 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/Gemfile b/Gemfile
index 17ea76c871b..a347e906a4a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -72,7 +72,7 @@ gem "prop_initializer", "~> 0.2"
 
 group :avo, optional: true do
   source "https://packager.dev/avo-hq/" do
-    gem "avo-advanced", "~> 3.13"
+    gem "avo-advanced", "~> 3.14"
   end
 end
 
diff --git a/Gemfile.lock b/Gemfile.lock
index b3a8322337e..5e72425f9d0 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,29 +1,29 @@
 GEM
   remote: https://packager.dev/avo-hq/
   specs:
-    avo-advanced (3.13.7)
-      avo (= 3.13.7)
-      avo-dynamic_filters (= 3.13.7)
-      avo-pro (= 3.13.7)
+    avo-advanced (3.14.0)
+      avo (= 3.14.0)
+      avo-dynamic_filters (= 3.14.0)
+      avo-pro (= 3.14.0)
       zeitwerk (>= 2.6.12)
-    avo-dashboards (3.13.7)
-      avo (= 3.13.7)
+    avo-dashboards (3.14.0)
+      avo (= 3.14.0)
       turbo-rails
       view_component (>= 3.7.0)
       zeitwerk (>= 2.6.12)
-    avo-dynamic_filters (3.13.7)
-      avo (= 3.13.7)
+    avo-dynamic_filters (3.14.0)
+      avo (= 3.14.0)
       ransack (>= 4.2.0)
       view_component (>= 3.7.0)
       zeitwerk (>= 2.6.12)
-    avo-menu (3.13.7)
-      avo (= 3.13.7)
+    avo-menu (3.14.0)
+      avo (= 3.14.0)
       docile
       zeitwerk (>= 2.6.12)
-    avo-pro (3.13.7)
-      avo (= 3.13.7)
-      avo-dashboards (= 3.13.7)
-      avo-menu (= 3.13.7)
+    avo-pro (3.14.0)
+      avo (= 3.14.0)
+      avo-dashboards (= 3.14.0)
+      avo-menu (= 3.14.0)
       zeitwerk (>= 2.6.12)
 
 GEM
@@ -115,7 +115,7 @@ GEM
       ffi-compiler (~> 1.0)
     ast (2.4.2)
     attr_required (1.0.2)
-    avo (3.13.7)
+    avo (3.14.0)
       actionview (>= 6.1)
       active_link_to
       activerecord (>= 6.1)
@@ -840,7 +840,7 @@ GEM
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    webrick (1.8.2)
+    webrick (1.9.0)
     websocket (1.2.11)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
@@ -866,7 +866,7 @@ DEPENDENCIES
   aggregate_assertions (~> 0.2.0)
   amazing_print (~> 1.6)
   avo (~> 3.13)
-  avo-advanced (~> 3.13)!
+  avo-advanced (~> 3.14)!
   avo_upgrade (~> 0.1.1)
   aws-sdk-s3 (~> 1.169)
   aws-sdk-sqs (~> 1.87)
@@ -1001,12 +1001,12 @@ CHECKSUMS
   argon2 (2.3.0) sha256=980ef65172bf512ad37b6cbb0d61eef40b6dccab6a7db4e70557527e1dce9557
   ast (2.4.2) sha256=1e280232e6a33754cde542bc5ef85520b74db2aac73ec14acef453784447cc12
   attr_required (1.0.2) sha256=f0ebfc56b35e874f4d0ae799066dbc1f81efefe2364ca3803dc9ea6a4de6cb99
-  avo (3.13.7) sha256=28e226c8d838f249c16a91d8f0a02250a1d2356966014fd0cec894eeafd0777b
-  avo-advanced (3.13.7) sha256=ca673da1cd0693be1a50e00717a7fd9fd9673448a65b746c2c2440292936192f
-  avo-dashboards (3.13.7) sha256=6a91956df1071994a755cf979d907833689f2e92e9f9aa566672c6f3ce860944
-  avo-dynamic_filters (3.13.7) sha256=5e5c246fc5434544cc5813dc893d3ee1d9493e87450246925bb72b486c9f1b57
-  avo-menu (3.13.7) sha256=d1a2b43cfc1c42df91e44dedf2422b5510f2d7c8511e958fe218297423aa4443
-  avo-pro (3.13.7) sha256=ad1796fd2cfc9c9f9af3666088e508a998f7b6c57afe167ba076205990e8e655
+  avo (3.14.0) sha256=ae8744b3bde7c9b3d41869e58214abf288d7ef6f230420746f012df083f1c0be
+  avo-advanced (3.14.0) sha256=9b4a450819e7ea4aa2b25ff07d4e6f0bd36bcb6c99e86469a2fd1be733b9fe17
+  avo-dashboards (3.14.0) sha256=5b2c30fee710fdfec6d47d940d5018cb1afcd2020720e5ef436001dc2ee6387b
+  avo-dynamic_filters (3.14.0) sha256=05fd9e5846ad247310fbffed61b40be310d9334646e8d59afe6c724faff5b28e
+  avo-menu (3.14.0) sha256=f07243d2a52921d28718d7d9bdddb11eaebdc0dd5b07deed7a7fb767550be554
+  avo-pro (3.14.0) sha256=0a20743f5c5e685a9088c9b753bc8419a68aac57f7fa2966485e9ceb61a82c5f
   avo_upgrade (0.1.1) sha256=8d841083b9956392f5c8fe195f25bec0d139e3646d276f8a59e66b7d2e9ebf30
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
@@ -1298,7 +1298,7 @@ CHECKSUMS
   webauthn (3.1.0) sha256=e545fcf17d8a6b821161a37c1c4bc8c3d2ead0ff6ff3b098f57f417e731790b7
   webfinger (2.1.3) sha256=567a52bde77fb38ca6b67e55db755f988766ec4651c1d24916a65aa70540695c
   webmock (3.24.0) sha256=be01357f6fc773606337ca79f3ba332b7d52cbe5c27587671abc0572dbec7122
-  webrick (1.8.2) sha256=431746a349199546ff9dd272cae10849c865f938216e41c402a6489248f12f21
+  webrick (1.9.0) sha256=9ee50c57006489960b2a07544f68de6f23dfbee30e7b424167b5c14b72ace964
   websocket (1.2.11) sha256=b7e7a74e2410b5e85c25858b26b3322f29161e300935f70a0e0d3c35e0462737
   websocket-driver (0.7.6) sha256=f69400be7bc197879726ad8e6f5869a61823147372fd8928836a53c2c741d0db
   websocket-extensions (0.1.5) sha256=1c6ba63092cda343eb53fc657110c71c754c56484aad42578495227d717a8241

From 3f39f1792fe657fc76c4581a337e015b5b7503c9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Nov 2024 23:08:02 +0000
Subject: [PATCH 347/381] Bump dogstatsd-ruby from 5.6.2 to 5.6.3 (#5203)

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 5e72425f9d0..745ce489679 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -245,7 +245,7 @@ GEM
     discard (1.3.0)
       activerecord (>= 4.2, < 8)
     docile (1.4.1)
-    dogstatsd-ruby (5.6.2)
+    dogstatsd-ruby (5.6.3)
     domain_name (0.6.20240107)
     dotenv (3.1.4)
     dotenv-rails (3.1.4)
@@ -1054,7 +1054,7 @@ CHECKSUMS
   diff-lcs (1.5.1) sha256=273223dfb40685548436d32b4733aa67351769c7dea621da7d9dd4813e63ddfe
   discard (1.3.0) sha256=55218997ca4dc11f0594f1bb2d1196c4a959ceb562f1ab6490130233598dda67
   docile (1.4.1) sha256=96159be799bfa73cdb721b840e9802126e4e03dfc26863db73647204c727f21e
-  dogstatsd-ruby (5.6.2) sha256=3d952a2415e382fd91059f1c9c6a1fc5dde354fa39266ae47a38c2b518424db1
+  dogstatsd-ruby (5.6.3) sha256=9702f3ddd4dbdbf0073edc4c70ed81dd00aa53677705eaebadcde6717c003b1c
   domain_name (0.6.20240107) sha256=5f693b2215708476517479bf2b3802e49068ad82167bcd2286f899536a17d933
   dotenv (3.1.4) sha256=6dc502e718ea0d3542673345da05c7a69039840898e251757adb3405d2b35629
   dotenv-rails (3.1.4) sha256=a7d75f6ab3cc7f1b28e7deb0462efb155878e4e87ce3cc6e42ce35bea61c6fe4

From 56cb8bfcf6fe5d169bd5ebd2515f950b9ad81469 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Nov 2024 23:20:18 +0000
Subject: [PATCH 348/381] Bump ruby/setup-ruby from 1.199.0 to 1.200.0 (#5204)

---
 .github/workflows/lint.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 85e2652cbb4..f7a8b96de2e 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@7d3497fd78c07c0d84ebafa58d8dac60cd1f0763 # v1.199.0
+      - uses: ruby/setup-ruby@217c988b8c2bf2bacb2d5c78a7e7b18f8c34daed # v1.200.0
         with:
           bundler-cache: true
       - name: Rubocop
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@7d3497fd78c07c0d84ebafa58d8dac60cd1f0763 # v1.199.0
+      - uses: ruby/setup-ruby@217c988b8c2bf2bacb2d5c78a7e7b18f8c34daed # v1.200.0
         with:
           bundler-cache: true
       - name: Brakeman
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@7d3497fd78c07c0d84ebafa58d8dac60cd1f0763 # v1.199.0
+      - uses: ruby/setup-ruby@217c988b8c2bf2bacb2d5c78a7e7b18f8c34daed # v1.200.0
         with:
           bundler-cache: true
       - name: Importmap Verify
@@ -51,7 +51,7 @@ jobs:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@7d3497fd78c07c0d84ebafa58d8dac60cd1f0763 # v1.199.0
+      - uses: ruby/setup-ruby@217c988b8c2bf2bacb2d5c78a7e7b18f8c34daed # v1.200.0
         with:
           bundler-cache: true
       - name: krane render

From bc1ca2607d9417caa0b0ee0d860b8a6f1adcf5a0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Nov 2024 23:20:31 +0000
Subject: [PATCH 349/381] Bump rackup from 2.1.0 to 2.2.0 (#5197)

---
 Gemfile      | 2 +-
 Gemfile.lock | 9 +++------
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/Gemfile b/Gemfile
index a347e906a4a..88beabe8f8d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -31,7 +31,7 @@ gem "openid_connect", "~> 2.3"
 gem "pg", "~> 1.5"
 gem "puma", "~> 6.4"
 gem "rack", "~> 3.1"
-gem "rackup", "~> 2.1"
+gem "rackup", "~> 2.2"
 gem "rack-sanitizer", "~> 2.0"
 gem "rbtrace", "~> 0.5.1"
 gem "rdoc", "~> 6.7"
diff --git a/Gemfile.lock b/Gemfile.lock
index 745ce489679..0c1903e995c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -603,9 +603,8 @@ GEM
       rack (>= 3.0.0)
     rack-test (2.1.0)
       rack (>= 1.3)
-    rackup (2.1.0)
+    rackup (2.2.0)
       rack (>= 3)
-      webrick (~> 1.8)
     rails (7.2.1.1)
       actioncable (= 7.2.1.1)
       actionmailbox (= 7.2.1.1)
@@ -840,7 +839,6 @@ GEM
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    webrick (1.9.0)
     websocket (1.2.11)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
@@ -940,7 +938,7 @@ DEPENDENCIES
   rack-attack (~> 6.6)
   rack-sanitizer (~> 2.0)
   rack-test (~> 2.1)
-  rackup (~> 2.1)
+  rackup (~> 2.2)
   rails (~> 7.2.1)
   rails-controller-testing (~> 1.0)
   rails-erd (~> 1.7)
@@ -1207,7 +1205,7 @@ CHECKSUMS
   rack-sanitizer (2.0.3) sha256=3e492e1b56b0005fb1b56d77dff996821059aad4321634883ae3c42c865f9af0
   rack-session (2.0.0) sha256=db04b2063e180369192a9046b4559af311990af38c6a93d4c600cee4eb6d4e81
   rack-test (2.1.0) sha256=0c61fc61904049d691922ea4bb99e28004ed3f43aa5cfd495024cc345f125dfb
-  rackup (2.1.0) sha256=6ecb884a581990332e45ee17bdfdc14ccbee46c2f710ae1566019907869a6c4d
+  rackup (2.2.0) sha256=72335d0c0e32497692cb9998b15b2ef9ebfe77a430d72ac06d49db3b05ea543d
   rails (7.2.1.1) sha256=79dbdb6feebf78c1172b643a273a4b1c6c8a18e101a4bb1c838be611a3cdcae7
   rails-controller-testing (1.0.5) sha256=741448db59366073e86fc965ba403f881c636b79a2c39a48d0486f2607182e94
   rails-dom-testing (2.2.0) sha256=e515712e48df1f687a1d7c380fd7b07b8558faa26464474da64183a7426fa93b
@@ -1298,7 +1296,6 @@ CHECKSUMS
   webauthn (3.1.0) sha256=e545fcf17d8a6b821161a37c1c4bc8c3d2ead0ff6ff3b098f57f417e731790b7
   webfinger (2.1.3) sha256=567a52bde77fb38ca6b67e55db755f988766ec4651c1d24916a65aa70540695c
   webmock (3.24.0) sha256=be01357f6fc773606337ca79f3ba332b7d52cbe5c27587671abc0572dbec7122
-  webrick (1.9.0) sha256=9ee50c57006489960b2a07544f68de6f23dfbee30e7b424167b5c14b72ace964
   websocket (1.2.11) sha256=b7e7a74e2410b5e85c25858b26b3322f29161e300935f70a0e0d3c35e0462737
   websocket-driver (0.7.6) sha256=f69400be7bc197879726ad8e6f5869a61823147372fd8928836a53c2c741d0db
   websocket-extensions (0.1.5) sha256=1c6ba63092cda343eb53fc657110c71c754c56484aad42578495227d717a8241

From 779ee170bcf55737b0d4c1ad38958c20497bafc8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 Nov 2024 07:02:20 -0800
Subject: [PATCH 350/381] Bump statsd-instrument from 3.9.6 to 3.9.7 (#5207)

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 0c1903e995c..fd1dba6908e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -768,7 +768,7 @@ GEM
     snaky_hash (2.0.1)
       hashie
       version_gem (~> 1.1, >= 1.1.1)
-    statsd-instrument (3.9.6)
+    statsd-instrument (3.9.7)
     stimulus-rails (1.3.4)
       railties (>= 6.0.0)
     stringio (3.1.1)
@@ -1265,7 +1265,7 @@ CHECKSUMS
   simplecov_json_formatter (0.1.4) sha256=529418fbe8de1713ac2b2d612aa3daa56d316975d307244399fa4838c601b428
   smart_properties (1.17.0) sha256=f9323f8122e932341756ddec8e0ac9ec6e238408a7661508be99439ca6d6384b
   snaky_hash (2.0.1) sha256=1ac87ec157fcfe7a460e821e0cd48ae1e6f5e3e082ab520f03f31a9259dbdc31
-  statsd-instrument (3.9.6) sha256=aa2151852a5ac2ea1ac6348c6e3eaebd053a72ac2184c4785ee4c536e8dde12d
+  statsd-instrument (3.9.7) sha256=98feeeb39f95f2805c2070b46ae3e72e30679758301ba2f78d075e5b49edf6a5
   stimulus-rails (1.3.4) sha256=765676ffa1f33af64ce026d26b48e8ffb2e0b94e0f50e9119e11d6107d67cb06
   stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
   strong_migrations (2.0.2) sha256=888a71d04580169d6fe4ab9e7f0ce5293a9a70b3624be912c4de9e9609ed378c

From 702b10541df2be14e2a44c2bcd8cb1561b9d4f50 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Nov 2024 13:20:30 +0000
Subject: [PATCH 351/381] Bump launchdarkly-server-sdk from 8.8.1 to 8.8.2
 (#5211)

---
 Gemfile.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index fd1dba6908e..78e258375ea 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -356,7 +356,7 @@ GEM
     jmespath (1.6.2)
     job-iteration (1.5.1)
       activejob (>= 5.2)
-    json (2.7.5)
+    json (2.8.1)
     json-jwt (1.16.7)
       activesupport (>= 4.2)
       aes_key_wrap
@@ -378,7 +378,7 @@ GEM
       kaminari-core (= 1.2.2)
     kaminari-core (1.2.2)
     language_server-protocol (3.17.0.3)
-    launchdarkly-server-sdk (8.8.1)
+    launchdarkly-server-sdk (8.8.2)
       concurrent-ruby (~> 1.1)
       http (>= 4.4.0, < 6.0.0)
       json (~> 2.3)
@@ -1105,7 +1105,7 @@ CHECKSUMS
   irb (1.14.1) sha256=5975003b58d36efaf492380baa982ceedf5aed36967a4d5b40996bc5c66e80f8
   jmespath (1.6.2) sha256=238d774a58723d6c090494c8879b5e9918c19485f7e840f2c1c7532cf84ebcb1
   job-iteration (1.5.1) sha256=1428ad5b308adbaae8776c16b7792a846eb1ad7f4ab3c6e0f9668dd2ab1179e5
-  json (2.7.5) sha256=eb3448f3884cb7c6d5a550db47fca9153dfbb2a941d1ac0ff245ffacf6df6c5e
+  json (2.8.1) sha256=404e8ca4c2ef6c7a6fa15bb9e2e280f3523334b78a83f22268297fe7939ee22a
   json-jwt (1.16.7) sha256=ccabff4c6d1a14276b23178e8bebe513ef236399b72a0b886d7ed94800d172a5
   jwt (2.7.1) sha256=07357cd2f180739b2f8184eda969e252d850ac996ed0a23f616e8ff0a90ae19b
   kaminari (1.2.2) sha256=c4076ff9adccc6109408333f87b5c4abbda5e39dc464bd4c66d06d9f73442a3e
@@ -1113,7 +1113,7 @@ CHECKSUMS
   kaminari-activerecord (1.2.2) sha256=0dd3a67bab356a356f36b3b7236bcb81cef313095365befe8e98057dd2472430
   kaminari-core (1.2.2) sha256=3bd26fec7370645af40ca73b9426a448d09b8a8ba7afa9ba3c3e0d39cdbb83ff
   language_server-protocol (3.17.0.3) sha256=3d5c58c02f44a20d972957a9febe386d7e7468ab3900ce6bd2b563dd910c6b3f
-  launchdarkly-server-sdk (8.8.1) sha256=e344f6faac19233c89a7f976ea1b41619e73e560952802b86e6754e66c0c1494
+  launchdarkly-server-sdk (8.8.2) sha256=7a65646751b7e37389d8b0a2717eef1584b0d5829ba2c3efbc09d0e80047ac49
   launchy (3.0.1) sha256=b7fa60bda0197cf57614e271a250a8ca1f6a34ab889a3c73f67ec5d57c8a7f2c
   ld-eventsource (2.2.2) sha256=5ea087a6f06bbd8e325d2c1aaead50f37f13d025b952985739e9380a78a96beb
   letter_opener (1.10.0) sha256=2ff33f2e3b5c3c26d1959be54b395c086ca6d44826e8bf41a14ff96fdf1bdbb2

From 706c30984a808d3b4bff866bba5eb2d08863fcf5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Nov 2024 13:20:44 +0000
Subject: [PATCH 352/381] Bump ruby/setup-ruby from 1.200.0 to 1.201.0 (#5212)

---
 .github/workflows/lint.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index f7a8b96de2e..cc2f0cc2682 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@217c988b8c2bf2bacb2d5c78a7e7b18f8c34daed # v1.200.0
+      - uses: ruby/setup-ruby@46ca53beb334a2329bcd0e46a694816a6ae6d173 # v1.201.0
         with:
           bundler-cache: true
       - name: Rubocop
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@217c988b8c2bf2bacb2d5c78a7e7b18f8c34daed # v1.200.0
+      - uses: ruby/setup-ruby@46ca53beb334a2329bcd0e46a694816a6ae6d173 # v1.201.0
         with:
           bundler-cache: true
       - name: Brakeman
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@217c988b8c2bf2bacb2d5c78a7e7b18f8c34daed # v1.200.0
+      - uses: ruby/setup-ruby@46ca53beb334a2329bcd0e46a694816a6ae6d173 # v1.201.0
         with:
           bundler-cache: true
       - name: Importmap Verify
@@ -51,7 +51,7 @@ jobs:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@217c988b8c2bf2bacb2d5c78a7e7b18f8c34daed # v1.200.0
+      - uses: ruby/setup-ruby@46ca53beb334a2329bcd0e46a694816a6ae6d173 # v1.201.0
         with:
           bundler-cache: true
       - name: krane render

From dda69d74867561aac501edae49fe40b192b521be Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Nov 2024 13:21:01 +0000
Subject: [PATCH 353/381] Bump aws-sdk-s3 from 1.169.0 to 1.170.0 (#5209)

---
 Gemfile      |  2 +-
 Gemfile.lock | 18 +++++++++---------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/Gemfile b/Gemfile
index 88beabe8f8d..31998df28aa 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,7 +5,7 @@ ruby file: ".ruby-version"
 gem "rails", "~> 7.2.1"
 gem "rails-i18n", "~> 7.0"
 
-gem "aws-sdk-s3", "~> 1.169"
+gem "aws-sdk-s3", "~> 1.170"
 gem "aws-sdk-sqs", "~> 1.87"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.9"
diff --git a/Gemfile.lock b/Gemfile.lock
index 78e258375ea..4d5571c5e50 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -135,8 +135,8 @@ GEM
       zeitwerk
     awrence (1.2.1)
     aws-eventstream (1.3.0)
-    aws-partitions (1.992.0)
-    aws-sdk-core (3.210.0)
+    aws-partitions (1.1001.0)
+    aws-sdk-core (3.212.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
       aws-sigv4 (~> 1.9)
@@ -144,14 +144,14 @@ GEM
     aws-sdk-kms (1.95.0)
       aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.169.0)
+    aws-sdk-s3 (1.170.0)
       aws-sdk-core (~> 3, >= 3.210.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
     aws-sdk-sqs (1.87.0)
       aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
-    aws-sigv4 (1.10.0)
+    aws-sigv4 (1.10.1)
       aws-eventstream (~> 1, >= 1.0.2)
     base64 (0.2.0)
     bcrypt (3.1.20)
@@ -866,7 +866,7 @@ DEPENDENCIES
   avo (~> 3.13)
   avo-advanced (~> 3.14)!
   avo_upgrade (~> 0.1.1)
-  aws-sdk-s3 (~> 1.169)
+  aws-sdk-s3 (~> 1.170)
   aws-sdk-sqs (~> 1.87)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
@@ -1008,12 +1008,12 @@ CHECKSUMS
   avo_upgrade (0.1.1) sha256=8d841083b9956392f5c8fe195f25bec0d139e3646d276f8a59e66b7d2e9ebf30
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
-  aws-partitions (1.992.0) sha256=16942dbcbb8a9f54fdcc114fca03e228ae170dc215d011f3d9b45acae35cdb37
-  aws-sdk-core (3.210.0) sha256=3b84ffe42686194d36254206f2e6f65df8f2273cc000810b5173c0e833507652
+  aws-partitions (1.1001.0) sha256=2979f3317d3a757508d35d0f322839f422cbc8459589b7cc4a3889d0085a8307
+  aws-sdk-core (3.212.0) sha256=ab35e52d533cdd531171a6aadfb483775f412429a03e4850489699e60a8dc8bb
   aws-sdk-kms (1.95.0) sha256=2ae508c642ddc59baa1296229108e9601a2fa00e57cf7a2153c9488f0587fd5e
-  aws-sdk-s3 (1.169.0) sha256=3ff3f5cff2b097acaac600721effa0a86d5ee09d048be0b71f7186d4d24cceca
+  aws-sdk-s3 (1.170.0) sha256=e5a143e9c418813f8bb56322f589c77027f0a04b0c6a9d1b085fc2967dde9e9a
   aws-sdk-sqs (1.87.0) sha256=709defdc401bb52e6895266b50248b4b8f8a614ec8d512e21f1c0f2ab8f6ae78
-  aws-sigv4 (1.10.0) sha256=159b113dc93f9fa5a13603a8bd09eab54a9a0e8f98e606b47f1cee504780df9c
+  aws-sigv4 (1.10.1) sha256=8a140753f34de18125686b11e7adaed4ca3db06dfb50a478993bd437f7a203bb
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507
   bcrypt (3.1.20) sha256=8410f8c7b3ed54a3c00cd2456bf13917d695117f033218e2483b2e40b0784099
   benchmark-ips (2.14.0) sha256=b72bc8a65d525d5906f8cd94270dccf73452ee3257a32b89fbd6684d3e8a9b1d

From 6a675c0ef27c9fd54c16c750bb4cc9a6f7b2e832 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Nov 2024 13:21:33 +0000
Subject: [PATCH 354/381] Bump discard from 1.3.0 to 1.4.0 (#5205)

---
 Gemfile      |  2 +-
 Gemfile.lock | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Gemfile b/Gemfile
index 31998df28aa..a328fa70172 100644
--- a/Gemfile
+++ b/Gemfile
@@ -55,7 +55,7 @@ gem "bcrypt", "~> 3.1"
 gem "maintenance_tasks", "~> 2.8"
 gem "strong_migrations", "~> 2.0"
 gem "phlex-rails", "~> 1.2"
-gem "discard", "~> 1.3"
+gem "discard", "~> 1.4"
 gem "user_agent_parser", "~> 2.18"
 gem "pghero", "~> 3.6"
 gem "faraday-multipart", "~> 1.0"
diff --git a/Gemfile.lock b/Gemfile.lock
index 4d5571c5e50..8fcfcb2e310 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -242,8 +242,8 @@ GEM
       ruby2_keywords
       thor (>= 0.19, < 2)
     diff-lcs (1.5.1)
-    discard (1.3.0)
-      activerecord (>= 4.2, < 8)
+    discard (1.4.0)
+      activerecord (>= 4.2, < 9.0)
     docile (1.4.1)
     dogstatsd-ruby (5.6.3)
     domain_name (0.6.20240107)
@@ -788,7 +788,7 @@ GEM
     tailwindcss-ruby (3.4.14-x86_64-darwin)
     tailwindcss-ruby (3.4.14-x86_64-linux)
     thor (1.3.2)
-    timeout (0.4.1)
+    timeout (0.4.2)
     timescaledb (0.3.0)
       activerecord
       activesupport
@@ -882,7 +882,7 @@ DEPENDENCIES
   datadog (~> 2.4)
   datadog-ci (~> 1.8)
   derailed_benchmarks (~> 2.2)
-  discard (~> 1.3)
+  discard (~> 1.4)
   dogstatsd-ruby (~> 5.6)
   dotenv-rails (~> 3.1)
   factory_bot_rails (~> 6.4)
@@ -1050,7 +1050,7 @@ CHECKSUMS
   debase-ruby_core_source (3.3.1) sha256=ed904cae290edf0cf274ad707f8981bf1cefad8081e78d4bb71be2a483bc2c08
   derailed_benchmarks (2.2.1) sha256=654280664fded41c9cd8fc27fc0fcfaf096023afab90eb4ac1185ba70c5d4439
   diff-lcs (1.5.1) sha256=273223dfb40685548436d32b4733aa67351769c7dea621da7d9dd4813e63ddfe
-  discard (1.3.0) sha256=55218997ca4dc11f0594f1bb2d1196c4a959ceb562f1ab6490130233598dda67
+  discard (1.4.0) sha256=6efcd2a53ddf96781f81b825d398f1c88ab88c0faa84e131bea6e16ef95d65d0
   docile (1.4.1) sha256=96159be799bfa73cdb721b840e9802126e4e03dfc26863db73647204c727f21e
   dogstatsd-ruby (5.6.3) sha256=9702f3ddd4dbdbf0073edc4c70ed81dd00aa53677705eaebadcde6717c003b1c
   domain_name (0.6.20240107) sha256=5f693b2215708476517479bf2b3802e49068ad82167bcd2286f899536a17d933
@@ -1277,7 +1277,7 @@ CHECKSUMS
   tailwindcss-ruby (3.4.14-x86_64-darwin) sha256=add1f6c63cfb7851557323ef7bc7ed49d927ba610b4b363d1066389232ade3ef
   tailwindcss-ruby (3.4.14-x86_64-linux) sha256=c23dec24cb855d748750e8f4bca1b048a1e617f381e81336c8ab65ede7e84d5c
   thor (1.3.2) sha256=eef0293b9e24158ccad7ab383ae83534b7ad4ed99c09f96f1a6b036550abbeda
-  timeout (0.4.1) sha256=6f1f4edd4bca28cffa59501733a94215407c6960bd2107331f0280d4abdebb9a
+  timeout (0.4.2) sha256=8aca2d5ff98eb2f7a501c03f8c3622065932cc58bc58f725cd50a09e63b4cc19
   timescaledb (0.3.0) sha256=9ce2b39417d30544054cb609fbd84e18e304c7b7952a793846b8f4489551a28f
   toxiproxy (2.0.2) sha256=2e3b53604fb921d40da3db8f78a52b3133fcae33e93d440725335b15974e440a
   tpm-key_attestation (0.12.0) sha256=e133d80cf24fef0e7a7dfad00fd6aeff01fc79875fbfc66cd8537bbd622b1e6d

From 1c5f0510640803f4a59cc5b9773039b0266f2d25 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Nov 2024 22:39:10 +0000
Subject: [PATCH 355/381] Bump aws-sdk-sqs from 1.87.0 to 1.88.0 (#5208)

---
 Gemfile      |  2 +-
 Gemfile.lock | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Gemfile b/Gemfile
index a328fa70172..0febb631994 100644
--- a/Gemfile
+++ b/Gemfile
@@ -6,7 +6,7 @@ gem "rails", "~> 7.2.1"
 gem "rails-i18n", "~> 7.0"
 
 gem "aws-sdk-s3", "~> 1.170"
-gem "aws-sdk-sqs", "~> 1.87"
+gem "aws-sdk-sqs", "~> 1.88"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.9"
 gem "dalli", "~> 3.2"
diff --git a/Gemfile.lock b/Gemfile.lock
index 8fcfcb2e310..f35a330ccd3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -135,7 +135,7 @@ GEM
       zeitwerk
     awrence (1.2.1)
     aws-eventstream (1.3.0)
-    aws-partitions (1.1001.0)
+    aws-partitions (1.1002.0)
     aws-sdk-core (3.212.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
@@ -148,7 +148,7 @@ GEM
       aws-sdk-core (~> 3, >= 3.210.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
-    aws-sdk-sqs (1.87.0)
+    aws-sdk-sqs (1.88.0)
       aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
     aws-sigv4 (1.10.1)
@@ -867,7 +867,7 @@ DEPENDENCIES
   avo-advanced (~> 3.14)!
   avo_upgrade (~> 0.1.1)
   aws-sdk-s3 (~> 1.170)
-  aws-sdk-sqs (~> 1.87)
+  aws-sdk-sqs (~> 1.88)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
   bootsnap (~> 1.18)
@@ -1008,11 +1008,11 @@ CHECKSUMS
   avo_upgrade (0.1.1) sha256=8d841083b9956392f5c8fe195f25bec0d139e3646d276f8a59e66b7d2e9ebf30
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
-  aws-partitions (1.1001.0) sha256=2979f3317d3a757508d35d0f322839f422cbc8459589b7cc4a3889d0085a8307
+  aws-partitions (1.1002.0) sha256=d23b94122d746e5e24090b6fa2790420288eeecea53f6fa2b91c4eeaef2b3b98
   aws-sdk-core (3.212.0) sha256=ab35e52d533cdd531171a6aadfb483775f412429a03e4850489699e60a8dc8bb
   aws-sdk-kms (1.95.0) sha256=2ae508c642ddc59baa1296229108e9601a2fa00e57cf7a2153c9488f0587fd5e
   aws-sdk-s3 (1.170.0) sha256=e5a143e9c418813f8bb56322f589c77027f0a04b0c6a9d1b085fc2967dde9e9a
-  aws-sdk-sqs (1.87.0) sha256=709defdc401bb52e6895266b50248b4b8f8a614ec8d512e21f1c0f2ab8f6ae78
+  aws-sdk-sqs (1.88.0) sha256=3e4e022b9af1796eb87bb368a8bb2001ebcad3b5025d76aa9ba731acea01a2eb
   aws-sigv4 (1.10.1) sha256=8a140753f34de18125686b11e7adaed4ca3db06dfb50a478993bd437f7a203bb
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507
   bcrypt (3.1.20) sha256=8410f8c7b3ed54a3c00cd2456bf13917d695117f033218e2483b2e40b0784099

From 3a989b034d88aa3bd99f10cde0fe99b8be369070 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Nov 2024 14:44:59 +0000
Subject: [PATCH 356/381] Bump github/codeql-action from 3.27.0 to 3.27.1

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.0 to 3.27.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/662472033e021d55d94146f66f6058822b0b39fd...4f3212b61783c3c68e8309a0f18a699764811cda)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 67766490121..e5facdf0d4e 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 1e7ebcc8c95..1ab4607a1b0 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
         with:
           sarif_file: results.sarif

From 253cc4f0446a07253755736b66e2e385f79ebde5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Nov 2024 14:51:08 +0000
Subject: [PATCH 357/381] Bump roadie-rails from 3.2.0 to 3.3.0

Bumps [roadie-rails](https://github.com/Mange/roadie-rails) from 3.2.0 to 3.3.0.
- [Changelog](https://github.com/Mange/roadie-rails/blob/master/Changelog.md)
- [Commits](https://github.com/Mange/roadie-rails/compare/v3.2.0...v3.3.0)

---
updated-dependencies:
- dependency-name: roadie-rails
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 24 ++++++++++++------------
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/Gemfile b/Gemfile
index 0febb631994..20286b64334 100644
--- a/Gemfile
+++ b/Gemfile
@@ -35,7 +35,7 @@ gem "rackup", "~> 2.2"
 gem "rack-sanitizer", "~> 2.0"
 gem "rbtrace", "~> 0.5.1"
 gem "rdoc", "~> 6.7"
-gem "roadie-rails", "~> 3.2"
+gem "roadie-rails", "~> 3.3"
 gem "ruby-magic", "~> 0.6"
 gem "shoryuken", "~> 6.2", require: false
 gem "statsd-instrument", "~> 3.9"
diff --git a/Gemfile.lock b/Gemfile.lock
index f35a330ccd3..8eff4a5aebf 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -574,7 +574,7 @@ GEM
     pry-byebug (3.10.1)
       byebug (~> 11.0)
       pry (>= 0.13, < 0.15)
-    psych (5.1.2)
+    psych (5.2.0)
       stringio
     public_suffix (6.0.1)
     puma (6.4.3)
@@ -667,14 +667,14 @@ GEM
       psych (>= 4.0.0)
     redcarpet (3.6.0)
     regexp_parser (2.9.2)
-    reline (0.5.10)
+    reline (0.5.11)
       io-console (~> 0.5)
     rexml (3.3.9)
     roadie (5.2.1)
       css_parser (~> 1.4)
       nokogiri (~> 1.15)
-    roadie-rails (3.2.0)
-      railties (>= 5.1, < 8.0)
+    roadie-rails (3.3.0)
+      railties (>= 5.1, < 8.1)
       roadie (~> 5.0)
     rotp (6.3.0)
     rouge (4.4.0)
@@ -738,7 +738,7 @@ GEM
     searchkick (5.4.0)
       activemodel (>= 6.1)
       hashie
-    securerandom (0.3.1)
+    securerandom (0.3.2)
     selenium-webdriver (4.26.0)
       base64 (~> 0.2)
       logger (~> 1.4)
@@ -771,7 +771,7 @@ GEM
     statsd-instrument (3.9.7)
     stimulus-rails (1.3.4)
       railties (>= 6.0.0)
-    stringio (3.1.1)
+    stringio (3.1.2)
     strong_migrations (2.0.2)
       activerecord (>= 6.1)
     swd (2.0.3)
@@ -946,7 +946,7 @@ DEPENDENCIES
   rails_semantic_logger (~> 4.17)
   rbtrace (~> 0.5.1)
   rdoc (~> 6.7)
-  roadie-rails (~> 3.2)
+  roadie-rails (~> 3.3)
   rotp (~> 6.2)
   rqrcode (~> 2.1)
   rubocop (~> 1.64)
@@ -1191,7 +1191,7 @@ CHECKSUMS
   prosopite (1.4.2) sha256=b2e422e2d9dbf3ce20130ded3252fe14adb3833555eacd451f5015d8c9177e79
   pry (0.14.1) sha256=99b6df0665875dd5a39d85e0150aa5a12e2bb4fef401b6c4f64d32ee502f8454
   pry-byebug (3.10.1) sha256=c8f975c32255bfdb29e151f5532130be64ff3d0042dc858d0907e849125581f8
-  psych (5.1.2) sha256=337322f58fc2bf24827d2b9bd5ab595f6a72971867d151bb39980060ea40a368
+  psych (5.2.0) sha256=6603fe756bcaf14daa25bc17625f36c90931dcf70452ac1e8da19760dc310573
   public_suffix (6.0.1) sha256=61d44e1cab5cbbbe5b31068481cf16976dd0dc1b6b07bd95617ef8c5e3e00c6f
   puma (6.4.3) sha256=24a4645c006811d83f2480057d1f54a96e7627b6b90e1c99b260b9dc630eb43e
   pundit (2.4.0) sha256=43e6d27a9df082c04f0020999ce4dcf6742ecc5775d102ef2bfe9df041417572
@@ -1223,10 +1223,10 @@ CHECKSUMS
   rdoc (6.7.0) sha256=b17d5f0f57b0853d7b880d4360a32c7caf8dbb81f8503a36426df809e617f379
   redcarpet (3.6.0) sha256=8ad1889c0355ff4c47174af14edd06d62f45a326da1da6e8a121d59bdcd2e9e9
   regexp_parser (2.9.2) sha256=5a27e767ad634f8a4b544520d5cd28a0db7aa1198a5d7c9d7e11d7b3d9066446
-  reline (0.5.10) sha256=1660c969a792ebd034e6ceee8ca628f3b6698dcdb34f7a282a5edda37b958166
+  reline (0.5.11) sha256=868d5f4dbfd9caafa70182f7f6fa258b70baee4e565d7cd9e70b4d5b11a7cb65
   rexml (3.3.9) sha256=d71875b85299f341edf47d44df0212e7658cbdf35aeb69cefdb63f57af3137c9
   roadie (5.2.1) sha256=e4a4f61ce792bd91b228b6844b4bad6b160cdc1b8df86c81a8b983082a5001d6
-  roadie-rails (3.2.0) sha256=90a534857fcfe9fdbe4f9ebfdbc47e5d33462c4f36f478fc80ba6a7b6257433f
+  roadie-rails (3.3.0) sha256=4080f67a635962fb3df77ed42b2992ff41ee6502b60b5f4609a9fb9eb06c0a5e
   rotp (6.3.0) sha256=75d40087e65ed0d8022c33055a6306c1c400d1c12261932533b5d6cbcd868854
   rouge (4.4.0) sha256=7a6d6d951e3202e4ce3926838625fa6edeb35680e6d1e3817f53c14212220b64
   rqrcode (2.2.0) sha256=23eea88bb44c7ee6d6cab9354d08c287f7ebcdc6112e1fe7bcc2d010d1ffefc1
@@ -1252,7 +1252,7 @@ CHECKSUMS
   safety_net_attestation (0.4.0) sha256=96be2d74e7ed26453a51894913449bea0e072f44490021545ac2d1c38b0718ce
   sawyer (0.9.2) sha256=fa3a72d62a4525517b18857ddb78926aab3424de0129be6772a8e2ba240e7aca
   searchkick (5.4.0) sha256=75d7256d3ec2af2dc11c2ba8160c86d80451f3f86447aae2ace1f79553de0bf3
-  securerandom (0.3.1) sha256=98f0450c0ea46d2f9a4b6db4f391dbd83dc08049592eada155739f40e0341bde
+  securerandom (0.3.2) sha256=e8b2ffa651dfbbb26eb4bfb8ddcfff94221a93e3f118f39e0f7f94c14fea9dc0
   selenium-webdriver (4.26.0) sha256=bb0426ffe50e5940a6a5ed2978b4dfb1cb29e0e1c4d0a420d6aabf0f6c8e0690
   semantic (1.6.1) sha256=3cdbb48f59198ebb782a3fdfb87b559e0822a311610db153bae22777a7d0c163
   semantic_logger (4.16.0) sha256=ffba0bd0e008ceaf6be26da588f610a61208b9a9f55676b32729e962904023d9
@@ -1267,7 +1267,7 @@ CHECKSUMS
   snaky_hash (2.0.1) sha256=1ac87ec157fcfe7a460e821e0cd48ae1e6f5e3e082ab520f03f31a9259dbdc31
   statsd-instrument (3.9.7) sha256=98feeeb39f95f2805c2070b46ae3e72e30679758301ba2f78d075e5b49edf6a5
   stimulus-rails (1.3.4) sha256=765676ffa1f33af64ce026d26b48e8ffb2e0b94e0f50e9119e11d6107d67cb06
-  stringio (3.1.1) sha256=53456e14175c594e0e8eb2206a1be33f3974d4fe21c131e628908b05c8c2ae1e
+  stringio (3.1.2) sha256=204f1828f85cdb39d57cac4abc6dc44b04505a223f131587f2e20ae3729ba131
   strong_migrations (2.0.2) sha256=888a71d04580169d6fe4ab9e7f0ce5293a9a70b3624be912c4de9e9609ed378c
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
   tailwindcss-rails (3.0.0) sha256=ee9e5956411968fa445d2bb514c8fb70b239ca2e6f2d5bae06b161e2bee19446

From a35c0fc32e4893674406668af1cf1d803dd85eb5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Nov 2024 00:48:24 +0000
Subject: [PATCH 358/381] Bump ruby/setup-ruby from 1.201.0 to 1.202.0

Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.201.0 to 1.202.0.
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/46ca53beb334a2329bcd0e46a694816a6ae6d173...a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index cc2f0cc2682..8b9819d6de8 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@46ca53beb334a2329bcd0e46a694816a6ae6d173 # v1.201.0
+      - uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0
         with:
           bundler-cache: true
       - name: Rubocop
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@46ca53beb334a2329bcd0e46a694816a6ae6d173 # v1.201.0
+      - uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0
         with:
           bundler-cache: true
       - name: Brakeman
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@46ca53beb334a2329bcd0e46a694816a6ae6d173 # v1.201.0
+      - uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0
         with:
           bundler-cache: true
       - name: Importmap Verify
@@ -51,7 +51,7 @@ jobs:
       - name: login to Github Packages
         run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ruby/setup-ruby@46ca53beb334a2329bcd0e46a694816a6ae6d173 # v1.201.0
+      - uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0
         with:
           bundler-cache: true
       - name: krane render

From bf566f3c289f04072726af35fd88bd0d0e03a680 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Nov 2024 18:19:23 -0800
Subject: [PATCH 359/381] Bump strong_migrations from 2.0.2 to 2.1.0 (#5218)

---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 20286b64334..7606e1dbfcb 100644
--- a/Gemfile
+++ b/Gemfile
@@ -53,7 +53,7 @@ gem "webauthn", "~> 3.1"
 gem "browser", "~> 6.0"
 gem "bcrypt", "~> 3.1"
 gem "maintenance_tasks", "~> 2.8"
-gem "strong_migrations", "~> 2.0"
+gem "strong_migrations", "~> 2.1"
 gem "phlex-rails", "~> 1.2"
 gem "discard", "~> 1.4"
 gem "user_agent_parser", "~> 2.18"
diff --git a/Gemfile.lock b/Gemfile.lock
index 8eff4a5aebf..42e963c617c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -772,7 +772,7 @@ GEM
     stimulus-rails (1.3.4)
       railties (>= 6.0.0)
     stringio (3.1.2)
-    strong_migrations (2.0.2)
+    strong_migrations (2.1.0)
       activerecord (>= 6.1)
     swd (2.0.3)
       activesupport (>= 3)
@@ -965,7 +965,7 @@ DEPENDENCIES
   simplecov-cobertura (~> 2.1)
   statsd-instrument (~> 3.9)
   stimulus-rails (~> 1.3)
-  strong_migrations (~> 2.0)
+  strong_migrations (~> 2.1)
   tailwindcss-rails (~> 3.0)
   timescaledb (~> 0.3)
   toxiproxy (~> 2.0)
@@ -1268,7 +1268,7 @@ CHECKSUMS
   statsd-instrument (3.9.7) sha256=98feeeb39f95f2805c2070b46ae3e72e30679758301ba2f78d075e5b49edf6a5
   stimulus-rails (1.3.4) sha256=765676ffa1f33af64ce026d26b48e8ffb2e0b94e0f50e9119e11d6107d67cb06
   stringio (3.1.2) sha256=204f1828f85cdb39d57cac4abc6dc44b04505a223f131587f2e20ae3729ba131
-  strong_migrations (2.0.2) sha256=888a71d04580169d6fe4ab9e7f0ce5293a9a70b3624be912c4de9e9609ed378c
+  strong_migrations (2.1.0) sha256=d48015334c4f9276a2e82e0ed6a2f610424afdbccae64a761b8c900aa10092f9
   swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655
   tailwindcss-rails (3.0.0) sha256=ee9e5956411968fa445d2bb514c8fb70b239ca2e6f2d5bae06b161e2bee19446
   tailwindcss-ruby (3.4.14) sha256=80e0eb4f369ca48c00b688f88730c5fefe2ea9821f16f03a86dd2a6bf56dda3a

From 1408be29b84d969c2f2feb8d83044209871e3c12 Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
Date: Tue, 12 Nov 2024 11:22:53 +0900
Subject: [PATCH 360/381] bundle up datadog

---
 Gemfile.lock | 50 +++++++++++++++++++++++++-------------------------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 42e963c617c..587c062ef58 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -213,16 +213,16 @@ GEM
       addressable
     csv (3.3.0)
     dalli (3.2.8)
-    datadog (2.4.0)
-      debase-ruby_core_source (= 3.3.1)
-      libdatadog (~> 12.0.0.1.0)
-      libddwaf (~> 1.14.0.0.0)
+    datadog (2.6.0)
+      datadog-ruby_core_source (~> 3.3)
+      libdatadog (~> 14.0.0.1.0)
+      libddwaf (~> 1.15.0.0.0)
       msgpack
     datadog-ci (1.8.1)
       datadog (~> 2.4)
       msgpack
+    datadog-ruby_core_source (3.3.6)
     date (3.3.4)
-    debase-ruby_core_source (3.3.1)
     derailed_benchmarks (2.2.1)
       base64
       benchmark-ips (~> 2)
@@ -399,18 +399,18 @@ GEM
       letter_opener (~> 1.9)
       railties (>= 6.1)
       rexml
-    libdatadog (12.0.0.1.0)
-    libdatadog (12.0.0.1.0-aarch64-linux)
-    libdatadog (12.0.0.1.0-x86_64-linux)
-    libddwaf (1.14.0.0.0)
+    libdatadog (14.0.0.1.0)
+    libdatadog (14.0.0.1.0-aarch64-linux)
+    libdatadog (14.0.0.1.0-x86_64-linux)
+    libddwaf (1.15.0.0.0)
       ffi (~> 1.0)
-    libddwaf (1.14.0.0.0-aarch64-linux)
+    libddwaf (1.15.0.0.0-aarch64-linux)
       ffi (~> 1.0)
-    libddwaf (1.14.0.0.0-arm64-darwin)
+    libddwaf (1.15.0.0.0-arm64-darwin)
       ffi (~> 1.0)
-    libddwaf (1.14.0.0.0-x86_64-darwin)
+    libddwaf (1.15.0.0.0-x86_64-darwin)
       ffi (~> 1.0)
-    libddwaf (1.14.0.0.0-x86_64-linux)
+    libddwaf (1.15.0.0.0-x86_64-linux)
       ffi (~> 1.0)
     listen (3.9.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
@@ -469,7 +469,7 @@ GEM
       minitest (>= 5.0)
     mocha (2.5.0)
       ruby2_keywords (>= 0.0.5)
-    msgpack (1.7.3)
+    msgpack (1.7.5)
     multi_json (1.15.0)
     multi_xml (0.7.1)
       bigdecimal (~> 3.1)
@@ -1044,10 +1044,10 @@ CHECKSUMS
   css_parser (1.19.1) sha256=1940dce01e3b9be18d6880e6d65162d984cc04ff28998cf4759beb999275209e
   csv (3.3.0) sha256=0bbd1defdc31134abefed027a639b3723c2753862150f4c3ee61cab71b20d67d
   dalli (3.2.8) sha256=2e63595084d91fae2655514a02c5d4fc0f16c0799893794abe23bf628bebaaa5
-  datadog (2.4.0) sha256=3d30038eecb59cb7960cbb9e5eb32ee029b6516203698b4d4454b01688ca0aab
+  datadog (2.6.0) sha256=2655bb82bc91b1ddf604d1ef601997d7d2424b134e7cfdad647ada892617e0d7
   datadog-ci (1.8.1) sha256=c461acd83d36b5894716ea7b1c207fd4b7fa103994c0773e3936a68da4dfa594
+  datadog-ruby_core_source (3.3.6) sha256=007c72450d3f5838c6d0ae4a6a77e5008bb29dd97d10ea3bf367f978d7c02f36
   date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
-  debase-ruby_core_source (3.3.1) sha256=ed904cae290edf0cf274ad707f8981bf1cefad8081e78d4bb71be2a483bc2c08
   derailed_benchmarks (2.2.1) sha256=654280664fded41c9cd8fc27fc0fcfaf096023afab90eb4ac1185ba70c5d4439
   diff-lcs (1.5.1) sha256=273223dfb40685548436d32b4733aa67351769c7dea621da7d9dd4813e63ddfe
   discard (1.4.0) sha256=6efcd2a53ddf96781f81b825d398f1c88ab88c0faa84e131bea6e16ef95d65d0
@@ -1118,14 +1118,14 @@ CHECKSUMS
   ld-eventsource (2.2.2) sha256=5ea087a6f06bbd8e325d2c1aaead50f37f13d025b952985739e9380a78a96beb
   letter_opener (1.10.0) sha256=2ff33f2e3b5c3c26d1959be54b395c086ca6d44826e8bf41a14ff96fdf1bdbb2
   letter_opener_web (3.0.0) sha256=3f391efe0e8b9b24becfab5537dfb17a5cf5eb532038f947daab58cb4b749860
-  libdatadog (12.0.0.1.0) sha256=a590bf111d6ce47186043ea30fa3efc4a9a898b83d2c6b982905a0b97922d3a7
-  libdatadog (12.0.0.1.0-aarch64-linux) sha256=19b2ccd58f1434a5d41ad156659cf5bc4fcd5d5fd23800c6eb931a93ffb2039b
-  libdatadog (12.0.0.1.0-x86_64-linux) sha256=2ecfbaa8ccd7b0bb51884a7d9dec3b74c5fc909b84f96657e5147aef4c7879c9
-  libddwaf (1.14.0.0.0) sha256=b91ea9675f7d79d1cd10dd6513e3706760ac442cb8902164fbcef79b7082a8fd
-  libddwaf (1.14.0.0.0-aarch64-linux) sha256=549f83ba339afb0e500bd9f4c43459e274d42f5736a18d347ba2007be026649c
-  libddwaf (1.14.0.0.0-arm64-darwin) sha256=cd3c84d58b8f77f93ebb17e6ceb1cfd257c8d3a3a1ea558a7fc14d92f697cc2b
-  libddwaf (1.14.0.0.0-x86_64-darwin) sha256=33017c057fd6b4948ef4577c4a13bc89d878541961b205309fac1e71516433ff
-  libddwaf (1.14.0.0.0-x86_64-linux) sha256=030640a4158ae05f9276cc1e09bfe9d19dda5af26703235cf17cf3752f1985b1
+  libdatadog (14.0.0.1.0) sha256=37d602c2a6c70dfdc71479a507fadfdd684783f2c1ecf825bae508bb7d641d59
+  libdatadog (14.0.0.1.0-aarch64-linux) sha256=63dce2d1f45d413ad13c9fd36fa39b3415591f46438c1e06b62dd08e13a7c72d
+  libdatadog (14.0.0.1.0-x86_64-linux) sha256=78ba05673eecedc1d87b1d0eb93763be04d09655a5c903601e84db476a8e0b3f
+  libddwaf (1.15.0.0.0) sha256=5a0b6bb1bf9208cc3c8df4393e0f19ae1faf9846e8e8dbc2e10ecd5cb3c756f0
+  libddwaf (1.15.0.0.0-aarch64-linux) sha256=1630f38b57bc1a20bc1102bfbfc328fd7c522cf5828aebb02dbb45460cb834e7
+  libddwaf (1.15.0.0.0-arm64-darwin) sha256=714d497c080a385ad1a735b9163d58ea67a861df8d61e8f5669dbfdf8df744ea
+  libddwaf (1.15.0.0.0-x86_64-darwin) sha256=76a9361fb90ecfefc7e95871612851ec56603c6cea88538d102b790101e86250
+  libddwaf (1.15.0.0.0-x86_64-linux) sha256=331c2e54679a6ecb4fa9d4940e29c6c732efb3f407cb83dfc0671daca99d568e
   listen (3.9.0) sha256=db9e4424e0e5834480385197c139cb6b0ae0ef28cc13310cfd1ca78377d59c67
   llhttp-ffi (0.5.0) sha256=496f40ad44bcbf99de02da1f26b1ad64e6593cd487b931508a86228e2a3af0fa
   local_time (3.0.2) sha256=cb8abb2d56726ae285d00b0bd7f4c34bafc38c0c1cbc70ddc28f3a5661168d9d
@@ -1147,7 +1147,7 @@ CHECKSUMS
   minitest-reporters (1.7.1) sha256=5060413a0c95b8c32fe73e0606f3631c173a884d7900e50013e15094eb50562c
   minitest-retry (0.2.3) sha256=7b7f4896efb9b931a1acb442a40e5273c441f44946cf4c6a8eb8895838e7bf29
   mocha (2.5.0) sha256=7852595064e8ef4c6a3f6d8a5a5ab8c705168f913bb17929ab1c35f4dd4c7717
-  msgpack (1.7.3) sha256=edb751dc3378020296365fef3197e5eeab8a7d9a571a25d046464d71b97d3012
+  msgpack (1.7.5) sha256=ffb04979f51e6406823c03abe50e1da2c825c55a37dee138518cdd09d9d3aea8
   multi_json (1.15.0) sha256=1fd04138b6e4a90017e8d1b804c039031399866ff3fbabb7822aea367c78615d
   multi_xml (0.7.1) sha256=4fce100c68af588ff91b8ba90a0bb3f0466f06c909f21a32f4962059140ba61b
   multipart-post (2.4.1) sha256=9872d03a8e552020ca096adadbf5e3cb1cd1cdd6acd3c161136b8a5737cdb4a8

From e47e2bc6252f188789f0edbe2a43ad3471afaf25 Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
Date: Tue, 12 Nov 2024 11:24:54 +0900
Subject: [PATCH 361/381] Rename debase-ruby_core_source to
 datadog-ruby_core_source

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 76a69e15d16..5f90f78e023 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -74,7 +74,7 @@ RUN --mount=type=cache,id=bld-gem-cache,sharing=locked,target=/srv/vendor \
   find /app/vendor/ruby -type f -name '*.js.map' -exec rm {} \;
 
   # Remove ruby 2.x source code
-  find /app/vendor/ruby/*/gems/debase-ruby_core_source-*/lib/debase/ruby_core_source -maxdepth 1 -type d -name 'ruby-2.*' -exec rm -r {} \;
+  find /app/vendor/ruby/*/gems/datadog-ruby_core_source-*/lib/datadog/ruby_core_source -maxdepth 1 -type d -name 'ruby-2.*' -exec rm -r {} \;
 
   # Remove datadog precompiled binaries for other platforms
   find /app/vendor/ruby/*/gems/libdatadog-*/vendor/libdatadog-*/ -mindepth 1 -maxdepth 1 -not -name "$(ruby -e 'puts RbConfig::CONFIG["arch"]')" -exec rm -r {} \;

From a921b5bac7781cb1bf0caa95767fc419103d6ff5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Nov 2024 15:44:15 -0800
Subject: [PATCH 362/381] Bump aws-sdk-s3 from 1.170.0 to 1.170.1 (#5223)

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.170.0 to 1.170.1.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 587c062ef58..c1b0921b0e7 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -135,7 +135,7 @@ GEM
       zeitwerk
     awrence (1.2.1)
     aws-eventstream (1.3.0)
-    aws-partitions (1.1002.0)
+    aws-partitions (1.1004.0)
     aws-sdk-core (3.212.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
@@ -144,7 +144,7 @@ GEM
     aws-sdk-kms (1.95.0)
       aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.170.0)
+    aws-sdk-s3 (1.170.1)
       aws-sdk-core (~> 3, >= 3.210.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
@@ -1008,10 +1008,10 @@ CHECKSUMS
   avo_upgrade (0.1.1) sha256=8d841083b9956392f5c8fe195f25bec0d139e3646d276f8a59e66b7d2e9ebf30
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
-  aws-partitions (1.1002.0) sha256=d23b94122d746e5e24090b6fa2790420288eeecea53f6fa2b91c4eeaef2b3b98
+  aws-partitions (1.1004.0) sha256=78f0ba04acdcde5edbde6b4c89cbce09ab25df731b2309b8348133351fe94285
   aws-sdk-core (3.212.0) sha256=ab35e52d533cdd531171a6aadfb483775f412429a03e4850489699e60a8dc8bb
   aws-sdk-kms (1.95.0) sha256=2ae508c642ddc59baa1296229108e9601a2fa00e57cf7a2153c9488f0587fd5e
-  aws-sdk-s3 (1.170.0) sha256=e5a143e9c418813f8bb56322f589c77027f0a04b0c6a9d1b085fc2967dde9e9a
+  aws-sdk-s3 (1.170.1) sha256=985f43e401cbb67ae6ff704bf8848d16bb72172a7bf492f680c59de36426d4f2
   aws-sdk-sqs (1.88.0) sha256=3e4e022b9af1796eb87bb368a8bb2001ebcad3b5025d76aa9ba731acea01a2eb
   aws-sigv4 (1.10.1) sha256=8a140753f34de18125686b11e7adaed4ca3db06dfb50a478993bd437f7a203bb
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507

From ef6ace14638abe5a8d9ec3a5a69b5ec14eda02d6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Nov 2024 14:25:54 +0000
Subject: [PATCH 363/381] Bump pp from 0.5.0 to 0.6.0

Bumps [pp](https://github.com/ruby/pp) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/ruby/pp/releases)
- [Commits](https://github.com/ruby/pp/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: pp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 7606e1dbfcb..08a636833e6 100644
--- a/Gemfile
+++ b/Gemfile
@@ -79,7 +79,7 @@ end
 # Logging
 gem "amazing_print", "~> 1.6"
 gem "rails_semantic_logger", "~> 4.17"
-gem "pp", "0.5.0"
+gem "pp", "0.6.0"
 
 # Former default gems
 gem "csv", "~> 3.3" # zeitwerk-2.6.12
diff --git a/Gemfile.lock b/Gemfile.lock
index c1b0921b0e7..0f5c6a77c9e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -557,7 +557,7 @@ GEM
     phlex-rails (1.2.1)
       phlex (~> 1.10.0)
       railties (>= 6.1, < 8)
-    pp (0.5.0)
+    pp (0.6.0)
       prettyprint
     prettyprint (0.2.0)
     prop_initializer (0.2.0)
@@ -927,7 +927,7 @@ DEPENDENCIES
   pg_query (~> 5.1)
   pghero (~> 3.6)
   phlex-rails (~> 1.2)
-  pp (= 0.5.0)
+  pp (= 0.6.0)
   prop_initializer (~> 0.2)
   propshaft (~> 1.1.0)
   prosopite (~> 1.4)
@@ -1184,7 +1184,7 @@ CHECKSUMS
   pghero (3.6.1) sha256=e6d4f6ec3979d4828dafcd1eaa4214e70279fe2502b9fe5bd632d8333aa79cd4
   phlex (1.10.2) sha256=49dca7df081258f937be5e4ee0a81b11743f2b4fea25ac7537912b9c9344b1e6
   phlex-rails (1.2.1) sha256=1d80709c02114cda869951d22bfca189b5f208d1eb89f2e6fafbe3c0240a822f
-  pp (0.5.0) sha256=f8f40bc2ba9e1ab351b9458151da3a89f46034f7f599a8e0a06abb9b9f4411dd
+  pp (0.6.0) sha256=4e2baf0da59f6e2c682dbe913f8ade3271eb8e3d277642c4f538750d776df5be
   prettyprint (0.2.0) sha256=2bc9e15581a94742064a3cc8b0fb9d45aae3d03a1baa6ef80922627a0766f193
   prop_initializer (0.2.0) sha256=bd27704d0df8c59c3baf0df5cf448eba2b140fb9934fb31b2e379b5c842d8820
   propshaft (1.1.0) sha256=d389361faf66aeb17e8d204828962c1e506edd14a1a17adb3fa475435c070f6b

From 5870bce90d144b415015456dbaf0119e92648ced Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Nov 2024 14:17:40 +0000
Subject: [PATCH 364/381] Bump github/codeql-action from 3.27.1 to 3.27.2

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.1 to 3.27.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/4f3212b61783c3c68e8309a0f18a699764811cda...9278e421667d5d90a2839487a482448c4ec7df4d)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index e5facdf0d4e..9c09bb39d2a 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
+        uses: github/codeql-action/init@9278e421667d5d90a2839487a482448c4ec7df4d # v3.27.2
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
+        uses: github/codeql-action/autobuild@9278e421667d5d90a2839487a482448c4ec7df4d # v3.27.2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
+        uses: github/codeql-action/analyze@9278e421667d5d90a2839487a482448c4ec7df4d # v3.27.2
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 1ab4607a1b0..1cbb20eb5dc 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
+        uses: github/codeql-action/upload-sarif@9278e421667d5d90a2839487a482448c4ec7df4d # v3.27.2
         with:
           sarif_file: results.sarif

From 415fb0c36455df6c2e7c1281c3e79c9cab17e4fe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Nov 2024 10:37:50 -0600
Subject: [PATCH 365/381] Bump phlex-rails from 1.2.1 to 1.2.2 (#5225)

Bumps [phlex-rails](https://github.com/phlex-ruby/phlex-rails) from 1.2.1 to 1.2.2.
- [Release notes](https://github.com/phlex-ruby/phlex-rails/releases)
- [Changelog](https://github.com/phlex-ruby/phlex-rails/blob/main/CHANGELOG.md)
- [Commits](https://github.com/phlex-ruby/phlex-rails/compare/1.2.1...1.2.2)

---
updated-dependencies:
- dependency-name: phlex-rails
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 0f5c6a77c9e..2d71d3ea128 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -553,10 +553,10 @@ GEM
       google-protobuf (>= 3.22.3)
     pghero (3.6.1)
       activerecord (>= 6.1)
-    phlex (1.10.2)
-    phlex-rails (1.2.1)
-      phlex (~> 1.10.0)
-      railties (>= 6.1, < 8)
+    phlex (1.11.0)
+    phlex-rails (1.2.2)
+      phlex (>= 1.10, < 2)
+      railties (>= 6.1, < 9)
     pp (0.6.0)
       prettyprint
     prettyprint (0.2.0)
@@ -1182,8 +1182,8 @@ CHECKSUMS
   pg (1.5.9) sha256=761efbdf73b66516f0c26fcbe6515dc7500c3f0aa1a1b853feae245433c64fdc
   pg_query (5.1.0) sha256=b7f7f47c864f08ccbed46a8244906fb6ee77ee344fd27250717963928c93145d
   pghero (3.6.1) sha256=e6d4f6ec3979d4828dafcd1eaa4214e70279fe2502b9fe5bd632d8333aa79cd4
-  phlex (1.10.2) sha256=49dca7df081258f937be5e4ee0a81b11743f2b4fea25ac7537912b9c9344b1e6
-  phlex-rails (1.2.1) sha256=1d80709c02114cda869951d22bfca189b5f208d1eb89f2e6fafbe3c0240a822f
+  phlex (1.11.0) sha256=979548e79a205c981612f1ab613addc8fa128c8092694d02f41aad4cea905e73
+  phlex-rails (1.2.2) sha256=a20218449e71bc9fa5a71b672fbede8a654c6b32a58f1c4ea83ddc1682307a4c
   pp (0.6.0) sha256=4e2baf0da59f6e2c682dbe913f8ade3271eb8e3d277642c4f538750d776df5be
   prettyprint (0.2.0) sha256=2bc9e15581a94742064a3cc8b0fb9d45aae3d03a1baa6ef80922627a0766f193
   prop_initializer (0.2.0) sha256=bd27704d0df8c59c3baf0df5cf448eba2b140fb9934fb31b2e379b5c842d8820

From 1e5c2874b98ed4c44096e12cd85124fdfa2d946f Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Wed, 13 Nov 2024 22:55:09 -0600
Subject: [PATCH 366/381] Allow uploading & verifying sigstore attestations
 alongside gems (#4987)

---
 Gemfile                                       |   1 +
 Gemfile.lock                                  |  20 ++++
 app/assets/stylesheets/modules/gem.css        |  20 ++++
 app/avo/resources/attestation.rb              |  20 ++++
 .../api/v1/attestations_controller.rb         |  16 +++
 app/controllers/api/v1/rubygems_controller.rb |  14 ++-
 .../avo/attestations_controller.rb            |   4 +
 app/helpers/attestations_helper.rb            |   2 +
 app/models/api_key.rb                         |   8 +-
 app/models/attestation.rb                     |  50 +++++++++
 .../oidc/trusted_publisher/github_action.rb   |   7 ++
 app/models/pusher.rb                          |  78 +++++++++++---
 app/models/version.rb                         |   1 +
 app/policies/admin/attestation_policy.rb      |  15 +++
 .../version/provenance_component.rb           |  32 ++++++
 app/views/rubygems/_gem_members.html.erb      |   7 ++
 config/deploy/web.yaml.erb                    |  11 ++
 config/initializers/sigstore.rb               |  12 +++
 config/locales/de.yml                         |   1 +
 config/locales/en.yml                         |   1 +
 config/locales/es.yml                         |   1 +
 config/locales/fr.yml                         |   1 +
 config/locales/ja.yml                         |   1 +
 config/locales/nl.yml                         |   1 +
 config/locales/pt-BR.yml                      |   1 +
 config/locales/zh-CN.yml                      |   1 +
 config/locales/zh-TW.yml                      |   1 +
 config/routes.rb                              |   3 +
 .../20241007193740_create_attestations.rb     |  11 ++
 db/schema.rb                                  |  12 ++-
 db/seeds.rb                                   |   9 +-
 test/factories/api_key.rb                     |   6 +-
 test/factories/attestations.rb                |   7 ++
 test/factories/sigstore.rb                    |  36 +++++++
 test/factories/x509.rb                        |  78 ++++++++++++++
 test/gems/sigstore-1.0.0.gem                  | Bin 0 -> 4096 bytes
 test/gems/sigstore-1.0.0.gem.sigstore.json    |   1 +
 .../avo/attestations_controller_test.rb       |  25 +++++
 test/integration/push_test.rb                 |  63 ++++++++++-
 test/integration/rubygems_test.rb             |  11 ++
 test/models/attestation_test.rb               |   7 ++
 test/models/pusher_test.rb                    |  99 ++++++++++++++++++
 test/system/gem_server_conformance_test.rb    |   2 +-
 43 files changed, 676 insertions(+), 21 deletions(-)
 create mode 100644 app/avo/resources/attestation.rb
 create mode 100644 app/controllers/api/v1/attestations_controller.rb
 create mode 100644 app/controllers/avo/attestations_controller.rb
 create mode 100644 app/helpers/attestations_helper.rb
 create mode 100644 app/models/attestation.rb
 create mode 100644 app/policies/admin/attestation_policy.rb
 create mode 100644 app/views/components/version/provenance_component.rb
 create mode 100644 config/initializers/sigstore.rb
 create mode 100644 db/migrate/20241007193740_create_attestations.rb
 create mode 100644 test/factories/attestations.rb
 create mode 100644 test/factories/sigstore.rb
 create mode 100644 test/factories/x509.rb
 create mode 100644 test/gems/sigstore-1.0.0.gem
 create mode 100644 test/gems/sigstore-1.0.0.gem.sigstore.json
 create mode 100644 test/integration/avo/attestations_controller_test.rb
 create mode 100644 test/models/attestation_test.rb

diff --git a/Gemfile b/Gemfile
index 08a636833e6..0d16a41cfb3 100644
--- a/Gemfile
+++ b/Gemfile
@@ -60,6 +60,7 @@ gem "user_agent_parser", "~> 2.18"
 gem "pghero", "~> 3.6"
 gem "faraday-multipart", "~> 1.0"
 gem "timescaledb", "~> 0.3"
+gem "sigstore", "~> 0.1.1"
 
 # Admin dashboard
 gem "avo", "~> 3.13"
diff --git a/Gemfile.lock b/Gemfile.lock
index 2d71d3ea128..1c4a7655930 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -568,6 +568,16 @@ GEM
       rack
       railties (>= 7.0.0)
     prosopite (1.4.2)
+    protobug (0.1.0)
+    protobug_googleapis_field_behavior_protos (0.1.0)
+      protobug (= 0.1.0)
+      protobug_well_known_protos (= 0.1.0)
+    protobug_sigstore_protos (0.1.0)
+      protobug (= 0.1.0)
+      protobug_googleapis_field_behavior_protos (= 0.1.0)
+      protobug_well_known_protos (= 0.1.0)
+    protobug_well_known_protos (0.1.0)
+      protobug (= 0.1.0)
     pry (0.14.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
@@ -755,6 +765,10 @@ GEM
     shoulda-context (3.0.0.rc1)
     shoulda-matchers (6.4.0)
       activesupport (>= 5.2.0)
+    sigstore (0.1.1)
+      net-http
+      protobug_sigstore_protos (~> 0.1.0)
+      uri
     simplecov (0.22.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
@@ -961,6 +975,7 @@ DEPENDENCIES
   shoryuken (~> 6.2)
   shoulda-context (~> 3.0.0.rc1)
   shoulda-matchers (~> 6.4)
+  sigstore (~> 0.1.1)
   simplecov (~> 0.22)
   simplecov-cobertura (~> 2.1)
   statsd-instrument (~> 3.9)
@@ -1189,6 +1204,10 @@ CHECKSUMS
   prop_initializer (0.2.0) sha256=bd27704d0df8c59c3baf0df5cf448eba2b140fb9934fb31b2e379b5c842d8820
   propshaft (1.1.0) sha256=d389361faf66aeb17e8d204828962c1e506edd14a1a17adb3fa475435c070f6b
   prosopite (1.4.2) sha256=b2e422e2d9dbf3ce20130ded3252fe14adb3833555eacd451f5015d8c9177e79
+  protobug (0.1.0) sha256=5bf1356cedf99dcf311890743b78f5e602f62ca703e574764337f1996b746bf2
+  protobug_googleapis_field_behavior_protos (0.1.0) sha256=db48ef6a5913b2355b4a6931ab400a9e3e995fb48499977a3ad0be6365f9e265
+  protobug_sigstore_protos (0.1.0) sha256=4ad1eebaf6454131b6f432dda50ad0e513773613474b92470847614a5acacce1
+  protobug_well_known_protos (0.1.0) sha256=356757f562453bb34a28f12e8e9fa357346cca35a6807a549837c3fe256bb5b3
   pry (0.14.1) sha256=99b6df0665875dd5a39d85e0150aa5a12e2bb4fef401b6c4f64d32ee502f8454
   pry-byebug (3.10.1) sha256=c8f975c32255bfdb29e151f5532130be64ff3d0042dc858d0907e849125581f8
   psych (5.2.0) sha256=6603fe756bcaf14daa25bc17625f36c90931dcf70452ac1e8da19760dc310573
@@ -1259,6 +1278,7 @@ CHECKSUMS
   shoryuken (6.2.1) sha256=95ddc0a717624a54e799d25a0a05100cb5a0c3728a96211935c214faaf16b3b6
   shoulda-context (3.0.0.rc1) sha256=6e0d9d52ab798c13bc2b490c8537d4bf30cfd318a1ea839c39a66d1d293c6a1a
   shoulda-matchers (6.4.0) sha256=9055bb7f4bb342125fb860809798855c630e05ef5e75837b3168b8e6ee1608b0
+  sigstore (0.1.1) sha256=0c2c3c5d175b204252eeb1507bfb79e330009188d160525d2871b5272f958897
   simplecov (0.22.0) sha256=fe2622c7834ff23b98066bb0a854284b2729a569ac659f82621fc22ef36213a5
   simplecov-cobertura (2.1.0) sha256=2c6532e34df2e38a379d72cef9a05c3b16c64ce90566beebc6887801c4ad3f02
   simplecov-html (0.12.3) sha256=4b1aad33259ffba8b29c6876c12db70e5750cb9df829486e4c6e5da4fa0aa07b
diff --git a/app/assets/stylesheets/modules/gem.css b/app/assets/stylesheets/modules/gem.css
index cf8c3d54c7a..71a6dd657e0 100644
--- a/app/assets/stylesheets/modules/gem.css
+++ b/app/assets/stylesheets/modules/gem.css
@@ -265,3 +265,23 @@
 .gem__dependencies:not(:first-of-type) {
   margin-top: 36px;
 }
+
+.gem__attestation {
+  display: flex;
+  flex-direction: row;
+  margin-top: 16px; }
+  .gem__attestation__built_on {
+    flex-grow: 1; }
+  .gem__attestation__grid {
+    display: grid;
+    grid-template-rows: repeat(3, 1rem);
+    grid-row-gap: 18px;
+    grid-column-gap: 16px; }
+    .gem__attestation__grid p {
+      height: 100%;
+      display: block; }
+    .gem__attestation__grid__left {
+      grid-template-columns: 24px max-content; }
+    .gem__attestation__grid__right {
+      grid-template-columns: max-content 1fr; }
+
diff --git a/app/avo/resources/attestation.rb b/app/avo/resources/attestation.rb
new file mode 100644
index 00000000000..132f3b9d2ac
--- /dev/null
+++ b/app/avo/resources/attestation.rb
@@ -0,0 +1,20 @@
+class Avo::Resources::Attestation < Avo::BaseResource
+  self.title = :id
+  self.includes = [:version]
+
+  def fields
+    field :id, as: :id
+
+    field :version, as: :belongs_to
+    field :media_type, as: :text
+    field :body, as: :json_viewer
+
+    field :leaf_certificate, as: :code, only_on: :show do
+      record.sigstore_bundle.leaf_certificate.to_text
+    end
+
+    field :display_data, as: :json_viewer, only_on: :show do
+      record.display_data
+    end
+  end
+end
diff --git a/app/controllers/api/v1/attestations_controller.rb b/app/controllers/api/v1/attestations_controller.rb
new file mode 100644
index 00000000000..87b5f4a97a6
--- /dev/null
+++ b/app/controllers/api/v1/attestations_controller.rb
@@ -0,0 +1,16 @@
+class Api::V1::AttestationsController < Api::BaseController
+  before_action :find_version
+
+  def show
+    respond_to do |format|
+      format.json { render json: @version.attestations.pluck(:body) }
+    end
+  end
+
+  private
+
+  def find_version
+    @version = Version.find_by(full_name: params[:id].delete_suffix(".json")) ||
+      render(plain: t(:this_rubygem_could_not_be_found), status: :not_found)
+  end
+end
diff --git a/app/controllers/api/v1/rubygems_controller.rb b/app/controllers/api/v1/rubygems_controller.rb
index 04b2b5c8007..2d759f98de7 100644
--- a/app/controllers/api/v1/rubygems_controller.rb
+++ b/app/controllers/api/v1/rubygems_controller.rb
@@ -34,7 +34,19 @@ def create
     authorize Rubygem, :create?
     return render_forbidden(t(:api_key_insufficient_scope)) unless @api_key.can_push_rubygem?
 
-    gemcutter = Pusher.new(@api_key, request.body, request:)
+    gem_body = attestations = nil
+    if %w[multipart/form-data multipart/mixed].include?(request.media_type)
+      gem_body = params.permit(:gem).require(:gem)
+      return render_bad_request("gem is not a file upload") unless gem_body.is_a?(ActionDispatch::Http::UploadedFile)
+      return render_bad_request("missing attestations") unless (attestations = params[:attestations]).is_a?(String)
+      attestations = ActiveSupport::JSON.decode(attestations)
+      return render_bad_request("attestations must be an array, is #{attestations.class}") unless attestations.is_a?(Array)
+      attestations = attestations&.as_json
+    else
+      gem_body = request.body
+    end
+
+    gemcutter = Pusher.new(@api_key, gem_body, request:, attestations:)
     gemcutter.process
     render plain: response_with_mfa_warning(gemcutter.message), status: gemcutter.code
   rescue Pundit::NotAuthorizedError
diff --git a/app/controllers/avo/attestations_controller.rb b/app/controllers/avo/attestations_controller.rb
new file mode 100644
index 00000000000..053dc201472
--- /dev/null
+++ b/app/controllers/avo/attestations_controller.rb
@@ -0,0 +1,4 @@
+# This controller has been generated to enable Rails' resource routes.
+# More information on https://docs.avohq.io/2.0/controllers.html
+class Avo::AttestationsController < Avo::ResourcesController
+end
diff --git a/app/helpers/attestations_helper.rb b/app/helpers/attestations_helper.rb
new file mode 100644
index 00000000000..9dc4009853f
--- /dev/null
+++ b/app/helpers/attestations_helper.rb
@@ -0,0 +1,2 @@
+module AttestationsHelper
+end
diff --git a/app/models/api_key.rb b/app/models/api_key.rb
index 9a41d74fa29..924bf5fc3f2 100644
--- a/app/models/api_key.rb
+++ b/app/models/api_key.rb
@@ -20,10 +20,10 @@ class ScopeError < RuntimeError; end
   after_create :record_create_event
   after_update :record_expire_event, if: :saved_change_to_expires_at?
 
-  validates :name, :hashed_key, presence: true
   validate :exclusive_show_dashboard_scope, if: :can_show_dashboard?
   validate :scope_presence
-  validates :name, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }
+  validates :name, presence: true, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }
+  validates :hashed_key, presence: true, uniqueness: true
   validates :expires_at, inclusion: { in: -> { 1.minute.from_now.. } }, allow_nil: true, on: :create
   validate :rubygem_scope_definition, if: :ownership
   validate :known_scopes
@@ -70,6 +70,10 @@ def user?
     owner_type == "User"
   end
 
+  def trusted_publisher?
+    owner_type.deconstantize == "OIDC::TrustedPublisher"
+  end
+
   delegate :mfa_required_not_yet_enabled?, :mfa_required_weak_level_enabled?,
     :mfa_recommended_not_yet_enabled?, :mfa_recommended_weak_level_enabled?,
     to: :user, allow_nil: true
diff --git a/app/models/attestation.rb b/app/models/attestation.rb
new file mode 100644
index 00000000000..cd21dc25bab
--- /dev/null
+++ b/app/models/attestation.rb
@@ -0,0 +1,50 @@
+class Attestation < ApplicationRecord
+  belongs_to :version
+
+  validates :body, :media_type, presence: true
+  attribute :body, :jsonb
+
+  def sigstore_bundle
+    Sigstore::SBundle.new(
+      Sigstore::Bundle::V1::Bundle.decode_json_hash(body, registry: Sigstore::REGISTRY)
+    )
+  end
+
+  def display_data # rubocop:disable Metrics/MethodLength
+    bundle = sigstore_bundle
+    leaf_certificate = bundle.leaf_certificate
+
+    issuer = leaf_certificate.extension(Sigstore::Internal::X509::Extension::FulcioIssuer).issuer
+    log_index = bundle.verification_material.tlog_entries.first.log_index
+
+    extensions = leaf_certificate.openssl.extensions.to_h do |ext|
+      [ext.oid, if (ext.oid =~ /\A1\.3\.6\.1\.4\.1\.57264\.1\.(\d+)\z/) && ::Regexp.last_match(1).to_i >= 8
+                  OpenSSL::ASN1.decode(ext.value_der).value
+                else
+                  ext.value
+                end]
+    end
+
+    repo = extensions["1.3.6.1.4.1.57264.1.5"]
+    commit = extensions["1.3.6.1.4.1.57264.1.3"]
+    ref  =  extensions["1.3.6.1.4.1.57264.1.14"]
+    san  =  extensions["subjectAltName"]
+    build_summary_url = extensions["1.3.6.1.4.1.57264.1.21"]
+
+    case issuer
+    when "https://token.actions.githubusercontent.com"
+      san =~ %r{\AURI:https://github\.com/#{Regexp.escape(repo)}/(.+)@#{Regexp.escape(ref)}\z}
+      build_file_string = ::Regexp.last_match(1)
+      {
+        ci_platform: "GitHub Actions",
+        source_commit_string: "github.com/#{repo}@#{commit[0, 7]}",
+        source_commit_url: "https://github.com/#{repo}/tree/#{commit}",
+        build_file_string:, build_summary_url:
+      }
+    else
+      raise "Unhandled issuer: #{issuer.inspect}"
+    end.merge(
+      log_index:
+    )
+  end
+end
diff --git a/app/models/oidc/trusted_publisher/github_action.rb b/app/models/oidc/trusted_publisher/github_action.rb
index 11f02a61ff1..11bb59e7633 100644
--- a/app/models/oidc/trusted_publisher/github_action.rb
+++ b/app/models/oidc/trusted_publisher/github_action.rb
@@ -119,6 +119,13 @@ def to_access_policy(jwt)
     )
   end
 
+  def to_sigstore_identity_policy(ref)
+    Sigstore::Policy::Identity.new(
+      identity: "https://github.com/#{repository}/#{workflow_slug}@#{ref}",
+      issuer: OIDC::Provider::GITHUB_ACTIONS_ISSUER
+    )
+  end
+
   def name
     name = "#{self.class.publisher_name} #{repository_owner}/#{repository_name} @ #{workflow_slug}"
     name << " (#{environment})" if environment?
diff --git a/app/models/pusher.rb b/app/models/pusher.rb
index 3da8c835c35..8a7f5508376 100644
--- a/app/models/pusher.rb
+++ b/app/models/pusher.rb
@@ -4,21 +4,30 @@ class Pusher
   include TraceTagger
   include SemanticLogger::Loggable
 
-  attr_reader :api_key, :owner, :spec, :spec_contents, :message, :code, :rubygem, :body, :version, :version_id, :size
+  attr_reader :api_key, :spec, :spec_contents, :message, :code, :rubygem, :body, :version, :version_id, :size, :attestations
 
-  def initialize(api_key, body, request: nil)
+  delegate :owner, to: :api_key
+
+  def initialize(api_key, body, request: nil, attestations: nil)
     @api_key = api_key
-    @owner = api_key.owner
     @scoped_rubygem = api_key.rubygem
 
     @body = StringIO.new(body.read)
+    @attestations = attestations
+
     @size = @body.size
     @request = request
   end
 
   def process
     trace("gemcutter.pusher.process", tags: { "gemcutter.api_key.owner" => owner.to_gid }) do
-      pull_spec && find && authorize && verify_gem_scope && verify_mfa_requirement && validate && save
+      pull_spec &&
+        find &&
+        authorize &&
+        verify_gem_scope &&
+        verify_mfa_requirement &&
+        validate &&
+        save
     end
   end
 
@@ -48,13 +57,18 @@ def validate
       return notify("There was a problem saving your gem: the uploaded spec has malformed platform attributes", 409)
     end
 
+    return unless verify_sigstore
+
     true
   end
 
   def save
     # Restructured so that if we fail to write the gem (ie, s3 is down)
     # can clean things up well.
-    return notify("There was a problem saving your gem: #{rubygem.all_errors(version)}", 403) unless update
+    unless update
+      return false if message
+      return notify("There was a problem saving your gem: #{rubygem.all_errors(version)}", 403)
+    end
     trace("gemcutter.pusher.write_gem") do
       write_gem @body, @spec_contents
     end
@@ -151,12 +165,47 @@ def find # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
 
   # Overridden so we don't get megabytes of the raw data printing out
   def inspect
-    attrs = %i[@rubygem @owner @message @code].map do |attr|
-      "#{attr}=#{instance_variable_get(attr).inspect}"
+    attrs = { :@rubygem => @rubygem, :@owner => owner, :@message => @message, :@code => @code }.map do |attr, value|
+      "#{attr}=#{value.inspect}"
     end
     "<Pusher #{attrs.join(' ')}>"
   end
 
+  def verify_sigstore
+    return true if attestations.blank?
+    return notify("Pushing with an attestation requires trusted publishing", 400) unless api_key.trusted_publisher?
+
+    policy = api_key.owner.to_sigstore_identity_policy(api_key.oidc_id_token.jwt.dig("claims", "ref"))
+
+    artifact = Sigstore::Verification::V1::Artifact.new
+    artifact.artifact = body.string
+
+    attestations.each do |attestation|
+      bundle = Sigstore::Bundle::V1::Bundle.decode_json_hash(attestation, registry: Sigstore::REGISTRY)
+
+      verification_input = Sigstore::Verification::V1::Input.new
+      verification_input.artifact = artifact
+      verification_input.bundle = bundle
+      input = Sigstore::VerificationInput.new(verification_input)
+      sigstore_verification = sigstore_verifier.verify(input:, policy:, offline: true)
+      logger.info do
+        { message: "verifying sigstore bundles", sigstore_verification: sigstore_verification, policy: policy }
+      end
+
+      return notify("Attestation verification failed:\n#{sigstore_verification.reason}", 422) unless sigstore_verification.verified?
+      return notify("Must provide at least v0.3 bundles", 422) unless input.sbundle.bundle_type >= Sigstore::BundleType::BUNDLE_0_3
+
+      @version.attestations << Attestation.new(body: bundle, media_type: bundle.media_type)
+    end
+
+    true
+  rescue Sigstore::Error => e
+    notify <<~MSG, 422
+      Error verifying sigstore attestation:
+      #{e.message}
+    MSG
+  end
+
   private
 
   def after_write
@@ -180,18 +229,19 @@ def update
     rubygem.update_attributes_from_gem_specification!(version, spec)
 
     if rubygem.unowned?
-      case owner
-      when User
+      if api_key.user?
         rubygem.create_ownership(owner)
-      else
+      elsif api_key.trusted_publisher?
         pending_publisher = find_pending_trusted_publisher
-        return notify_unauthorized if pending_publisher.blank?
+        return notify("No pending publisher found", 404) if pending_publisher.blank?
 
         rubygem.transaction do
           logger.info { "Reifying pending publisher" }
           rubygem.create_ownership(pending_publisher.user)
           owner.rubygem_trusted_publishers.create!(rubygem: rubygem)
         end
+      else
+        return notify_unauthorized
       end
     end
 
@@ -311,7 +361,11 @@ def serialize_spec
   end
 
   def find_pending_trusted_publisher
-    return unless owner.class.module_parent_name == "OIDC::TrustedPublisher"
+    return unless api_key.trusted_publisher?
     owner.pending_trusted_publishers.unexpired.rubygem_name_is(rubygem.name).first
   end
+
+  def sigstore_verifier
+    @sigstore_verifier ||= Sigstore::Verifier.production
+  end
 end
diff --git a/app/models/version.rb b/app/models/version.rb
index cf29ffbb611..f3aa3e75413 100644
--- a/app/models/version.rb
+++ b/app/models/version.rb
@@ -13,6 +13,7 @@ class Version < ApplicationRecord # rubocop:disable Metrics/ClassLength
   belongs_to :pusher_api_key, class_name: "ApiKey", inverse_of: :pushed_versions, optional: true
   has_one :deletion, dependent: :delete, inverse_of: :version, required: false
   has_one :yanker, through: :deletion, source: :user, inverse_of: :yanked_versions, required: false
+  has_many :attestations, dependent: :destroy, inverse_of: :version
 
   before_validation :set_canonical_number, if: :number_changed?
   before_validation :full_nameify!
diff --git a/app/policies/admin/attestation_policy.rb b/app/policies/admin/attestation_policy.rb
new file mode 100644
index 00000000000..cbbb176ad10
--- /dev/null
+++ b/app/policies/admin/attestation_policy.rb
@@ -0,0 +1,15 @@
+class Admin::AttestationPolicy < Admin::ApplicationPolicy
+  class Scope < Admin::ApplicationPolicy::Scope
+    def resolve
+      scope.all
+    end
+  end
+
+  def avo_index?
+    true
+  end
+
+  def avo_show?
+    true
+  end
+end
diff --git a/app/views/components/version/provenance_component.rb b/app/views/components/version/provenance_component.rb
new file mode 100644
index 00000000000..fb454d5acc1
--- /dev/null
+++ b/app/views/components/version/provenance_component.rb
@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+class Version::ProvenanceComponent < ApplicationComponent
+  include Phlex::Rails::Helpers::LinkTo
+
+  prop :attestation
+
+  def view_template
+    display_data = @attestation.display_data
+
+    div(class: "gem__attestation") do
+      div(class: "gem__attestation__built_on") do
+        div(class: "gem__attestation__grid gem__attestation__grid__left") do
+          p
+          p { plain "Built and signed on" }
+          p { "✅" }
+          p { display_data[:ci_platform] }
+          p
+          p { link_to "Build summary", display_data[:build_summary_url], target: "_blank", rel: "noopener" }
+        end
+      end
+      div(class: "gem__attestation__grid gem__attestation__grid__right") do
+        p { plain "Source Commit" }
+        p { link_to display_data[:source_commit_string], display_data[:source_commit_url] }
+        p { plain "Build File" }
+        p { link_to display_data[:build_file_string], display_data[:build_file_url] }
+        p { plain "Public Ledger" }
+        p { link_to "Transparency log entry", "https://search.sigstore.dev/?logIndex=#{display_data[:log_index]}" }
+      end
+    end
+  end
+end
diff --git a/app/views/rubygems/_gem_members.html.erb b/app/views/rubygems/_gem_members.html.erb
index 3b4461ac44f..d8457c7eec1 100644
--- a/app/views/rubygems/_gem_members.html.erb
+++ b/app/views/rubygems/_gem_members.html.erb
@@ -70,4 +70,11 @@
       <% end %>
     </div>
   <% end %>
+
+  <% if latest_version.attestations.present? %>
+    <h3 class="t-list__heading"><%= t '.provenance_header' %>:</h3>
+    <% latest_version.attestations.each do |attestation| %>
+      <%= render Version::ProvenanceComponent.new(attestation:) %>
+    <%end%>
+  <% end %>
 </div>
diff --git a/config/deploy/web.yaml.erb b/config/deploy/web.yaml.erb
index f4eb62f7944..c9e4f42feef 100644
--- a/config/deploy/web.yaml.erb
+++ b/config/deploy/web.yaml.erb
@@ -221,6 +221,10 @@ spec:
           preStop:
             exec:
               command: ["sleep", "25"]
+        volumeMounts:
+        - name: sigstore-signing-token
+          mountPath: /var/run/secrets/sigstore
+          readOnly: true
       - name: nginx
         image: nginx:1.25.2
         imagePullPolicy: IfNotPresent
@@ -300,3 +304,10 @@ spec:
           secret:
             secretName: nginx-basic-auth
         <% end %>
+        - name: sigstore-signing-token
+          projected:
+            sources:
+            - serviceAccountToken:
+                path: sigstore-signing-token
+                expirationSeconds: 600
+                audience: sigstore
diff --git a/config/initializers/sigstore.rb b/config/initializers/sigstore.rb
new file mode 100644
index 00000000000..6328db2eb58
--- /dev/null
+++ b/config/initializers/sigstore.rb
@@ -0,0 +1,12 @@
+require "sigstore/verifier"
+require "sigstore/rekor/client"
+require "sigstore/models"
+require "sigstore/policy"
+require "sigstore/signer"
+
+module Sigstore::Loggable::ClassMethods
+  undef_method :logger
+  def logger
+    @semantic_logger ||= SemanticLogger[self] # rubocop:disable Naming/MemoizedInstanceVariableName
+  end
+end
diff --git a/config/locales/de.yml b/config/locales/de.yml
index 5b0869bd23a..7923abd4962 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -798,6 +798,7 @@ de:
       sha_256_checksum: SHA 256-Prüfsumme
       signature_period:
       expired:
+      provenance_header:
     version_navigation:
       previous_version:
       next_version:
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 47e68fdab2d..6861c309ed0 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -711,6 +711,7 @@ en:
       sha_256_checksum: SHA 256 checksum
       signature_period: Signature validity period
       expired: expired
+      provenance_header: Provenance
     version_navigation:
       previous_version: ← Previous version
       next_version: Next version →
diff --git a/config/locales/es.yml b/config/locales/es.yml
index fb5360fcb57..43f4335de37 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -812,6 +812,7 @@ es:
       sha_256_checksum: SHA 256 checksum
       signature_period: Periodo de validez de la firma
       expired: Expirado
+      provenance_header:
     version_navigation:
       previous_version: "← Versión anterior"
       next_version: Siguiente versión →
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index 288e9ed26ef..d466840c70d 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -735,6 +735,7 @@ fr:
       sha_256_checksum: Total de contrôle SHA 256
       signature_period:
       expired:
+      provenance_header:
     version_navigation:
       previous_version: "← Version précédente"
       next_version: Version suivante →
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index 18c09db4ba0..2747086f588 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -705,6 +705,7 @@ ja:
       sha_256_checksum: SHA 256チェックサム
       signature_period: シグネチャの有効期限
       expired: 期限切れ
+      provenance_header:
     version_navigation:
       previous_version: "←前のバージョン"
       next_version: 次のバージョン→
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index 3f1372ed102..2f92322729a 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -702,6 +702,7 @@ nl:
       sha_256_checksum: SHA 256 checksum
       signature_period:
       expired:
+      provenance_header:
     version_navigation:
       previous_version:
       next_version:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index 397b0f64533..0281a075788 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -716,6 +716,7 @@ pt-BR:
       sha_256_checksum: SHA 256 checksum
       signature_period:
       expired:
+      provenance_header:
     version_navigation:
       previous_version:
       next_version:
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index 63be6093073..158e17b1275 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -710,6 +710,7 @@ zh-CN:
       sha_256_checksum: SHA 256 校验和
       signature_period: 签名有效期
       expired: 过期
+      provenance_header:
     version_navigation:
       previous_version: "← 以前的版本"
       next_version: 接下来的版本 →
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index 02b07623951..2c2e83d1dbc 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -704,6 +704,7 @@ zh-TW:
       sha_256_checksum: SHA 256 總和檢查碼
       signature_period: 簽名有效期
       expired: 已過期
+      provenance_header:
     version_navigation:
       previous_version: "← 上一版本"
       next_version: 下一版本 →
diff --git a/config/routes.rb b/config/routes.rb
index 52cc5e01050..d36154886d2 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -92,6 +92,9 @@
         end
       end
 
+      resources :attestations, only: :show, format: /json/,
+        constraints: { id: Patterns::ROUTE_PATTERN }
+
       resource :activity, only: [], format: /json|yaml/ do
         collection do
           get :latest
diff --git a/db/migrate/20241007193740_create_attestations.rb b/db/migrate/20241007193740_create_attestations.rb
new file mode 100644
index 00000000000..c0f49e4c22d
--- /dev/null
+++ b/db/migrate/20241007193740_create_attestations.rb
@@ -0,0 +1,11 @@
+class CreateAttestations < ActiveRecord::Migration[7.2]
+  def change
+    create_table :attestations do |t|
+      t.belongs_to :version, null: false, foreign_key: true
+      t.jsonb :body
+      t.string :media_type
+
+      t.timestamps
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index fe03e03761d..7a42964c418 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_09_17_042436) do
+ActiveRecord::Schema[7.2].define(version: 2024_10_07_193740) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "hstore"
   enable_extension "pgcrypto"
@@ -56,6 +56,15 @@
     t.check_constraint "scopes IS NOT NULL", name: "api_keys_scopes_null"
   end
 
+  create_table "attestations", force: :cascade do |t|
+    t.bigint "version_id", null: false
+    t.jsonb "body"
+    t.string "media_type"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["version_id"], name: "index_attestations_on_version_id"
+  end
+
   create_table "audits", force: :cascade do |t|
     t.string "auditable_type", null: false
     t.bigint "auditable_id", null: false
@@ -618,6 +627,7 @@
   end
 
   add_foreign_key "api_key_rubygem_scopes", "api_keys", name: "api_key_rubygem_scopes_api_key_id_fk"
+  add_foreign_key "attestations", "versions"
   add_foreign_key "audits", "admin_github_users", name: "audits_admin_github_user_id_fk"
   add_foreign_key "events_organization_events", "geoip_infos"
   add_foreign_key "events_organization_events", "ip_addresses"
diff --git a/db/seeds.rb b/db/seeds.rb
index 2b84f60671e..8c2858a6507 100644
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -103,7 +103,9 @@
 user.web_hooks.find_or_create_by!(url: "https://example.com/rubygem0", rubygem: rubygem0)
 user.web_hooks.find_or_create_by!(url: "http://example.com/all", rubygem: nil)
 
-author.api_keys.find_or_create_by!(hashed_key: "securehashedkey", name: "api key", scopes: %i[push_rubygem])
+author.api_keys.create_with(
+  hashed_key: Digest::SHA256.hexdigest("gem-author-key")
+).find_or_create_by!(name: "api key", scopes: %i[push_rubygem])
 
 Admin::GitHubUser.create_with(
   is_admin: true,
@@ -297,6 +299,11 @@
   environment: "deploy"
 ).rubygem_trusted_publishers.find_or_create_by!(rubygem: rubygem0)
 
+rubygem0.versions.find_by(full_name: "rubygem0-1.0.0").attestations.find_or_create_by!(
+  media_type: Sigstore::BundleType::BUNDLE_0_3.media_type,
+  body: { media_type: Sigstore::BundleType::BUNDLE_0_3.media_type }
+)
+
 author.oidc_pending_trusted_publishers.create_with(
   expires_at: 100.years.from_now
 ).find_or_create_by!(
diff --git a/test/factories/api_key.rb b/test/factories/api_key.rb
index 549209452db..e3083e644d2 100644
--- a/test/factories/api_key.rb
+++ b/test/factories/api_key.rb
@@ -1,7 +1,9 @@
 FactoryBot.define do
   factory :api_key do
-    transient { key { "12345" } }
-    transient { rubygem { nil } }
+    transient do
+      sequence(:key, &:to_s)
+      rubygem { nil }
+    end
 
     owner factory: %i[user]
     name { "ci-key" }
diff --git a/test/factories/attestations.rb b/test/factories/attestations.rb
new file mode 100644
index 00000000000..aa7dafc36d0
--- /dev/null
+++ b/test/factories/attestations.rb
@@ -0,0 +1,7 @@
+FactoryBot.define do
+  factory :attestation do
+    version
+    media_type { Sigstore::BundleType::BUNDLE_0_3.media_type }
+    body factory: %i[sigstore_bundle]
+  end
+end
diff --git a/test/factories/sigstore.rb b/test/factories/sigstore.rb
new file mode 100644
index 00000000000..4bb3636866f
--- /dev/null
+++ b/test/factories/sigstore.rb
@@ -0,0 +1,36 @@
+FactoryBot.define do
+  factory :sigstore_x509_certificate, class: "Sigstore::Common::V1::X509Certificate" do
+    transient do
+      x509_certificate factory: %i[x509_certificate key_usage github_actions_fulcio]
+    end
+    initialize_with do
+      cert = new
+      cert.raw_bytes = x509_certificate.to_der
+      cert
+    end
+    to_create { |instance| instance }
+  end
+  factory :sigstore_verification_material, class: "Sigstore::Bundle::V1::VerificationMaterial" do
+    certificate factory: %i[sigstore_x509_certificate]
+    tlog_entries { [build(:sigstore_tlog_entry)] }
+    to_create { |instance| instance }
+  end
+  factory :sigstore_checkpoint, class: "Sigstore::Rekor::V1::Checkpoint" do
+    to_create { |instance| instance }
+  end
+  factory :sigstore_inclusion_proof, class: "Sigstore::Rekor::V1::InclusionProof" do
+    checkpoint factory: %i[sigstore_checkpoint]
+    to_create { |instance| instance }
+  end
+  factory :sigstore_tlog_entry, class: "Sigstore::Rekor::V1::TransparencyLogEntry" do
+    sequence(:log_index)
+    inclusion_proof factory: %i[sigstore_inclusion_proof]
+    to_create { |instance| instance }
+  end
+
+  factory :sigstore_bundle, class: "Sigstore::Bundle::V1::Bundle" do
+    media_type { Sigstore::BundleType::BUNDLE_0_3.media_type }
+    verification_material factory: %i[sigstore_verification_material]
+    to_create { |instance| instance }
+  end
+end
diff --git a/test/factories/x509.rb b/test/factories/x509.rb
new file mode 100644
index 00000000000..bdf3b452f3a
--- /dev/null
+++ b/test/factories/x509.rb
@@ -0,0 +1,78 @@
+FactoryBot.define do
+  factory :x509_certificate, class: "OpenSSL::X509::Certificate" do
+    subject { OpenSSL::X509::Name.parse("/DC=org/DC=example/CN=Test") }
+    issuer { subject }
+    version { 2 }
+    serial { 1 }
+    not_before { 1.day.ago }
+    not_after { 1.year.from_now }
+    public_key { OpenSSL::PKey::EC.generate("prime256v1") }
+    transient do
+      extension_factory { OpenSSL::X509::ExtensionFactory.new }
+    end
+
+    trait :key_usage do
+      after(:build) do |cert, ctx|
+        cert.add_extension(ctx.extension_factory.create_ext("keyUsage", "digitalSignature", true))
+        cert.add_extension(ctx.extension_factory.create_ext("2.5.29.37", "critical,DER:30:0A:06:08:2B:06:01:05:05:07:03:03"))
+      end
+    end
+
+    trait :github_actions_fulcio do
+      after(:build) do |cert, ctx|
+        {
+          "1.3.6.1.4.1.57264.1.1" =>
+                "https://token.actions.githubusercontent.com",
+            "1.3.6.1.4.1.57264.1.2" =>
+                "release",
+            "1.3.6.1.4.1.57264.1.3" =>
+                "f106999a2210a9a17b32b172f95518859a85ffed",
+            "1.3.6.1.4.1.57264.1.4" =>
+                "Release",
+            "1.3.6.1.4.1.57264.1.5" =>
+                "sigstore/sigstore-ruby",
+            "1.3.6.1.4.1.57264.1.6" =>
+                "refs/tags/v0.1.1",
+            "1.3.6.1.4.1.57264.1.8" =>
+                "https://token.actions.githubusercontent.com",
+            "1.3.6.1.4.1.57264.1.9" =>
+                ".Xhttps://github.com/sigstore/sigstore-ruby/.github/workflows/release.yml@refs/tags/v0.1.1",
+            "1.3.6.1.4.1.57264.1.10" =>
+                ".(f106999a2210a9a17b32b172f95518859a85ffed",
+            "1.3.6.1.4.1.57264.1.11" =>
+                ".githubHosted",
+            "1.3.6.1.4.1.57264.1.12" =>
+                ".)https://github.com/sigstore/sigstore-ruby",
+            "1.3.6.1.4.1.57264.1.13" =>
+                ".(f106999a2210a9a17b32b172f95518859a85ffed",
+            "1.3.6.1.4.1.57264.1.14" =>
+                "..refs/tags/v0.1.1",
+            "1.3.6.1.4.1.57264.1.15" =>
+                "..766398650",
+            "1.3.6.1.4.1.57264.1.16" =>
+                "..https://github.com/sigstore",
+            "1.3.6.1.4.1.57264.1.17" =>
+                "..71096353",
+            "1.3.6.1.4.1.57264.1.18" =>
+                ".Xhttps://github.com/sigstore/sigstore-ruby/.github/workflows/release.yml@refs/tags/v0.1.1",
+            "1.3.6.1.4.1.57264.1.19" =>
+                ".(f106999a2210a9a17b32b172f95518859a85ffed",
+            "1.3.6.1.4.1.57264.1.20" =>
+                "..release",
+            "1.3.6.1.4.1.57264.1.21" =>
+                ".Mhttps://github.com/sigstore/sigstore-ruby/actions/runs/11446323187/attempts/1",
+            "1.3.6.1.4.1.57264.1.22" =>
+                "..public"
+        }.each do |oid, value|
+          cert.add_extension(ctx.extension_factory.create_ext(oid, "ASN1:UTF8String:#{value}", false))
+        end
+      end
+    end
+
+    after(:build) do |cert, ctx|
+      cert.sign(ctx.public_key, OpenSSL::Digest.new("SHA256"))
+    end
+
+    to_create { |instance| instance }
+  end
+end
diff --git a/test/gems/sigstore-1.0.0.gem b/test/gems/sigstore-1.0.0.gem
new file mode 100644
index 0000000000000000000000000000000000000000..5e669016dc34881fde2417864c6bff69f9e2fa15
GIT binary patch
literal 4096
zcmc~zElEsCEJ@T$uVSDTFaQD*6B7my4Fu@4ftjHhgQ1C;nSr^9p|Ob}g8`5<F=tRP
zpp}D=%`Gi1Nh|_7sXQY!H3wM&jZH`%;x~ln(6kR$u6#EK!^1;|)0mi#2A|HmW5BcL
zv-XvkqD|LlFLO{{;F`Bn-GNV+t8v=S?5)?7g=F9StIe#AcWsVQ=G@>h`S8OF>sEQy
zo=V;wfApJq<Td^$TkE`1?jDOw5oc!kvLv+d_8~*zJwbYpuH`?m)nD(hGWf!-yjN_O
z8uoPF%r<?>(0Au}j7i8V&8n_OwdoD}d-Nu^U28p;y7md@G$ZNTi-kAL-@m|F%*g!g
z+1#r&Yp<2B%KTFE>e-Gf{4X>DUuZ<Qr+O|<+U#vpEVQmHWf{+ti@cX^J3X3L_TsX`
z)?T>`ccGTI1r7^jgJ)D(&6M<gx5!kwyvOo>m7~uN(N(s^msVe8{qjoX>4P;1azQqR
zUgaxX_xbi*vQ6{YxS?>N0bldSkW($3#WyX=H$Rb^V$8X7eyVItbxB#;r8|3!w;fl#
z5S*}b?)k8pJ3=<C-&enT((9Bx=3g`CzKSuw{y*r(Bz<|W<b$)m{^~#X{FnFMxaJ<U
z9UDyRGuAJR`N#JBLbS%>?=!wnj~ANE^UCJ`{ts>E4@EE!L>d9-eP9k4$oy|$VvL^u
zjZH`MKV6aoBL62PNU$zW5a|g4+57)LGlSmxt?wCF=;De|O9m<gk~311vx`e}i}flK
zb8~1@3V^CceD%MHsUceaH!(9b8m<57ktPuNKXrokG!X|L*V^@q%rDIOv)U+6W}fJh
zPmYNeiz94Jl@GeAn7`k5{q@%$AOFt1a!>C3^Y#Bay83^7`+WX(adZ*KJkLAp5{ka5
zos;#;7LM|n6SA5~-EzlibC;!?6YiAm-=lxc{m;KgE0glLEaEnuyzbR+moQ<@+**I_
zEmBuoc6|Bld2-?0c3aJ_#><udPT%aja%RQ0W$HWJ-^>bT;|e*xC5B1;nAFbf-_MHT
zb_epUVY3RfzWzY!TyVyVgUZ^ovR#&I=rOFD_9M6H`2y3AaoaW&{E9!H*e|5$Vi?ga
zx=!wCz(z0Oh8ZUvbT=Dw8+a-Q-IQRnE;}^i*(1%_SF0AZYE;~ndgW8T<^IlEeHUw?
m)$JU=%d8)S|M@7szalgG3L`zDV$_b&5Eu=C(GZ|(2mk=gl&@0&

literal 0
HcmV?d00001

diff --git a/test/gems/sigstore-1.0.0.gem.sigstore.json b/test/gems/sigstore-1.0.0.gem.sigstore.json
new file mode 100644
index 00000000000..657949847a3
--- /dev/null
+++ b/test/gems/sigstore-1.0.0.gem.sigstore.json
@@ -0,0 +1 @@
+{"mediaType":"application/vnd.dev.sigstore.bundle.v0.3+json","verificationMaterial":{"certificate":{"rawBytes":"MIIIMzCCB7mgAwIBAgIUPP5IhTe2WtPWZQRUj2XjDqiiTyEwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQwODE5MjIxMDQxWhcNMjQwODE5MjIyMDQxWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ0RRhDNQ5iLcioTLcjjBbw8yiFEatf9mkBEFtvNotLsZ7YukcrRlns+BwlOhSMQcjhP+/JDULnyRAP3LDRPShqOCBtgwggbUMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU8nymsHXqKdr2Gpdc5nX09mR72zMwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wgaUGA1UdEQEB/wSBmjCBl4aBlGh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbi8uZ2l0aHViL3dvcmtmbG93cy9leHRyZW1lbHktZGFuZ2Vyb3VzLW9pZGMtYmVhY29uLnltbEByZWZzL2hlYWRzL21haW4wOQYKKwYBBAGDvzABAQQraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTAfBgorBgEEAYO/MAECBBF3b3JrZmxvd19kaXNwYXRjaDA2BgorBgEEAYO/MAEDBCgwZjc1OTkyZGM3NTU5NTBiMjA4MTE1ZDZmMjkwYzg3YTcxYTNhZWRlMC0GCisGAQQBg78wAQQEH0V4dHJlbWVseSBkYW5nZXJvdXMgT0lEQyBiZWFjb24wSQYKKwYBBAGDvzABBQQ7c2lnc3RvcmUtY29uZm9ybWFuY2UvZXh0cmVtZWx5LWRhbmdlcm91cy1wdWJsaWMtb2lkYy1iZWFjb24wHQYKKwYBBAGDvzABBgQPcmVmcy9oZWFkcy9tYWluMDsGCisGAQQBg78wAQgELQwraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTCBpgYKKwYBBAGDvzABCQSBlwyBlGh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbi8uZ2l0aHViL3dvcmtmbG93cy9leHRyZW1lbHktZGFuZ2Vyb3VzLW9pZGMtYmVhY29uLnltbEByZWZzL2hlYWRzL21haW4wOAYKKwYBBAGDvzABCgQqDCgwZjc1OTkyZGM3NTU5NTBiMjA4MTE1ZDZmMjkwYzg3YTcxYTNhZWRlMB0GCisGAQQBg78wAQsEDwwNZ2l0aHViLWhvc3RlZDBeBgorBgEEAYO/MAEMBFAMTmh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbjA4BgorBgEEAYO/MAENBCoMKDBmNzU5OTJkYzc1NTk1MGIyMDgxMTVkNmYyOTBjODdhNzFhM2FlZGUwHwYKKwYBBAGDvzABDgQRDA9yZWZzL2hlYWRzL21haW4wGQYKKwYBBAGDvzABDwQLDAk2MzI1OTY4OTcwNwYKKwYBBAGDvzABEAQpDCdodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUtY29uZm9ybWFuY2UwGQYKKwYBBAGDvzABEQQLDAkxMzE4MDQ1NjMwgaYGCisGAQQBg78wARIEgZcMgZRodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUtY29uZm9ybWFuY2UvZXh0cmVtZWx5LWRhbmdlcm91cy1wdWJsaWMtb2lkYy1iZWFjb24vLmdpdGh1Yi93b3JrZmxvd3MvZXh0cmVtZWx5LWRhbmdlcm91cy1vaWRjLWJlYWNvbi55bWxAcmVmcy9oZWFkcy9tYWluMDgGCisGAQQBg78wARMEKgwoMGY3NTk5MmRjNzU1OTUwYjIwODExNWQ2ZjI5MGM4N2E3MWEzYWVkZTAhBgorBgEEAYO/MAEUBBMMEXdvcmtmbG93X2Rpc3BhdGNoMIGCBgorBgEEAYO/MAEVBHQMcmh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbi9hY3Rpb25zL3J1bnMvMTA0NjE2NzgwMzUvYXR0ZW1wdHMvMTAWBgorBgEEAYO/MAEWBAgMBnB1YmxpYzCBiwYKKwYBBAHWeQIEAgR9BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABkWyxQh4AAAQDAEgwRgIhAKo2Keb5q4OZIwh4iKDTde96+2BqMs4mBKjEU+6upNHNAiEA5wQHYBqAf9zEx8BbjbjEfg4hZP/s+NxxQI3dSPs7pngwCgYIKoZIzj0EAwMDaAAwZQIxAJLtd6ybF8WBnJlXW+4bvzKVnshOTh9Neoo/w8pldDrQHskIGqXRpmww6Xn9/Bij7QIwGLgbt6+ZXxnG0PFCTWMc+ZWjnnQkO+l9Y1gA6d6qi0OpJhkrBHEV8aTLqkPEkOb/"},"tlogEntries":[{"logIndex":"122963775","logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"kindVersion":{"kind":"hashedrekord","version":"0.0.1"},"integratedTime":"1724105442","inclusionPromise":{"signedEntryTimestamp":"MEQCICgb3uAmDGlq7s+nkAcZ8fD0owzTwVymrzdFMT8d3LCVAiBsFMaj3rfpJzH3rngwalmkASo/bVj8hfWZTEBn9YornQ=="},"inclusionProof":{"logIndex":"1059513","rootHash":"/putP9z3Wss1HCFfDnWmpoa5i8l6WSZeW8XjIgpesm0=","treeSize":"1059514","hashes":["wnH/WECZ5+6nW4nogb4SIPHovLLVBkjJS6L2IUhh+5A=","Q8AmXrXnAEx+KtY/ftlNpoZHIDteiU093akegCKg9hg=","ARspm9MPppfljtu65QhY4zbFe+hgM9sh8BKUa9S42n0=","b8SrajRKbl/sbAkAtv6QLZ2Nq0a5yXAutxBUYCh3UZE=","6WaHP8iph/o/IEco+nWaj+Zb6EgGQbmz8QJ/QpujBCc=","PGV88p37MXO7aoOk8agunetUKPT+id/bPhQB5DR6bKo=","5ttUjdynHsMkxOw13D7urPJiKtAOMg9iZ2c6h7Gp0G4=","UORwhDZHpmRr46aYc0xce9Ibvxq2skbMMMOLkyhLlkQ=","HLt0TJCVl85VuVuUGesK0DTeWljDvsbKPLIsB2GNt+c="],"checkpoint":{"envelope":"rekor.sigstore.dev - 1193050959916656506\n1059514\n/putP9z3Wss1HCFfDnWmpoa5i8l6WSZeW8XjIgpesm0=\n\n— rekor.sigstore.dev wNI9ajBFAiAVGjyS7gu+/F744y3qmjS32jfsakwaJXcIokIVVOU+wQIhALQHbZh7RDoV2uXsBK18uClNWH/FdlgxS7RNtdAg33s/\n"}},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI3NzMzOTE1OWMzNzdkYjM2YjkyMTg1MjFiZGQxOTNkMjFlMWI4NmIzZGJjZDdhZjUzYjkwNGZiNWY0ZDRhYjU0In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUURvVnZnalNXV2JNVTNJaVEyR0hvMC9DS1R1Vms5UnBnL1laUWZONjl4N0NBSWhBTHg2UmFxTVZ1T2VYYUMyMnF5LzV0NE42OGp3MDZMOERPbUJqSEJDakZseiIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVbE5la05EUWpkdFowRjNTVUpCWjBsVlVGQTFTV2hVWlRKWGRGQlhXbEZTVldveVdHcEVjV2xwVkhsRmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJkMDlFUlRWTmFrbDRUVVJSZUZkb1kwNU5hbEYzVDBSRk5VMXFTWGxOUkZGNFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZLTUZKU2FFUk9VVFZwVEdOcGIxUk1ZMnBxUW1KM09IbHBSa1ZoZEdZNWJXdENSVVlLZEhaT2IzUk1jMW8zV1hWclkzSlNiRzV6SzBKM2JFOW9VMDFSWTJwb1VDc3ZTa1JWVEc1NVVrRlFNMHhFVWxCVGFIRlBRMEowWjNkbloySlZUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlU0Ym5sdENuTklXSEZMWkhJeVIzQmtZelZ1V0RBNWJWSTNNbnBOZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDJkaFZVZEJNVlZrUlZGRlFpOTNVMEp0YWtOQ2JEUmhRbXhIYURCa1NFSjZUMms0ZGxveWJEQmhTRlpwVEcxT2RtSlRPWHBoVjJSNlpFYzVlUXBhVXpGcVlqSTFiV0l6U25SWlZ6VnFXbE01YkdWSVVubGFWekZzWWtocmRGcEhSblZhTWxaNVlqTldla3hZUWpGWmJYaHdXWGt4ZG1GWFVtcE1WMHBzQ2xsWFRuWmlhVGgxV2pKc01HRklWbWxNTTJSMlkyMTBiV0pIT1ROamVUbHNaVWhTZVZwWE1XeGlTR3QwV2tkR2RWb3lWbmxpTTFaNlRGYzVjRnBIVFhRS1dXMVdhRmt5T1hWTWJteDBZa1ZDZVZwWFducE1NbWhzV1ZkU2Vrd3lNV2hoVnpSM1QxRlpTMHQzV1VKQ1FVZEVkbnBCUWtGUlVYSmhTRkl3WTBoTk5ncE1lVGt3WWpKMGJHSnBOV2haTTFKd1lqSTFla3h0WkhCa1IyZ3hXVzVXZWxwWVNtcGlNalV3V2xjMU1FeHRUblppVkVGbVFtZHZja0puUlVWQldVOHZDazFCUlVOQ1FrWXpZak5LY2xwdGVIWmtNVGxyWVZoT2QxbFlVbXBoUkVFeVFtZHZja0puUlVWQldVOHZUVUZGUkVKRFozZGFhbU14VDFScmVWcEhUVE1LVGxSVk5VNVVRbWxOYWtFMFRWUkZNVnBFV20xTmFtdDNXWHBuTTFsVVkzaFpWRTVvV2xkU2JFMURNRWREYVhOSFFWRlJRbWMzT0hkQlVWRkZTREJXTkFwa1NFcHNZbGRXYzJWVFFtdFpWelZ1V2xoS2RtUllUV2RVTUd4RlVYbENhVnBYUm1waU1qUjNVMUZaUzB0M1dVSkNRVWRFZG5wQlFrSlJVVGRqTW14dUNtTXpVblpqYlZWMFdUSTVkVnB0T1hsaVYwWjFXVEpWZGxwWWFEQmpiVlowV2xkNE5VeFhVbWhpYldSc1kyMDVNV041TVhka1YwcHpZVmROZEdJeWJHc0tXWGt4YVZwWFJtcGlNalIzU0ZGWlMwdDNXVUpDUVVkRWRucEJRa0puVVZCamJWWnRZM2s1YjFwWFJtdGplVGwwV1Zkc2RVMUVjMGREYVhOSFFWRlJRZ3BuTnpoM1FWRm5SVXhSZDNKaFNGSXdZMGhOTmt4NU9UQmlNblJzWW1rMWFGa3pVbkJpTWpWNlRHMWtjR1JIYURGWmJsWjZXbGhLYW1JeU5UQmFWelV3Q2t4dFRuWmlWRU5DY0dkWlMwdDNXVUpDUVVkRWRucEJRa05SVTBKc2QzbENiRWRvTUdSSVFucFBhVGgyV2pKc01HRklWbWxNYlU1MllsTTVlbUZYWkhvS1pFYzVlVnBUTVdwaU1qVnRZak5LZEZsWE5XcGFVemxzWlVoU2VWcFhNV3hpU0d0MFdrZEdkVm95Vm5saU0xWjZURmhDTVZsdGVIQlplVEYyWVZkU2FncE1WMHBzV1ZkT2RtSnBPSFZhTW13d1lVaFdhVXd6WkhaamJYUnRZa2M1TTJONU9XeGxTRko1V2xjeGJHSklhM1JhUjBaMVdqSldlV0l6Vm5wTVZ6bHdDbHBIVFhSWmJWWm9XVEk1ZFV4dWJIUmlSVUo1V2xkYWVrd3lhR3haVjFKNlRESXhhR0ZYTkhkUFFWbExTM2RaUWtKQlIwUjJla0ZDUTJkUmNVUkRaM2NLV21wak1VOVVhM2xhUjAwelRsUlZOVTVVUW1sTmFrRTBUVlJGTVZwRVdtMU5hbXQzV1hwbk0xbFVZM2haVkU1b1dsZFNiRTFDTUVkRGFYTkhRVkZSUWdwbk56aDNRVkZ6UlVSM2QwNWFNbXd3WVVoV2FVeFhhSFpqTTFKc1drUkNaVUpuYjNKQ1owVkZRVmxQTDAxQlJVMUNSa0ZOVkcxb01HUklRbnBQYVRoMkNsb3liREJoU0ZacFRHMU9kbUpUT1hwaFYyUjZaRWM1ZVZwVE1XcGlNalZ0WWpOS2RGbFhOV3BhVXpsc1pVaFNlVnBYTVd4aVNHdDBXa2RHZFZveVZua0tZak5XZWt4WVFqRlpiWGh3V1hreGRtRlhVbXBNVjBwc1dWZE9kbUpxUVRSQ1oyOXlRbWRGUlVGWlR5OU5RVVZPUWtOdlRVdEVRbTFPZWxVMVQxUkthd3BaZW1NeFRsUnJNVTFIU1hsTlJHZDRUVlJXYTA1dFdYbFBWRUpxVDBSa2FFNTZSbWhOTWtac1drZFZkMGgzV1V0TGQxbENRa0ZIUkhaNlFVSkVaMUZTQ2tSQk9YbGFWMXA2VERKb2JGbFhVbnBNTWpGb1lWYzBkMGRSV1V0TGQxbENRa0ZIUkhaNlFVSkVkMUZNUkVGck1rMTZTVEZQVkZrMFQxUmpkMDUzV1VzS1MzZFpRa0pCUjBSMmVrRkNSVUZSY0VSRFpHOWtTRkozWTNwdmRrd3laSEJrUjJneFdXazFhbUl5TUhaak1teHVZek5TZG1OdFZYUlpNamwxV20wNWVRcGlWMFoxV1RKVmQwZFJXVXRMZDFsQ1FrRkhSSFo2UVVKRlVWRk1SRUZyZUUxNlJUUk5SRkV4VG1wTmQyZGhXVWREYVhOSFFWRlJRbWMzT0hkQlVrbEZDbWRhWTAxbldsSnZaRWhTZDJONmIzWk1NbVJ3WkVkb01WbHBOV3BpTWpCMll6SnNibU16VW5aamJWVjBXVEk1ZFZwdE9YbGlWMFoxV1RKVmRscFlhREFLWTIxV2RGcFhlRFZNVjFKb1ltMWtiR050T1RGamVURjNaRmRLYzJGWFRYUmlNbXhyV1hreGFWcFhSbXBpTWpSMlRHMWtjR1JIYURGWmFUa3pZak5LY2dwYWJYaDJaRE5OZGxwWWFEQmpiVlowV2xkNE5VeFhVbWhpYldSc1kyMDVNV041TVhaaFYxSnFURmRLYkZsWFRuWmlhVFUxWWxkNFFXTnRWbTFqZVRsdkNscFhSbXRqZVRsMFdWZHNkVTFFWjBkRGFYTkhRVkZSUW1jM09IZEJVazFGUzJkM2IwMUhXVE5PVkdzMVRXMVNhazU2VlRGUFZGVjNXV3BKZDA5RVJYZ0tUbGRSTWxwcVNUVk5SMDAwVGpKRk0wMVhSWHBaVjFacldsUkJhRUpuYjNKQ1owVkZRVmxQTDAxQlJWVkNRazFOUlZoa2RtTnRkRzFpUnpreldESlNjQXBqTTBKb1pFZE9iMDFKUjBOQ1oyOXlRbWRGUlVGWlR5OU5RVVZXUWtoUlRXTnRhREJrU0VKNlQyazRkbG95YkRCaFNGWnBURzFPZG1KVE9YcGhWMlI2Q21SSE9YbGFVekZxWWpJMWJXSXpTblJaVnpWcVdsTTViR1ZJVW5sYVZ6RnNZa2hyZEZwSFJuVmFNbFo1WWpOV2VreFlRakZaYlhod1dYa3hkbUZYVW1vS1RGZEtiRmxYVG5aaWFUbG9XVE5TY0dJeU5YcE1NMG94WW01TmRrMVVRVEJPYWtVeVRucG5kMDE2VlhaWldGSXdXbGN4ZDJSSVRYWk5WRUZYUW1kdmNncENaMFZGUVZsUEwwMUJSVmRDUVdkTlFtNUNNVmx0ZUhCWmVrTkNhWGRaUzB0M1dVSkNRVWhYWlZGSlJVRm5VamxDU0hOQlpWRkNNMEZPTURsTlIzSkhDbmg0UlhsWmVHdGxTRXBzYms1M1MybFRiRFkwTTJwNWRDODBaVXRqYjBGMlMyVTJUMEZCUVVKclYzbDRVV2cwUVVGQlVVUkJSV2QzVW1kSmFFRkxieklLUzJWaU5YRTBUMXBKZDJnMGFVdEVWR1JsT1RZck1rSnhUWE0wYlVKTGFrVlZLeloxY0U1SVRrRnBSVUUxZDFGSVdVSnhRV1k1ZWtWNE9FSmlhbUpxUlFwbVp6Um9XbEF2Y3l0T2VIaFJTVE5rVTFCek4zQnVaM2REWjFsSlMyOWFTWHBxTUVWQmQwMUVZVUZCZDFwUlNYaEJTa3gwWkRaNVlrWTRWMEp1U214WUNsY3JOR0oyZWt0V2JuTm9UMVJvT1U1bGIyOHZkemh3YkdSRWNsRkljMnRKUjNGWVVuQnRkM2MyV0c0NUwwSnBhamRSU1hkSFRHZGlkRFlyV2xoNGJrY0tNRkJHUTFSWFRXTXJXbGRxYm01UmEwOHJiRGxaTVdkQk5tUTJjV2t3VDNCS2FHdHlRa2hGVmpoaFZFeHhhMUJGYTA5aUx3b3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnPT0ifX19fQ=="}]},"messageSignature":{"messageDigest":{"algorithm":"SHA2_256","digest":"dzORWcN32za5IYUhvdGT0h4bhrPbzXr1O5BPtfTUq1Q="},"signature":"MEYCIQDoVvgjSWWbMU3IiQ2GHo0/CKTuVk9Rpg/YZQfN69x7CAIhALx6RaqMVuOeXaC22qy/5t4N68jw06L8DOmBjHBCjFlz"}}
\ No newline at end of file
diff --git a/test/integration/avo/attestations_controller_test.rb b/test/integration/avo/attestations_controller_test.rb
new file mode 100644
index 00000000000..313642a7f62
--- /dev/null
+++ b/test/integration/avo/attestations_controller_test.rb
@@ -0,0 +1,25 @@
+require "test_helper"
+
+class Avo::AttestationsControllerTest < ActionDispatch::IntegrationTest
+  include AdminHelpers
+
+  test "getting attestations as admin" do
+    admin_sign_in_as create(:admin_github_user, :is_admin)
+
+    get avo.resources_attestations_path
+
+    assert_response :success
+
+    attestation = create(:attestation)
+
+    get avo.resources_attestations_path
+
+    assert_response :success
+    page.assert_text attestation.media_type
+
+    get avo.resources_attestation_path(attestation)
+
+    assert_response :success
+    page.assert_text attestation.media_type
+  end
+end
diff --git a/test/integration/push_test.rb b/test/integration/push_test.rb
index b3ec204aa0f..dcfc45ac0a3 100644
--- a/test/integration/push_test.rb
+++ b/test/integration/push_test.rb
@@ -8,6 +8,67 @@ class PushTest < ActionDispatch::IntegrationTest
     @key = "12345"
     @user = create(:user)
     create(:api_key, owner: @user, key: @key, scopes: %i[push_rubygem])
+
+    stub_request(:get, "https://tuf-repo-cdn.sigstore.dev/10.root.json")
+      .to_return(status: 404, body: "", headers: {})
+  end
+
+  test "multipart" do
+    rubygem = create(:rubygem, name: "sigstore", number: "0.0.1")
+    create(:ownership, rubygem: rubygem, user: @user)
+
+    rubygem_trusted_publisher = create(:oidc_rubygem_trusted_publisher, rubygem: rubygem)
+    rubygem_trusted_publisher.trusted_publisher.update!(
+      repository_owner: "sigstore-conformance",
+      repository_name: "extremely-dangerous-public-oidc-beacon",
+      workflow_filename: "extremely-dangerous-oidc-beacon.yml"
+    )
+
+    @key = "543321"
+    api_key = create(:api_key, owner: rubygem_trusted_publisher.trusted_publisher, key: @key, scopes: %i[push_rubygem])
+    create(:oidc_id_token, api_key: api_key, jwt: { claims: { "ref" => "refs/heads/main" } })
+
+    signing_jwt = ["", {
+      aud: "sigstore",
+      iat: Time.zone.now.to_i - 60,
+      exp: Time.zone.now.to_i + 60,
+      nbf: Time.zone.now.to_i - 60,
+      iss: "sigstore-conformance",
+      sub: "sigstore-conformance"
+    }.to_json, ""].map { Base64.strict_encode64(_1) }.join(".")
+
+    Pusher.any_instance.stubs(:sigstore_signing_jwt).returns(signing_jwt)
+    Sigstore::Signer.any_instance.stubs(:sign).returns({})
+    bundle = JSON.parse(File.read(gem_file("sigstore-1.0.0.gem.sigstore.json")))
+
+    post api_v1_rubygems_path,
+         params: { "gem" => Rack::Test::UploadedFile.new(gem_file("sigstore-1.0.0.gem"), "application/octet-stream"),
+                   "attestations" => JSON.dump([bundle]) },
+         headers: { "CONTENT_TYPE" => "multipart/mixed", "HTTP_AUTHORIZATION" => @key }
+
+    assert_response :success, response.body
+
+    get info_path("sigstore")
+    info_file = response.body
+
+    assert_response :success
+    assert_equal <<~INFO, info_file
+      ---
+      0.0.1 |checksum:b5d4045c3f466fa91fe2cc6abe79232a1a57cdf104f7a26e716e0a1e2789df78,ruby:>= 2.0.0,rubygems:>= 2.6.3
+      1.0.0 |checksum:#{Digest::SHA256.hexdigest File.binread(gem_file('sigstore-1.0.0.gem'))}
+    INFO
+    assert_equal Digest::MD5.hexdigest(info_file), Rubygem.find_by!(name: "sigstore").versions.find_by(number: "1.0.0").info_checksum
+
+    get api_v2_rubygem_version_path("sigstore", "1.0.0", format: "json")
+
+    assert_response :success
+
+    assert_equal [["application/vnd.dev.sigstore.bundle.v0.3+json", bundle]], Attestation.pluck(:media_type, :body)
+
+    get api_v1_attestation_path("sigstore-1.0.0", format: "json")
+
+    assert_response :success
+    assert_equal [bundle], response.parsed_body
   end
 
   test "pushing a gem" do
@@ -77,7 +138,7 @@ class PushTest < ActionDispatch::IntegrationTest
 
     push_gem "sandworm-2.0.0.gem"
 
-    assert_response :success
+    assert_response :success, response.body
 
     perform_enqueued_jobs
     perform_enqueued_jobs only: ActionMailer::MailDeliveryJob
diff --git a/test/integration/rubygems_test.rb b/test/integration/rubygems_test.rb
index 39940bac94d..1fc945eed7e 100644
--- a/test/integration/rubygems_test.rb
+++ b/test/integration/rubygems_test.rb
@@ -17,4 +17,15 @@ class RubygemsTest < ActionDispatch::IntegrationTest
 
     assert page.has_content? "arrakis"
   end
+
+  test "GET to show for a gem published with an attestation" do
+    rubygem = create(:rubygem, name: "attested", number: "1.0.0")
+    trusted_publisher = create(:oidc_rubygem_trusted_publisher, rubygem: rubygem)
+    create(:api_key, scopes: %i[push_rubygem], owner: trusted_publisher.trusted_publisher)
+    create(:attestation, version: rubygem.versions.sole)
+
+    get "/gems/attested"
+
+    assert page.has_content? "Provenance"
+  end
 end
diff --git a/test/models/attestation_test.rb b/test/models/attestation_test.rb
new file mode 100644
index 00000000000..3d8eb1a4ecd
--- /dev/null
+++ b/test/models/attestation_test.rb
@@ -0,0 +1,7 @@
+require "test_helper"
+
+class AttestationTest < ActiveSupport::TestCase
+  should belong_to(:version)
+  should validate_presence_of(:media_type)
+  should validate_presence_of(:body)
+end
diff --git a/test/models/pusher_test.rb b/test/models/pusher_test.rb
index 390a4e333d5..14fd53443cd 100644
--- a/test/models/pusher_test.rb
+++ b/test/models/pusher_test.rb
@@ -48,6 +48,8 @@ class PusherTest < ActiveSupport::TestCase
         @cutter.stubs(:verify_mfa_requirement).returns true
         @cutter.stubs(:verify_gem_scope).returns true
         @cutter.stubs(:validate).returns true
+        @cutter.stubs(:verify_sigstore).returns true
+        @cutter.stubs(:sign_sigstore).returns true
         @cutter.stubs(:save).returns true
 
         assert @cutter.process
@@ -816,6 +818,103 @@ def two_cert_chain(signing_key:, root_not_before: Time.current, cert_not_before:
     end
   end
 
+  context "with attestations" do
+    should "not push gem if api key owner is not a trusted publisher" do
+      @cutter.stubs(:attestations).returns([{}])
+
+      refute @cutter.verify_sigstore
+      assert_equal "Pushing with an attestation requires trusted publishing", @cutter.message
+    end
+
+    should "not push gem if attestation fails to validate" do
+      @cutter.stubs(:attestations).returns(
+        [
+          { "media_type" => Sigstore::BundleType::BUNDLE_0_3.media_type,
+            "verification_material" => {
+              "certificate" => {
+                "rawBytes" => [build(:x509_certificate, :key_usage).to_der].pack("m0")
+              },
+              "tlogEntries" => [
+                {
+                  "inclusionProof" => {
+                    "checkpoint" => { "envelope" => "" }
+                  },
+                  "canonicalizedBody" => [
+                    JSON.dump(
+                      spec: {
+                        signature: {
+                          content: {
+                            publicKey: { content: [""].pack("m0") }
+                          }
+                        },
+                        kind: "hashedrekord",
+                        apiVersion: "0.0.1"
+                      }
+                    )
+                  ].pack("m0")
+                }
+              ]
+            },
+            "message_signature" => {} }
+        ]
+      )
+      @api_key.owner = create(:oidc_trusted_publisher_github_action)
+      @api_key.oidc_id_token = create(:oidc_id_token)
+
+      @cutter.send(:sigstore_verifier).expects(:verify).with(input: anything, policy: anything, offline: true)
+        .returns Sigstore::VerificationFailure.new("Attestation failed to validate")
+
+      refute @cutter.verify_sigstore
+      assert_equal "Attestation verification failed:\nAttestation failed to validate", @cutter.message
+    end
+
+    context "with attestations and trusted publisher" do
+      setup do
+        attestations = build_list(:sigstore_bundle, 2)
+        rubygem = create(:rubygem, name: "test", owners: [@user])
+        create(:version, rubygem: rubygem, number: "0.1.1", indexed: true)
+        rubygem_trusted_publisher = create(:oidc_rubygem_trusted_publisher, rubygem: rubygem)
+        rubygem_trusted_publisher.trusted_publisher.update!(
+          repository_owner: "sigstore-conformance",
+          repository_name: "extremely-dangerous-public-oidc-beacon",
+          workflow_filename: "extremely-dangerous-oidc-beacon.yml"
+        )
+
+        @api_key = create(:api_key, owner: rubygem_trusted_publisher.trusted_publisher, key: "54321", scopes: %i[push_rubygem])
+        create(:oidc_id_token, api_key: @api_key, jwt: { claims: { "ref" => "refs/heads/main" } })
+        @cutter = Pusher.new(@api_key, gem_file("test-1.0.0.gem"), attestations: attestations.map(&:as_json))
+      end
+
+      should "add valid attestations to version" do
+        @cutter.send(:sigstore_verifier).expects(:verify).twice
+          .returns Sigstore::VerificationSuccess.new
+
+        assert @cutter.process, @cutter.message # rubocop:disable Minitest/AssertWithExpectedArgument
+        assert_equal 2, @cutter.version.attestations.size
+      end
+
+      should "fail when first attestation fails to validate" do
+        @cutter.send(:sigstore_verifier).expects(:verify).once
+          .returns Sigstore::VerificationFailure.new("abc")
+
+        refute @cutter.process
+        assert_equal "Attestation verification failed:\nabc", @cutter.message
+        assert_equal 422, @cutter.code
+      end
+
+      should "fail when second attestation fails to validate" do
+        @cutter.send(:sigstore_verifier).expects(:verify).once
+          .returns Sigstore::VerificationFailure.new("abc")
+        @cutter.send(:sigstore_verifier).expects(:verify).once
+          .returns Sigstore::VerificationSuccess.new
+
+        refute @cutter.process
+        assert_equal "Attestation verification failed:\nabc", @cutter.message
+        assert_equal 422, @cutter.code
+      end
+    end
+  end
+
   context "the gem has been signed and not tampered with" do
     setup do
       @gem = gem_file("valid_signature-0.0.0.gem")
diff --git a/test/system/gem_server_conformance_test.rb b/test/system/gem_server_conformance_test.rb
index ec64139de96..ef303da1767 100644
--- a/test/system/gem_server_conformance_test.rb
+++ b/test/system/gem_server_conformance_test.rb
@@ -52,7 +52,7 @@ class GemServerConformanceTest < ApplicationSystemTestCase
   end
 
   test "is a conformant gem server" do
-    create(:api_key, scopes: %w[push_rubygem yank_rubygem])
+    create(:api_key, scopes: %w[push_rubygem yank_rubygem], key: "12345")
 
     output, status = Open3.capture2e(
       {

From 4aa3425b99aac7114c7cf51d6762d78fe77443a1 Mon Sep 17 00:00:00 2001
From: Colby Swandale <996377+colby-swandale@users.noreply.github.com>
Date: Thu, 14 Nov 2024 17:16:06 +1100
Subject: [PATCH 367/381] Organization onboarding  (#5201)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Add initial Onboarding functionality

onboard gems

Update avo resource to v3

update enum syntax

Add methods for fetching rubygems & users

Add user relationship between OrganizationOnboarding and User

* add onboarding controllers

Add onboarding base controller

Fixup namespace

Cleanup routes

Set title field

Multi select gems form

Fix styling

Add integration test for users

Add test for confirmation controller

Don’t render onboarding routes in Staging or Production

* better test & confirm the organization hsa been created

fixup breaking tests

number of tweaks

small tweaks

tweak forms

Fixup breaking tests

tweak forms

* Add user login helper

* Allow running system tests in devcontainers

* Add Name Type enum to OrganizationOnboarding

* Add OrganizationOnboardingInvite to capture users invited to join an Organization

* Organization onboarding Name form, allow deleteing onboarding

* Improve gem ownership validation

* Set default name type value

* Onboarding Gems, Members, and Finalize design (mobile only)

* Change order of membership roles to be ordered

* wip on tests

* rely on fields_for

* add necessary fields

* Allow null role in onboarding invites

* Working user onboarding controller

* Start fixing system test for onboarding

* improve onboarding views

default to open permissions matrix

* Fix syntax error

* simplify tests and user onboarding

* little updates

* Fix gems controller for submitting no gems

* Add the promo for organizations to the dashboard

Only visible if you're already in an organization for now

* resolve breaking tests & add new system tests

* Move onboarding underneath the organization namespace

* Fix promo link

* Fix team model tests

* Change pathname helpers for onboarding to singular

this make the path helpers more consistent with existing routes

* Fix foreign_key in User.has_many :organization_onboardings

* Fix route plural controller name

* Fix controller nesting problem

* restore TestHelper capyabra configuration

* temporary not found for organizations show page

* Fixup failing Factories Tests

* Fix name error from old Avo 2 code

* Remvoe test that is no longer valid

* Remove debug gem

* Add test coverage for organziation/onboarding controller

* Handle failed onboarding

* Adding missing pundit policies for OrganizationOnboarding, Team & Team Member

* Rewrite test for onboarding with user name type

* Remove rubygem memorization

Memorizing the rubygems is breaking tests that manipulate the rubygems field.

* Fix routing tests

* fix linting

* Add admin pundit policies for onboarding, team & team member

* Test confirm action more thoroughly

Add approved_invites trasient to onboarding factory

* Add helper method for add_breadcrumbs

* Remove Ownership record of onbarded gems and users

* Fill in missing coverage in policy

* One more policy coverage

* Remove unused teams for now

* Protect from invalid input in invites

* Update locale files

* OrganizationOnboarding#available_rubygems test coverage

* Remove teams migrations

* During launch we will only allow gem name onboarding

* Use a helper to avoid loading approved_invites twice

* username onboarding type is invalid for now

* really fix onboarding factory

* remove new design notice from onboarding

* Remove team and team member models

* Ammend gem push permissions to include users who are part of an organization

* Only hide username option

* Remove accidental page addition

* Remove onboarded_by field

* Update Organization Onboard avo resources with fields and actions

* Update Owner to be top level role

* Update params name

* Remove leftover teams

* Merge null migration into previous migration

* Fixup Onboard Organization Action

* Fixup locales

* Raise exception when onboarding fails

* Fixup rubocop errors

* Set the correct access permissions order

* Tweak integration tests

* define OrganizationOnboardingInvite policy object

* update locales

* Fixup breaking access tests

* touchup database migrations

* Update Organization policies with correct access levels

* Add org role checking to pundit policy

* Organization policies and better policy errors

* Passing org and membership policies

* Set maintainer role for trait

* Rename :handle in organizations route to default :id

* trim created_by_gem_ownerships validations to pass CodeCov

* add orange-050

* remove routes that will be added later

* Add missing tests

* Update breaking test

* Fixup nil in test

---------

Co-authored-by: Martin Emde <me@martinemde.com>
---
 app/assets/images/icons.svg                   |   1 +
 app/avo/actions/onboard_organization.rb       |  16 ++
 app/avo/resources/organization_onboarding.rb  |  27 ++
 .../organization_onboarding_invite.rb         |  11 +
 app/controllers/application_controller.rb     |   1 +
 ...anization_onboarding_invites_controller.rb |   4 +
 .../organization_onboardings_controller.rb    |   4 +
 .../onboarding/base_controller.rb             |  28 ++
 .../onboarding/confirm_controller.rb          |  16 ++
 .../onboarding/gems_controller.rb             |  20 ++
 .../onboarding/name_controller.rb             |  20 ++
 .../onboarding/users_controller.rb            |  27 ++
 .../organizations/onboarding_controller.rb    |  10 +
 app/controllers/organizations_controller.rb   |  10 +
 app/controllers/sessions_controller.rb        |   6 +
 app/javascript/controllers/application.js     |   2 +
 .../controllers/counter_controller.js         |  24 ++
 .../controllers/onboarding_name_controller.js |  74 +++++
 .../controllers/radio_reveal_controller.js    |  25 ++
 .../controllers/scroll_controller.js          |   4 +
 app/models/membership.rb                      |   4 +-
 app/models/organization.rb                    |   8 +-
 app/models/organization_onboarding.rb         | 163 +++++++++++
 app/models/organization_onboarding_invite.rb  |  16 ++
 app/models/rubygem.rb                         |  14 +-
 app/models/user.rb                            |   2 +
 .../organization_onboarding_invite_policy.rb  |  19 ++
 .../admin/organization_onboarding_policy.rb   |  21 ++
 app/policies/application_policy.rb            |  15 +-
 app/policies/membership_policy.rb             |  23 ++
 .../oidc/rubygem_trusted_publisher_policy.rb  |   6 +-
 .../organization_onboarding_policy.rb         |   4 +
 app/policies/organization_policy.rb           |  32 +--
 app/policies/rubygem_policy.rb                |   7 +-
 app/views/avo/login.html.erb                  |   2 +-
 app/views/components/button_component.rb      | 113 +++++---
 .../components/onboarding/steps_component.rb  |  44 +++
 app/views/dashboards/_promo.html.erb          |  43 +++
 app/views/dashboards/show.html.erb            |   2 +
 app/views/layouts/onboarding.html.erb         |  31 ++
 app/views/layouts/subject.html.erb            |   2 +-
 .../onboarding/_progress.html.erb             |   6 +
 .../onboarding/_summary.html.erb              |  71 +++++
 .../onboarding/confirm/edit.html.erb          |  17 ++
 .../onboarding/gems/edit.html.erb             |  56 ++++
 .../onboarding/name/new.html.erb              |  96 +++++++
 .../onboarding/users/edit.html.erb            |  96 +++++++
 app/views/sessions/new.html.erb               |  14 +
 config/application.rb                         |   2 +-
 config/importmap.rb                           |   1 +
 .../initializers/content_security_policy.rb   |   2 +-
 config/locales/de.yml                         |   7 +
 config/locales/en.yml                         |   7 +
 config/locales/es.yml                         |   7 +
 config/locales/fr.yml                         |   7 +
 config/locales/ja.yml                         |   7 +
 config/locales/nl.yml                         |   7 +
 config/locales/pt-BR.yml                      |   7 +
 config/locales/zh-CN.yml                      |   7 +
 config/locales/zh-TW.yml                      |   7 +
 config/routes.rb                              |  24 +-
 config/tailwind.config.js                     |   1 +
 ...3052946_create_organization_onboardings.rb |  16 ++
 ...dd_organization_foreign_keyto_ruby_gems.rb |   8 +
 ...dd_organization_foreign_keyto_ruby_gems.rb |   5 +
 ...953_add_organization_onboarding_invites.rb |  11 +
 db/schema.rb                                  |  31 +-
 db/seeds.rb                                   |   1 +
 lib/access.rb                                 |   2 +-
 test/application_system_test_case.rb          |  12 +-
 test/factories/memberships.rb                 |   4 +
 .../organization_onboarding_invites.rb        |   7 +
 test/factories/organization_onboardings.rb    |  51 ++++
 test/factories/organizations.rb               |   5 +
 test/helpers/policy_helpers.rb                |  28 +-
 .../onboarding/confirm_controller_test.rb     |  52 ++++
 .../onboarding/gems_controller_test.rb        |  50 ++++
 .../onboarding/name_controller_test.rb        |  60 ++++
 .../onboarding/users_controller_test.rb       | 123 ++++++++
 .../organizations/onboarding_test.rb          |  51 ++++
 test/integration/routing_test.rb              |   1 +
 test/lib/access_test.rb                       |  14 +-
 test/models/organization_onboarding_test.rb   | 267 ++++++++++++++++++
 test/models/organization_test.rb              |   9 +-
 test/models/rubygem_test.rb                   |  21 ++
 ...anization_onboarding_invite_policy_test.rb |  38 +++
 .../organization_onboarding_policy_test.rb    |  38 +++
 test/policies/membership_policy_test.rb       | 122 ++++++++
 test/policies/organization_policy_test.rb     |  79 +++---
 test/policies/rubygem_policy_test.rb          | 167 ++++++++---
 test/system/onboarding_test.rb                | 103 +++++++
 test/test_helper.rb                           |   4 +-
 .../avo/actions/onboard_organization_test.rb  |  40 +++
 ...timulus-components--checkbox-select-all.js |   4 +
 94 files changed, 2578 insertions(+), 196 deletions(-)
 create mode 100644 app/avo/actions/onboard_organization.rb
 create mode 100644 app/avo/resources/organization_onboarding.rb
 create mode 100644 app/avo/resources/organization_onboarding_invite.rb
 create mode 100644 app/controllers/avo/organization_onboarding_invites_controller.rb
 create mode 100644 app/controllers/avo/organization_onboardings_controller.rb
 create mode 100644 app/controllers/organizations/onboarding/base_controller.rb
 create mode 100644 app/controllers/organizations/onboarding/confirm_controller.rb
 create mode 100644 app/controllers/organizations/onboarding/gems_controller.rb
 create mode 100644 app/controllers/organizations/onboarding/name_controller.rb
 create mode 100644 app/controllers/organizations/onboarding/users_controller.rb
 create mode 100644 app/controllers/organizations/onboarding_controller.rb
 create mode 100644 app/controllers/organizations_controller.rb
 create mode 100644 app/javascript/controllers/counter_controller.js
 create mode 100644 app/javascript/controllers/onboarding_name_controller.js
 create mode 100644 app/javascript/controllers/radio_reveal_controller.js
 create mode 100644 app/models/organization_onboarding.rb
 create mode 100644 app/models/organization_onboarding_invite.rb
 create mode 100644 app/policies/admin/organization_onboarding_invite_policy.rb
 create mode 100644 app/policies/admin/organization_onboarding_policy.rb
 create mode 100644 app/policies/membership_policy.rb
 create mode 100644 app/policies/organization_onboarding_policy.rb
 create mode 100644 app/views/components/onboarding/steps_component.rb
 create mode 100644 app/views/dashboards/_promo.html.erb
 create mode 100644 app/views/layouts/onboarding.html.erb
 create mode 100644 app/views/organizations/onboarding/_progress.html.erb
 create mode 100644 app/views/organizations/onboarding/_summary.html.erb
 create mode 100644 app/views/organizations/onboarding/confirm/edit.html.erb
 create mode 100644 app/views/organizations/onboarding/gems/edit.html.erb
 create mode 100644 app/views/organizations/onboarding/name/new.html.erb
 create mode 100644 app/views/organizations/onboarding/users/edit.html.erb
 create mode 100644 db/migrate/20241023052946_create_organization_onboardings.rb
 create mode 100644 db/migrate/20241023053140_add_organization_foreign_keyto_ruby_gems.rb
 create mode 100644 db/migrate/20241023053210_validate_add_organization_foreign_keyto_ruby_gems.rb
 create mode 100644 db/migrate/20241104065953_add_organization_onboarding_invites.rb
 create mode 100644 test/factories/organization_onboarding_invites.rb
 create mode 100644 test/factories/organization_onboardings.rb
 create mode 100644 test/integration/organizations/onboarding/confirm_controller_test.rb
 create mode 100644 test/integration/organizations/onboarding/gems_controller_test.rb
 create mode 100644 test/integration/organizations/onboarding/name_controller_test.rb
 create mode 100644 test/integration/organizations/onboarding/users_controller_test.rb
 create mode 100644 test/integration/organizations/onboarding_test.rb
 create mode 100644 test/models/organization_onboarding_test.rb
 create mode 100644 test/policies/admin/organization_onboarding_invite_policy_test.rb
 create mode 100644 test/policies/admin/organization_onboarding_policy_test.rb
 create mode 100644 test/policies/membership_policy_test.rb
 create mode 100644 test/system/onboarding_test.rb
 create mode 100644 test/unit/avo/actions/onboard_organization_test.rb
 create mode 100644 vendor/javascript/@stimulus-components--checkbox-select-all.js

diff --git a/app/assets/images/icons.svg b/app/assets/images/icons.svg
index dd7abfcf2f0..58eda27ef28 100644
--- a/app/assets/images/icons.svg
+++ b/app/assets/images/icons.svg
@@ -7,6 +7,7 @@
     <symbol id="arrow-circle-right" viewBox="0 -960 960 960"><path d="m512.23-450-53.31 53.31q-8.3 8.31-8.11 20.69.19 12.38 8.5 20.69t20.95 8.31q12.64 0 20.82-8.31l99.38-99.38q10.85-10.85 10.85-25.31 0-14.46-10.85-25.31l-99.77-99.77q-8.31-8.3-20.69-8.3t-20.69 8.3q-8.31 8.31-8.31 20.95 0 12.64 8.31 20.82L512.23-510H360q-12.75 0-21.37 8.63-8.63 8.63-8.63 21.38 0 12.76 8.63 21.37Q347.25-450 360-450h152.23Zm-32.16 350q-78.84 0-148.21-29.92t-120.68-81.21q-51.31-51.29-81.25-120.63Q100-401.1 100-479.93q0-78.84 29.92-148.21t81.21-120.68q51.29-51.31 120.63-81.25Q401.1-860 479.93-860q78.84 0 148.21 29.92t120.68 81.21q51.31 51.29 81.25 120.63Q860-558.9 860-480.07q0 78.84-29.92 148.21t-81.21 120.68q-51.29 51.31-120.63 81.25Q558.9-100 480.07-100Zm-.07-60q134 0 227-93t93-227q0-134-93-227t-227-93q-134 0-227 93t-93 227q0 134 93 227t227 93Zm0-320Z"/></symbol>
     <symbol id="arrow-drop-down" viewBox="0 -960 960 960"><path d="M460.81-393.04 334.76-519.08q-2.6-2.61-4.1-5.83-1.5-3.21-1.5-6.89 0-7.35 4.97-12.78 4.97-5.42 13.1-5.42h265.54q8.13 0 13.1 5.48 4.97 5.47 4.97 12.77 0 1.83-5.61 12.67L499.19-393.04q-4.34 4.35-8.98 6.35-4.64 2-10.21 2-5.57 0-10.21-2-4.64-2-8.98-6.35Z"/></symbol>
     <symbol id="arrow-forward-ios" viewBox="0 -960 960 960"><path d="M593.23-480 291.92-781.31q-11.92-11.92-11.61-28.38.31-16.46 12.23-28.39Q304.46-850 320.92-850t28.39 11.92l306.23 306.85q10.84 10.85 16.07 24.31 5.24 13.46 5.24 26.92t-5.24 26.92q-5.23 13.46-16.07 24.31L348.69-121.92q-11.92 11.92-28.07 11.61-16.16-.31-28.08-12.23-11.92-11.92-11.92-28.38t11.92-28.39L593.23-480Z"/></symbol>
+    <symbol id="arrow-forward" viewBox="0 -960 960 960"><path d="M665.08-450H180v-60h485.08L437.23-737.85 480-780l300 300-300 300-42.77-42.15L665.08-450Z"/></symbol>
     <symbol id="check-circle" viewBox="0 -960 960 960"><path d="m423.23-394.15-92.92-92.93q-8.31-8.3-20.89-8.5-12.57-.19-21.27 8.5-8.69 8.7-8.69 21.08 0 12.38 8.69 21.08l109.77 109.77q10.85 10.84 25.31 10.84 14.46 0 25.31-10.84l222.54-222.54q8.3-8.31 8.5-20.89.19-12.57-8.5-21.27-8.7-8.69-21.08-8.69-12.38 0-21.08 8.69l-205.69 205.7ZM480.07-100q-78.84 0-148.21-29.92t-120.68-81.21q-51.31-51.29-81.25-120.63Q100-401.1 100-479.93q0-78.84 29.92-148.21t81.21-120.68q51.29-51.31 120.63-81.25Q401.1-860 479.93-860q78.84 0 148.21 29.92t120.68 81.21q51.31 51.29 81.25 120.63Q860-558.9 860-480.07q0 78.84-29.92 148.21t-81.21 120.68q-51.29 51.31-120.63 81.25Q558.9-100 480.07-100Zm-.07-60q134 0 227-93t93-227q0-134-93-227t-227-93q-134 0-227 93t-93 227q0 134 93 227t227 93Zm0-320Z"/></symbol>
     <symbol id="chevron-right" viewBox="0 -960 960 960"><path d="M517.85-480 354.92-642.92q-8.3-8.31-8.5-20.89-.19-12.57 8.5-21.27 8.7-8.69 21.08-8.69 12.38 0 21.08 8.69l179.77 179.77q5.61 5.62 7.92 11.85 2.31 6.23 2.31 13.46t-2.31 13.46q-2.31 6.23-7.92 11.85L397.08-274.92q-8.31 8.3-20.89 8.5-12.57.19-21.27-8.5-8.69-8.7-8.69-21.08 0-12.38 8.69-21.08L517.85-480Z"/></symbol>
     <symbol id="close" viewBox="0 -960 960 960"><path d="M480-437.85 277.08-234.92q-8.31 8.3-20.89 8.5-12.57.19-21.27-8.5-8.69-8.7-8.69-21.08 0-12.38 8.69-21.08L437.85-480 234.92-682.92q-8.3-8.31-8.5-20.89-.19-12.57 8.5-21.27 8.7-8.69 21.08-8.69 12.38 0 21.08 8.69L480-522.15l202.92-202.93q8.31-8.3 20.89-8.5 12.57-.19 21.27 8.5 8.69 8.7 8.69 21.08 0 12.38-8.69 21.08L522.15-480l202.93 202.92q8.3 8.31 8.5 20.89.19 12.57-8.5 21.27-8.7 8.69-21.08 8.69-12.38 0-21.08-8.69L480-437.85Z"/></symbol>
diff --git a/app/avo/actions/onboard_organization.rb b/app/avo/actions/onboard_organization.rb
new file mode 100644
index 00000000000..96708a56a6a
--- /dev/null
+++ b/app/avo/actions/onboard_organization.rb
@@ -0,0 +1,16 @@
+class Avo::Actions::OnboardOrganization < Avo::Actions::ApplicationAction
+  self.name = "Onboard Organization"
+  self.visible = lambda {
+    current_user.team_member?("rubygems-org") && view == :show
+  }
+
+  self.message = lambda {
+    "Are you sure you would like to onboard this organization?"
+  }
+
+  self.confirm_button_label = "Onboard"
+
+  def handle(query:, **_)
+    query.each(&:onboard!)
+  end
+end
diff --git a/app/avo/resources/organization_onboarding.rb b/app/avo/resources/organization_onboarding.rb
new file mode 100644
index 00000000000..ed6dcb4313f
--- /dev/null
+++ b/app/avo/resources/organization_onboarding.rb
@@ -0,0 +1,27 @@
+class Avo::Resources::OrganizationOnboarding < Avo::BaseResource
+  self.title = :organization_name
+  self.includes = [:invites]
+
+  def actions
+    action Avo::Actions::OnboardOrganization
+  end
+
+  def fields
+    field :id, as: :id
+    field :status, as: :select, enum: OrganizationOnboarding.statuses
+    field :organization_name, as: :text
+    field :organization_handle, as: :text
+    field :created_by, as: :belongs_to
+    field :error, as: :text
+
+    field :onboarded_at, as: :date_time
+    field :created_at, as: :date_time
+    field :updated_at, as: :date_time
+
+    tabs style: :pills do
+      field :users, as: :has_many, through: :invites
+      field :invites, as: :has_many, use_resource: Avo::Resources::OrganizationOnboardingInvite
+      field :organization, as: :has_one
+    end
+  end
+end
diff --git a/app/avo/resources/organization_onboarding_invite.rb b/app/avo/resources/organization_onboarding_invite.rb
new file mode 100644
index 00000000000..001269d7c79
--- /dev/null
+++ b/app/avo/resources/organization_onboarding_invite.rb
@@ -0,0 +1,11 @@
+class Avo::Resources::OrganizationOnboardingInvite < Avo::BaseResource
+  self.title = :id
+  self.includes = [:organization_onboarding]
+
+  def fields
+    field :id, as: :id
+    field :organization_onboarding, as: :belongs_to
+    field :user, as: :belongs_to
+    field :role, as: :select, enum: OrganizationOnboardingInvite.roles
+  end
+end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 65861579447..65a6f65e107 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -70,6 +70,7 @@ def breadcrumbs
   def add_breadcrumb(name, link = nil)
     breadcrumbs << [name, link]
   end
+  helper_method :add_breadcrumb
 
   protected
 
diff --git a/app/controllers/avo/organization_onboarding_invites_controller.rb b/app/controllers/avo/organization_onboarding_invites_controller.rb
new file mode 100644
index 00000000000..fc4bf11c51b
--- /dev/null
+++ b/app/controllers/avo/organization_onboarding_invites_controller.rb
@@ -0,0 +1,4 @@
+# This controller has been generated to enable Rails' resource routes.
+# More information on https://docs.avohq.io/2.0/controllers.html
+class Avo::OrganizationOnboardingInvitesController < Avo::ResourcesController
+end
diff --git a/app/controllers/avo/organization_onboardings_controller.rb b/app/controllers/avo/organization_onboardings_controller.rb
new file mode 100644
index 00000000000..d9575f8fbbb
--- /dev/null
+++ b/app/controllers/avo/organization_onboardings_controller.rb
@@ -0,0 +1,4 @@
+# This controller has been generated to enable Rails' resource routes.
+# More information on https://docs.avohq.io/2.0/controllers.html
+class Avo::OrganizationOnboardingsController < Avo::ResourcesController
+end
diff --git a/app/controllers/organizations/onboarding/base_controller.rb b/app/controllers/organizations/onboarding/base_controller.rb
new file mode 100644
index 00000000000..67eae35ded2
--- /dev/null
+++ b/app/controllers/organizations/onboarding/base_controller.rb
@@ -0,0 +1,28 @@
+class Organizations::Onboarding::BaseController < ApplicationController
+  before_action :redirect_to_signin, unless: :signed_in?
+  before_action :redirect_to_new_mfa, if: :mfa_required_not_yet_enabled?
+  before_action :find_or_initialize_onboarding
+  before_action :set_breadcrumbs
+
+  def find_or_initialize_onboarding
+    @organization_onboarding = OrganizationOnboarding.find_or_initialize_by(created_by: Current.user, status: :pending)
+  end
+
+  def set_breadcrumbs
+    add_breadcrumb t("breadcrumbs.dashboard"), dashboard_path
+    add_breadcrumb "Create Org"
+  end
+
+  def available_rubygems
+    @available_rubygems ||= @organization_onboarding.available_rubygems.to_a.tap do |gems|
+      namesake_rubygem = @organization_onboarding.namesake_rubygem
+      gems.unshift gems.delete(namesake_rubygem) if namesake_rubygem
+    end
+  end
+  helper_method :available_rubygems
+
+  def approved_invites
+    @approved_invites ||= @organization_onboarding.approved_invites
+  end
+  helper_method :approved_invites
+end
diff --git a/app/controllers/organizations/onboarding/confirm_controller.rb b/app/controllers/organizations/onboarding/confirm_controller.rb
new file mode 100644
index 00000000000..bba2ae80f4f
--- /dev/null
+++ b/app/controllers/organizations/onboarding/confirm_controller.rb
@@ -0,0 +1,16 @@
+class Organizations::Onboarding::ConfirmController < Organizations::Onboarding::BaseController
+  layout "onboarding"
+
+  def edit
+  end
+
+  def update
+    @organization_onboarding.onboard!
+
+    flash[:notice] = I18n.t("organization_onboardings.confirm.success")
+    redirect_to organization_path(@organization_onboarding.organization)
+  rescue ActiveRecord::ActiveRecordError
+    flash.now[:error] = "Onboarding error: #{@organization_onboarding.error}"
+    render :edit, status: :unprocessable_entity
+  end
+end
diff --git a/app/controllers/organizations/onboarding/gems_controller.rb b/app/controllers/organizations/onboarding/gems_controller.rb
new file mode 100644
index 00000000000..c80825ee2f8
--- /dev/null
+++ b/app/controllers/organizations/onboarding/gems_controller.rb
@@ -0,0 +1,20 @@
+class Organizations::Onboarding::GemsController < Organizations::Onboarding::BaseController
+  layout "onboarding"
+
+  def edit
+  end
+
+  def update
+    if @organization_onboarding.update(onboarding_gems_params)
+      redirect_to organization_onboarding_users_path
+    else
+      render :edit, status: :unprocessable_entity
+    end
+  end
+
+  private
+
+  def onboarding_gems_params
+    params.permit(organization_onboarding: { rubygems: [] }).fetch(:organization_onboarding, {})
+  end
+end
diff --git a/app/controllers/organizations/onboarding/name_controller.rb b/app/controllers/organizations/onboarding/name_controller.rb
new file mode 100644
index 00000000000..e61ccf376fe
--- /dev/null
+++ b/app/controllers/organizations/onboarding/name_controller.rb
@@ -0,0 +1,20 @@
+class Organizations::Onboarding::NameController < Organizations::Onboarding::BaseController
+  layout "onboarding"
+
+  def new
+  end
+
+  def create
+    if @organization_onboarding.update(onboarding_name_params)
+      redirect_to organization_onboarding_gems_path
+    else
+      render :new, status: :unprocessable_entity
+    end
+  end
+
+  private
+
+  def onboarding_name_params
+    params.require(:organization_onboarding).permit(:organization_name, :organization_handle)
+  end
+end
diff --git a/app/controllers/organizations/onboarding/users_controller.rb b/app/controllers/organizations/onboarding/users_controller.rb
new file mode 100644
index 00000000000..94dc7d3d571
--- /dev/null
+++ b/app/controllers/organizations/onboarding/users_controller.rb
@@ -0,0 +1,27 @@
+class Organizations::Onboarding::UsersController < Organizations::Onboarding::BaseController
+  layout "onboarding"
+
+  def edit
+  end
+
+  def update
+    if @organization_onboarding.update(onboarding_user_params)
+      redirect_to organization_onboarding_confirm_path
+    else
+      render :edit, status: :unprocessable_entity
+    end
+  end
+
+  private
+
+  def role_options
+    @role_options ||= OrganizationOnboardingInvite.roles.map do |k, _|
+      [Membership.human_attribute_name("role.#{k}"), k]
+    end
+  end
+  helper_method :role_options
+
+  def onboarding_user_params
+    params.require(:organization_onboarding).permit(invites_attributes: %i[id role])
+  end
+end
diff --git a/app/controllers/organizations/onboarding_controller.rb b/app/controllers/organizations/onboarding_controller.rb
new file mode 100644
index 00000000000..fe66a4ab034
--- /dev/null
+++ b/app/controllers/organizations/onboarding_controller.rb
@@ -0,0 +1,10 @@
+class Organizations::OnboardingController < ApplicationController
+  before_action :redirect_to_signin, unless: :signed_in?
+  before_action :redirect_to_new_mfa, if: :mfa_required_not_yet_enabled?
+
+  def destroy
+    OrganizationOnboarding.destroy_by(created_by: Current.user, status: %i[pending failed])
+
+    redirect_to dashboard_path
+  end
+end
diff --git a/app/controllers/organizations_controller.rb b/app/controllers/organizations_controller.rb
new file mode 100644
index 00000000000..8ea9cb0e87b
--- /dev/null
+++ b/app/controllers/organizations_controller.rb
@@ -0,0 +1,10 @@
+class OrganizationsController < ApplicationController
+  def show
+    render plain: flash[:notice] # HACK: for tests until this view is ready
+  end
+
+  private
+
+  def organization_params
+  end
+end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 570b02dc4f8..85a26427723 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -73,6 +73,12 @@ def webauthn_authenticate
     end
   end
 
+  def development_log_in_as
+    user = User.find(params[:user_id])
+    sign_in(user)
+    redirect_back_or_to dashboard_path
+  end
+
   private
 
   def mark_verified
diff --git a/app/javascript/controllers/application.js b/app/javascript/controllers/application.js
index c3847f16889..724e451cf20 100644
--- a/app/javascript/controllers/application.js
+++ b/app/javascript/controllers/application.js
@@ -1,10 +1,12 @@
 import { Application } from "@hotwired/stimulus"
 import Clipboard from '@stimulus-components/clipboard'
+import CheckboxSelectAll from '@stimulus-components/checkbox-select-all'
 
 const application = Application.start()
 
 // Add vendored controllers
 application.register('clipboard', Clipboard)
+application.register('checkbox-select-all', CheckboxSelectAll)
 
 // Configure Stimulus development experience
 application.debug = false
diff --git a/app/javascript/controllers/counter_controller.js b/app/javascript/controllers/counter_controller.js
new file mode 100644
index 00000000000..c3fe216484b
--- /dev/null
+++ b/app/javascript/controllers/counter_controller.js
@@ -0,0 +1,24 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static targets = ["counter", "checked"]
+
+  connect() {
+    this.update()
+  }
+
+  checkedTargetConnected(el) {
+    el.addEventListener("change", this.update.bind(this))
+    el.addEventListener("input", this.update.bind(this)) // input emitted by checkbox-select-all controller
+  }
+
+  checkedTargetdisconnected(el) {
+    el.removeEventListener("change", this.update.bind(this))
+    el.removeEventListener("input", this.update.bind(this))
+  }
+
+  update() {
+    const count = this.checkedTargets.filter(el => el.checked).length
+    this.counterTarget.textContent = count
+  }
+}
diff --git a/app/javascript/controllers/onboarding_name_controller.js b/app/javascript/controllers/onboarding_name_controller.js
new file mode 100644
index 00000000000..ee6f6466b71
--- /dev/null
+++ b/app/javascript/controllers/onboarding_name_controller.js
@@ -0,0 +1,74 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static targets = [
+    "radio",
+    "gemname",
+    "username",
+    "reveal",
+    "displayname",
+    "submit",
+  ]
+
+  connect() {
+    this.submitTarget.disabled = true
+    this.radioTargets.forEach((radio) => {
+      if (radio.checked) {
+        this[radio.value+"name"]()
+      }
+    })
+  }
+
+  gemnameField() {
+    return this.gemnameTarget.querySelector("select")
+  }
+
+  usernameField() {
+    return this.usernameTarget.querySelector("input")
+  }
+
+  gemname() {
+    this.usernameTarget.classList.add("hidden")
+
+    this.gemnameField().disabled = false
+    this.gemnameTarget.classList.remove("hidden")
+    this.revealTarget.classList.remove("hidden")
+
+    const inputElement = this.gemnameField()
+    inputElement.focus()
+    this.updateDisplaynameWith(inputElement.value)
+    if (inputElement.value === "") {
+      this.submitTarget.disabled = true
+    }
+    this.validate()
+  }
+
+  username() {
+    this.gemnameTarget.classList.add("hidden")
+    this.gemnameField().disabled = true
+
+    this.usernameTarget.classList.remove("hidden")
+    this.revealTarget.classList.remove("hidden")
+
+    this.updateDisplaynameWith(this.usernameField().value)
+    this.validate()
+  }
+
+  validate() {
+    if (this.element.checkValidity()) {
+      this.submitTarget.disabled = false
+    } else {
+      this.submitTarget.disabled = true
+    }
+  }
+
+  updateDisplayname(e) {
+    this.updateDisplaynameWith(e.currentTarget.value)
+    this.validate()
+  }
+
+  updateDisplaynameWith(value) {
+    // Replace dashes and underscores with spaces. Capitalize the first letter of each word.
+    this.displaynameTarget.value = value.replace(/[-_]/g, " ").replace(/\b\w/g, (char) => char.toUpperCase())
+  }
+}
diff --git a/app/javascript/controllers/radio_reveal_controller.js b/app/javascript/controllers/radio_reveal_controller.js
new file mode 100644
index 00000000000..88b984f40d1
--- /dev/null
+++ b/app/javascript/controllers/radio_reveal_controller.js
@@ -0,0 +1,25 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static targets = [
+    "radio",
+    "item",
+  ]
+
+  connect() {
+    this.update()
+  }
+
+  update() {
+    this.itemTargets.forEach(item => {
+      item.classList.add("hidden")
+    })
+
+    this.radioTargets.forEach(radio => {
+      if (radio.checked) {
+        const item = this.itemTargets.find(item => item.dataset.name == radio.value)
+        item.classList.remove("hidden")
+      }
+    })
+  }
+}
diff --git a/app/javascript/controllers/scroll_controller.js b/app/javascript/controllers/scroll_controller.js
index 0970b5a2c6d..f3b76f9ee91 100644
--- a/app/javascript/controllers/scroll_controller.js
+++ b/app/javascript/controllers/scroll_controller.js
@@ -12,4 +12,8 @@ export default class extends Controller {
   scrollTargetConnected() {
     this.scrollTarget.scrollIntoView({ behavior: "smooth" })
   }
+
+  scroll(e) {
+    e.currentTarget.scrollIntoView({ behavior: "smooth" })
+  }
 }
diff --git a/app/models/membership.rb b/app/models/membership.rb
index e1e73cf2a9c..f570f99bbbf 100644
--- a/app/models/membership.rb
+++ b/app/models/membership.rb
@@ -5,7 +5,9 @@ class Membership < ApplicationRecord
   scope :unconfirmed, -> { where(confirmed_at: nil) }
   scope :confirmed, -> { where.not(confirmed_at: nil) }
 
-  enum :role, { owner: Access::OWNER, maintainer: Access::MAINTAINER, admin: Access::ADMIN }, validate: true, default: :maintainer
+  enum :role, { owner: Access::OWNER, admin: Access::ADMIN, maintainer: Access::MAINTAINER }, validate: true, default: :maintainer
+
+  scope :with_minimum_role, ->(role) { where(role: Access.flag_for_role(role)...) }
 
   def confirmed?
     !confirmed_at.nil?
diff --git a/app/models/organization.rb b/app/models/organization.rb
index 9194f21afa6..c13aadf846b 100644
--- a/app/models/organization.rb
+++ b/app/models/organization.rb
@@ -6,17 +6,13 @@ class Organization < ApplicationRecord
     length: { within: 2..40 },
     format: { with: Patterns::HANDLE_PATTERN }
   validates :name, presence: true, length: { within: 2..255 }
-  validate :unique_with_user_handle
-
-  def unique_with_user_handle
-    errors.add(:handle, "has already been taken") if handle && User.where("lower(handle) = lower(?)", handle).any?
-  end
 
   has_many :memberships, -> { where.not(confirmed_at: nil) }, dependent: :destroy, inverse_of: :organization
   has_many :unconfirmed_memberships, -> { where(confirmed_at: nil) }, class_name: "Membership", dependent: :destroy, inverse_of: :organization
   has_many :users, through: :memberships
+  has_many :rubygems, dependent: :nullify
+  has_one :organization_onboarding, foreign_key: :onboarded_organization_id, inverse_of: :organization, dependent: :destroy
 
-  scope :not_deleted, -> { where(deleted_at: nil) }
   scope :deleted, -> { where.not(deleted_at: nil) }
 
   after_create do
diff --git a/app/models/organization_onboarding.rb b/app/models/organization_onboarding.rb
new file mode 100644
index 00000000000..d97aaacc95b
--- /dev/null
+++ b/app/models/organization_onboarding.rb
@@ -0,0 +1,163 @@
+class OrganizationOnboarding < ApplicationRecord
+  enum :name_type, { gem: "gem", user: "user" }, prefix: true, default: "gem"
+  enum :status, { pending: "pending", completed: "completed", failed: "failed" }, default: "pending"
+
+  has_many :invites, -> { preload(:user) }, class_name: "OrganizationOnboardingInvite", inverse_of: :organization_onboarding, dependent: :destroy
+  has_many :users, through: :invites
+  belongs_to :organization, optional: true, foreign_key: :onboarded_organization_id, inverse_of: :organization_onboarding
+  belongs_to :created_by, class_name: "User", inverse_of: :organization_onboardings
+
+  accepts_nested_attributes_for :invites
+
+  validate :created_by_gem_ownerships
+
+  validates :organization_name, :organization_handle, :name_type, presence: true
+
+  with_options if: :completed? do
+    validates :onboarded_at, presence: true
+  end
+
+  with_options if: :failed? do
+    validates :error, presence: true
+  end
+
+  with_options if: :name_type_user? do
+    before_validation :set_user_handle
+  end
+
+  with_options if: :name_type_gem? do
+    validate :organization_handle_matches_rubygem_name
+    after_validation :add_namesake_rubygem
+  end
+
+  before_validation :remove_invalid_invites
+  before_save :sync_invites, if: :rubygems_changed?
+
+  def onboard!
+    raise StandardError, "onboard has already been completed" if completed?
+
+    transaction do
+      onboarded_organization = create_organization!
+      onboard_rubygems!(onboarded_organization)
+
+      update!(
+        onboarded_at: Time.zone.now,
+        status: :completed,
+        onboarded_organization_id: onboarded_organization.id
+      )
+    end
+
+    remove_ownerships
+  rescue ActiveRecord::ActiveRecordError => e
+    self.status = :failed
+    self.error = e.message
+    save(validate: false)
+
+    raise e
+  end
+
+  def available_rubygems
+    return Rubygem.none if created_by.blank?
+    created_by.rubygems.where(organization_id: nil).order(:name)
+  end
+
+  def selected_rubygems
+    Rubygem.where(id: rubygems).all
+  end
+
+  def namesake_rubygem
+    return unless name_type_gem?
+    created_by&.rubygems&.find_by(name: organization_handle)
+  end
+
+  def approved_invites
+    invites.select { |invite| invite.user.present? && invite.role.present? }
+  end
+
+  def rubygems=(value)
+    super(Rubygem.where(id: value.compact_blank, organization_id: nil).pluck(:id))
+  end
+
+  private
+
+  def users_for_selected_gems
+    return User.none if available_rubygems.blank? || created_by.blank?
+    User
+      .joins(:ownerships)
+      .where(ownerships: { rubygem_id: available_rubygems.pluck(:id) })
+      .where.not(ownerships: { user_id: created_by })
+      .order(Arel.sql("COUNT (ownerships.id) DESC"))
+      .group(users: [:id])
+  end
+
+  def sync_invites
+    existing_invites = invites.index_by(&:user_id)
+    self.invites = users_for_selected_gems.map { existing_invites[_1.id] || OrganizationOnboardingInvite.new(user: _1) }
+  end
+
+  def remove_invalid_invites
+    self.invites = invites.select(&:valid?)
+  end
+
+  def create_organization!
+    memberships = invites.filter_map(&:to_membership)
+    memberships << build_owner
+
+    Organization.create!(
+      name: organization_name,
+      handle: organization_handle,
+      memberships: memberships
+    )
+  end
+
+  def onboard_rubygems!(onboarded_organization)
+    onboarding_gems = Rubygem.where(id: rubygems).all
+    onboarding_gems.each do |rubygem|
+      rubygem.update!(organization_id: onboarded_organization.id)
+    end
+  end
+
+  def build_owner
+    Membership.build(
+      user: created_by,
+      role: :owner,
+      confirmed_at: Time.zone.now
+    )
+  end
+
+  def set_user_handle
+    return if created_by.blank? || !name_type_user?
+    self.organization_handle = created_by.handle
+  end
+
+  def remove_ownerships
+    onboarded_users = invites.reject { _1.role.nil? || _1.outside_contributor? }.map(&:user)
+    onboarded_users << created_by
+
+    Ownership.includes(:rubygem, :user, :api_key_rubygem_scopes).where(user: onboarded_users, rubygem: selected_rubygems).destroy_all
+  end
+
+  def add_namesake_rubygem
+    namesake = namesake_rubygem
+    return unless namesake && rubygems.exclude?(namesake.id)
+    rubygems.unshift(namesake.id)
+  end
+
+  def organization_handle_matches_rubygem_name
+    return if organization_handle.blank?
+    return if namesake_rubygem.present?
+    return if selected_rubygems.any? { _1.name == organization_handle }
+
+    errors.add(:organization_handle, "must match a rubygem you own")
+  end
+
+  def created_by_gem_ownerships
+    return if created_by.blank? || rubygems.blank?
+
+    ownerships = Ownership.where(user: created_by, rubygem: rubygems).index_by(&:rubygem_id)
+
+    selected_rubygems.reject { ownerships[_1.id].present? && ownerships[_1.id].owner? }.each do |rubygem|
+      errors.add(:created_by, "must be an owner of the #{rubygem.name} gem")
+    end
+  end
+end
diff --git a/app/models/organization_onboarding_invite.rb b/app/models/organization_onboarding_invite.rb
new file mode 100644
index 00000000000..8de20669b50
--- /dev/null
+++ b/app/models/organization_onboarding_invite.rb
@@ -0,0 +1,16 @@
+class OrganizationOnboardingInvite < ApplicationRecord
+  belongs_to :organization_onboarding, inverse_of: :invites
+  belongs_to :user
+
+  validates :user_id, uniqueness: { scope: :organization_onboarding_id }
+
+  enum :role, { owner: "owner", admin: "admin", maintainer: "maintainer", outside_contributor: "outside_contributor" },
+    validate: { allow_nil: true }
+
+  def to_membership
+    Membership.new(
+      user: user,
+      role: role
+    )
+  end
+end
diff --git a/app/models/rubygem.rb b/app/models/rubygem.rb
index 03b5793cceb..59529105575 100644
--- a/app/models/rubygem.rb
+++ b/app/models/rubygem.rb
@@ -26,6 +26,8 @@ class Rubygem < ApplicationRecord
   has_many :reverse_development_dependencies, -> { merge(Dependency.development) }, through: :incoming_dependencies, source: :version_rubygem
   has_many :reverse_runtime_dependencies, -> { merge(Dependency.runtime) }, through: :incoming_dependencies, source: :version_rubygem
 
+  belongs_to :organization, optional: true
+
   # needs to come last so its dependent: :destroy works, since yanking a version
   # will create an event
   include Events::Recordable
@@ -176,7 +178,7 @@ def hosted?
   end
 
   def unowned?
-    ownerships.blank?
+    ownerships.none? && !owned_by_organization?
   end
 
   def indexed_versions?
@@ -185,7 +187,7 @@ def indexed_versions?
 
   def owned_by?(user)
     return false unless user
-    ownerships.exists?(user_id: user.id)
+    ownerships.exists?(user_id: user.id) || (owned_by_organization? && user_authorized_for_organization?(user))
   end
 
   def owned_by_with_role?(user, minimum_required_role)
@@ -430,4 +432,12 @@ def bulk_reorder_versions
     sanitized_query = ActiveRecord::Base.send(:sanitize_sql_array, update_query)
     ActiveRecord::Base.connection.execute(sanitized_query)
   end
+
+  def owned_by_organization?
+    organization.present?
+  end
+
+  def user_authorized_for_organization?(user)
+    organization.memberships.exists?(user: user)
+  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index d8b3ee84303..8b25cd75531 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -67,6 +67,8 @@ class User < ApplicationRecord
   has_many :memberships, dependent: :destroy
   has_many :organizations, through: :memberships
 
+  has_many :organization_onboardings, foreign_key: :created_by_id, dependent: :nullify, inverse_of: :created_by
+
   validates :email, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }, format: { with: URI::MailTo::EMAIL_REGEXP }, presence: true,
     uniqueness: { case_sensitive: false }
   validates :unconfirmed_email, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }, format: { with: URI::MailTo::EMAIL_REGEXP }, allow_blank: true
diff --git a/app/policies/admin/organization_onboarding_invite_policy.rb b/app/policies/admin/organization_onboarding_invite_policy.rb
new file mode 100644
index 00000000000..dcfa8c722b5
--- /dev/null
+++ b/app/policies/admin/organization_onboarding_invite_policy.rb
@@ -0,0 +1,19 @@
+class Admin::OrganizationOnboardingInvitePolicy < Admin::ApplicationPolicy
+  class Scope < Admin::ApplicationPolicy::Scope
+    def resolve
+      scope.all
+    end
+  end
+
+  def avo_index?
+    rubygems_org_admin?
+  end
+
+  def avo_show?
+    rubygems_org_admin?
+  end
+
+  def act_on?
+    rubygems_org_admin?
+  end
+end
diff --git a/app/policies/admin/organization_onboarding_policy.rb b/app/policies/admin/organization_onboarding_policy.rb
new file mode 100644
index 00000000000..7a962588828
--- /dev/null
+++ b/app/policies/admin/organization_onboarding_policy.rb
@@ -0,0 +1,21 @@
+class Admin::OrganizationOnboardingPolicy < Admin::ApplicationPolicy
+  class Scope < Admin::ApplicationPolicy::Scope
+    def resolve
+      scope.all
+    end
+  end
+
+  has_association :organization_onboarding_invites
+
+  def avo_index?
+    rubygems_org_admin?
+  end
+
+  def avo_show?
+    rubygems_org_admin?
+  end
+
+  def act_on?
+    rubygems_org_admin?
+  end
+end
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
index e999c1fac18..45051f2f443 100644
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@@ -77,11 +77,20 @@ def current_user?(record_user)
   end
 
   def rubygem_owned_by?(user)
-    rubygem.owned_by?(user) || deny(t(:forbidden))
+    rubygem.owned_by?(user) ||
+      organization_member_with_role?(user, :maintainer) ||
+      deny(t(:forbidden))
   end
 
-  def rubygem_owned_by_with_role?(user, minimum_required_role:)
-    rubygem.owned_by_with_role?(user, minimum_required_role) || deny(t(:forbidden))
+  def rubygem_owned_by_with_role?(user, minimum_required_role:, minimum_required_org_role: :owner)
+    organization_member_with_role?(user, minimum_required_org_role) ||
+      rubygem.owned_by_with_role?(user, minimum_required_role) ||
+      deny(t(:forbidden))
+  end
+
+  def organization_member_with_role?(user, minimum_role)
+    return false unless respond_to?(:organization) && organization.present?
+    organization.memberships.where(user: user).with_minimum_role(minimum_role).exists?
   end
 
   def policy!(user, record) = Pundit.policy!(user, record)
diff --git a/app/policies/membership_policy.rb b/app/policies/membership_policy.rb
new file mode 100644
index 00000000000..2d77fcf4631
--- /dev/null
+++ b/app/policies/membership_policy.rb
@@ -0,0 +1,23 @@
+class MembershipPolicy < ApplicationPolicy
+  class Scope < ApplicationPolicy::Scope
+  end
+
+  alias membership record
+  delegate :organization, to: :membership
+
+  def create?
+    minimum_required_role = membership.owner? ? :owner : :admin
+    organization_member_with_role?(user, minimum_required_role) || deny(t(:forbidden))
+  end
+
+  def update?
+    minimum_required_role = :owner if membership.role_was.to_s == "owner" || membership.owner?
+    minimum_required_role ||= :admin
+    organization_member_with_role?(user, minimum_required_role) || deny(t(:forbidden))
+  end
+
+  def destroy?
+    minimum_required_role = membership.owner? ? :owner : :admin
+    organization_member_with_role?(user, minimum_required_role) || deny(t(:forbidden))
+  end
+end
diff --git a/app/policies/oidc/rubygem_trusted_publisher_policy.rb b/app/policies/oidc/rubygem_trusted_publisher_policy.rb
index 85ea19aef2d..cbd7896e834 100644
--- a/app/policies/oidc/rubygem_trusted_publisher_policy.rb
+++ b/app/policies/oidc/rubygem_trusted_publisher_policy.rb
@@ -5,14 +5,14 @@ class Scope < ApplicationPolicy::Scope
   delegate :rubygem, to: :record
 
   def show?
-    rubygem_owned_by_with_role?(user, minimum_required_role: :owner)
+    rubygem_owned_by_with_role?(user, minimum_required_role: :owner, minimum_required_org_role: :admin)
   end
 
   def create?
-    rubygem_owned_by_with_role?(user, minimum_required_role: :owner)
+    rubygem_owned_by_with_role?(user, minimum_required_role: :owner, minimum_required_org_role: :admin)
   end
 
   def destroy?
-    rubygem_owned_by_with_role?(user, minimum_required_role: :owner)
+    rubygem_owned_by_with_role?(user, minimum_required_role: :owner, minimum_required_org_role: :admin)
   end
 end
diff --git a/app/policies/organization_onboarding_policy.rb b/app/policies/organization_onboarding_policy.rb
new file mode 100644
index 00000000000..7ef1e546c8e
--- /dev/null
+++ b/app/policies/organization_onboarding_policy.rb
@@ -0,0 +1,4 @@
+class OrganizationOnboardingPolicy < ApplicationPolicy
+  class Scope < ApplicationPolicy::Scope
+  end
+end
diff --git a/app/policies/organization_policy.rb b/app/policies/organization_policy.rb
index 249750d60bd..2dc35c3e1c6 100644
--- a/app/policies/organization_policy.rb
+++ b/app/policies/organization_policy.rb
@@ -2,12 +2,14 @@ class OrganizationPolicy < ApplicationPolicy
   class Scope < ApplicationPolicy::Scope
   end
 
+  alias organization record
+
   def show?
     true
   end
 
   def update?
-    organization_member_with_role?(user, minimum_required_role: Access::OWNER)
+    organization_member_with_role?(user, :owner) || deny(t(:forbidden))
   end
 
   def create?
@@ -15,40 +17,22 @@ def create?
   end
 
   def add_gem?
-    organization_member_with_role?(user, minimum_required_role: Access::OWNER)
+    organization_member_with_role?(user, :admin) || deny(t(:forbidden))
   end
 
   def remove_gem?
-    organization_member_with_role?(user, minimum_required_role: Access::OWNER)
-  end
-
-  def add_membership?
-    organization_member_with_role?(user, minimum_required_role: Access::OWNER)
-  end
-
-  def update_membership?
-    organization_member_with_role?(user, minimum_required_role: Access::OWNER)
+    organization_member_with_role?(user, :owner) || deny(t(:forbidden))
   end
 
-  def remove_membership?
-    organization_member_with_role?(user, minimum_required_role: Access::OWNER)
-  end
-
-  def show_membership?
-    organization_member_with_role?(user, minimum_required_role: Access::MAINTAINER)
+  def manage_memberships?
+    organization_member_with_role?(user, :admin) || deny(t(:forbidden))
   end
 
   def list_memberships?
-    organization_member_with_role?(user, minimum_required_role: Access::MAINTAINER)
+    organization_member_with_role?(user, :maintainer) || deny(t(:forbidden))
   end
 
   def destroy?
     false # For now organizations cannot be deleted
   end
-
-  private
-
-  def organization_member_with_role?(user, minimum_required_role:)
-    record.memberships.exists?(["user_id = ? AND role >= ?", user.id, minimum_required_role])
-  end
 end
diff --git a/app/policies/rubygem_policy.rb b/app/policies/rubygem_policy.rb
index 1c90dc77967..41d761d014c 100644
--- a/app/policies/rubygem_policy.rb
+++ b/app/policies/rubygem_policy.rb
@@ -6,6 +6,7 @@ class Scope < ApplicationPolicy::Scope
   ABANDONED_DOWNLOADS_MAX = 10_000
 
   alias rubygem record
+  delegate :organization, to: :rubygem
 
   def show?
     true
@@ -24,11 +25,11 @@ def destroy?
   end
 
   def configure_oidc?
-    rubygem_owned_by_with_role?(user, minimum_required_role: :owner)
+    rubygem_owned_by_with_role?(user, minimum_required_role: :owner, minimum_required_org_role: :admin)
   end
 
   def configure_trusted_publishers?
-    rubygem_owned_by_with_role?(user, minimum_required_role: :owner)
+    rubygem_owned_by_with_role?(user, minimum_required_role: :owner, minimum_required_org_role: :admin)
   end
 
   def manage_adoption?
@@ -55,7 +56,7 @@ def close_ownership_requests?
   end
 
   def show_unconfirmed_ownerships?
-    rubygem_owned_by_with_role?(user, minimum_required_role: :owner)
+    rubygem_owned_by_with_role?(user, minimum_required_role: :owner, minimum_required_org_role: :admin)
   end
 
   def add_owner?
diff --git a/app/views/avo/login.html.erb b/app/views/avo/login.html.erb
index c9cda781715..d3f04dca01f 100644
--- a/app/views/avo/login.html.erb
+++ b/app/views/avo/login.html.erb
@@ -22,7 +22,7 @@
           </button>
         <% end %>
 
-        <% if Gemcutter::ENABLE_DEVELOPMENT_ADMIN_LOG_IN %>
+        <% if Gemcutter::ENABLE_DEVELOPMENT_LOG_IN %>
           <p>Since this is development mode, you can choose any admin from the list below to log in as that admin.</p>
           <% if Admin::GitHubUser.any? %>
             <ul class="admin-list">
diff --git a/app/views/components/button_component.rb b/app/views/components/button_component.rb
index d64eef8dd5d..ff8e572a621 100644
--- a/app/views/components/button_component.rb
+++ b/app/views/components/button_component.rb
@@ -4,42 +4,44 @@ class ButtonComponent < ApplicationComponent
   include Phlex::Rails::Helpers::LinkTo
   include Phlex::Rails::Helpers::ButtonTo
 
-  attr_reader :text, :href, :type, :options, :color_css, :size_css
+  attr_reader :args, :type, :options, :color, :size, :style
 
-  def initialize(text = nil, href = nil, type: :button, color: :primary, outline: false, size: :large, **options) # rubocop:disable Metrics/ParameterLists
+  def initialize(*args, type: :button, size: :large, color: :primary, style: :fill, **options) # rubocop:disable Metrics/ParameterLists
     super()
-    @text = text
-    @href = href
+    @args = args
     @type = type
+    @size = size
+    @color = color
+    @style = style
     @options = options
     @options[:name] ||= nil
-    @color_css = button_color(color, outline)
-    @size_css = button_size(size)
   end
 
-  def view_template(&)
-    css = "text-nowrap font-semibold no-underline " \
+  def view_template(&block)
+    css = "text-nowrap no-underline " \
           "rounded inline-flex border-box " \
           "justify-content-center items-center hover:shadow-md " \
+          "#{DISABLED} disabled:cursor-default disabled:hover:shadow-none " \
           "transition duration-200 ease-in-out focus:outline-none " \
-          "#{color_css} #{size_css} #{options.delete(:class)}"
+          "#{button_color(color, style)} #{button_size(size)} #{options.delete(:class)}"
 
     if type == :link
-      link_to text, href, class: css, **options, &
-    elsif href
-      button_to text, href, class: css, **options, &
+      link_to(*args, class: css, **options, &block)
+    elsif (args.size == 1 && block_given?) || args.size == 2
+      button_to(*args, class: css, method: :get, **options, &block)
     else
-      button(class: css, type:, **options, &)
+      block ||= proc { args.first }
+      button(class: css, type:, **options, &block)
     end
   end
 
   private
 
-  def button_color(color, outline)
+  def button_color(color, style)
     color = color.to_sym
     color = :orange if color == :primary
-    color = :orange2 if color == :secondary
-    @color_css = outline ? OUTLINE_BUTTON_COLOR[color] : FILL_BUTTON_COLOR[color]
+    color = :hammy if color == :secondary
+    STYLES[style][color]
   end
 
   def button_size(size)
@@ -47,43 +49,60 @@ def button_size(size)
     when :small # 36px height
       "px-4 py-3 h-9 min-h-9 text-b3"
     else # :large, 44px height
-      "px-4 py-3 h-12 min-h-12 text-b2" \
+      "px-4 py-3 h-12 min-h-12 text-b2"
     end
   end
 
+  DISABLED = "disabled:bg-neutral-200 disabled:border-neutral-200 disabled:text-neutral-600 " \
+             "dark:disabled:bg-neutral-800 dark:disabled:border-neutral-800 dark:disabled:text-neutral-600"
+
   FILL_BUTTON_COLOR = {
-    orange:    "text-white bg-orange-500 hover:bg-orange-600 active:bg-orange-600 " \
-               "dark:bg-orange-500 dark:hover:bg-orange-700 dark:active:bg-orange-700",
-    orange2:   "text-neutral-800 bg-orange-200 hover:bg-orange-300 active:bg-orange-300 " \
-               "dark:text-white dark:bg-orange-800 dark:hover:bg-orange-900 dark:active:bg-orange-900",
-    yellow:    "text-neutral-800 bg-yellow-500 hover:bg-yellow-600 active:bg-yellow-600 " \
-               "dark:text-white dark:bg-yellow-500 dark:hover:bg-yellow-900 dark:active:bg-yellow-900",
-    blue:      "text-white bg-blue-500 hover:bg-blue-600 active:bg-blue-600 " \
-               "dark:bg-blue-500 dark:hover:bg-blue-700 dark:active:bg-blue-700",
-    green:     "text-white bg-green-500 hover:bg-green-600 active:bg-green-600 " \
-               "dark:bg-green-500 dark:hover:bg-green-700 dark:active:bg-green-700",
-    red:       "text-white bg-red-500 hover:bg-red-600 active:bg-red-600 " \
-               "dark:bg-red-500 dark:hover:bg-red-700 dark:active:bg-red-700",
-    neutral:   "text-white bg-neutral-700 hover:bg-neutral-600 active:bg-neutral-600 " \
-               "dark:bg-neutral-700 dark:hover:bg-neutral-700 dark:active:bg-neutral-700"
+    red:     "text-white bg-red-500 hover:bg-red-600 active:bg-red-600 " \
+             "dark:bg-red-500 dark:hover:bg-red-600 dark:active:bg-red-600",
+    orange:  "text-white bg-orange-500 hover:bg-orange-600 active:bg-orange-600 " \
+             "dark:bg-orange-500 dark:hover:bg-orange-700 dark:active:bg-orange-700",
+    hammy:   "text-orange-900 bg-orange-200 hover:bg-orange-300 active:bg-orange-300 " \
+             "dark:text-white dark:bg-orange-800 dark:hover:bg-orange-900 dark:active:bg-orange-900",
+    yellow:  "text-neutral-800 bg-yellow-500 hover:bg-yellow-600 active:bg-yellow-600 " \
+             "dark:text-white dark:bg-yellow-500 dark:hover:bg-yellow-600 dark:active:bg-yellow-600",
+    green:   "text-white bg-green-500 hover:bg-green-600 active:bg-green-600 " \
+             "dark:bg-green-500 dark:hover:bg-green-700 dark:active:bg-green-700",
+    blue:    "text-white bg-blue-500 hover:bg-blue-600 active:bg-blue-600 " \
+             "dark:bg-blue-500 dark:hover:bg-blue-700 dark:active:bg-blue-700",
+    neutral: "text-white bg-neutral-700 hover:bg-neutral-600 active:bg-neutral-600 " \
+             "dark:bg-neutral-700 dark:hover:bg-neutral-800 dark:active:bg-neutral-800"
+  }.freeze
+
+  PLAIN_BUTTON_COLOR = {
+    red:     "text-red-500 hover:bg-red-500/5 active:bg-red-500/10 " \
+             "dark:hover:bg-red-500/15 dark:active:bg-red-500/25 ",
+    orange:  "text-orange-500 hover:bg-orange-500/5 active:bg-orange-500/10 " \
+             "dark:hover:bg-orange-500/15 dark:active:bg-orange-500/25 ",
+    hammy:   "text-orange-800 hover:bg-orange-200/15 active:bg-orange-200/25 " \
+             "dark:text-orange-200 dark:hover:bg-orange-200/15 dark:active:bg-orange-200/25 ",
+    yellow:  "text-yellow-500 hover:bg-yellow-500/5 active:bg-yellow-500/10 " \
+             "dark:hover:bg-yellow-500/15 dark:active:bg-yellow-500/25 ",
+    green:   "text-green-500 hover:bg-green-500/5 active:bg-green-500/10 " \
+             "dark:hover:bg-green-500/15 dark:active:bg-green-500/25 ",
+    blue:    "text-blue-500 hover:bg-blue-500/5 active:bg-blue-500/10 " \
+             "dark:hover:bg-blue-500/15 dark:active:bg-blue-500/25 ",
+    neutral: "text-neutral-700 hover:bg-neutral-700/5 active:bg-neutral-700/10 " \
+             "dark:text-white dark:hover:bg-white/15 dark:active:bg-white/25"
   }.freeze
 
-  # rubocop:disable Layout/LineLength
   OUTLINE_BUTTON_COLOR = {
-    orange:    "border-2 border-orange-500 text-orange-500 hover:border-orange-600 hover:text-orange-600 active:border-orange-600 active:text-orange-600 " \
-               "dark:border-orange-500 dark:text-orange-500 dark:hover:border-orange-700 dark:hover:text-orange-700 dark:active:border-orange-700 dark:active:text-orange-700",
-    orange2:   "border-2 border-orange-200 text-orange-200 hover:border-orange-300 hover:text-orange-300 active:border-orange-300 active:text-orange-300 " \
-               "dark:border-orange-800 dark:text-orange-800 dark:hover:border-orange-900 dark:hover:text-orange-900 dark:active:border-orange-900 dark:active:text-orange-900",
-    yellow:    "border-2 border-yellow-500 text-yellow-500 hover:border-yellow-600 hover:text-yellow-600 active:border-yellow-600 active:text-yellow-600 " \
-               "dark:border-yellow-500 dark:text-yellow-500 dark:hover:border-yellow-900 dark:hover:text-yellow-900 dark:active:border-yellow-900 dark:active:text-yellow-900",
-    blue:      "border-2 border-blue-500 text-blue-500 hover:border-blue-600 hover:text-blue-600 active:border-blue-600 active:text-blue-600 " \
-               "dark:border-blue-500 dark:text-blue-500 dark:hover:border-blue-700 dark:hover:text-blue-700 dark:active:border-blue-700 dark:active:text-blue-700",
-    green:     "border-2 border-green-500 text-green-500 hover:border-green-600 hover:text-green-600 active:border-green-600 active:text-green-600 " \
-               "dark:border-green-500 dark:text-green-500 dark:hover:border-green-700 dark:hover:text-green-700 dark:active:border-green-700 dark:active:text-green-700",
-    red:       "border-2 border-red-500 text-red-500 hover:border-red-600 hover:text-red-600 active:border-red-600 active:text-red-600 " \
-               "dark:border-red-500 dark:text-red-500 dark:hover:border-red-700 dark:hover:text-red-700 dark:active:border-red-700 dark:active:text-red-700",
-    neutral:   "border-2 border-neutral-700 text-neutral-700 hover:border-neutral-600 hover:text-neutral-600 active:border-neutral-600 active:text-neutral-600 " \
-               "dark:border-neutral-700 dark:text-neutral-700 dark:hover:border-neutral-700 dark:hover:text-neutral-700 dark:active:border-neutral-700 dark:active:text-neutral-700"
+    red:     "#{PLAIN_BUTTON_COLOR[:red]} border-2 border-red-500",
+    orange:  "#{PLAIN_BUTTON_COLOR[:orange]} border-2 border-orange-500",
+    hammy:   "#{PLAIN_BUTTON_COLOR[:hammy]} border-2 border-orange-800 dark:border-orange-200",
+    yellow:  "#{PLAIN_BUTTON_COLOR[:yellow]} border-2 border-yellow-500",
+    green:   "#{PLAIN_BUTTON_COLOR[:green]} border-2 border-green-500",
+    blue:    "#{PLAIN_BUTTON_COLOR[:blue]} border-2 border-blue-500",
+    neutral: "#{PLAIN_BUTTON_COLOR[:neutral]} border-2 border-neutral-700 dark:border-white"
+  }.freeze
+
+  STYLES = {
+    fill: FILL_BUTTON_COLOR,
+    outline: OUTLINE_BUTTON_COLOR,
+    plain: PLAIN_BUTTON_COLOR
   }.freeze
-  # rubocop:enable Layout/LineLength
 end
diff --git a/app/views/components/onboarding/steps_component.rb b/app/views/components/onboarding/steps_component.rb
new file mode 100644
index 00000000000..5744ca2dd4d
--- /dev/null
+++ b/app/views/components/onboarding/steps_component.rb
@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+class Onboarding::StepsComponent < ApplicationComponent
+  include Phlex::DeferredRender
+
+  include Phlex::Rails::Helpers::LinkTo
+
+  def initialize(current_step)
+    @current_step = current_step
+    @steps = []
+    super()
+  end
+
+  def view_template(&)
+    nav(class: "mb-10 flex items-start text-start text-neutral-800 dark:text-white") do
+      @steps.each_with_index do |step, idx|
+        step_item(idx + 1, *step)
+        connector(idx + 1) unless idx == @steps.size - 1
+      end
+    end
+  end
+
+  def step(name, link)
+    @steps << [name, link]
+  end
+
+  private
+
+  STEP = "w-8 h-8 flex items-center justify-center rounded font-bold"
+  ACTIVE_STEP = "#{STEP} bg-orange hover:bg-orange-600 text-white".freeze
+  PENDING_STEP = "#{STEP} bg-neutral-300 dark:bg-neutral-700 text-neutral-700 dark:text-white".freeze
+
+  def step_item(step, name, link)
+    a(href: link, class: "relative z-10 w-20 flex flex-col items-center space-y-2 text-center text-b3") do
+      span(class: @current_step >= step ? ACTIVE_STEP : PENDING_STEP, aria_current: "step") { step }
+      p(class: "") { name }
+    end
+  end
+
+  def connector(step)
+    color = @current_step > step ? "border-orange-500" : "border-neutral-300 dark:border-neutral-700"
+    span(class: "flex-grow mt-4 -mx-6 border-t-2 #{color}")
+  end
+end
diff --git a/app/views/dashboards/_promo.html.erb b/app/views/dashboards/_promo.html.erb
new file mode 100644
index 00000000000..bc7e62dbff4
--- /dev/null
+++ b/app/views/dashboards/_promo.html.erb
@@ -0,0 +1,43 @@
+<% return unless current_user.memberships.any? %>
+<div class="flex flex-col px-4 py-6 md:p-10 mb-10 border border-orange rounded-lg bg-orange-050 dark:bg-orange-950">
+  <h2 class="flex text-h3 mb-10">
+    <%= icon_tag "organizations", size: 8, class: "mr-2 inline-block" %>
+    Introducing Organizations!
+  </h2>
+  <div class="flex flex-col md:flex-row-reverse">
+    <div class="flex mx-auto mb-10 md:mb-0 md:ml-10 w-64">
+      <div role="graphics-symbol" title="A diagram showing the layers of roles in an organization">
+        <div class="border-orange-600 border-2 border-dashed text-b3 text-orange-800 dark:text-white pl-8 rounded-md justify-end content-end shadow-lg">
+          <p class="-ml-8 px-2 pt-1 h-8">Organization</p>
+          <div class="bg-orange-400 dark:bg-orange-600 relative -bottom-0.5 -right-0.5 pl-8 rounded-md border border-orange-600">
+            <p class="-ml-8 px-2 pt-1 h-8">Owner</p>
+            <div class="bg-orange-300 dark:bg-orange-700 pl-8 rounded-md border-t border-l border-orange-600">
+              <p class="-ml-8 px-2 pt-1 h-8">Admin</p>
+              <div class="bg-orange-200 dark:bg-orange-800 pl-8 rounded-md box-border border-t border-l border-orange-600">
+                <p class="-ml-8 px-2 pt-1 h-8">Maintainer</p>
+                <div class="bg-orange-100 dark:bg-orange-950 w-32 h-32 rounded-md box-border border-t border-l border-orange-600">
+                  <p class="px-2 pt-1">Outside contributor</p>
+                </div>
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+
+    <div class="flex flex-col w-full md:w-2/3 items-start">
+      <p class="text-b1 text-neutral-800 dark:text-white mt-2 mb-10">
+        RubyGems is making ownership and permissions easier with organizations. Name your org then add your gems. It’s that easy!
+      </p>
+
+      <div>
+        <%= render ButtonComponent.new(organization_onboarding_name_path, type: :link, style: :outline, color: :primary) do %>
+          <span class="px-10 flex items-center">
+            Begin
+            <%= icon_tag "arrow-forward", size: 6, class: "ml-2 inline-block" %>
+          </span>
+        <% end %>
+      </div>
+    </div>
+  </div>
+</div>
diff --git a/app/views/dashboards/show.html.erb b/app/views/dashboards/show.html.erb
index d47c6fa7d52..5cfb8105f25 100644
--- a/app/views/dashboards/show.html.erb
+++ b/app/views/dashboards/show.html.erb
@@ -7,6 +7,8 @@
 <!-- Main Content -->
 <h1 class="text-h2 mb-10"><%= t(".title") %></h1>
 
+<%= render "dashboards/promo" %>
+
 <%= render CardComponent.new do |c| %>
   <%= c.head(divide: true) do %>
     <%= c.title t(".latest"), icon: :history %>
diff --git a/app/views/layouts/onboarding.html.erb b/app/views/layouts/onboarding.html.erb
new file mode 100644
index 00000000000..42f82fef964
--- /dev/null
+++ b/app/views/layouts/onboarding.html.erb
@@ -0,0 +1,31 @@
+<% content_for :main do %>
+  <div class="w-full px-8 pt-10 lg:pt-0 flex-col bg-white dark:bg-black lg:bg-neutral-050 lg:dark:bg-neutral-950 text-neutral-950 dark:text-neutral-050 text-b2 items-center">
+    <div class="max-w-screen-xl w-full mx-auto">
+      <% flash.each do |name, msg| %>
+        <%= render AlertComponent.new(style: name, closeable: true) do %>
+          <%= flash_message(name, msg) %>
+        <% end %>
+      <% end %>
+    </div>
+  </div>
+
+  <%# At desktop width, these outer 2 divs make the full content background with 2 columns of content %>
+  <div class="flex-1 lg:w-full lg:px-8 bg-white dark:bg-black lg:bg-neutral-050 lg:dark:bg-neutral-950 text-neutral-950 dark:text-white text-b2 items-center">
+    <h1 class="lg:max-w-screen-xl lg:w-full lg:mx-auto px-8 lg:px-0 text-b1 lg:text-h1 font-semibold lg:font-normal lg:mb-10">Create an Organization</h1>
+    <div class="lg:max-w-screen-xl lg:w-full lg:mx-auto lg:flex lg:flex-row">
+
+      <%# mobile: main makes a full width section with a max width inner container %>
+      <main class="flex-1 w-full px-8 pt-10 mb-20 lg:p-0">
+        <div class="flex flex-col max-w-screen-xl w-full mx-auto lg:w-auto lg:mx-auto lg:p-10 lg:border lg:border-neutral-500 lg:rounded lg:bg-white lg:dark:bg-black">
+          <%= yield %>
+        </div>
+      </main>
+
+      <%# At mobile width, the aside is hidden %>
+      <aside class="hidden lg:flex flex-col w-96 px-8 lg:px-0 pb-6 lg:w-72 lg:ml-20 lg:mr-16 lg:mb-32 border-b border-neutral-400 dark:border-neutral-800 lg:border-none">
+        <%= yield :aside %>
+      </aside>
+    </div>
+  </div>
+<% end %>
+<%= render template: "layouts/hammy" %>
diff --git a/app/views/layouts/subject.html.erb b/app/views/layouts/subject.html.erb
index 82244f79b2f..64f01248ec2 100644
--- a/app/views/layouts/subject.html.erb
+++ b/app/views/layouts/subject.html.erb
@@ -22,7 +22,7 @@
   </div>
 
   <%# At desktop width, these outer 2 divs make the full content background with 2 columns of content %>
-  <div class="lg:w-full lg:px-8 bg-white dark:bg-black lg:bg-neutral-050 lg:dark:bg-neutral-950 text-neutral-950 dark:text-neutral-050 text-b2 items-center">
+  <div class="flex-1 lg:w-full lg:px-8 bg-white dark:bg-black lg:bg-neutral-050 lg:dark:bg-neutral-950 text-neutral-950 dark:text-neutral-050 text-b2 items-center">
     <div class="lg:max-w-screen-xl lg:w-full lg:mx-auto lg:flex lg:flex-row">
       <%# At mobile width, the inner aside and main make two stacked full width sections %>
       <aside class="w-full px-8 lg:px-0 pb-6 lg:w-72 lg:mx-0 lg:mb-32 bg-white dark:bg-black lg:bg-neutral-050 lg:dark:bg-neutral-950 border-b border-neutral-400 dark:border-neutral-800 lg:border-none">
diff --git a/app/views/organizations/onboarding/_progress.html.erb b/app/views/organizations/onboarding/_progress.html.erb
new file mode 100644
index 00000000000..0b6455ea67f
--- /dev/null
+++ b/app/views/organizations/onboarding/_progress.html.erb
@@ -0,0 +1,6 @@
+<%= render Onboarding::StepsComponent.new(current_step) do |s| %>
+  <%= s.step "Name", organization_onboarding_name_path %>
+  <%= s.step "Gems", organization_onboarding_gems_path %>
+  <%= s.step "Members", organization_onboarding_users_path %>
+  <%= s.step "Finalize", organization_onboarding_confirm_path %>
+<% end %>
diff --git a/app/views/organizations/onboarding/_summary.html.erb b/app/views/organizations/onboarding/_summary.html.erb
new file mode 100644
index 00000000000..30f5a3b2c7d
--- /dev/null
+++ b/app/views/organizations/onboarding/_summary.html.erb
@@ -0,0 +1,71 @@
+<% current_step ||= 1 %>
+
+<!-- Summary Header -->
+<div class="flex justify-between items-center mb-6">
+  <h2 class="text-h4">Summary</h2>
+</div>
+
+<%# Name Section %>
+<div class="mb-6">
+  <div class="flex justify-between items-center">
+    <h3 class="text-b1 text-neutral-900 dark:text-white">Name</h3>
+    <% if current_step > 1 %>
+      <%= link_to "edit", organization_onboarding_name_path, class: "text-orange-500" %>
+    <% end %>
+  </div>
+  <div class="mt-4">
+    <p class="flex justify-between">
+      <span class="font-semibold">Org handle</span>
+      <span class="text-neutral-700 dark:text-neutral-300 ml-2"><%= @organization_onboarding.organization_handle %></span>
+    </p>
+    <p class="flex justify-between mt-2">
+      <span class="font-semibold">Org name</span>
+      <span class="text-neutral-700 dark:text-neutral-300 ml-2"><%= @organization_onboarding.organization_name %></span>
+    </p>
+  </div>
+</div>
+<hr class="border-neutral-400 my-6">
+
+<%# Gems Section %>
+<div class="mb-6">
+  <div class="flex justify-between items-center">
+    <h3 class="text-b1 text-neutral-900 dark:text-white">
+      Gems
+      <span class="text-neutral-600 font-light ml-1"><%= @organization_onboarding.selected_rubygems.size %></span>
+    </h3>
+    <% if current_step > 2 %>
+      <%= link_to "edit", organization_onboarding_gems_path, class: "text-orange-500" %>
+    <% end %>
+  </div>
+  <ul class="mt-4">
+    <% @organization_onboarding.selected_rubygems.each do |gem| %>
+      <li class="mt-2 text-neutral-800 dark:text-neutral-200"><%= gem.name %></li>
+    <% end %>
+  </ul>
+</div>
+<hr class="border-neutral-400 my-6">
+
+<%# People Section %>
+<div class="mb-6">
+  <div class="flex justify-between items-center">
+    <h3 class="text-b1 text-neutral-900 dark:text-white">
+      People
+      <span class="text-neutral-600 font-light ml-1"><%= approved_invites.size %></span>
+    </h3>
+    <% if current_step > 3 %>
+      <%= link_to "edit", organization_onboarding_users_path, class: "text-orange-500" %>
+    <% end %>
+  </div>
+  <ul class="mt-2 items-center space-y-4">
+    <% approved_invites.each do |invite| %>
+      <% user = invite.user %>
+      <li class="flex flex-row w-full justify-between">
+        <span class="flex flex-row items-center">
+          <%= avatar 48, "gravatar-#{user.id}", user, theme: :dark, class: "h-6 w-6 rounded mr-2 inline-block" %>
+          <span class="text-neutral-800 dark:text-white"><%= user.handle %></span>
+        </span>
+        <span class="text-neutral-500"><%= invite.role %></span>
+      </li>
+    <% end %>
+  </ul>
+</div>
diff --git a/app/views/organizations/onboarding/confirm/edit.html.erb b/app/views/organizations/onboarding/confirm/edit.html.erb
new file mode 100644
index 00000000000..ad5c9540f08
--- /dev/null
+++ b/app/views/organizations/onboarding/confirm/edit.html.erb
@@ -0,0 +1,17 @@
+<%= render "organizations/onboarding/progress", current_step: 4 %>
+
+<h2 class="text-h4 mb-10">Finalize</h2>
+
+<p class="mb-10">Review the summary and confirm everything looks good.</p>
+<p>Your Org handle is permanent, and will require support to update beyond this point. Everything else can be updated any time.</p>
+
+<div class="mt-10">
+  <%= render "organizations/onboarding/summary", current_step: 4 %>
+</div>
+
+<%= form_with(model: @organization_onboarding, url: organization_onboarding_confirm_path, method: :patch) do |form| %>
+  <div class="flex border-t border-neutral-400 lg:-mx-10 lg:px-10 pt-10 mt-10 justify-between">
+    <%= render ButtonComponent.new("Back", organization_onboarding_users_path, type: :link, color: :neutral, style: :outline) %>
+    <%= render ButtonComponent.new("Create Org", type: :submit, style: :fill) %>
+  </div>
+<% end %>
diff --git a/app/views/organizations/onboarding/gems/edit.html.erb b/app/views/organizations/onboarding/gems/edit.html.erb
new file mode 100644
index 00000000000..0e93f074b28
--- /dev/null
+++ b/app/views/organizations/onboarding/gems/edit.html.erb
@@ -0,0 +1,56 @@
+<% content_for :aside do %>
+  <%= render "organizations/onboarding/summary", current_step: 2 %>
+<% end %>
+
+<%= render "organizations/onboarding/progress", current_step: 2 %>
+
+<h2 class="text-h4 mb-10">Add gems to your Org</h2>
+
+<%= form_with(model: @organization_onboarding, url: organization_onboarding_gems_path, method: :patch, data: { controller: "onboarding-gems counter" }) do |form| %>
+  <div class="border border-neutral-700 dark:border-neutral-300 rounded-lg" data-controller="checkbox-select-all">
+    <div class="flex flex-row p-4 w-full border-b border-neutral-700 dark:border-neutral-300 justify-between items-center">
+      <h3 class="text-b2 font-semibold">Gems<span data-counter-target="counter" class="ml-2 font-light text-neutral-600"><%= @organization_onboarding.rubygems.size %></span></h3>
+      <label class="flex items-center">
+        <span class="mr-3">Select all</span>
+        <input
+          type="checkbox"
+          data-checkbox-select-all-target="checkboxAll"
+          class="h-5 w-5 fill-white text-orange-500 bg-white dark:bg-black border-neutral-500 rounded focus:ring-2 focus:ring-orange-500 rounded disabled:text-neutral-700 dark:disabled:text-neutral-700"
+        />
+      </label>
+    </div>
+    <ul class="divide-y divide-neutral-300 dark:divide-neutral-700">
+      <% available_rubygems.each do |gem| %>
+        <% required = @organization_onboarding.namesake_rubygem == gem %>
+
+        <li class="flex items-center">
+          <label class="flex w-full px-4 py-2 items-center justify-between space-x-2">
+            <span class="flex">
+              <span class="text-neutral-800 dark:text-white"><%= gem.name %></span>
+              <% if required %>
+                <span class="flex flex-row text-xs text-neutral-900 bg-orange-100 dark:text-white dark:bg-orange-900 px-2 py-0.5 rounded ml-2">Required</span>
+              <% end %>
+            </span>
+            <%
+              data = { counter_target: "checked" }
+              data[:checkbox_select_all_target] = "checkbox" unless required
+            %>
+            <%= check_box_tag(
+              "organization_onboarding[rubygems][]",
+              gem.id,
+              @organization_onboarding.rubygems.include?(gem.id),
+              class: "h-5 w-5 fill-white text-orange-500 bg-white dark:bg-black border-neutral-500 rounded focus:ring-2 focus:ring-orange-500 rounded disabled:text-neutral-700 dark:disabled:text-neutral-700",
+              disabled: required,
+              data: data,
+            ) %>
+          </label>
+        </li>
+      <% end %>
+    </ul>
+  </div>
+
+  <div class="flex border-t border-neutral-400 lg:-mx-10 lg:px-10 pt-10 mt-10 justify-between">
+    <%= render ButtonComponent.new("Back", organization_onboarding_name_path, type: :link, color: :neutral, style: :outline) %>
+    <%= render ButtonComponent.new("Continue", type: :submit, style: :outline) %>
+  </div>
+<% end %>
diff --git a/app/views/organizations/onboarding/name/new.html.erb b/app/views/organizations/onboarding/name/new.html.erb
new file mode 100644
index 00000000000..54c05540067
--- /dev/null
+++ b/app/views/organizations/onboarding/name/new.html.erb
@@ -0,0 +1,96 @@
+<% content_for :aside do %>
+  <%= render "organizations/onboarding/summary", current_step: 1 %>
+<% end %>
+
+<%= render "organizations/onboarding/progress", current_step: 1 %>
+
+<h2 class="text-h4 mb-10">Name your Organization</h2>
+
+<p class="mb-10">
+  Choose a name for your Organization.
+  <br>
+  This name will be used as the URL for your Organization's page and will eventually become its namespace.
+</p>
+
+<%= form_with(model: @organization_onboarding, url: organization_onboarding_name_path, method: :post, data: { controller: "onboarding-name" }) do |form| %>
+  <h3 class="text-b2 font-semibold mb-2">Name your org using:</h3>
+
+  <div class="flex w-full space-x-4 mb-10" data-controller="scroll">
+    <label class="flex-1 border-2 rounded-lg p-4 text-center dark:border-neutral-700 has-[:checked]:border-orange-500">
+      <%= form.radio_button(:name_type, "gem", class: "hidden peer", data: { onboarding_name_target: "radio", action: "onboarding-name#gemname scroll#scroll" }, required: true, checked: true) %>
+      <div class="text-neutral-800 dark:text-neutral-400 peer-checked:text-orange-500">
+        <%= icon_tag "gems", size: 10, class: "mx-auto mb-2" %>
+      </div>
+      <span class="dark:text-neutral-400 peer-checked:font-semibold dark:peer-checked:text-white">a gem you own</span>
+    </label>
+    <%# Username option is disabled at first %>
+    <div class="hidden">
+      <label class="flex-1 border-2 rounded-lg p-4 text-center dark:border-neutral-700 has-[:checked]:border-orange-500">
+        <%= form.radio_button(:name_type, "user", class: "hidden peer", data: { onboarding_name_target: "radio", action: "onboarding-name#username scroll#scroll" }, required: true, disabled: true) %>
+        <div class="text-neutral-800 dark:text-neutral-400 peer-checked:text-orange-500">
+          <%= icon_tag "account-box", size: 10, class: "mx-auto mb-2" %>
+        </div>
+        <span class="dark:text-neutral-400 peer-checked:font-semibold dark:peer-checked:text-white">your username</span>
+      </label>
+    </div>
+  </div>
+
+  <div class="hidden mb-10" data-onboarding-name-target="gemname">
+    <p class="mb-2">
+      Select one of your gems to use as your Organization handle.
+      <br>
+      Changing this later will require help from RubyGems.org support.
+    </p>
+    <label class="flex flex-col xl:flex-row items-center rounded-lg border border-neutral-400 dark:border-neutral-600 overflow-hidden">
+      <span class="flex h-11 pl-4 pr-1 text-neutral-700 w-full xl:w-auto items-center bg-neutral-100 dark:text-neutral-300 dark:bg-neutral-900 border-b xl:border-b-0 xl:border-r border-neutral-400 dark:border-neutral-600">
+        rubygems.org/organizations/
+      </span>
+      <%= form.select(
+        :organization_handle,
+        available_rubygems.map(&:name),
+        { prompt: "select..." },
+        {
+          required: true,
+          class: "flex-1 w-full h-11 text-b2 px-4 xl:px-2 bg-white border-none dark:bg-neutral-950 rounded-b-lg xl:rounded-bl-none xl:rounded-r-lg outline-none appearance-none focus:ring-inset focus:ring-1 focus:ring-orange-500",
+          data: { action: "onboarding-name#updateDisplayname" }
+        }
+      ) %>
+    </label>
+  </div>
+
+  <div class="hidden mb-10" data-onboarding-name-target="username">
+    <p class="mb-10">
+      Your username will be used for your Organization handle.
+      <br>
+      Changing this later may require help from RubyGems.org support.
+    </p>
+    <label class="flex flex-col lg:flex-row overflow-hidden items-center">
+      <span class="flex h-11 px-4 text-neutral-700 box-border w-full lg:w-auto rounded-t-lg lg:rounded-l-lg border lg:border-r-0 border-neutral-400 dark:border-neutral-600 items-center bg-neutral-100 dark:text-neutral-300 dark:bg-neutral-900">rubygems.org/organizations/</span>
+      <%= text_field_tag(
+        :disabled_username,
+        current_user.name,
+        disabled: true,
+        class: "flex-1 w-full h-11 text-b2 px-4 lg:px-2 bg-white dark:bg-neutral-950 rounded-b-lg lg:rounded-r-lg outline-none appearance-none placeholder:italic placeholder:text-neutral-400 focus:ring-inset focus:ring-1 focus:ring-orange-500",
+      ) %>
+    </label>
+  </div>
+
+  <div class="hidden" data-onboarding-name-target="reveal">
+    <%= form.label :organization_name, "Display Name", class: "block text-b2 font-semibold mb-2" %>
+    <p class="mb-2">We suggest a name based on your selection. You can update this at any time.<p>
+    <%= form.text_field(
+      :organization_name,
+      placeholder: "Select a gem name first",
+      class: "w-full text-b2 rounded-lg dark:bg-neutral-950 focus:ring-inset focus:ring-1 focus:ring-orange-500",
+      required: true,
+      autocomplete: "organization",
+      data: { onboarding_name_target: "displayname", action: "onboarding-name#validate" },
+    ) %>
+  </div>
+
+
+  <div class="flex border-t border-neutral-400 lg:-mx-10 lg:px-10 pt-10 mt-10 justify-between">
+    <%= render ButtonComponent.new("Cancel", organization_onboarding_path, type: :link, color: :neutral, style: :outline, method: :delete) %>
+    <%= render ButtonComponent.new("Continue", type: :submit, style: :outline, data: { onboarding_name_target: "submit" }) %>
+  </div>
+<% end %>
diff --git a/app/views/organizations/onboarding/users/edit.html.erb b/app/views/organizations/onboarding/users/edit.html.erb
new file mode 100644
index 00000000000..0f1be2b5b93
--- /dev/null
+++ b/app/views/organizations/onboarding/users/edit.html.erb
@@ -0,0 +1,96 @@
+<% content_for :aside do %>
+  <%= render "organizations/onboarding/summary", current_step: 3 %>
+<% end %>
+
+<%= render "organizations/onboarding/progress", current_step: 3 %>
+
+<h2 class="text-h4 mb-10">Manage Members</h2>
+
+<p class="mb-10">
+  Below we have listed all the owners of the gems you selected.
+  If you do nothing, these existing owners will remain owners of their gems.
+  You can invite them to join the organization now or you can add members later.
+</p>
+
+<div data-controller="reveal" data-reveal-toggle-class="rotate-180" class="mb-10">
+  <p class="text-b2 font-neutral-600">
+    <%= render ButtonComponent.new(type: :button, color: :neutral, style: :plain, data: { action: "reveal#toggle" }) do %>
+      <%= icon_tag "keyboard-arrow-down", class:"transition-transform transform mr-1", data: { reveal_target: "toggle" } %>
+      <%= "Permission Details" %>
+    <% end %>
+  </p>
+
+  <div class="border border-orange-500 rounded-lg overflow-hidden mt-2" data-reveal-target="item">
+    <div class="bg-orange-100 text-orange-800 font-semibold text-center py-2">
+      Outside Contributor
+    </div>
+    <div class="px-4 py-3 text-b3 text-neutral-800 dark:text-white">
+      <p><b>Outside Contributors</b> are non-members that maintain ownership of their gems in this org.</p>
+      <p class="text-b4 text-neutral-500 mt-1 italic">
+        * If you make no changes, gem ownership will remain unaltered for everyone else.
+      </p>
+    </div>
+
+    <div class="bg-orange-200 text-orange-800 font-semibold text-center py-2">
+      Maintainer
+    </div>
+    <div class="px-4 py-3 text-b3 text-neutral-800 dark:text-white">
+      <p><b>Maintainers</b> can publish and manage any gem owned by the organization</p>
+    </div>
+
+    <div class="bg-orange-300 text-orange-800 font-semibold text-center py-2">
+      Admin
+    </div>
+    <div class="px-4 py-3 text-b3 text-neutral-800 dark:text-white">
+      <p><b>Admins</b> can publish and manage any gem owned by the organization and:</p>
+      <p>Manage organization teams, outside contributors and individual gems.</p>
+      <p class="text-b4 text-neutral-500 mt-1 italic">
+        * An admin cannot remove a gem from the organization or manage organization settings.
+      </p>
+    </div>
+
+    <div class="bg-orange-400 text-orange-800 font-semibold text-center py-2">
+      Owner
+    </div>
+    <div class="px-4 py-3 text-b3 text-neutral-800 dark:text-white">
+      <b>Owners</b> can add other owners to the organization and remove gems from the organization.
+    </div>
+  </div>
+</div>
+
+<%= form_with(model: @organization_onboarding, url: organization_onboarding_users_path, method: :patch) do |form| %>
+  <ul>
+    <li class="flex w-full py-3 pl-[11px] pr-10 justify-between box-border border border-neutral-400 rounded-lg">
+      <span class="flex flex-row items-center">
+        <%= avatar 48, "gravatar-#{@organization_onboarding.created_by.id}", theme: :dark, class: "h-6 w-6 rounded mr-2" %>
+        <span><%= @organization_onboarding.created_by.handle %></span>
+      </span>
+      <span>Owner</span>
+    </li>
+    <%= form.fields_for :invites do |invite_fields| %>
+      <% user = invite_fields.object.user %>
+      <li class="flex w-full py-3 pl-3 justify-between items-center" data-user-handle="<%= user.handle %>">
+        <%= invite_fields.label :role, class: "flex flex-row items-center h-11" do %>
+          <%= avatar 48, "gravatar-#{user.id}", user, theme: :dark, class: "h-6 w-6 rounded mr-2" %>
+          <span class="text-b2"><%= user.handle %></span>
+        <% end %>
+        <%= invite_fields.select(
+          :role,
+          role_options,
+          { include_blank: "select role" },
+          style: "text-align-last: right;",
+          class: "text-b2 rounded-lg appearance-none outline-none bg-white dark:bg-black border-none h-11 text-right focus:ring-2 focus:ring-inset focus:ring-orange"
+        ) %>
+        <%= invite_fields.hidden_field :id %>
+      </li>
+    <% end %>
+  </ul>
+
+  <div class="flex border-t border-neutral-400 lg:-mx-10 lg:px-10 pt-10 mt-10 justify-between">
+    <%= render ButtonComponent.new("Back", organization_onboarding_gems_path, type: :link, color: :neutral, style: :outline) %>
+    <span class="space-x-2">
+      <%= render ButtonComponent.new("Skip for now", organization_onboarding_confirm_path, type: :link, color: :neutral, style: :plain) %>
+      <%= render ButtonComponent.new("Continue", type: :submit, style: :outline) %>
+    </span>
+  </div>
+<% end %>
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index 099daa2ab84..281ef945a2b 100644
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -1,5 +1,19 @@
 <% @title = t('sign_in') %>
 
+<% if Gemcutter::ENABLE_DEVELOPMENT_LOG_IN %>
+<div class="t-body">
+  <h2 class="page__subheading--block">Development Login</h2>
+  <ul>
+    <% User.all.order(id: :asc).each do |user| %>
+    <li>
+      <%= link_to "login as #{user.handle}", controller: :sessions, action: "development_log_in_as", user_id: user.id %>
+    </li>
+    <% end %>
+  </ul>
+  <hr/>
+</div>
+<% end %>
+
 <div class="t-body">
   <p>
     <%= link_to t('.forgot_password'), new_password_path, class: 't-list__item' %>
diff --git a/config/application.rb b/config/application.rb
index 9f395a1b1f1..1328ecd5bd4 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -110,7 +110,7 @@ def self.config
   GEM_REQUEST_LIMIT = 400
   VERSIONS_PER_PAGE = 100
   SEPARATE_ADMIN_HOST = config["separate_admin_host"]
-  ENABLE_DEVELOPMENT_ADMIN_LOG_IN = Rails.env.local?
+  ENABLE_DEVELOPMENT_LOG_IN = Rails.env.local?
   MAIL_SENDER = "RubyGems.org <no-reply@mailer.rubygems.org>".freeze
   PAGES = %w[
     about data download security sponsors
diff --git a/config/importmap.rb b/config/importmap.rb
index 455a99b32b1..6061894a513 100644
--- a/config/importmap.rb
+++ b/config/importmap.rb
@@ -17,6 +17,7 @@
 pin "@stimulus-components/clipboard", to: "@stimulus-components--clipboard.js" # @5.0.0
 pin "@stimulus-components/dialog", to: "@stimulus-components--dialog.js" # @1.0.1
 pin "@stimulus-components/reveal", to: "@stimulus-components--reveal.js" # @5.0.0
+pin "@stimulus-components/checkbox-select-all", to: "@stimulus-components--checkbox-select-all.js" # @6.0.0
 
 # vendored and adapted from https://github.com/mdo/github-buttons/blob/master/src/js.js
 pin "github-buttons"
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index a1c056048c3..df1cf833606 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -8,7 +8,7 @@
   config.content_security_policy do |policy|
     policy.default_src :self
     policy.font_src    :self, "https://fonts.gstatic.com"
-    policy.img_src     :self, "https://secure.gaug.es", "https://gravatar.com", "https://www.gravatar.com", "https://secure.gravatar.com",
+    policy.img_src     :self, "data:", "https://secure.gaug.es", "https://gravatar.com", "https://www.gravatar.com", "https://secure.gravatar.com",
       "https://*.fastly-insights.com", "https://avatars.githubusercontent.com"
     policy.object_src  :none
     # NOTE: This scirpt_src is overridden for all requests in ApplicationController
diff --git a/config/locales/de.yml b/config/locales/de.yml
index 7923abd4962..66e603971e6 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -78,9 +78,13 @@ de:
         handle: Benutzername
         password: Passwort
       ownership/role:
+        owner:
+        maintainer:
+      membership/role:
         owner:
         admin:
         maintainer:
+        outside_contributor:
       api_key:
         oidc_api_key_role: OIDC-API-Schlüsselrolle
       oidc/id_token:
@@ -639,6 +643,9 @@ de:
     failed_verification:
       title:
       close_browser:
+  organization_onboardings:
+    confirm:
+      success:
   owners:
     edit:
       role:
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 6861c309ed0..d88cefe17e9 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -75,9 +75,13 @@ en:
         handle: Username
         password: Password
       ownership/role:
+        owner: Owner
+        maintainer: Maintainer
+      membership/role:
         owner: Owner
         admin: Admin
         maintainer: Maintainer
+        outside_contributor: Outside Contributor
       api_key:
         oidc_api_key_role: OIDC API Key Role
       oidc/id_token:
@@ -552,6 +556,9 @@ en:
     failed_verification:
       title: Error - Verification Failed
       close_browser: Please close this browser and try again.
+  organization_onboardings:
+    confirm:
+      success: Organization onboarded successfully!
   owners:
     edit:
       role: Role
diff --git a/config/locales/es.yml b/config/locales/es.yml
index 43f4335de37..ee7e6a0d528 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -76,9 +76,13 @@ es:
         handle: Usuario
         password: Contraseña
       ownership/role:
+        owner:
+        maintainer:
+      membership/role:
         owner:
         admin:
         maintainer:
+        outside_contributor:
       api_key:
         oidc_api_key_role:
       oidc/id_token:
@@ -624,6 +628,9 @@ es:
     failed_verification:
       title: Error - Falló la verification
       close_browser: Por favor cierra este navegador e inténtalo de nuevo.
+  organization_onboardings:
+    confirm:
+      success:
   owners:
     edit:
       role:
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index d466840c70d..612d974d890 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -76,9 +76,13 @@ fr:
         handle: Pseudonyme
         password: Mot de passe
       ownership/role:
+        owner:
+        maintainer:
+      membership/role:
         owner:
         admin:
         maintainer:
+        outside_contributor:
       api_key:
         oidc_api_key_role:
       oidc/id_token:
@@ -563,6 +567,9 @@ fr:
     failed_verification:
       title:
       close_browser:
+  organization_onboardings:
+    confirm:
+      success:
   owners:
     edit:
       role:
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index 2747086f588..017c949cf28 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -69,9 +69,13 @@ ja:
         handle: ユーザー名
         password: パスワード
       ownership/role:
+        owner:
+        maintainer:
+      membership/role:
         owner:
         admin:
         maintainer:
+        outside_contributor:
       api_key:
         oidc_api_key_role: OIDC APIキーのロール
       oidc/id_token:
@@ -543,6 +547,9 @@ ja:
     failed_verification:
       title: エラー - 検証が失敗しました
       close_browser: このブラウザを閉じて再試行してください。
+  organization_onboardings:
+    confirm:
+      success:
   owners:
     edit:
       role:
diff --git a/config/locales/nl.yml b/config/locales/nl.yml
index 2f92322729a..e290c8869b8 100644
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@@ -68,9 +68,13 @@ nl:
         handle: Gebruikersnaam
         password: Wachtwoord
       ownership/role:
+        owner:
+        maintainer:
+      membership/role:
         owner:
         admin:
         maintainer:
+        outside_contributor:
       api_key:
         oidc_api_key_role:
       oidc/id_token:
@@ -543,6 +547,9 @@ nl:
     failed_verification:
       title:
       close_browser:
+  organization_onboardings:
+    confirm:
+      success:
   owners:
     edit:
       role:
diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
index 0281a075788..ce8a03c68ae 100644
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@@ -75,9 +75,13 @@ pt-BR:
         handle: Usuário
         password: Senha
       ownership/role:
+        owner:
+        maintainer:
+      membership/role:
         owner:
         admin:
         maintainer:
+        outside_contributor:
       api_key:
         oidc_api_key_role:
       oidc/id_token:
@@ -555,6 +559,9 @@ pt-BR:
     failed_verification:
       title:
       close_browser:
+  organization_onboardings:
+    confirm:
+      success:
   owners:
     edit:
       role:
diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
index 158e17b1275..0e707dafd0c 100644
--- a/config/locales/zh-CN.yml
+++ b/config/locales/zh-CN.yml
@@ -70,9 +70,13 @@ zh-CN:
         handle: 用户名
         password: 密码
       ownership/role:
+        owner:
+        maintainer:
+      membership/role:
         owner:
         admin:
         maintainer:
+        outside_contributor:
       api_key:
         oidc_api_key_role:
       oidc/id_token:
@@ -548,6 +552,9 @@ zh-CN:
     failed_verification:
       title: 错误 — 验证失败
       close_browser: 请关闭该浏览器并重试。
+  organization_onboardings:
+    confirm:
+      success:
   owners:
     edit:
       role:
diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
index 2c2e83d1dbc..c0962e266f1 100644
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@@ -69,9 +69,13 @@ zh-TW:
         handle: 帳號
         password: 密碼
       ownership/role:
+        owner:
+        maintainer:
+      membership/role:
         owner:
         admin:
         maintainer:
+        outside_contributor:
       api_key:
         oidc_api_key_role: OIDC API 金鑰角色
       oidc/id_token:
@@ -543,6 +547,9 @@ zh-TW:
     failed_verification:
       title: 錯誤 - 驗證失敗
       close_browser: 請關閉此瀏覽器並重試。
+  organization_onboardings:
+    confirm:
+      success:
   owners:
     edit:
       role:
diff --git a/config/routes.rb b/config/routes.rb
index d36154886d2..e99f9cd795c 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -259,6 +259,8 @@
       get 'verify', to: 'sessions#verify', as: :verify
       post 'authenticate', to: 'sessions#authenticate', as: :authenticate
       post 'webauthn_authenticate', to: 'sessions#webauthn_authenticate', as: :webauthn_authenticate
+
+      get 'development_log_in_as/:user_id', to: 'sessions#development_log_in_as' if Gemcutter::ENABLE_DEVELOPMENT_LOG_IN
     end
 
     resources :users, only: %i[new create]
@@ -267,6 +269,26 @@
     delete '/sign_out' => 'sessions#destroy', as: 'sign_out'
 
     get '/sign_up' => 'users#new', as: 'sign_up' if Clearance.configuration.allow_sign_up?
+
+    namespace :organizations, as: :organization do
+      get "onboarding", to: redirect("/organizations/onboarding/name")
+      delete "onboarding", to: "onboarding#destroy"
+
+      namespace :onboarding do
+        get "name", to: "name#new"
+        post "name", to: "name#create"
+
+        get "gems", to: "gems#edit"
+        patch "gems", to: "gems#update"
+
+        get "users", to: "users#edit"
+        patch "users", to: "users#update"
+
+        get "confirm", to: "confirm#edit"
+        patch "confirm", to: "confirm#update"
+      end
+    end
+    resources :organizations, only: %i[show], constraints: { id: Patterns::ROUTE_PATTERN }
   end
 
   ################################################################################
@@ -335,7 +357,7 @@
     get ':provider/callback', to: 'oauth#create'
     get 'failure', to: 'oauth#failure'
 
-    get 'development_log_in_as/:admin_github_user_id', to: 'oauth#development_log_in_as' if Gemcutter::ENABLE_DEVELOPMENT_ADMIN_LOG_IN
+    get 'development_log_in_as/:admin_github_user_id', to: 'oauth#development_log_in_as' if Gemcutter::ENABLE_DEVELOPMENT_LOG_IN
   end
 
   ################################################################################
diff --git a/config/tailwind.config.js b/config/tailwind.config.js
index b0ee5019caf..f82dab740ee 100644
--- a/config/tailwind.config.js
+++ b/config/tailwind.config.js
@@ -59,6 +59,7 @@ module.exports = {
           900: '#58000A',
         },
         'orange': { // Primary
+          '050': '#FFF8F1',
           100: '#FFF0EC',
           200: '#FFC6AD',
           300: '#FFA983',
diff --git a/db/migrate/20241023052946_create_organization_onboardings.rb b/db/migrate/20241023052946_create_organization_onboardings.rb
new file mode 100644
index 00000000000..90474326c49
--- /dev/null
+++ b/db/migrate/20241023052946_create_organization_onboardings.rb
@@ -0,0 +1,16 @@
+class CreateOrganizationOnboardings < ActiveRecord::Migration[7.2]
+  def change
+    create_table :organization_onboardings do |t|
+      t.string :status, null: false
+      t.string :name_type, null: false
+      t.string :organization_name, null: false
+      t.string :organization_handle, null: false
+      t.text :error, null: true
+      t.integer :rubygems, array: true, default: [], null: true
+      t.datetime :onboarded_at, null: true
+      t.integer :created_by_id, null: false
+      t.integer :onboarded_organization_id, null: true
+      t.timestamps
+    end
+  end
+end
diff --git a/db/migrate/20241023053140_add_organization_foreign_keyto_ruby_gems.rb b/db/migrate/20241023053140_add_organization_foreign_keyto_ruby_gems.rb
new file mode 100644
index 00000000000..27359ca9772
--- /dev/null
+++ b/db/migrate/20241023053140_add_organization_foreign_keyto_ruby_gems.rb
@@ -0,0 +1,8 @@
+class AddOrganizationForeignKeytoRubyGems < ActiveRecord::Migration[7.2]
+  disable_ddl_transaction!
+
+  def change
+    add_reference :rubygems, :organization, null: true, index: { algorithm: :concurrently }
+    add_foreign_key :rubygems, :organizations, column: :organization_id, on_delete: :nullify, validate: false
+  end
+end
diff --git a/db/migrate/20241023053210_validate_add_organization_foreign_keyto_ruby_gems.rb b/db/migrate/20241023053210_validate_add_organization_foreign_keyto_ruby_gems.rb
new file mode 100644
index 00000000000..00d7ae1d13f
--- /dev/null
+++ b/db/migrate/20241023053210_validate_add_organization_foreign_keyto_ruby_gems.rb
@@ -0,0 +1,5 @@
+class ValidateAddOrganizationForeignKeytoRubyGems < ActiveRecord::Migration[7.2]
+  def change
+    validate_foreign_key :rubygems, :organizations
+  end
+end
diff --git a/db/migrate/20241104065953_add_organization_onboarding_invites.rb b/db/migrate/20241104065953_add_organization_onboarding_invites.rb
new file mode 100644
index 00000000000..9e0d98cefde
--- /dev/null
+++ b/db/migrate/20241104065953_add_organization_onboarding_invites.rb
@@ -0,0 +1,11 @@
+class AddOrganizationOnboardingInvites < ActiveRecord::Migration[7.2]
+  def change
+    create_table :organization_onboarding_invites do |t|
+      t.references :organization_onboarding, null: false, foreign_key: true
+      t.references :user, null: false, foreign_key: true
+      t.string :role, null: true
+
+      t.timestamps
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 7a42964c418..99235afcc75 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.2].define(version: 2024_10_07_193740) do
+ActiveRecord::Schema[7.2].define(version: 2024_11_04_065953) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "hstore"
   enable_extension "pgcrypto"
@@ -419,6 +419,30 @@
     t.index ["repository_owner", "repository_name", "repository_owner_id", "workflow_filename", "environment"], name: "index_oidc_trusted_publisher_github_actions_claims", unique: true
   end
 
+  create_table "organization_onboarding_invites", force: :cascade do |t|
+    t.bigint "organization_onboarding_id", null: false
+    t.bigint "user_id", null: false
+    t.string "role"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["organization_onboarding_id"], name: "idx_on_organization_onboarding_id_e5b08868fb"
+    t.index ["user_id"], name: "index_organization_onboarding_invites_on_user_id"
+  end
+
+  create_table "organization_onboardings", force: :cascade do |t|
+    t.string "status", null: false
+    t.string "name_type", null: false
+    t.string "organization_name", null: false
+    t.string "organization_handle", null: false
+    t.text "error"
+    t.integer "rubygems", default: [], array: true
+    t.datetime "onboarded_at"
+    t.integer "created_by_id", null: false
+    t.integer "onboarded_organization_id"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+  end
+
   create_table "organizations", force: :cascade do |t|
     t.string "handle", limit: 40
     t.string "name", limit: 255
@@ -475,10 +499,12 @@
     t.datetime "created_at", precision: nil
     t.datetime "updated_at", precision: nil
     t.boolean "indexed", default: false, null: false
+    t.bigint "organization_id"
     t.index "regexp_replace(upper((name)::text), '[_-]'::text, ''::text, 'g'::text)", name: "dashunderscore_typos_idx"
     t.index "upper((name)::text) varchar_pattern_ops", name: "index_rubygems_upcase"
     t.index ["indexed"], name: "index_rubygems_on_indexed"
     t.index ["name"], name: "index_rubygems_on_name", unique: true
+    t.index ["organization_id"], name: "index_rubygems_on_organization_id"
   end
 
   create_table "sendgrid_events", force: :cascade do |t|
@@ -648,6 +674,8 @@
   add_foreign_key "oidc_id_tokens", "oidc_api_key_roles"
   add_foreign_key "oidc_pending_trusted_publishers", "users"
   add_foreign_key "oidc_rubygem_trusted_publishers", "rubygems"
+  add_foreign_key "organization_onboarding_invites", "organization_onboardings"
+  add_foreign_key "organization_onboarding_invites", "users"
   add_foreign_key "ownership_calls", "rubygems", name: "ownership_calls_rubygem_id_fk"
   add_foreign_key "ownership_calls", "users", name: "ownership_calls_user_id_fk"
   add_foreign_key "ownership_requests", "ownership_calls", name: "ownership_requests_ownership_call_id_fk"
@@ -655,6 +683,7 @@
   add_foreign_key "ownership_requests", "users", column: "approver_id", name: "ownership_requests_approver_id_fk"
   add_foreign_key "ownership_requests", "users", name: "ownership_requests_user_id_fk"
   add_foreign_key "ownerships", "users", on_delete: :cascade
+  add_foreign_key "rubygems", "organizations", on_delete: :nullify
   add_foreign_key "versions", "api_keys", column: "pusher_api_key_id"
   add_foreign_key "versions", "rubygems", name: "versions_rubygem_id_fk"
   add_foreign_key "web_hooks", "users", name: "web_hooks_user_id_fk"
diff --git a/db/seeds.rb b/db/seeds.rb
index 8c2858a6507..f6931352ef7 100644
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -26,6 +26,7 @@
 ).find_or_create_by!(email: "gem-requester@example.com")
 
 User.create_with(
+  handle: "gem-security",
   email_confirmed: true,
   password:
 ).find_or_create_by!(email: "security@rubygems.org")
diff --git a/lib/access.rb b/lib/access.rb
index 12316b95d03..e86093fb79b 100644
--- a/lib/access.rb
+++ b/lib/access.rb
@@ -1,7 +1,7 @@
 module Access
   MAINTAINER = 50
+  ADMIN = 60
   OWNER = 70
-  ADMIN = 90
 
   DEFAULT_ROLE = "owner".freeze
 
diff --git a/test/application_system_test_case.rb b/test/application_system_test_case.rb
index f0eb3df30d6..c7f25952c16 100644
--- a/test/application_system_test_case.rb
+++ b/test/application_system_test_case.rb
@@ -3,5 +3,15 @@
 class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
   include OauthHelpers
   include AvoHelpers
-  driven_by :selenium, using: :headless_chrome, screen_size: [1400, 1400]
+
+  if ENV["CAPYBARA_SERVER_PORT"]
+    served_by host: "rails-app", port: ENV["CAPYBARA_SERVER_PORT"]
+
+    driven_by :selenium, using: :headless_chrome, screen_size: [1400, 1400], options: {
+      browser: :remote,
+      url: "http://#{ENV['SELENIUM_HOST']}:4444"
+    }
+  else
+    driven_by :selenium, using: :headless_chrome, screen_size: [1400, 1400]
+  end
 end
diff --git a/test/factories/memberships.rb b/test/factories/memberships.rb
index 5920d25336f..0056afa4a28 100644
--- a/test/factories/memberships.rb
+++ b/test/factories/memberships.rb
@@ -5,6 +5,10 @@
     confirmed_at { Time.zone.now }
     role { :maintainer }
 
+    trait :maintainer do
+      role { :maintainer }
+    end
+
     trait :owner do
       role { :owner }
     end
diff --git a/test/factories/organization_onboarding_invites.rb b/test/factories/organization_onboarding_invites.rb
new file mode 100644
index 00000000000..73c7f4779b4
--- /dev/null
+++ b/test/factories/organization_onboarding_invites.rb
@@ -0,0 +1,7 @@
+FactoryBot.define do
+  factory :organization_onboarding_invite do
+    organization_onboarding { association(:organization_onboarding) }
+    user { association(:user) }
+    role { "owner" }
+  end
+end
diff --git a/test/factories/organization_onboardings.rb b/test/factories/organization_onboardings.rb
new file mode 100644
index 00000000000..7de553f8d3b
--- /dev/null
+++ b/test/factories/organization_onboardings.rb
@@ -0,0 +1,51 @@
+FactoryBot.define do
+  factory :organization_onboarding do
+    transient do
+      approved_invites { [] }
+      authorizer { create(:user) } # rubocop:disable FactoryBot/FactoryAssociationWithStrategy
+      namesake_rubygem { create(:rubygem) } # rubocop:disable FactoryBot/FactoryAssociationWithStrategy
+    end
+
+    created_by { association(:user) }
+
+    organization_name { namesake_rubygem.name }
+    organization_handle { namesake_rubygem.name }
+
+    rubygems do
+      [namesake_rubygem.id]
+    end
+
+    after(:build) do |organization_onboarding, evaluator|
+      Ownership.find_or_create_by(
+        user: organization_onboarding.created_by,
+        rubygem: evaluator.namesake_rubygem,
+        authorizer: evaluator.authorizer,
+        role: "owner"
+      )
+      evaluator.approved_invites.each do |invitee|
+        organization_onboarding.invites.find_or_initialize_by(user: invitee[:user]).role = invitee[:role]
+      end
+    end
+
+    trait :completed do
+      status { :completed }
+      onboarded_at { Time.zone.now }
+    end
+
+    trait :failed do
+      error { "Failed to onboard" }
+      status { :failed }
+    end
+
+    trait :user do
+      name_type { "gem" } # temporarily set to gem during release when username is disabled
+
+      # organization_name { "Rubygems" }
+      # organization_handle { created_by.handle }
+
+      # rubygems do
+      #   []
+      # end
+    end
+  end
+end
diff --git a/test/factories/organizations.rb b/test/factories/organizations.rb
index 77155e05655..6a7697e236b 100644
--- a/test/factories/organizations.rb
+++ b/test/factories/organizations.rb
@@ -4,6 +4,7 @@
       owners { [] }
       admins { [] }
       maintainers { [] }
+      rubygems { [] }
     end
 
     handle
@@ -22,6 +23,10 @@
       evaluator.maintainers.each do |user|
         create(:membership, user: user, organization: organization, role: :maintainer)
       end
+
+      evaluator.rubygems.each do |rubygem|
+        rubygem.update(organization: organization)
+      end
     end
 
     trait :with_members do
diff --git a/test/helpers/policy_helpers.rb b/test/helpers/policy_helpers.rb
index a5e3871543e..ad4901e5d72 100644
--- a/test/helpers/policy_helpers.rb
+++ b/test/helpers/policy_helpers.rb
@@ -1,17 +1,31 @@
 module PolicyHelpers
   extend ActiveSupport::Concern
 
-  def assert_authorized(actor, action)
-    policy = policy!(actor)
+  def assert_authorized(policy_or_actor, action)
+    policy = policy_or_actor if policy_or_actor.is_a?(ApplicationPolicy)
+    policy ||= policy!(policy_or_actor)
 
-    assert_predicate policy, action
-    assert_nil policy.error
+    result = policy.send(action)
+    flunk "Expected #{policy.class} to authorize #{action.inspect}\n#{pretty_print_policy(policy)}" unless result
+    flunk "Expected #{policy.class}##{action} not to produce an error: #{policy.error}\n#{pretty_print_policy(policy)}" if policy.error
+
+    assert result
   end
 
-  def refute_authorized(actor, action, message = nil)
-    policy = policy!(actor)
+  def refute_authorized(policy_or_actor, action, message = nil)
+    policy = policy_or_actor if policy_or_actor.is_a?(ApplicationPolicy)
+    policy ||= policy!(policy_or_actor)
 
-    refute_predicate policy, action
+    result = policy.send(action)
+    flunk "Expected #{policy.class} to deny #{action.inspect}\n#{pretty_print_policy(policy)}" if result
     assert_equal message.chomp, policy.error&.chomp if message
+
+    refute result
+  end
+
+  def pretty_print_policy(policy)
+    user = policy.user.respond_to?(:handle) ? "#<User id: #{policy.user.id}, handle: #{policy.user.handle.inspect}>" : policy.user.inspect
+    error = policy.error ? "  Error: #{policy.error}\n" : nil
+    "#{error}  User: #{user}\n  Record: #{policy.record.inspect}"
   end
 end
diff --git a/test/integration/organizations/onboarding/confirm_controller_test.rb b/test/integration/organizations/onboarding/confirm_controller_test.rb
new file mode 100644
index 00000000000..e7a51033729
--- /dev/null
+++ b/test/integration/organizations/onboarding/confirm_controller_test.rb
@@ -0,0 +1,52 @@
+require "test_helper"
+
+class Organizations::Onboarding::ConfirmControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @user = create(:user, remember_token_expires_at: Gemcutter::REMEMBER_FOR.from_now)
+    post session_path(session: { who: @user.handle, password: PasswordHelpers::SECURE_TEST_PASSWORD })
+
+    @collaborator = create(:user, :mfa_enabled)
+    @rubygem = create(:rubygem, owners: [@user, @collaborator])
+
+    @organization_onboarding = create(
+      :organization_onboarding,
+      :gem,
+      created_by: @user,
+      namesake_rubygem: @rubygem,
+      approved_invites: [{ user: @collaborator, role: "maintainer" }]
+    )
+  end
+
+  context "GET #show" do
+    should "to render the show template" do
+      get "/organizations/onboarding/confirm"
+
+      assert_response :ok
+    end
+  end
+
+  context "PATCH #update" do
+    should "onboard the organization and render a success message" do
+      patch "/organizations/onboarding/confirm"
+
+      assert_redirected_to organization_path(@organization_onboarding.reload.organization)
+
+      follow_redirect!
+
+      assert page.has_content?("Organization onboarded successfully")
+
+      assert_predicate @organization_onboarding.reload, :completed?
+    end
+
+    should "fail to onboard the organization and render an error message" do
+      @conflicting_org = create(:organization, handle: @organization_onboarding.organization_handle)
+
+      patch "/organizations/onboarding/confirm"
+
+      assert page.has_content?("Onboarding error: Validation failed: Handle has already been taken")
+
+      assert_predicate @organization_onboarding.reload, :failed?
+      assert_nil @organization_onboarding.organization
+    end
+  end
+end
diff --git a/test/integration/organizations/onboarding/gems_controller_test.rb b/test/integration/organizations/onboarding/gems_controller_test.rb
new file mode 100644
index 00000000000..a17bf7a5ab8
--- /dev/null
+++ b/test/integration/organizations/onboarding/gems_controller_test.rb
@@ -0,0 +1,50 @@
+require "test_helper"
+
+class Organizations::Onboarding::GemsControllerTest < ActionController::TestCase
+  setup do
+    @user = create(:user, :mfa_enabled)
+    @namesake_rubygem = create(:rubygem, owners: [@user])
+    @gem = create(:rubygem, owners: [@user])
+    @organization_onboarding = create(
+      :organization_onboarding,
+      created_by: @user,
+      namesake_rubygem: @namesake_rubygem,
+      status: :pending,
+      organization_handle: @namesake_rubygem.name,
+      organization_name: "Existing Name"
+    )
+
+    sign_in_as(@user)
+  end
+
+  context "PATCH update" do
+    should "save the selected gems and redirect to the next step" do
+      patch :update, params: { organization_onboarding: { rubygems: [@gem.id] } }
+
+      assert_redirected_to organization_onboarding_users_path
+      assert_equal [@namesake_rubygem.id, @gem.id], @organization_onboarding.reload.rubygems
+    end
+
+    should "allow selecting no additional gems" do
+      patch :update
+
+      assert_redirected_to organization_onboarding_users_path
+      assert_equal [@namesake_rubygem.id], @organization_onboarding.reload.rubygems
+    end
+
+    should "ignore empty params" do
+      patch :update, params: { organization_onboarding: { rubygems: [""] } }
+
+      assert_redirected_to organization_onboarding_users_path
+      assert_equal [@namesake_rubygem.id], @organization_onboarding.reload.rubygems
+    end
+
+    should "invalidate unknown gems" do
+      notmygem = create(:rubygem)
+      patch :update, params: { organization_onboarding: { rubygems: [notmygem.id] } }
+
+      assert_response :unprocessable_entity
+      assert_equal [@namesake_rubygem.id], @organization_onboarding.reload.rubygems
+    end
+  end
+end
diff --git a/test/integration/organizations/onboarding/name_controller_test.rb b/test/integration/organizations/onboarding/name_controller_test.rb
new file mode 100644
index 00000000000..b7c091cd762
--- /dev/null
+++ b/test/integration/organizations/onboarding/name_controller_test.rb
@@ -0,0 +1,60 @@
+require "test_helper"
+
+class Organizations::Onboarding::NameControllerTest < ActionController::TestCase
+  setup do
+    @user = create(:user, :mfa_enabled)
+    @gem = create(:rubygem, owners: [@user])
+
+    sign_in_as(@user)
+  end
+
+  context "GET new" do
+    should "ask the user to start creating a new organization" do
+      get :new
+
+      assert_select "input[name=?]", "organization_onboarding[organization_name]"
+    end
+
+    context "when the user has an existing onboarding" do
+      setup do
+        @organization_onboarding = create(:organization_onboarding, created_by: @user, status: :pending, organization_name: "Existing Name")
+      end
+
+      should "render with the in-progress onboarding" do
+        get :new
+
+        assert_select "input[name=?][value=?]", "organization_onboarding[organization_name]", @organization_onboarding.organization_name
+      end
+    end
+  end
+
+  context "POST create" do
+    should "create a new onboarding and redirect to the next step" do
+      post :create, params: { organization_onboarding: { organization_name: "New Name", organization_handle: @gem.name, name_type: "gem" } }
+
+      assert OrganizationOnboarding.exists?(organization_name: "New Name", organization_handle: @gem.name, name_type: "gem")
+      assert_redirected_to organization_onboarding_gems_path
+    end
+
+    context "when the user has an existing onboarding" do
+      setup do
+        @organization_onboarding = create(:organization_onboarding, created_by: @user, status: :pending, organization_name: "Existing Name")
+      end
+
+      should "update the existing onboarding and redirect to the next step" do
+        post :create, params: { organization_onboarding: { organization_name: "Updated Name" } }
+
+        assert_redirected_to organization_onboarding_gems_path
+        assert_equal "Updated Name", @organization_onboarding.reload.organization_name
+      end
+    end
+
+    context "when the onboarding is invalid" do
+      should "render the form with an error" do
+        post :create, params: { organization_onboarding: { organization_name: "" } }
+
+        assert_response :unprocessable_entity
+      end
+    end
+  end
+end
diff --git a/test/integration/organizations/onboarding/users_controller_test.rb b/test/integration/organizations/onboarding/users_controller_test.rb
new file mode 100644
index 00000000000..97eaeb5f1c2
--- /dev/null
+++ b/test/integration/organizations/onboarding/users_controller_test.rb
@@ -0,0 +1,123 @@
+require "test_helper"
+
+class Organizations::Onboarding::UsersControllerTest < ActionController::TestCase
+  setup do
+    @user = create(:user, :mfa_enabled)
+    @other_users = create_list(:user, 2)
+    @rubygem = create(:rubygem, owners: [@user, *@other_users])
+
+    sign_in_as(@user)
+
+    @organization_onboarding = create(
+      :organization_onboarding,
+      created_by: @user,
+      namesake_rubygem: @rubygem
+    )
+
+    @invites = @organization_onboarding.invites.to_a
+  end
+
+  test "render the list of users to invite" do
+    get :edit
+
+    assert_response :ok
+    # assert a text field has has the handle
+    @invites.each_with_index do |invite, idx|
+      assert_select "input[name='organization_onboarding[invites_attributes][#{idx}][id]'][value='#{invite.id}']"
+      assert_select "select[name='organization_onboarding[invites_attributes][#{idx}][role]']"
+    end
+  end
+
+  test "should update invites ignoring blank rows" do
+    patch :update, params: {
+      organization_onboarding: {
+        invites_attributes: {
+          "0" => { id: @invites[0].id, role: "maintainer" },
+          "1" => { id: @invites[1].id, role: "" }
+        }
+      }
+    }
+
+    assert_redirected_to organization_onboarding_confirm_path
+
+    @organization_onboarding.reload
+
+    assert_equal "maintainer", @organization_onboarding.invites.find_by(user_id: @other_users[0].id).role
+    assert_nil @organization_onboarding.invites.find_by(user_id: @other_users[1].id).role
+  end
+
+  test "should update invites ignoring user_id in invites_attributes" do
+    patch :update, params: {
+      organization_onboarding: {
+        invites_attributes: {
+          "0" => { id: @invites[0].id, role: "maintainer" },
+          "1" => { user_id: @invites[1].user.id, role: "owner" }
+        }
+      }
+    }
+
+    assert_redirected_to organization_onboarding_confirm_path
+
+    @organization_onboarding.reload
+
+    assert_equal "maintainer", @organization_onboarding.invites.find_by(user_id: @other_users[0].id).role
+    assert_nil @organization_onboarding.invites.find_by(user_id: @other_users[1].id).role
+    assert_equal 1, @organization_onboarding.approved_invites.count
+  end
+
+  test "should update multiple users" do
+    patch :update, params: {
+      organization_onboarding: {
+        invites_attributes: {
+          "0" => { id: @invites[0].id, role: "maintainer" },
+          "1" => { id: @invites[1].id, role: "admin" }
+        }
+      }
+    }
+
+    assert_redirected_to organization_onboarding_confirm_path
+
+    @organization_onboarding.reload
+
+    assert_equal "maintainer", @organization_onboarding.invites.find_by(user_id: @other_users[0].id).role
+    assert_equal "admin", @organization_onboarding.invites.find_by(user_id: @other_users[1].id).role
+  end
+
+  test "should update users including existing invites" do
+    patch :update, params: {
+      organization_onboarding: {
+        invites_attributes: {
+          "0" => { id: @invites[0].id, role: "admin" },
+          "1" => { id: @invites[1].id, role: "maintainer" }
+        }
+      }
+    }
+
+    @organization_onboarding.reload
+
+    assert_redirected_to organization_onboarding_confirm_path
+    assert_equal "admin", @organization_onboarding.invites.find_by(user_id: @other_users[0].id).role
+    assert_equal "maintainer", @organization_onboarding.invites.find_by(user_id: @other_users[1].id).role
+
+    get :edit
+
+    assert_select "input[name='organization_onboarding[invites_attributes][0][id]'][value='#{@invites[0].id}']"
+    assert_select "select[name='organization_onboarding[invites_attributes][0][role]'] option[selected][value='admin']"
+    assert_select "input[name='organization_onboarding[invites_attributes][1][id]'][value='#{@invites[1].id}']"
+    assert_select "select[name='organization_onboarding[invites_attributes][1][role]'] option[selected][value='maintainer']"
+
+    patch :update, params: {
+      organization_onboarding: {
+        invites_attributes: {
+          "0" => { id: @invites[0].id, role: "maintainer" },
+          "1" => { id: @invites[1].id, role: "" }
+        }
+      }
+    }
+
+    @organization_onboarding.reload
+
+    assert_equal "maintainer", @organization_onboarding.invites.find_by(user_id: @other_users[0].id).role
+    assert_nil @organization_onboarding.invites.find_by(user_id: @other_users[1].id).role
+  end
+end
diff --git a/test/integration/organizations/onboarding_test.rb b/test/integration/organizations/onboarding_test.rb
new file mode 100644
index 00000000000..8158d94a655
--- /dev/null
+++ b/test/integration/organizations/onboarding_test.rb
@@ -0,0 +1,51 @@
+require "test_helper"
+
+class Organizations::OnboardingControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @user = create(:user, remember_token_expires_at: Gemcutter::REMEMBER_FOR.from_now)
+    post session_path(session: { who: @user.handle, password: PasswordHelpers::SECURE_TEST_PASSWORD })
+  end
+
+  context "GET /organizations/onboarding" do
+    should "redirect to onboarding start page" do
+      get "/organizations/onboarding"
+
+      assert_redirected_to organization_onboarding_name_path
+    end
+  end
+
+  context "DELETE /organizations/onboarding" do
+    should "not destroy an OrganizationOnboarding that is already completed" do
+      organization_onboarding = create(:organization_onboarding, :completed, created_by: @user)
+
+      delete "/organizations/onboarding"
+
+      assert_redirected_to dashboard_path
+      assert OrganizationOnboarding.exists?(id: organization_onboarding.id)
+    end
+
+    should "destroy a pending OrganizationOnboarding created by the current user" do
+      organization_onboarding = create(:organization_onboarding, created_by: @user)
+
+      delete "/organizations/onboarding"
+
+      assert_redirected_to dashboard_path
+      refute OrganizationOnboarding.exists?(id: organization_onboarding.id)
+    end
+
+    should "destroy a failed OrganizationOnboarding created by the current user" do
+      organization_onboarding = create(:organization_onboarding, :failed, created_by: @user)
+
+      delete "/organizations/onboarding"
+
+      assert_redirected_to dashboard_path
+      refute OrganizationOnboarding.exists?(id: organization_onboarding.id)
+    end
+
+    should "redirect to the dashboarding if the current user has not started organization onboarding" do
+      delete "/organizations/onboarding"
+
+      assert_redirected_to dashboard_path
+    end
+  end
+end
diff --git a/test/integration/routing_test.rb b/test/integration/routing_test.rb
index 173e9a28fc8..8bbe312016f 100644
--- a/test/integration/routing_test.rb
+++ b/test/integration/routing_test.rb
@@ -38,6 +38,7 @@ def contoller_in_ui?(controller)
       format_path.gsub!(":id", "someid")
       format_path.gsub!("*id", "about") # used in high voltage route
       format_path.gsub!(":version_id", "someid")
+      format_path.gsub!(":organization_id", "someid")
 
       assert_nothing_raised do
         # ex: get(/password/new?format=json)
diff --git a/test/lib/access_test.rb b/test/lib/access_test.rb
index 1173c5f54f6..190cffcfd73 100644
--- a/test/lib/access_test.rb
+++ b/test/lib/access_test.rb
@@ -1,6 +1,13 @@
 require "test_helper"
 
 class AccessTest < ActiveSupport::TestCase
+  context "roles are correctly sequenced" do
+    should "be in the correct order" do
+      assert_operator Access::OWNER, :>, Access::ADMIN
+      assert_operator Access::ADMIN, :>, Access::MAINTAINER
+    end
+  end
+
   context ".role_for_flag" do
     should "return the role for a given permission flag" do
       assert_equal "owner", Access.role_for_flag(Access::OWNER)
@@ -31,10 +38,9 @@ class AccessTest < ActiveSupport::TestCase
 
   context ".with_minimum_role" do
     should "return the range of roles for a given permission flag" do
-      assert_equal Range.new(Access::OWNER, nil), Access.with_minimum_role("owner")
-      refute_includes Access.with_minimum_role("owner"), Access::MAINTAINER
-      assert_includes Access.with_minimum_role("owner"), Access::OWNER
-      assert_includes Access.with_minimum_role("owner"), Access::ADMIN
+      assert_equal (Access::OWNER..), Access.with_minimum_role("owner")
+      assert_equal (Access::ADMIN..), Access.with_minimum_role("admin")
+      assert_equal (Access::MAINTAINER..), Access.with_minimum_role("maintainer")
     end
   end
 end
diff --git a/test/models/organization_onboarding_test.rb b/test/models/organization_onboarding_test.rb
new file mode 100644
index 00000000000..df92aeef198
--- /dev/null
+++ b/test/models/organization_onboarding_test.rb
@@ -0,0 +1,267 @@
+require "test_helper"
+
+class OrganizationOnboardingTest < ActiveSupport::TestCase
+  setup do
+    @owner = create(:user)
+    @maintainer = create(:user)
+    @rubygem = create(:rubygem, owners: [@owner], maintainers: [@maintainer])
+
+    @onboarding = create(
+      :organization_onboarding,
+      name_type: "gem",
+      organization_name: "Test Organization",
+      organization_handle: @rubygem.name,
+      created_by: @owner,
+      namesake_rubygem: @rubygem
+    )
+    maintainer_invite = @onboarding.invites.first
+    maintainer_invite.update(role: :maintainer)
+  end
+
+  context "validations" do
+    context "when the created_by field is blank" do
+      setup do
+        @onboarding.created_by = nil
+      end
+
+      should "require a onboarded by user" do
+        assert_predicate @onboarding, :invalid?
+        assert_equal ["must exist"], @onboarding.errors[:created_by]
+      end
+    end
+
+    context "when the user does not have the required gem roles" do
+      setup do
+        @onboarding.created_by = @maintainer
+      end
+
+      should "be invalid" do
+        assert_predicate @onboarding, :invalid?
+      end
+
+      should "add an error to the rubygems attribute" do
+        @onboarding.valid?
+
+        assert_equal ["must be an owner of the #{@rubygem.name} gem"], @onboarding.errors[:created_by]
+      end
+    end
+
+    context "when the user specifies a gem they do not own" do
+      setup do
+        @other_user = create(:user)
+        @other_rubygem = create(:rubygem, owners: [@other_user])
+        @onboarding.rubygems = [@other_rubygem.id]
+      end
+
+      should "be invalid" do
+        assert_predicate @onboarding, :invalid?
+      end
+
+      should "add an error to the rubygems attribute" do
+        @onboarding.valid?
+
+        assert_equal ["must be an owner of the #{@other_rubygem.name} gem"], @onboarding.errors[:created_by]
+      end
+
+      should "not add an invite for the users on the gem" do
+        @onboarding.save
+        @onboarding.reload
+
+        assert_nil @onboarding.invites.find_by(user_id: @other_user.id)
+      end
+    end
+
+    context "when the user specifices a user as the name of the organization" do
+      setup do
+        @onboarding.name_type = :user
+      end
+
+      should "set the Organization Onboarding handle to the handle of the User" do
+        assert_equal @rubygem.name, @onboarding.organization_handle
+      end
+    end
+
+    context "when the user specifies a gem as the name of the organization" do
+      setup do
+        @onboarding.name_type = :gem
+      end
+
+      context "when the name is a valid gem that the user owns" do
+        should "be valid" do
+          @onboarding.organization_handle = @rubygem.name
+
+          assert_predicate @onboarding, :valid?
+        end
+      end
+
+      context "when the name is not valid" do
+        should "it is ignored and set to the gem name" do
+          @onboarding.organization_handle = "invalid"
+
+          assert_predicate @onboarding, :invalid?
+        end
+      end
+    end
+  end
+
+  context "#set_user_handle" do
+    context "when the gem name is set to user" do
+      setup do
+        @onboarding.name_type = :user
+      end
+
+      should "automatically set the organization handle to the handle of the user" do
+        @onboarding.valid?
+
+        assert_equal @owner.handle, @onboarding.organization_handle
+      end
+    end
+  end
+
+  context "#available_rubygems" do
+    should "exclude gems that already have an organization" do
+      create(:rubygem, owners: [@owner], organization: create(:organization))
+
+      assert_equal [@rubygem], @onboarding.available_rubygems
+    end
+  end
+
+  context "#rubygems=" do
+    should "exclude gems that already have an organization" do
+      other_rubygem = create(:rubygem, owners: [@owner], organization: create(:organization))
+      @onboarding.rubygems = [@rubygem.id, other_rubygem.id]
+
+      assert_equal [@rubygem.id], @onboarding.rubygems
+    end
+
+    should "add invites for the owners and maintainers of the specified rubygems" do
+      other_user = create(:user)
+      rubygem = create(:rubygem, owners: [@owner, other_user])
+      @onboarding.rubygems = [rubygem.id]
+      @onboarding.save
+      @onboarding.reload
+
+      assert_equal [@maintainer, other_user].map(&:handle).sort, @onboarding.users.map(&:handle).sort
+    end
+  end
+
+  context "#invites_attributes=" do
+    should "allow upding the role of an existing invite" do
+      invite = @onboarding.invites.find_by(user_id: @maintainer.id)
+
+      assert_equal "maintainer", invite.role
+
+      @onboarding.invites_attributes = {
+        "0" => { id: invite.id, role: "admin" }
+      }
+
+      @onboarding.save
+
+      invite.reload
+
+      assert_equal "admin", invite.role
+    end
+
+    should "prevent adding users that are not already invited" do
+      other_user = create(:user)
+      @onboarding.invites_attributes = {
+        "0" => { user_id: other_user.id, role: "maintainer" }
+      }
+
+      assert_equal 1, @onboarding.invites.count
+      assert_nil @onboarding.invites.find_by(user_id: other_user.id)
+    end
+  end
+
+  context "#onboard!" do
+    setup do
+      @onboarding.onboard!
+    end
+
+    should "mark the onboarding as completed" do
+      assert_predicate @onboarding, :completed?
+    end
+
+    should "create an organization with the specified name and handle" do
+      assert_not_nil @onboarding.organization
+      assert_equal @onboarding.organization_name, @onboarding.organization.name
+      assert_equal @onboarding.organization_handle, @onboarding.organization.handle
+    end
+
+    should "create a confirmed owner membership for the person that onboarded the organization" do
+      membership = @onboarding.organization.memberships.find_by(user_id: @onboarding.created_by)
+
+      assert_predicate membership, :owner?
+      assert_predicate membership, :confirmed?
+    end
+
+    should "create unconfirmed memberships for each invitee" do
+      membership = @onboarding.organization.unconfirmed_memberships.find_by(user_id: @maintainer.id)
+
+      assert_predicate membership, :maintainer?
+      assert_not_predicate membership, :confirmed?
+    end
+
+    should "set the organization_id for each specified rubygem" do
+      assert_equal @onboarding.organization.id, @rubygem.reload.organization_id
+    end
+
+    should "remove Ownership records that have been migrated to Memberships" do
+      assert_nil Ownership.find_by(user: @owner, rubygem: @rubygem)
+      assert_nil Ownership.find_by(user: @maintainer, rubygem: @rubygem)
+    end
+
+    context "when a user is marked as an Outside Contributor" do
+      setup do
+        @contributor = create(:user)
+        @ownership = create(:ownership, user: @contributor, rubygem: @rubygem, role: "owner")
+        @onboarding.invites << create(:organization_onboarding_invite, user: @contributor, role: :outside_contributor)
+      end
+
+      should "not remove the Ownership record" do
+        assert_not_nil Ownership.find_by(user: @contributor, rubygem: @rubygem)
+      end
+    end
+
+    context "when onboarding encounters an error" do
+      setup do
+        @onboarding = create(:organization_onboarding, created_by: @owner)
+        @onboarding.stubs(:create_organization!).raises(ActiveRecord::ActiveRecordError, "stubbed error")
+      end
+
+      should "mark the onboarding as failed" do
+        assert_raises ActiveRecord::ActiveRecordError, "stubbed error" do
+          @onboarding.onboard!
+        end
+
+        assert_predicate @onboarding, :failed?
+      end
+
+      should "record the error message" do
+        assert_raises ActiveRecord::ActiveRecordError, "stubbed error" do
+          @onboarding.onboard!
+        end
+
+        assert_equal "stubbed error", @onboarding.error
+      end
+    end
+
+    context "when the onboarding is already completed" do
+      setup do
+        @onboarding = create(:organization_onboarding, :completed, created_by: @owner)
+      end
+
+      should "raise an error" do
+        assert_raises StandardError, "onboard has already been completed" do
+          @onboarding.onboard!
+        end
+      end
+    end
+  end
+
+  context "#available_rubygems" do
+    should "return the rubygems that the user owns" do
+      assert_equal [@rubygem], @onboarding.available_rubygems
+    end
+  end
+end
diff --git a/test/models/organization_test.rb b/test/models/organization_test.rb
index c8cf1a20f03..2f956c0f33c 100644
--- a/test/models/organization_test.rb
+++ b/test/models/organization_test.rb
@@ -4,6 +4,7 @@ class OrganizationTest < ActiveSupport::TestCase
   should have_many(:memberships).dependent(:destroy)
   should have_many(:unconfirmed_memberships).dependent(:destroy)
   should have_many(:users).through(:memberships)
+  should have_many(:rubygems).dependent(:nullify)
 
   # Waiting for Ownerships to be made polymorphic
   #
@@ -61,14 +62,6 @@ class OrganizationTest < ActiveSupport::TestCase
         assert_contains organization.errors[:handle], "has already been taken"
         refute_predicate organization, :valid?
       end
-
-      should "be invalid if user has handle already" do
-        create(:user, handle: "test")
-        organization = build(:organization, handle: "Test")
-
-        refute_predicate organization, :valid?
-        assert_contains organization.errors[:handle], "has already been taken"
-      end
     end
   end
 end
diff --git a/test/models/rubygem_test.rb b/test/models/rubygem_test.rb
index f27fe34e490..7b23a1573de 100644
--- a/test/models/rubygem_test.rb
+++ b/test/models/rubygem_test.rb
@@ -15,6 +15,7 @@ class RubygemTest < ActiveSupport::TestCase
     should have_many(:versions).dependent(:destroy)
     should have_many(:web_hooks).dependent(:destroy)
     should have_one(:linkset).dependent(:destroy)
+    should belong_to(:organization).optional
     should validate_uniqueness_of(:name).case_insensitive
     should allow_value("rails").for(:name)
     should allow_value("awesome42").for(:name)
@@ -447,6 +448,26 @@ class RubygemTest < ActiveSupport::TestCase
       end
     end
 
+    context "with a user that belongs to an organization" do
+      setup do
+        @owner = create(:user)
+        @admin = create(:user)
+        @maintainer = create(:user)
+        @guest = create(:user)
+
+        @organization = create(:organization, admins: [@admin], owners: [@owner], maintainers: [@maintainer], rubygems: [@rubygem])
+      end
+
+      should "be owned by organization user" do
+        assert @rubygem.owned_by?(@owner)
+        assert @rubygem.owned_by?(@admin)
+        assert @rubygem.owned_by?(@maintainer)
+        refute @rubygem.owned_by?(@guest)
+
+        refute_predicate @rubygem, :unowned?
+      end
+    end
+
     context "with subscribed users" do
       setup do
         @subscribed_user   = create(:user)
diff --git a/test/policies/admin/organization_onboarding_invite_policy_test.rb b/test/policies/admin/organization_onboarding_invite_policy_test.rb
new file mode 100644
index 00000000000..164c423fc36
--- /dev/null
+++ b/test/policies/admin/organization_onboarding_invite_policy_test.rb
@@ -0,0 +1,38 @@
+require "test_helper"
+
+class Admin::OrganizationOnboardingInvitePolicyTest < AdminPolicyTestCase
+  setup do
+    @onboarding_invite = FactoryBot.create(:organization_onboarding_invite)
+    @admin = FactoryBot.create(:admin_github_user, :is_admin)
+    @non_admin = FactoryBot.create(:admin_github_user)
+  end
+
+  def test_scope
+    assert_equal [@onboarding_invite], policy_scope!(@admin, OrganizationOnboardingInvite).to_a
+  end
+
+  def test_avo_index
+    assert_authorizes @admin, OrganizationOnboardingInvite, :avo_index?
+    refute_authorizes @non_admin, OrganizationOnboardingInvite, :avo_index?
+  end
+
+  def test_avo_show
+    assert_authorizes @admin, OrganizationOnboardingInvite, :avo_show?
+    refute_authorizes @non_admin, OrganizationOnboardingInvite, :avo_show?
+  end
+
+  def test_avo_create
+    refute_authorizes @admin, OrganizationOnboardingInvite, :avo_create?
+    refute_authorizes @non_admin, OrganizationOnboardingInvite, :avo_create?
+  end
+
+  def test_avo_update
+    refute_authorizes @admin, @onboarding_invite, :avo_update?
+    refute_authorizes @non_admin, @onboarding_invite, :avo_update?
+  end
+
+  def test_avo_destroy
+    refute_authorizes @admin, @onboarding_invite, :avo_destroy?
+    refute_authorizes @non_admin, @onboarding_invite, :avo_destroy?
+  end
+end
diff --git a/test/policies/admin/organization_onboarding_policy_test.rb b/test/policies/admin/organization_onboarding_policy_test.rb
new file mode 100644
index 00000000000..f708c49f43e
--- /dev/null
+++ b/test/policies/admin/organization_onboarding_policy_test.rb
@@ -0,0 +1,38 @@
+require "test_helper"
+
+class Admin::OrganizationOnboardingPolicyTest < AdminPolicyTestCase
+  setup do
+    @onboarding = FactoryBot.create(:organization_onboarding)
+    @admin = FactoryBot.create(:admin_github_user, :is_admin)
+    @non_admin = FactoryBot.create(:admin_github_user)
+  end
+
+  def test_scope
+    assert_equal [@onboarding], policy_scope!(@admin, OrganizationOnboarding).to_a
+  end
+
+  def test_avo_index
+    assert_authorizes @admin, OrganizationOnboarding, :avo_index?
+    refute_authorizes @non_admin, OrganizationOnboarding, :avo_index?
+  end
+
+  def test_avo_show
+    assert_authorizes @admin, OrganizationOnboarding, :avo_show?
+    refute_authorizes @non_admin, OrganizationOnboarding, :avo_show?
+  end
+
+  def test_avo_create
+    refute_authorizes @admin, OrganizationOnboarding, :avo_create?
+    refute_authorizes @non_admin, OrganizationOnboarding, :avo_create?
+  end
+
+  def test_avo_update
+    refute_authorizes @admin, @onboarding, :avo_update?
+    refute_authorizes @non_admin, @onboarding, :avo_update?
+  end
+
+  def test_avo_destroy
+    refute_authorizes @admin, @onboarding, :avo_destroy?
+    refute_authorizes @non_admin, @onboarding, :avo_destroy?
+  end
+end
diff --git a/test/policies/membership_policy_test.rb b/test/policies/membership_policy_test.rb
new file mode 100644
index 00000000000..cc3e3465a3c
--- /dev/null
+++ b/test/policies/membership_policy_test.rb
@@ -0,0 +1,122 @@
+require "test_helper"
+class MembershipPolicyTest < PolicyTestCase
+  setup do
+    @owner = create(:user, handle: "owner")
+    @admin = create(:user, handle: "admin")
+    @maintainer = create(:user, handle: "maintainer")
+    @guest = create(:user)
+    @organization = create(:organization, owners: [@owner], admins: [@admin], maintainers: [@maintainer])
+  end
+
+  def policy!(user, record = Membership)
+    Pundit.policy!(user, record)
+  end
+
+  context "#create?" do
+    context "adding an owner" do
+      should "be authorized for org owners only" do
+        membership = build(:membership, :owner, organization: @organization)
+
+        assert_authorized policy!(@owner, membership), :create?
+
+        refute_authorized policy!(@admin, membership), :create?
+        refute_authorized policy!(@maintainer, membership), :create?
+        refute_authorized policy!(@guest, membership), :create?
+      end
+    end
+
+    context "adding an admin" do
+      should "be authorized for org admins and owners" do
+        membership = build(:membership, :admin, organization: @organization)
+
+        assert_authorized policy!(@owner, membership), :create?
+        assert_authorized policy!(@admin, membership), :create?
+
+        refute_authorized policy!(@maintainer, membership), :create?
+        refute_authorized policy!(@guest, membership), :create?
+      end
+    end
+  end
+
+  context "#update?" do
+    context "changing to owner" do
+      should "be authorized for org owners only" do
+        membership = create(:membership, :admin, organization: @organization)
+        membership.role = :owner
+
+        assert_authorized policy!(@owner, membership), :update?
+
+        refute_authorized policy!(@admin, membership), :update?
+        refute_authorized policy!(@maintainer, membership), :update?
+        refute_authorized policy!(@guest, membership), :update?
+      end
+    end
+
+    context "changing from owner" do
+      should "be authorized for org owners only" do
+        membership = create(:membership, :owner, organization: @organization)
+        membership.role = :admin
+
+        assert_authorized policy!(@owner, membership), :update?
+
+        refute_authorized policy!(@admin, membership), :update?
+        refute_authorized policy!(@maintainer, membership), :update?
+        refute_authorized policy!(@guest, membership), :update?
+      end
+    end
+
+    context "changing from admin" do
+      should "be authorized for org admins and owners" do
+        membership = create(:membership, :admin, organization: @organization)
+        membership.role = :maintainer
+
+        assert_authorized policy!(@owner, membership), :update?
+        assert_authorized policy!(@admin, membership), :update?
+
+        refute_authorized policy!(@maintainer, membership), :update?
+        refute_authorized policy!(@guest, membership), :update?
+      end
+    end
+
+    context "changing to admin" do
+      should "be authorized for org admins and owners" do
+        membership = create(:membership, :maintainer, organization: @organization)
+        membership.role = :admin
+
+        assert_authorized policy!(@owner, membership), :update?
+        assert_authorized policy!(@admin, membership), :update?
+
+        refute_authorized policy!(@maintainer, membership), :update?
+        refute_authorized policy!(@guest, membership), :update?
+      end
+    end
+  end
+
+  context "#destroy?" do
+    context "removing owner" do
+      should "be authorized for org owners only" do
+        membership = create(:membership, :owner, organization: @organization)
+        membership.role = :admin
+
+        assert_authorized policy!(@owner, membership), :update?
+
+        refute_authorized policy!(@admin, membership), :update?
+        refute_authorized policy!(@maintainer, membership), :update?
+        refute_authorized policy!(@guest, membership), :update?
+      end
+    end
+
+    context "removing admin" do
+      should "be authorized for org admins and owners" do
+        membership = create(:membership, :admin, organization: @organization)
+        membership.role = :maintainer
+
+        assert_authorized policy!(@owner, membership), :update?
+        assert_authorized policy!(@admin, membership), :update?
+
+        refute_authorized policy!(@maintainer, membership), :update?
+        refute_authorized policy!(@guest, membership), :update?
+      end
+    end
+  end
+end
diff --git a/test/policies/organization_policy_test.rb b/test/policies/organization_policy_test.rb
index d65ac86769a..ca032ba3bd0 100644
--- a/test/policies/organization_policy_test.rb
+++ b/test/policies/organization_policy_test.rb
@@ -1,9 +1,9 @@
 require "test_helper"
-class OrganisationPolicyTest < PolicyTestCase
+class OrganizationPolicyTest < PolicyTestCase
   setup do
-    @owner = create(:user)
-    @admin = create(:user)
-    @maintainer = create(:user)
+    @owner = create(:user, handle: "owner")
+    @admin = create(:user, handle: "admin")
+    @maintainer = create(:user, handle: "maintainer")
     @guest = create(:user)
     @organization = create(:organization, owners: [@owner], admins: [@admin], maintainers: [@maintainer])
   end
@@ -12,10 +12,38 @@ def policy!(user)
     Pundit.policy!(user, @organization)
   end
 
+  context "#show?" do
+    should "be authorized for all users" do
+      assert_authorized @owner, :show?
+      assert_authorized @admin, :show?
+      assert_authorized @maintainer, :show?
+      assert_authorized @guest, :show?
+    end
+  end
+
+  context "#create?" do
+    should "be authorized for all users" do
+      assert_authorized @owner, :create?
+      assert_authorized @admin, :create?
+      assert_authorized @maintainer, :create?
+      assert_authorized @guest, :create?
+    end
+  end
+
+  context "#destroy?" do
+    should "be disallowed for all users until further development" do
+      refute_authorized @owner, :destroy?
+      refute_authorized @admin, :destroy?
+      refute_authorized @maintainer, :destroy?
+      refute_authorized @guest, :destroy?
+    end
+  end
+
   context "#update?" do
     should "only be authorized if the user is an owner" do
       assert_authorized @owner, :update?
-      assert_authorized @admin, :update?
+
+      refute_authorized @admin, :update?
       refute_authorized @maintainer, :update?
       refute_authorized @guest, :update?
     end
@@ -25,6 +53,7 @@ def policy!(user)
     should "only be authorized if the user is an owner" do
       assert_authorized @owner, :add_gem?
       assert_authorized @admin, :add_gem?
+
       refute_authorized @maintainer, :add_gem?
       refute_authorized @guest, :add_gem?
     end
@@ -33,45 +62,20 @@ def policy!(user)
   context "#remove_gem?" do
     should "only be authorized if the user is an owner" do
       assert_authorized @owner, :remove_gem?
-      assert_authorized @admin, :remove_gem?
+
+      refute_authorized @admin, :remove_gem?
       refute_authorized @maintainer, :remove_gem?
       refute_authorized @guest, :remove_gem?
     end
   end
 
-  context "#add_membership?" do
+  context "#manage_memberships?" do
     should "only be authorized if the user is an owner" do
-      assert_authorized @owner, :add_membership?
-      assert_authorized @admin, :add_membership?
-      refute_authorized @maintainer, :add_membership?
-      refute_authorized @guest, :add_membership?
-    end
-  end
-
-  context "#update_membership?" do
-    should "only be authorized if the user is an owner" do
-      assert_authorized @owner, :update_membership?
-      assert_authorized @admin, :update_membership?
-      refute_authorized @maintainer, :update_membership?
-      refute_authorized @guest, :update_membership?
-    end
-  end
+      assert_authorized @owner, :manage_memberships?
+      assert_authorized @admin, :manage_memberships?
 
-  context "#remove_membership?" do
-    should "only be authorized if the user is an owner" do
-      assert_authorized @owner, :remove_membership?
-      assert_authorized @admin, :remove_membership?
-      refute_authorized @maintainer, :remove_membership?
-      refute_authorized @guest, :remove_membership?
-    end
-  end
-
-  context "#show_membership?" do
-    should "only be authorized if the user is an owner or maintainer" do
-      assert_authorized @owner, :show_membership?
-      assert_authorized @admin, :show_membership?
-      assert_authorized @maintainer, :show_membership?
-      refute_authorized @guest, :show_membership?
+      refute_authorized @maintainer, :manage_memberships?
+      refute_authorized @guest, :manage_memberships?
     end
   end
 
@@ -80,6 +84,7 @@ def policy!(user)
       assert_authorized @owner, :list_memberships?
       assert_authorized @admin, :list_memberships?
       assert_authorized @maintainer, :list_memberships?
+
       refute_authorized @guest, :list_memberships?
     end
   end
diff --git a/test/policies/rubygem_policy_test.rb b/test/policies/rubygem_policy_test.rb
index 97c0e982d26..4979fa27697 100644
--- a/test/policies/rubygem_policy_test.rb
+++ b/test/policies/rubygem_policy_test.rb
@@ -5,6 +5,23 @@ class RubygemPolicyTest < PolicyTestCase
     @owner = create(:user, handle: "owner")
     @maintainer = create(:user, handle: "maintainer")
     @rubygem = create(:rubygem, owners: [@owner], maintainers: [@maintainer])
+
+    @org_owner = create(:user, handle: "org_owner")
+    @org_admin = create(:user, handle: "org_admin")
+    @org_maintainer = create(:user, handle: "org_maintainer")
+    @organization = create(
+      :organization,
+      owners: [@org_owner],
+      maintainers: [@org_maintainer],
+      admins: [@org_admin]
+    )
+    @org_rubygem = create(
+      :rubygem,
+      organization: @organization,
+      owners: [@owner],
+      maintainers: [@maintainer]
+    )
+
     @user = create(:user, handle: "user")
   end
 
@@ -12,19 +29,43 @@ def policy!(user)
     Pundit.policy!(user, @rubygem)
   end
 
+  def org_policy!(user)
+    Pundit.policy!(user, @org_rubygem)
+  end
+
   context "#configure_oidc?" do
     should "only allow the owner" do
-      assert_authorized @owner, :configure_oidc?
-      refute_authorized @user, :configure_oidc?
-      refute_authorized nil, :configure_oidc?
+      assert_authorized policy!(@owner), :configure_oidc?
+      refute_authorized policy!(@user), :configure_oidc?
+      refute_authorized policy!(nil), :configure_oidc?
+    end
+
+    should "only allow owners, org owners and admins" do
+      assert_authorized org_policy!(@org_owner), :configure_oidc?
+      assert_authorized org_policy!(@org_admin), :configure_oidc?
+      assert_authorized org_policy!(@owner), :configure_oidc?
+
+      refute_authorized org_policy!(@org_maintainer), :configure_oidc?
+      refute_authorized org_policy!(@user), :configure_oidc?
+      refute_authorized org_policy!(nil), :configure_oidc?
     end
   end
 
   context "#manage_adoption?" do
     should "only allow the owner" do
-      assert_authorized @owner, :manage_adoption?
-      refute_authorized @user, :manage_adoption?
-      refute_authorized nil, :manage_adoption?
+      assert_authorized policy!(@owner), :manage_adoption?
+      refute_authorized policy!(@user), :manage_adoption?
+      refute_authorized policy!(nil), :manage_adoption?
+    end
+
+    should "only allow owners and org owners" do
+      assert_authorized org_policy!(@org_owner), :manage_adoption?
+      assert_authorized org_policy!(@owner), :manage_adoption?
+
+      refute_authorized org_policy!(@org_admin), :manage_adoption?
+      refute_authorized org_policy!(@org_maintainer), :manage_adoption?
+      refute_authorized org_policy!(@user), :manage_adoption?
+      refute_authorized org_policy!(nil), :manage_adoption?
     end
   end
 
@@ -32,7 +73,7 @@ def policy!(user)
     should "be true if the gem has ownership calls" do
       create(:ownership_call, rubygem: @rubygem, user: @owner)
 
-      assert_authorized @user, :request_ownership?
+      assert_authorized policy!(@user), :request_ownership?
     end
 
     should "be false if the gem has more than 10,000 downloads" do
@@ -40,101 +81,143 @@ def policy!(user)
       create(:version, rubygem: @rubygem, created_at: 2.years.ago)
 
       assert_operator @rubygem.downloads, :>, RubygemPolicy::ABANDONED_DOWNLOADS_MAX
-      refute_authorized @user, :request_ownership?
+      refute_authorized policy!(@user), :request_ownership?
     end
 
     should "be false if the gem has no versions" do
       assert_empty @rubygem.versions
-      refute_authorized @user, :request_ownership?
+      refute_authorized policy!(@user), :request_ownership?
     end
 
     context "when the gem has a version newer than 1 year" do
       should "be false" do
         create(:version, rubygem: @rubygem, created_at: 11.months.ago)
 
-        refute_authorized @user, :request_ownership?
+        refute_authorized policy!(@user), :request_ownership?
       end
     end
 
     should "be true if the gem's latest version is older than 1 year and less than 10,000 downloads" do
       create(:version, rubygem: @rubygem, created_at: 2.years.ago)
 
-      assert_authorized @user, :request_ownership?
+      assert_authorized policy!(@user), :request_ownership?
     end
   end
 
   context "#close_ownership_requests" do
     should "only allow the owner to close ownership requests" do
-      assert_authorized @owner, :close_ownership_requests?
-      refute_authorized @maintainer, :close_ownership_requests?
-      refute_authorized @user, :close_ownership_requests?
+      assert_authorized policy!(@owner), :close_ownership_requests?
+      refute_authorized policy!(@maintainer), :close_ownership_requests?
+      refute_authorized policy!(@user), :close_ownership_requests?
+    end
+
+    should "only allow owners and org owners" do
+      assert_authorized org_policy!(@org_owner), :close_ownership_requests?
+      assert_authorized org_policy!(@owner), :close_ownership_requests?
+
+      refute_authorized org_policy!(@org_admin), :close_ownership_requests?
+      refute_authorized org_policy!(@org_maintainer), :close_ownership_requests?
+      refute_authorized org_policy!(@user), :close_ownership_requests?
+      refute_authorized org_policy!(nil), :close_ownership_requests?
     end
   end
 
   context "#show_adoption?" do
     should "be true if the gem is owned by the user" do
-      assert_authorized @owner, :show_adoption?
-      refute_authorized @maintainer, :show_adoption?
+      assert_authorized policy!(@owner), :show_adoption?
+      refute_authorized policy!(@maintainer), :show_adoption?
     end
 
     should "be true if the rubygem is adoptable" do
       create(:version, rubygem: @rubygem, created_at: 2.years.ago)
 
-      assert_authorized @user, :show_adoption?
+      assert_authorized policy!(@user), :show_adoption?
     end
   end
 
   context "#show_events?" do
-    should "only allow the owner" do
-      assert_authorized @owner, :show_events?
-      assert_authorized @maintainer, :show_events?
-      refute_authorized @user, :show_events?
-      refute_authorized nil, :show_events?
+    should "only allow the owner and maintainer" do
+      assert_authorized policy!(@owner), :show_events?
+      assert_authorized policy!(@maintainer), :show_events?
+      refute_authorized policy!(@user), :show_events?
+      refute_authorized policy!(nil), :show_events?
+    end
+
+    should "only allow anyone with access to the gem" do
+      assert_authorized org_policy!(@org_owner), :show_events?
+      assert_authorized org_policy!(@org_admin), :show_events?
+      assert_authorized org_policy!(@org_maintainer), :show_events?
+      assert_authorized org_policy!(@owner), :show_events?
+      assert_authorized org_policy!(@maintainer), :show_events?
+
+      refute_authorized org_policy!(@user), :show_events?
+      refute_authorized org_policy!(nil), :show_events?
     end
   end
 
   context "#configure_trusted_publishers?" do
     should "only allow the owner" do
-      assert_authorized @owner, :configure_trusted_publishers?
-      refute_authorized @maintainer, :configure_trusted_publishers?
-      refute_authorized @user, :configure_trusted_publishers?
-      refute_authorized nil, :configure_trusted_publishers?
+      assert_authorized policy!(@owner), :configure_trusted_publishers?
+      refute_authorized policy!(@maintainer), :configure_trusted_publishers?
+      refute_authorized policy!(@user), :configure_trusted_publishers?
+      refute_authorized policy!(nil), :configure_trusted_publishers?
+    end
+
+    should "only allow owners, org owners and admins" do
+      assert_authorized org_policy!(@org_owner), :configure_trusted_publishers?
+      assert_authorized org_policy!(@org_admin), :configure_trusted_publishers?
+      assert_authorized org_policy!(@owner), :configure_trusted_publishers?
+
+      refute_authorized org_policy!(@org_maintainer), :configure_trusted_publishers?
+      refute_authorized org_policy!(@maintainer), :configure_trusted_publishers?
+      refute_authorized org_policy!(@user), :configure_trusted_publishers?
+      refute_authorized org_policy!(nil), :configure_trusted_publishers?
     end
   end
 
   context "#show_unconfirmed_ownerships?" do
     should "only allow the owner" do
-      assert_authorized @owner, :show_unconfirmed_ownerships?
-      refute_authorized @maintainer, :show_unconfirmed_ownerships?
-      refute_authorized @user, :show_unconfirmed_ownerships?
-      refute_authorized nil, :show_unconfirmed_ownerships?
+      assert_authorized policy!(@owner), :show_unconfirmed_ownerships?
+      refute_authorized policy!(@maintainer), :show_unconfirmed_ownerships?
+      refute_authorized policy!(@user), :show_unconfirmed_ownerships?
+      refute_authorized policy!(nil), :show_unconfirmed_ownerships?
+    end
+
+    should "only allow owners, org owners and admins" do
+      assert_authorized org_policy!(@org_owner), :show_unconfirmed_ownerships?
+      assert_authorized org_policy!(@org_admin), :show_unconfirmed_ownerships?
+      assert_authorized org_policy!(@owner), :show_unconfirmed_ownerships?
+
+      refute_authorized org_policy!(@org_maintainer), :show_unconfirmed_ownerships?
+      refute_authorized org_policy!(@user), :show_unconfirmed_ownerships?
+      refute_authorized org_policy!(nil), :show_unconfirmed_ownerships?
     end
   end
 
   context "#add_owner?" do
     should "only allow the owner" do
-      assert_authorized @owner, :add_owner?
-      refute_authorized @maintainer, :add_owner?
-      refute_authorized @user, :add_owner?
-      refute_authorized nil, :add_owner?
+      assert_authorized policy!(@owner), :add_owner?
+      refute_authorized policy!(@maintainer), :add_owner?
+      refute_authorized policy!(@user), :add_owner?
+      refute_authorized policy!(nil), :add_owner?
     end
   end
 
   context "#update_owner?" do
     should "only allow the owner" do
-      assert_authorized @owner, :update_owner?
-      refute_authorized @maintainer, :update_owner?
-      refute_authorized @user, :update_owner?
-      refute_authorized nil, :update_owner?
+      assert_authorized policy!(@owner), :update_owner?
+      refute_authorized policy!(@maintainer), :update_owner?
+      refute_authorized policy!(@user), :update_owner?
+      refute_authorized policy!(nil), :update_owner?
     end
   end
 
   context "#remove_owner?" do
     should "only allow the owner" do
-      assert_authorized @owner, :remove_owner?
-      refute_authorized @maintainer, :remove_owner?
-      refute_authorized @user, :remove_owner?
-      refute_authorized nil, :remove_owner?
+      assert_authorized policy!(@owner), :remove_owner?
+      refute_authorized policy!(@maintainer), :remove_owner?
+      refute_authorized policy!(@user), :remove_owner?
+      refute_authorized policy!(nil), :remove_owner?
     end
   end
 end
diff --git a/test/system/onboarding_test.rb b/test/system/onboarding_test.rb
new file mode 100644
index 00000000000..280a7742e03
--- /dev/null
+++ b/test/system/onboarding_test.rb
@@ -0,0 +1,103 @@
+require "application_system_test_case"
+
+class OnboardingTest < ApplicationSystemTestCase
+  setup do
+    @user = create(:user, :mfa_enabled)
+    @other_user = create(:user)
+    @admin = create(:user)
+    @maintainer = create(:user)
+    @rubygem = create(:rubygem, owners: [@user, @other_user, @admin, @maintainer])
+    @other_rubygem = create(:rubygem, owners: [@user, @other_user])
+  end
+
+  test "onboarding an organization with a single gem and user" do
+    visit sign_in_path
+
+    click_link "login as #{@user[:handle]}"
+
+    visit organization_onboarding_path
+
+    assert_text "Create an Org"
+
+    visit organization_onboarding_name_path
+
+    find("label", text: "a gem you own").click
+
+    select @rubygem.name, from: "rubygems.org/organizations/"
+
+    click_button "Continue"
+
+    assert_text "Add gems to your Org"
+
+    click_button "Continue"
+
+    assert_text "Manage Members"
+
+    click_button "Continue"
+
+    assert_text "Finalize"
+
+    click_button "Create Org"
+  end
+
+  test "onboarding an organization with multiple gems and users" do
+    visit sign_in_path
+
+    click_link "login as #{@user[:handle]}"
+
+    visit organization_onboarding_name_path
+
+    find("label", text: "a gem you own").click
+
+    select @rubygem.name, from: "rubygems.org/organizations/"
+
+    click_button "Continue"
+
+    assert_text "Add gems to your Org"
+
+    check @other_rubygem.name
+
+    click_button "Continue"
+
+    assert_text "Manage Members"
+
+    select "Owner", from: @other_user.handle
+
+    click_button "Continue"
+
+    assert_text "Finalize"
+
+    click_button "Create Org"
+  end
+
+  test "onboarding an organization with many different user roles" do
+    visit sign_in_path
+
+    click_link "login as #{@user[:handle]}"
+
+    visit organization_onboarding_name_path
+
+    find("label", text: "a gem you own").click
+
+    select @rubygem.name, from: "rubygems.org/organizations/"
+
+    click_button "Continue"
+
+    assert_text "Add gems to your Org"
+
+    check @other_rubygem.name
+
+    click_button "Continue"
+
+    assert_text "Manage Members"
+
+    select "Owner", from: @other_user.handle
+    select "Admin", from: @admin.handle
+
+    click_button "Continue"
+
+    assert_text "Finalize"
+
+    click_button "Create Org"
+  end
+end
diff --git a/test/test_helper.rb b/test/test_helper.rb
index 4d08b5d0cc0..ea5aaba7cf0 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -45,7 +45,9 @@
   allow_localhost: true,
   allow: [
     "chromedriver.storage.googleapis.com",
-    "search" # Devcontainer OpenSearch container
+    "search", # DevContainer services
+    "selenium",
+    "rails-app"
   ]
 )
 WebMock.globally_stub_request(:after_local_stubs) do |request|
diff --git a/test/unit/avo/actions/onboard_organization_test.rb b/test/unit/avo/actions/onboard_organization_test.rb
new file mode 100644
index 00000000000..bd68bc9e3cc
--- /dev/null
+++ b/test/unit/avo/actions/onboard_organization_test.rb
@@ -0,0 +1,40 @@
+require "test_helper"
+
+class OnboardOrganizationTest < ActiveSupport::TestCase
+  setup do
+    @onboarding = create(:organization_onboarding)
+    @current_user = create(:admin_github_user, :is_admin)
+    @resource = Avo::Resources::OrganizationOnboarding.new.hydrate(record: @onboarding)
+    @action = Avo::Actions::OnboardOrganization.new(resource: @resource, user: @current_user, view: :edit)
+  end
+
+  should "onboard an organization" do
+    args = {
+      current_user: @current_user,
+      resource: @resource,
+      fields: {
+        comment: "Onboarding a new organization 1234567"
+      },
+      query: [@onboarding]
+    }
+
+    @action.handle(**args)
+
+    assert_predicate @onboarding.reload, :completed?
+  end
+
+  # Avo does not have an easy and direct way to test the message & visible class attributes.
+  # calling the lambda directly will raise an error because Avo requires the entire app to be loaded.
+
+  should "ask for confirmation" do
+    action_mock = Data.define(:record).new(record: @onboarding)
+
+    assert_not_nil action_mock.instance_exec(&Avo::Actions::OnboardOrganization.message)
+  end
+
+  should "be visible" do
+    action_mock = Data.define(:current_user, :view, :record).new(current_user: @current_user, view: :show, record: @onboarding)
+
+    assert action_mock.instance_exec(&Avo::Actions::OnboardOrganization.visible)
+  end
+end
diff --git a/vendor/javascript/@stimulus-components--checkbox-select-all.js b/vendor/javascript/@stimulus-components--checkbox-select-all.js
new file mode 100644
index 00000000000..a64fd75896d
--- /dev/null
+++ b/vendor/javascript/@stimulus-components--checkbox-select-all.js
@@ -0,0 +1,4 @@
+// @stimulus-components/checkbox-select-all@6.0.0 downloaded from https://ga.jspm.io/npm:@stimulus-components/checkbox-select-all@6.0.0/dist/stimulus-checkbox-select-all.mjs
+
+import{Controller as e}from"@hotwired/stimulus";const t=class _CheckboxSelectAll extends e{initialize(){this.toggle=this.toggle.bind(this),this.refresh=this.refresh.bind(this)}checkboxAllTargetConnected(e){e.addEventListener("change",this.toggle),this.refresh()}checkboxTargetConnected(e){e.addEventListener("change",this.refresh),this.refresh()}checkboxAllTargetDisconnected(e){e.removeEventListener("change",this.toggle),this.refresh()}checkboxTargetDisconnected(e){e.removeEventListener("change",this.refresh),this.refresh()}toggle(e){e.preventDefault(),this.checkboxTargets.forEach((t=>{t.checked=e.target.checked,this.triggerInputEvent(t)}))}refresh(){const e=this.checkboxTargets.length,t=this.checked.length;this.checkboxAllTarget.checked=t>0,this.checkboxAllTarget.indeterminate=t>0&&t<e}triggerInputEvent(e){const t=new Event("input",{bubbles:!1,cancelable:!0});e.dispatchEvent(t)}get checked(){return this.checkboxTargets.filter((e=>e.checked))}get unchecked(){return this.checkboxTargets.filter((e=>!e.checked))}};t.targets=["checkboxAll","checkbox"];let h=t;export{h as default};
+

From 4d6f99fc0961309a61d499b3515a3c9557c34931 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Nov 2024 08:31:13 -0600
Subject: [PATCH 368/381] Bump faraday from 2.12.0 to 2.12.1 (#5230)

---
 Gemfile.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 1c4a7655930..9c1ae98f82f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -262,16 +262,16 @@ GEM
     factory_bot_rails (6.4.4)
       factory_bot (~> 6.5)
       railties (>= 5.0.0)
-    faraday (2.12.0)
-      faraday-net_http (>= 2.0, < 3.4)
+    faraday (2.12.1)
+      faraday-net_http (>= 2.0, < 3.5)
       json
       logger
     faraday-follow_redirects (0.3.0)
       faraday (>= 1, < 3)
     faraday-multipart (1.0.4)
       multipart-post (~> 2)
-    faraday-net_http (3.3.0)
-      net-http
+    faraday-net_http (3.4.0)
+      net-http (>= 0.5.0)
     faraday-restrict-ip-addresses (0.3.0)
       faraday (> 1.0, < 3.0)
     faraday-retry (2.2.1)
@@ -356,7 +356,7 @@ GEM
     jmespath (1.6.2)
     job-iteration (1.5.1)
       activejob (>= 5.2)
-    json (2.8.1)
+    json (2.8.2)
     json-jwt (1.16.7)
       activesupport (>= 4.2)
       aes_key_wrap
@@ -475,7 +475,7 @@ GEM
       bigdecimal (~> 3.1)
     multipart-post (2.4.1)
     mutex_m (0.2.0)
-    net-http (0.4.1)
+    net-http (0.5.0)
       uri
     net-imap (0.5.0)
       date
@@ -823,7 +823,7 @@ GEM
     unpwn (1.0.0)
       bloomer (~> 1.0)
       pwned (~> 2.0)
-    uri (0.13.1)
+    uri (1.0.2)
     user_agent_parser (2.18.0)
     useragent (0.16.10)
     validate_url (1.0.15)
@@ -1077,10 +1077,10 @@ CHECKSUMS
   et-orbi (1.2.11) sha256=d26e868cc21db88280a9ec1a50aa3da5d267eb9b2037ba7b831d6c2731f5df64
   factory_bot (6.5.0) sha256=6374b3a3593b8077ee9856d553d2e84d75b47b912cc24eafea4062f9363d2261
   factory_bot_rails (6.4.4) sha256=139e17caa2c50f098fddf5e5e1f29e8067352024e91ca1186d018b36589e5c88
-  faraday (2.12.0) sha256=d106d0b1bc2548a8c0c34619a657a5e4aeae2780f951b0e095c8f803bbbf4517
+  faraday (2.12.1) sha256=23f2128bf5d40533806b3a3f0444cca218d76d0af25320db8e782bf42ae0aa6f
   faraday-follow_redirects (0.3.0) sha256=d92d975635e2c7fe525dd494fcd4b9bb7f0a4a0ec0d5f4c15c729530fdb807f9
   faraday-multipart (1.0.4) sha256=9012021ab57790f7d712f590b48d5f948b19b43cfa11ca83e6459f06090b0725
-  faraday-net_http (3.3.0) sha256=93e6b0f679b1e8e358bcb4e983a52328dfc47ebbe6a232e4f9e8aba9c924e565
+  faraday-net_http (3.4.0) sha256=a1f1e4cd6a2cf21599c8221595e27582d9936819977bbd4089a601f24c64e54a
   faraday-restrict-ip-addresses (0.3.0) sha256=2db7f6da6f59fa73a9d4ffe96b2b46a4b2b2c4d177e44a1962c1921d32ec7279
   faraday-retry (2.2.1) sha256=4146fed14549c0580bf14591fca419a40717de0dd24f267a8ec2d9a728677608
   faraday_middleware-aws-sigv4 (1.0.1) sha256=a001ea4f687ca1c60bad8f2a627196905ce3dbf285e461dc153240e92eaabe8f
@@ -1120,7 +1120,7 @@ CHECKSUMS
   irb (1.14.1) sha256=5975003b58d36efaf492380baa982ceedf5aed36967a4d5b40996bc5c66e80f8
   jmespath (1.6.2) sha256=238d774a58723d6c090494c8879b5e9918c19485f7e840f2c1c7532cf84ebcb1
   job-iteration (1.5.1) sha256=1428ad5b308adbaae8776c16b7792a846eb1ad7f4ab3c6e0f9668dd2ab1179e5
-  json (2.8.1) sha256=404e8ca4c2ef6c7a6fa15bb9e2e280f3523334b78a83f22268297fe7939ee22a
+  json (2.8.2) sha256=dd4fa6c9c81daecf72b86ea36e56ed8955fdbb4d4dc379c93d313a59344486cf
   json-jwt (1.16.7) sha256=ccabff4c6d1a14276b23178e8bebe513ef236399b72a0b886d7ed94800d172a5
   jwt (2.7.1) sha256=07357cd2f180739b2f8184eda969e252d850ac996ed0a23f616e8ff0a90ae19b
   kaminari (1.2.2) sha256=c4076ff9adccc6109408333f87b5c4abbda5e39dc464bd4c66d06d9f73442a3e
@@ -1167,7 +1167,7 @@ CHECKSUMS
   multi_xml (0.7.1) sha256=4fce100c68af588ff91b8ba90a0bb3f0466f06c909f21a32f4962059140ba61b
   multipart-post (2.4.1) sha256=9872d03a8e552020ca096adadbf5e3cb1cd1cdd6acd3c161136b8a5737cdb4a8
   mutex_m (0.2.0) sha256=b6ef0c6c842ede846f2ec0ade9e266b1a9dac0bc151682b04835e8ebd54840d5
-  net-http (0.4.1) sha256=a96efc5ea18bcb9715e24dda4159d10f67ff0345c8a980d04630028055b2c282
+  net-http (0.5.0) sha256=ed7f88205afe03bf53142a4b81ded91f2c01522dcf03089cb6ad4acb476ce1da
   net-imap (0.5.0) sha256=b8281598f3c1860679a88de19287673c6835bed6cf0fe1710fb96a5ffcb94aa0
   net-pop (0.1.2) sha256=848b4e982013c15b2f0382792268763b748cce91c9e91e36b0f27ed26420dff3
   net-protocol (0.2.2) sha256=aa73e0cba6a125369de9837b8d8ef82a61849360eba0521900e2c3713aa162a8
@@ -1306,7 +1306,7 @@ CHECKSUMS
   tzinfo (2.0.6) sha256=8daf828cc77bcf7d63b0e3bdb6caa47e2272dcfaf4fbfe46f8c3a9df087a829b
   unicode-display_width (2.6.0) sha256=12279874bba6d5e4d2728cef814b19197dbb10d7a7837a869bab65da943b7f5a
   unpwn (1.0.0) sha256=6239d17d46a882b3719b24fb79c78a34caff89d57ab0f5e546be5b5c882bc7d3
-  uri (0.13.1) sha256=df2d8b13e3e8c8a43432637e2ace4f9de7b42674361b4dd26302b40f7d7fcd1e
+  uri (1.0.2) sha256=b303504ceb7e5905771fa7fa14b649652fa949df18b5880d69cfb12494791e27
   user_agent_parser (2.18.0) sha256=aa943b91da8906cace7d3fe16b450c9d77b68f571485c11e577af97aecb25584
   useragent (0.16.10) sha256=1794380d9ea5c087d687bbfe14752f81839293f238c1132ef05c9344f09e65bb
   validate_url (1.0.15) sha256=72fe164c0713d63a9970bd6700bea948babbfbdcec392f2342b6704042f57451

From a76accde85fecc31903838143132ed938caea5b5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Nov 2024 08:31:27 -0600
Subject: [PATCH 369/381] Bump rackup from 2.2.0 to 2.2.1 (#5231)

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 9c1ae98f82f..6b22f3f4f0c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -613,7 +613,7 @@ GEM
       rack (>= 3.0.0)
     rack-test (2.1.0)
       rack (>= 1.3)
-    rackup (2.2.0)
+    rackup (2.2.1)
       rack (>= 3)
     rails (7.2.1.1)
       actioncable (= 7.2.1.1)
@@ -1224,7 +1224,7 @@ CHECKSUMS
   rack-sanitizer (2.0.3) sha256=3e492e1b56b0005fb1b56d77dff996821059aad4321634883ae3c42c865f9af0
   rack-session (2.0.0) sha256=db04b2063e180369192a9046b4559af311990af38c6a93d4c600cee4eb6d4e81
   rack-test (2.1.0) sha256=0c61fc61904049d691922ea4bb99e28004ed3f43aa5cfd495024cc345f125dfb
-  rackup (2.2.0) sha256=72335d0c0e32497692cb9998b15b2ef9ebfe77a430d72ac06d49db3b05ea543d
+  rackup (2.2.1) sha256=f737191fd5c5b348b7f0a4412a3b86383f88c43e13b8217b63d4c8d90b9e798d
   rails (7.2.1.1) sha256=79dbdb6feebf78c1172b643a273a4b1c6c8a18e101a4bb1c838be611a3cdcae7
   rails-controller-testing (1.0.5) sha256=741448db59366073e86fc965ba403f881c636b79a2c39a48d0486f2607182e94
   rails-dom-testing (2.2.0) sha256=e515712e48df1f687a1d7c380fd7b07b8558faa26464474da64183a7426fa93b

From 9571ff1a5c905ab214b1edab7c5592a64320c777 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Thu, 14 Nov 2024 11:41:23 -0600
Subject: [PATCH 370/381] Fix verifying sigstore bundles for github trusted
 publishers (#5234)

We dont have the original jwt around any more, so re-create the policy based on whats intrinsic to the trusted publisher itself

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 .../oidc/trusted_publisher/github_action.rb   | 21 ++++++++++++++-----
 app/models/pusher.rb                          |  2 +-
 test/integration/push_test.rb                 |  3 +--
 3 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/app/models/oidc/trusted_publisher/github_action.rb b/app/models/oidc/trusted_publisher/github_action.rb
index 11bb59e7633..dfff396e0d8 100644
--- a/app/models/oidc/trusted_publisher/github_action.rb
+++ b/app/models/oidc/trusted_publisher/github_action.rb
@@ -119,11 +119,22 @@ def to_access_policy(jwt)
     )
   end
 
-  def to_sigstore_identity_policy(ref)
-    Sigstore::Policy::Identity.new(
-      identity: "https://github.com/#{repository}/#{workflow_slug}@#{ref}",
-      issuer: OIDC::Provider::GITHUB_ACTIONS_ISSUER
-    )
+  class SigstorePolicy
+    def initialize(trusted_publisher)
+      @trusted_publisher = trusted_publisher
+    end
+
+    def verify(cert)
+      ref = cert.openssl.find_extension("1.3.6.1.4.1.57264.1.14")&.value_der&.then { OpenSSL::ASN1.decode(_1).value }
+      Sigstore::Policy::Identity.new(
+        identity: "https://github.com/#{@trusted_publisher.repository}/#{@trusted_publisher.workflow_slug}@#{ref}",
+        issuer: OIDC::Provider::GITHUB_ACTIONS_ISSUER
+      ).verify(cert)
+    end
+  end
+
+  def to_sigstore_identity_policy
+    SigstorePolicy.new(self)
   end
 
   def name
diff --git a/app/models/pusher.rb b/app/models/pusher.rb
index 8a7f5508376..0f0dab75908 100644
--- a/app/models/pusher.rb
+++ b/app/models/pusher.rb
@@ -175,7 +175,7 @@ def verify_sigstore
     return true if attestations.blank?
     return notify("Pushing with an attestation requires trusted publishing", 400) unless api_key.trusted_publisher?
 
-    policy = api_key.owner.to_sigstore_identity_policy(api_key.oidc_id_token.jwt.dig("claims", "ref"))
+    policy = api_key.owner.to_sigstore_identity_policy
 
     artifact = Sigstore::Verification::V1::Artifact.new
     artifact.artifact = body.string
diff --git a/test/integration/push_test.rb b/test/integration/push_test.rb
index dcfc45ac0a3..ae4471a3852 100644
--- a/test/integration/push_test.rb
+++ b/test/integration/push_test.rb
@@ -25,8 +25,7 @@ class PushTest < ActionDispatch::IntegrationTest
     )
 
     @key = "543321"
-    api_key = create(:api_key, owner: rubygem_trusted_publisher.trusted_publisher, key: @key, scopes: %i[push_rubygem])
-    create(:oidc_id_token, api_key: api_key, jwt: { claims: { "ref" => "refs/heads/main" } })
+    create(:api_key, owner: rubygem_trusted_publisher.trusted_publisher, key: @key, scopes: %i[push_rubygem])
 
     signing_jwt = ["", {
       aud: "sigstore",

From 90773ab0773eb2278c4f78aeafea8cb7ecf43b47 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Thu, 14 Nov 2024 12:56:15 -0600
Subject: [PATCH 371/381] Fix build_file_url variable name (#5236)

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 app/models/attestation.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/models/attestation.rb b/app/models/attestation.rb
index cd21dc25bab..e85eac9e770 100644
--- a/app/models/attestation.rb
+++ b/app/models/attestation.rb
@@ -29,7 +29,7 @@ def display_data # rubocop:disable Metrics/MethodLength
     commit = extensions["1.3.6.1.4.1.57264.1.3"]
     ref  =  extensions["1.3.6.1.4.1.57264.1.14"]
     san  =  extensions["subjectAltName"]
-    build_summary_url = extensions["1.3.6.1.4.1.57264.1.21"]
+    build_file_url = extensions["1.3.6.1.4.1.57264.1.21"]
 
     case issuer
     when "https://token.actions.githubusercontent.com"
@@ -39,7 +39,7 @@ def display_data # rubocop:disable Metrics/MethodLength
         ci_platform: "GitHub Actions",
         source_commit_string: "github.com/#{repo}@#{commit[0, 7]}",
         source_commit_url: "https://github.com/#{repo}/tree/#{commit}",
-        build_file_string:, build_summary_url:
+        build_file_string:, build_file_url:
       }
     else
       raise "Unhandled issuer: #{issuer.inspect}"

From 1143ebae227843cb59b605d7fabc1977633c92a1 Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Thu, 14 Nov 2024 14:01:19 -0600
Subject: [PATCH 372/381] Add link icon to icons.svg (#5235)

---
 app/assets/images/icons.svg | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/assets/images/icons.svg b/app/assets/images/icons.svg
index 58eda27ef28..f261c13645c 100644
--- a/app/assets/images/icons.svg
+++ b/app/assets/images/icons.svg
@@ -17,6 +17,7 @@
     <symbol id="house-siding" viewBox="0 -960 960 960"><path d="M273.85-260v90q0 12.75-8.63 21.37-8.63 8.63-21.39 8.63-12.75 0-21.37-8.63-8.61-8.62-8.61-21.37v-374.08L120-473.46q-10.54 7.31-22.31 6.19-11.77-1.12-19.46-11.65-7.69-10.54-6.27-22.31 1.43-11.77 11.96-19.46L436-787.23q9.85-7.23 21.08-10.65 11.24-3.43 22.92-3.43 11.68 0 22.92 3.43 11.23 3.42 21.08 10.65l352.46 266.54q9.92 7.69 11.65 19.46 1.73 11.77-5.96 22.31-7.69 10.53-19.46 11.65-11.77 1.12-22.31-6.19l-93.84-70.62V-170q0 12.75-8.63 21.37-8.63 8.63-21.39 8.63-12.75 0-21.37-8.63-8.61-8.62-8.61-21.37v-90H273.85Zm0-215.38h412.69v-95.39H273.85v95.39Zm0 155.38h412.69v-95.39H273.85V-320Zm54.61-310.77h303.08L480-744.39 328.46-630.77Z"/></symbol>
     <symbol id="keyboard-arrow-down" viewBox="0 -960 960 960"><path d="M480-372.92q-7.23 0-13.46-2.31t-11.85-7.92L274.92-562.92q-8.3-8.31-8.5-20.89-.19-12.57 8.5-21.27 8.7-8.69 21.08-8.69 12.38 0 21.08 8.69L480-442.15l162.92-162.93q8.31-8.3 20.89-8.5 12.57-.19 21.27 8.5 8.69 8.7 8.69 21.08 0 12.38-8.69 21.08L505.31-383.15q-5.62 5.61-11.85 7.92-6.23 2.31-13.46 2.31Z"/></symbol>
     <symbol id="language" viewBox="0 -960 960 960"><path d="M480-100q-78.15 0-147.5-29.96t-120.96-81.58q-51.62-51.61-81.58-120.96T100-480q0-78.77 29.96-147.81t81.58-120.65q51.61-51.62 120.96-81.58T480-860q78.77 0 147.81 29.96t120.65 81.58q51.62 51.61 81.58 120.65T860-480q0 78.15-29.96 147.5t-81.58 120.96q-51.61 51.62-120.65 81.58T480-100Zm0-60.85q30.62-40.61 51.54-81.92 20.92-41.31 34.08-90.31H394.38q13.93 50.54 34.47 91.85 20.53 41.31 51.15 80.38Zm-77.46-11q-23-33-41.31-75.03-18.31-42.04-28.46-86.2H197.08q31.69 62.31 85 104.7 53.31 42.38 120.46 56.53Zm154.92 0q67.15-14.15 120.46-56.53 53.31-42.39 85-104.7H627.23q-12.08 44.54-30.39 86.58-18.3 42.04-39.38 74.65ZM171.92-393.08h148.7q-3.77-22.3-5.47-43.73-1.69-21.42-1.69-43.19 0-21.77 1.69-43.19 1.7-21.43 5.47-43.73h-148.7q-5.77 20.38-8.84 42.38-3.08 22-3.08 44.54t3.08 44.54q3.07 22 8.84 42.38Zm208.69 0h198.78q3.76-22.3 5.46-43.34 1.69-21.04 1.69-43.58t-1.69-43.58q-1.7-21.04-5.46-43.34H380.61q-3.76 22.3-5.46 43.34-1.69 21.04-1.69 43.58t1.69 43.58q1.7 21.04 5.46 43.34Zm258.77 0h148.7q5.77-20.38 8.84-42.38 3.08-22 3.08-44.54t-3.08-44.54q-3.07-22-8.84-42.38h-148.7q3.77 22.3 5.47 43.73 1.69 21.42 1.69 43.19 0 21.77-1.69 43.19-1.7 21.43-5.47 43.73Zm-12.15-233.84h135.69Q730.85-690 678.5-731.62q-52.35-41.61-121.04-56.92 23 34.92 40.92 76.39 17.93 41.46 28.85 85.23Zm-232.85 0h171.24q-13.93-50.16-35.04-92.43-21.12-42.27-50.58-79.8-29.46 37.53-50.58 79.8-21.11 42.27-35.04 92.43Zm-197.3 0h135.69q10.92-43.77 28.85-85.23 17.92-41.47 40.92-76.39-69.08 15.31-121.23 57.12-52.16 41.8-84.23 104.5Z"/></symbol>
+    <symbol id="link" viewBox="0 -960 960 960"><path d="M432.31-298.46H281.54q-75.34 0-128.44-53.1Q100-404.65 100-479.98q0-75.33 53.1-128.44 53.1-53.12 128.44-53.12h150.77v60H281.54q-50.39 0-85.96 35.58Q160-530.38 160-480q0 50.38 35.58 85.96 35.57 35.58 85.96 35.58h150.77v60ZM330-450v-60h300v60H330Zm197.69 151.54v-60h150.77q50.39 0 85.96-35.58Q800-429.62 800-480q0-50.38-35.58-85.96-35.57-35.58-85.96-35.58H527.69v-60h150.77q75.34 0 128.44 53.1Q860-555.35 860-480.02q0 75.33-53.1 128.44-53.1 53.12-128.44 53.12H527.69Z"/></symbol>
     <symbol id="logout" viewBox="0 -960 960 960"><path d="M224.62-160q-27.62 0-46.12-18.5Q160-197 160-224.62v-510.76q0-27.62 18.5-46.12Q197-800 224.62-800h236.15q8.54 0 14.27 5.73t5.73 14.27q0 8.54-5.73 14.27T460.77-760H224.62q-9.24 0-16.93 7.69-7.69 7.69-7.69 16.93v510.76q0 9.24 7.69 16.93 7.69 7.69 16.93 7.69h236.15q8.54 0 14.27 5.73t5.73 14.27q0 8.54-5.73 14.27T460.77-160H224.62Zm497.76-300H387.69q-8.54 0-14.27-5.73T367.69-480q0-8.54 5.73-14.27t14.27-5.73h334.69l-78.84-78.85q-5.62-5.61-6-13.53-.39-7.93 6-14.54 6.38-6.62 14.15-6.73 7.77-.12 14.39 6.5l104.54 104.53q9.69 9.7 9.69 22.62 0 12.92-9.69 22.62L672.08-352.85q-5.85 5.85-13.89 6.12-8.04.27-14.65-6.35-6.39-6.61-6.27-14.27.11-7.65 6.5-14.03L722.38-460Z"/></symbol>
     <symbol id="mail" viewBox="0 -960 960 960"><path d="M172.31-180Q142-180 121-201q-21-21-21-51.31v-455.38Q100-738 121-759q21-21 51.31-21h615.38Q818-780 839-759q21 21 21 51.31v455.38Q860-222 839-201q-21 21-51.31 21H172.31ZM800-662.31 499.46-469.92q-4.61 2.61-9.54 4.11-4.92 1.5-9.92 1.5t-9.92-1.5q-4.93-1.5-9.54-4.11L160-662.31v410q0 5.39 3.46 8.85t8.85 3.46h615.38q5.39 0 8.85-3.46t3.46-8.85v-410ZM480-520l313.85-200h-627.7L480-520ZM160-662.31v9.23-45.73 1.19V-720v22.38-1.27V-653.08v-9.23V-240v-422.31Z"/></symbol>
     <symbol id="menu" viewBox="0 -960 960 960"><path d="M170-254.62q-12.75 0-21.37-8.63-8.63-8.62-8.63-21.38 0-12.75 8.63-21.37 8.62-8.61 21.37-8.61h620q12.75 0 21.37 8.62 8.63 8.63 8.63 21.39 0 12.75-8.63 21.37-8.62 8.61-21.37 8.61H170ZM170-450q-12.75 0-21.37-8.63-8.63-8.63-8.63-21.38 0-12.76 8.63-21.37Q157.25-510 170-510h620q12.75 0 21.37 8.63 8.63 8.63 8.63 21.38 0 12.76-8.63 21.37Q802.75-450 790-450H170Zm0-195.39q-12.75 0-21.37-8.62-8.63-8.63-8.63-21.39 0-12.75 8.63-21.37 8.62-8.61 21.37-8.61h620q12.75 0 21.37 8.63 8.63 8.62 8.63 21.38 0 12.75-8.63 21.37-8.62 8.61-21.37 8.61H170Z"/></symbol>

From 30d9a7439ae2cf738c4992de2795097ed5f7e141 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Nov 2024 14:27:40 +0000
Subject: [PATCH 373/381] Bump github/codeql-action from 3.27.2 to 3.27.4

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.2 to 3.27.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/9278e421667d5d90a2839487a482448c4ec7df4d...ea9e4e37992a54ee68a9622e985e60c8e8f12d9f)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml     | 6 +++---
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 9c09bb39d2a..7b2938fd879 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@9278e421667d5d90a2839487a482448c4ec7df4d # v3.27.2
+        uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@9278e421667d5d90a2839487a482448c4ec7df4d # v3.27.2
+        uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@9278e421667d5d90a2839487a482448c4ec7df4d # v3.27.2
+        uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 1cbb20eb5dc..77d45a51c4d 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@9278e421667d5d90a2839487a482448c4ec7df4d # v3.27.2
+        uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
         with:
           sarif_file: results.sarif

From f0fdac34e79b0ae815dcaeb16bd423df7f06985e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Nov 2024 14:11:45 +0000
Subject: [PATCH 374/381] Bump browser from 6.0.0 to 6.1.0

Bumps [browser](https://github.com/fnando/browser) from 6.0.0 to 6.1.0.
- [Changelog](https://github.com/fnando/browser/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fnando/browser/compare/v6.0.0...v6.1.0)

---
updated-dependencies:
- dependency-name: browser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 0d16a41cfb3..67aead4d036 100644
--- a/Gemfile
+++ b/Gemfile
@@ -50,7 +50,7 @@ gem "rqrcode", "~> 2.1"
 gem "rotp", "~> 6.2"
 gem "unpwn", "~> 1.0"
 gem "webauthn", "~> 3.1"
-gem "browser", "~> 6.0"
+gem "browser", "~> 6.1"
 gem "bcrypt", "~> 3.1"
 gem "maintenance_tasks", "~> 2.8"
 gem "strong_migrations", "~> 2.1"
diff --git a/Gemfile.lock b/Gemfile.lock
index 6b22f3f4f0c..1a94d975130 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -173,7 +173,7 @@ GEM
       msgpack (~> 1.2)
     brakeman (6.2.2)
       racc
-    browser (6.0.0)
+    browser (6.1.0)
     builder (3.3.0)
     byebug (11.1.3)
     capybara (3.40.0)
@@ -886,7 +886,7 @@ DEPENDENCIES
   better_html (~> 2.1)
   bootsnap (~> 1.18)
   brakeman (~> 6.2)
-  browser (~> 6.0)
+  browser (~> 6.1)
   capybara (~> 3.40)
   chartkick (~> 5.1)
   clearance (~> 2.9)
@@ -1039,7 +1039,7 @@ CHECKSUMS
   bloomer (1.0.0) sha256=57a0d3a78628db9a92c6723f06c67697e420abcdb05aa757c6dfae607251d272
   bootsnap (1.18.4) sha256=ac4c42af397f7ee15521820198daeff545e4c360d2772c601fbdc2c07d92af55
   brakeman (6.2.2) sha256=d502d653699f4d451b21225ff4d19a9ec9345d23eaab5576e246185ffd7bf618
-  browser (6.0.0) sha256=0399f0f12c925e529aa995b096a3824384e00ea2c7241fbb4b707d2a25e87920
+  browser (6.1.0) sha256=b9104e9d094800ec8243ad787f2289ea25b23921eb88c315cea53c89305424c7
   builder (3.3.0) sha256=497918d2f9dca528fdca4b88d84e4ef4387256d984b8154e9d5d3fe5a9c8835f
   byebug (11.1.3) sha256=2485944d2bb21283c593d562f9ae1019bf80002143cc3a255aaffd4e9cf4a35b
   capybara (3.40.0) sha256=42dba720578ea1ca65fd7a41d163dd368502c191804558f6e0f71b391054aeef

From a86b8454bf32431b6cd3ce9eb51d32c2b44593dd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Nov 2024 14:06:25 +0000
Subject: [PATCH 375/381] Bump datadog from 2.6.0 to 2.7.0

Bumps [datadog](https://github.com/DataDog/dd-trace-rb) from 2.6.0 to 2.7.0.
- [Release notes](https://github.com/DataDog/dd-trace-rb/releases)
- [Changelog](https://github.com/DataDog/dd-trace-rb/blob/master/CHANGELOG.md)
- [Commits](https://github.com/DataDog/dd-trace-rb/compare/v2.6.0...v2.7.0)

---
updated-dependencies:
- dependency-name: datadog
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 20 ++++++++++----------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/Gemfile b/Gemfile
index 67aead4d036..03bccc7e69c 100644
--- a/Gemfile
+++ b/Gemfile
@@ -10,7 +10,7 @@ gem "aws-sdk-sqs", "~> 1.88"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.9"
 gem "dalli", "~> 3.2"
-gem "datadog", "~> 2.4"
+gem "datadog", "~> 2.7"
 gem "dogstatsd-ruby", "~> 5.6"
 gem "google-protobuf", "~> 4.28"
 gem "faraday", "~> 2.12"
diff --git a/Gemfile.lock b/Gemfile.lock
index 1a94d975130..5370c2d0f79 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -213,9 +213,9 @@ GEM
       addressable
     csv (3.3.0)
     dalli (3.2.8)
-    datadog (2.6.0)
+    datadog (2.7.0)
       datadog-ruby_core_source (~> 3.3)
-      libdatadog (~> 14.0.0.1.0)
+      libdatadog (~> 14.1.0.1.0)
       libddwaf (~> 1.15.0.0.0)
       msgpack
     datadog-ci (1.8.1)
@@ -399,9 +399,9 @@ GEM
       letter_opener (~> 1.9)
       railties (>= 6.1)
       rexml
-    libdatadog (14.0.0.1.0)
-    libdatadog (14.0.0.1.0-aarch64-linux)
-    libdatadog (14.0.0.1.0-x86_64-linux)
+    libdatadog (14.1.0.1.0)
+    libdatadog (14.1.0.1.0-aarch64-linux)
+    libdatadog (14.1.0.1.0-x86_64-linux)
     libddwaf (1.15.0.0.0)
       ffi (~> 1.0)
     libddwaf (1.15.0.0.0-aarch64-linux)
@@ -893,7 +893,7 @@ DEPENDENCIES
   compact_index (~> 0.15.0)
   csv (~> 3.3)
   dalli (~> 3.2)
-  datadog (~> 2.4)
+  datadog (~> 2.7)
   datadog-ci (~> 1.8)
   derailed_benchmarks (~> 2.2)
   discard (~> 1.4)
@@ -1059,7 +1059,7 @@ CHECKSUMS
   css_parser (1.19.1) sha256=1940dce01e3b9be18d6880e6d65162d984cc04ff28998cf4759beb999275209e
   csv (3.3.0) sha256=0bbd1defdc31134abefed027a639b3723c2753862150f4c3ee61cab71b20d67d
   dalli (3.2.8) sha256=2e63595084d91fae2655514a02c5d4fc0f16c0799893794abe23bf628bebaaa5
-  datadog (2.6.0) sha256=2655bb82bc91b1ddf604d1ef601997d7d2424b134e7cfdad647ada892617e0d7
+  datadog (2.7.0) sha256=cea0c125acff6630966a2ad0bc01863ba1e1ff2886b4d38dc29f254f89ad02a2
   datadog-ci (1.8.1) sha256=c461acd83d36b5894716ea7b1c207fd4b7fa103994c0773e3936a68da4dfa594
   datadog-ruby_core_source (3.3.6) sha256=007c72450d3f5838c6d0ae4a6a77e5008bb29dd97d10ea3bf367f978d7c02f36
   date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
@@ -1133,9 +1133,9 @@ CHECKSUMS
   ld-eventsource (2.2.2) sha256=5ea087a6f06bbd8e325d2c1aaead50f37f13d025b952985739e9380a78a96beb
   letter_opener (1.10.0) sha256=2ff33f2e3b5c3c26d1959be54b395c086ca6d44826e8bf41a14ff96fdf1bdbb2
   letter_opener_web (3.0.0) sha256=3f391efe0e8b9b24becfab5537dfb17a5cf5eb532038f947daab58cb4b749860
-  libdatadog (14.0.0.1.0) sha256=37d602c2a6c70dfdc71479a507fadfdd684783f2c1ecf825bae508bb7d641d59
-  libdatadog (14.0.0.1.0-aarch64-linux) sha256=63dce2d1f45d413ad13c9fd36fa39b3415591f46438c1e06b62dd08e13a7c72d
-  libdatadog (14.0.0.1.0-x86_64-linux) sha256=78ba05673eecedc1d87b1d0eb93763be04d09655a5c903601e84db476a8e0b3f
+  libdatadog (14.1.0.1.0) sha256=6b5c7d03a6f67e148425d98cc5f43a6b1a85da32862e7689cb08db94cabc151e
+  libdatadog (14.1.0.1.0-aarch64-linux) sha256=cdde91ca08c8cface9420f00a217fd0140337ec24c962342dffc9a1b3fdf5691
+  libdatadog (14.1.0.1.0-x86_64-linux) sha256=136a79e3abc24b07376a1e2a8be9ddc5212b002bcad546af866385b4d986b28e
   libddwaf (1.15.0.0.0) sha256=5a0b6bb1bf9208cc3c8df4393e0f19ae1faf9846e8e8dbc2e10ecd5cb3c756f0
   libddwaf (1.15.0.0.0-aarch64-linux) sha256=1630f38b57bc1a20bc1102bfbfc328fd7c522cf5828aebb02dbb45460cb834e7
   libddwaf (1.15.0.0.0-arm64-darwin) sha256=714d497c080a385ad1a735b9163d58ea67a861df8d61e8f5669dbfdf8df744ea

From 126e4ca5aed7c49ce304033d64be19c66fe6d2f1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Nov 2024 22:47:26 +0000
Subject: [PATCH 376/381] Bump pp from 0.6.0 to 0.6.1 (#5229)

Bumps [pp](https://github.com/ruby/pp) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/ruby/pp/releases)
- [Commits](https://github.com/ruby/pp/compare/v0.6.0...v0.6.1)

---
updated-dependencies:
- dependency-name: pp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      | 2 +-
 Gemfile.lock | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 03bccc7e69c..691033f4b45 100644
--- a/Gemfile
+++ b/Gemfile
@@ -80,7 +80,7 @@ end
 # Logging
 gem "amazing_print", "~> 1.6"
 gem "rails_semantic_logger", "~> 4.17"
-gem "pp", "0.6.0"
+gem "pp", "0.6.1"
 
 # Former default gems
 gem "csv", "~> 3.3" # zeitwerk-2.6.12
diff --git a/Gemfile.lock b/Gemfile.lock
index 5370c2d0f79..5f76ac42a4b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -557,7 +557,7 @@ GEM
     phlex-rails (1.2.2)
       phlex (>= 1.10, < 2)
       railties (>= 6.1, < 9)
-    pp (0.6.0)
+    pp (0.6.1)
       prettyprint
     prettyprint (0.2.0)
     prop_initializer (0.2.0)
@@ -941,7 +941,7 @@ DEPENDENCIES
   pg_query (~> 5.1)
   pghero (~> 3.6)
   phlex-rails (~> 1.2)
-  pp (= 0.6.0)
+  pp (= 0.6.1)
   prop_initializer (~> 0.2)
   propshaft (~> 1.1.0)
   prosopite (~> 1.4)
@@ -1199,7 +1199,7 @@ CHECKSUMS
   pghero (3.6.1) sha256=e6d4f6ec3979d4828dafcd1eaa4214e70279fe2502b9fe5bd632d8333aa79cd4
   phlex (1.11.0) sha256=979548e79a205c981612f1ab613addc8fa128c8092694d02f41aad4cea905e73
   phlex-rails (1.2.2) sha256=a20218449e71bc9fa5a71b672fbede8a654c6b32a58f1c4ea83ddc1682307a4c
-  pp (0.6.0) sha256=4e2baf0da59f6e2c682dbe913f8ade3271eb8e3d277642c4f538750d776df5be
+  pp (0.6.1) sha256=16d45bd9972616e81090ba08e119161131eb5b6348e85e43c4efffc8c5fe9fea
   prettyprint (0.2.0) sha256=2bc9e15581a94742064a3cc8b0fb9d45aae3d03a1baa6ef80922627a0766f193
   prop_initializer (0.2.0) sha256=bd27704d0df8c59c3baf0df5cf448eba2b140fb9934fb31b2e379b5c842d8820
   propshaft (1.1.0) sha256=d389361faf66aeb17e8d204828962c1e506edd14a1a17adb3fa475435c070f6b

From 09a9a92c3be2ddc01730584bbeca595f3a89a198 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Thu, 14 Nov 2024 16:51:05 -0600
Subject: [PATCH 377/381] Fix seed attestation (#5239)

Need a valid attestation for gem view

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 db/seeds.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/db/seeds.rb b/db/seeds.rb
index f6931352ef7..7af1eed39f6 100644
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -302,7 +302,7 @@
 
 rubygem0.versions.find_by(full_name: "rubygem0-1.0.0").attestations.find_or_create_by!(
   media_type: Sigstore::BundleType::BUNDLE_0_3.media_type,
-  body: { media_type: Sigstore::BundleType::BUNDLE_0_3.media_type }
+  body: JSON.parse(Rails.root.join("test", "gems", "sigstore-1.0.0.gem.sigstore.json").read)
 )
 
 author.oidc_pending_trusted_publishers.create_with(

From de0b4475bcbf8eefc00f711376498bfc9c589c58 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Nov 2024 10:45:09 -0600
Subject: [PATCH 378/381] Bump clearance from 2.9.1 to 2.9.2 (#5244)

Bumps [clearance](https://github.com/thoughtbot/clearance) from 2.9.1 to 2.9.2.
- [Release notes](https://github.com/thoughtbot/clearance/releases)
- [Changelog](https://github.com/thoughtbot/clearance/blob/main/CHANGELOG.md)
- [Commits](https://github.com/thoughtbot/clearance/compare/v2.9.1...v2.9.2)

---
updated-dependencies:
- dependency-name: clearance
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile.lock | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 5f76ac42a4b..cbce59b8fea 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -190,7 +190,7 @@ GEM
     childprocess (5.0.0)
     choice (0.2.0)
     chunky_png (1.4.0)
-    clearance (2.9.1)
+    clearance (2.9.2)
       actionmailer (>= 5.0)
       activemodel (>= 5.0)
       activerecord (>= 5.0)
@@ -222,7 +222,7 @@ GEM
       datadog (~> 2.4)
       msgpack
     datadog-ruby_core_source (3.3.6)
-    date (3.3.4)
+    date (3.4.0)
     derailed_benchmarks (2.2.1)
       base64
       benchmark-ips (~> 2)
@@ -456,7 +456,7 @@ GEM
     method_source (1.1.0)
     mini_histogram (0.3.1)
     mini_mime (1.1.5)
-    mini_portile2 (2.8.7)
+    mini_portile2 (2.8.8)
     minitest (5.25.1)
     minitest-gcstats (1.3.1)
       minitest (~> 5.0)
@@ -477,7 +477,7 @@ GEM
     mutex_m (0.2.0)
     net-http (0.5.0)
       uri
-    net-imap (0.5.0)
+    net-imap (0.5.1)
       date
       net-protocol
     net-pop (0.1.2)
@@ -1048,7 +1048,7 @@ CHECKSUMS
   childprocess (5.0.0) sha256=0746b7ab1d6c68156e64a3767631d7124121516192c0492929a7f0af7310d835
   choice (0.2.0) sha256=a19617f7dfd4921b38a85d0616446620de685a113ec6d1ecc85bdb67bf38c974
   chunky_png (1.4.0) sha256=89d5b31b55c0cf4da3cf89a2b4ebc3178d8abe8cbaf116a1dba95668502fdcfe
-  clearance (2.9.1) sha256=fb30b78c36a542555ea6913f2ca3814fb72a2f145133d3407254c8eb74aca08e
+  clearance (2.9.2) sha256=d4981644d7b78ec26b95ed72b9c65a22b4ce2efe7ffb81f9dd4c4b43cf03d159
   coderay (1.1.3) sha256=dc530018a4684512f8f38143cd2a096c9f02a1fc2459edcfe534787a7fc77d4b
   compact_index (0.15.0) sha256=5c6c404afca8928a7d9f4dde9524f6e1610db17e675330803055db282da84a8b
   concurrent-ruby (1.3.4) sha256=d4aa926339b0a86b5b5054a0a8c580163e6f5dcbdfd0f4bb916b1a2570731c32
@@ -1062,7 +1062,7 @@ CHECKSUMS
   datadog (2.7.0) sha256=cea0c125acff6630966a2ad0bc01863ba1e1ff2886b4d38dc29f254f89ad02a2
   datadog-ci (1.8.1) sha256=c461acd83d36b5894716ea7b1c207fd4b7fa103994c0773e3936a68da4dfa594
   datadog-ruby_core_source (3.3.6) sha256=007c72450d3f5838c6d0ae4a6a77e5008bb29dd97d10ea3bf367f978d7c02f36
-  date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291
+  date (3.4.0) sha256=2e7fadaded625c9b3e35e254e42068d4bd8b8646ceab0744cbcbcfdafaa0a711
   derailed_benchmarks (2.2.1) sha256=654280664fded41c9cd8fc27fc0fcfaf096023afab90eb4ac1185ba70c5d4439
   diff-lcs (1.5.1) sha256=273223dfb40685548436d32b4733aa67351769c7dea621da7d9dd4813e63ddfe
   discard (1.4.0) sha256=6efcd2a53ddf96781f81b825d398f1c88ab88c0faa84e131bea6e16ef95d65d0
@@ -1156,7 +1156,7 @@ CHECKSUMS
   method_source (1.1.0) sha256=181301c9c45b731b4769bc81e8860e72f9161ad7d66dd99103c9ab84f560f5c5
   mini_histogram (0.3.1) sha256=6a114b504e4618b0e076cc672996036870f7cc6f16b8e5c25c0c637726d2dd94
   mini_mime (1.1.5) sha256=8681b7e2e4215f2a159f9400b5816d85e9d8c6c6b491e96a12797e798f8bccef
-  mini_portile2 (2.8.7) sha256=13eef5ab459bbfd33d61e539564ec25a9c2cf593b0a5ea6d4d7ef8c19b162ee0
+  mini_portile2 (2.8.8) sha256=8e47136cdac04ce81750bb6c09733b37895bf06962554e4b4056d78168d70a75
   minitest (5.25.1) sha256=3db6795a80634def1cf86fda79d2d83b59b25ce5e186fa675f73c565589d2ad8
   minitest-gcstats (1.3.1) sha256=cb25490f93aac02e3a5ff307e560d41afcdcafa7952c1c32efdeb9886b1f4711
   minitest-reporters (1.7.1) sha256=5060413a0c95b8c32fe73e0606f3631c173a884d7900e50013e15094eb50562c
@@ -1168,7 +1168,7 @@ CHECKSUMS
   multipart-post (2.4.1) sha256=9872d03a8e552020ca096adadbf5e3cb1cd1cdd6acd3c161136b8a5737cdb4a8
   mutex_m (0.2.0) sha256=b6ef0c6c842ede846f2ec0ade9e266b1a9dac0bc151682b04835e8ebd54840d5
   net-http (0.5.0) sha256=ed7f88205afe03bf53142a4b81ded91f2c01522dcf03089cb6ad4acb476ce1da
-  net-imap (0.5.0) sha256=b8281598f3c1860679a88de19287673c6835bed6cf0fe1710fb96a5ffcb94aa0
+  net-imap (0.5.1) sha256=c0ceb85d8459f7081d5ed1ac86159f8e80d25e704eb52dbf0d9f703b7bc838d7
   net-pop (0.1.2) sha256=848b4e982013c15b2f0382792268763b748cce91c9e91e36b0f27ed26420dff3
   net-protocol (0.2.2) sha256=aa73e0cba6a125369de9837b8d8ef82a61849360eba0521900e2c3713aa162a8
   net-smtp (0.5.0) sha256=5fc0415e6ea1cc0b3dfea7270438ec22b278ca8d524986a3ae4e5ae8d087b42a

From 4819d1e541df4069b950ca91b886502b30cfdc2b Mon Sep 17 00:00:00 2001
From: Martin Emde <martinemde@users.noreply.github.com>
Date: Sat, 16 Nov 2024 16:56:56 -0600
Subject: [PATCH 379/381] fix avo resources for organizations (#5246)

---
 app/avo/resources/organization.rb | 11 +++++++++++
 app/avo/resources/rubygem.rb      |  2 ++
 app/models/organization.rb        |  4 +++-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/app/avo/resources/organization.rb b/app/avo/resources/organization.rb
index f15ebb2922d..b70f952cf09 100644
--- a/app/avo/resources/organization.rb
+++ b/app/avo/resources/organization.rb
@@ -7,6 +7,10 @@ class Avo::Resources::Organization < Avo::BaseResource
            }
   }
 
+  self.find_record_method = lambda {
+    query.find_by_handle!(id)
+  }
+
   class DeletedFilter < Avo::Filters::ScopeBooleanFilter; end
 
   def filters
@@ -20,5 +24,12 @@ def fields
     field :name, as: :text
     field :deleted_at, as: :date_time
     # add fields here
+    tabs style: :pills do
+      field :memberships, as: :has_many
+      field :unconfirmed_memberships, as: :has_many
+      field :users, as: :has_many
+      field :rubygems, as: :has_many
+      field :organization_onboarding, as: :belongs_to
+    end
   end
 end
diff --git a/app/avo/resources/rubygem.rb b/app/avo/resources/rubygem.rb
index fd9da1ca5f1..4f3c81c1698 100644
--- a/app/avo/resources/rubygem.rb
+++ b/app/avo/resources/rubygem.rb
@@ -37,6 +37,7 @@ def fields
       field :ownerships_including_unconfirmed, as: :has_many
       field :ownership_calls, as: :has_many
       field :ownership_requests, as: :has_many
+      field :organization, as: :belongs_to
 
       field :subscriptions, as: :has_many
       field :subscribers, as: :has_many, through: :subscriptions
@@ -49,6 +50,7 @@ def fields
       field :oidc_rubygem_trusted_publishers, as: :has_many
 
       field :audits, as: :has_many
+      field :events, as: :has_many
     end
   end
 end
diff --git a/app/models/organization.rb b/app/models/organization.rb
index c13aadf846b..1e6560d26a9 100644
--- a/app/models/organization.rb
+++ b/app/models/organization.rb
@@ -13,7 +13,9 @@ class Organization < ApplicationRecord
   has_many :rubygems, dependent: :nullify
   has_one :organization_onboarding, foreign_key: :onboarded_organization_id, inverse_of: :organization, dependent: :destroy
 
-  scope :deleted, -> { where.not(deleted_at: nil) }
+  default_scope { not_deleted }
+  scope :not_deleted, -> { where(deleted_at: nil) }
+  scope :deleted, -> { unscoped.where.not(deleted_at: nil) }
 
   after_create do
     record_event!(Events::OrganizationEvent::CREATED, actor_gid: memberships.first&.to_gid)

From 66da1d787f7ea4da472e5cc0d5f15f4c35cf6ccb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 16 Nov 2024 17:01:16 -0600
Subject: [PATCH 380/381] Bump aws-sdk-s3 from 1.170.1 to 1.171.0 (#5243)

Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.170.1 to 1.171.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Gemfile      |  2 +-
 Gemfile.lock | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Gemfile b/Gemfile
index 691033f4b45..9fda599e5e8 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,7 +5,7 @@ ruby file: ".ruby-version"
 gem "rails", "~> 7.2.1"
 gem "rails-i18n", "~> 7.0"
 
-gem "aws-sdk-s3", "~> 1.170"
+gem "aws-sdk-s3", "~> 1.171"
 gem "aws-sdk-sqs", "~> 1.88"
 gem "bootsnap", "~> 1.18"
 gem "clearance", "~> 2.9"
diff --git a/Gemfile.lock b/Gemfile.lock
index cbce59b8fea..af71d72ccf2 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -135,8 +135,8 @@ GEM
       zeitwerk
     awrence (1.2.1)
     aws-eventstream (1.3.0)
-    aws-partitions (1.1004.0)
-    aws-sdk-core (3.212.0)
+    aws-partitions (1.1008.0)
+    aws-sdk-core (3.213.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
       aws-sigv4 (~> 1.9)
@@ -144,7 +144,7 @@ GEM
     aws-sdk-kms (1.95.0)
       aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.170.1)
+    aws-sdk-s3 (1.171.0)
       aws-sdk-core (~> 3, >= 3.210.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
@@ -880,7 +880,7 @@ DEPENDENCIES
   avo (~> 3.13)
   avo-advanced (~> 3.14)!
   avo_upgrade (~> 0.1.1)
-  aws-sdk-s3 (~> 1.170)
+  aws-sdk-s3 (~> 1.171)
   aws-sdk-sqs (~> 1.88)
   bcrypt (~> 3.1)
   better_html (~> 2.1)
@@ -1023,10 +1023,10 @@ CHECKSUMS
   avo_upgrade (0.1.1) sha256=8d841083b9956392f5c8fe195f25bec0d139e3646d276f8a59e66b7d2e9ebf30
   awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e
   aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f
-  aws-partitions (1.1004.0) sha256=78f0ba04acdcde5edbde6b4c89cbce09ab25df731b2309b8348133351fe94285
-  aws-sdk-core (3.212.0) sha256=ab35e52d533cdd531171a6aadfb483775f412429a03e4850489699e60a8dc8bb
+  aws-partitions (1.1008.0) sha256=6fb5e6b843ea1169480c804fc861a5de7407762097de75cf4734fbcd35466227
+  aws-sdk-core (3.213.0) sha256=6ca685be1d72d61776fdaaddf3c293e45a472ff0dd0b624880e7813d0c82db19
   aws-sdk-kms (1.95.0) sha256=2ae508c642ddc59baa1296229108e9601a2fa00e57cf7a2153c9488f0587fd5e
-  aws-sdk-s3 (1.170.1) sha256=985f43e401cbb67ae6ff704bf8848d16bb72172a7bf492f680c59de36426d4f2
+  aws-sdk-s3 (1.171.0) sha256=94a2210c20f6102d8867937b021ef40683aa351e28912ac9cc6ef20509f85f4f
   aws-sdk-sqs (1.88.0) sha256=3e4e022b9af1796eb87bb368a8bb2001ebcad3b5025d76aa9ba731acea01a2eb
   aws-sigv4 (1.10.1) sha256=8a140753f34de18125686b11e7adaed4ca3db06dfb50a478993bd437f7a203bb
   base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507

From a07d05c2ce1a2ffa36bcc119bafd4680f869741b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 16 Nov 2024 23:04:26 +0000
Subject: [PATCH 381/381] Bump codecov/codecov-action from 4.6.0 to 5.0.1
 (#5245)

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.6.0 to 5.0.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238...3b1354a6c45db9f1008891f4eafc1a7e94ce1d18)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index e55d6191689..29f6aae442a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -72,6 +72,6 @@ jobs:
 
       - name: Upload coverage to Codecov
         if: matrix.rubygems.name == 'locked' && (success() || failure())
-        uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
+        uses: codecov/codecov-action@3b1354a6c45db9f1008891f4eafc1a7e94ce1d18 # v5.0.1
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}