Merge pull request #732 from alphagov/dependabot/bundler/rails-7.1.1

Bump rails from 7.0.8 to 7.1.1

Gemfile

@@ -5,7 +5,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
 ruby "~> 3.2.0"
 
-gem "rails", "7.0.8"
+gem "rails", "7.1.1"
 
 gem "attr_required"
 gem "bootsnap", require: false

Gemfile.lock

@@ -1,77 +1,87 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.0.8)
-      actionpack (= 7.0.8)
-      activesupport (= 7.0.8)
+    actioncable (7.1.1)
+      actionpack (= 7.1.1)
+      activesupport (= 7.1.1)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.8)
-      actionpack (= 7.0.8)
-      activejob (= 7.0.8)
-      activerecord (= 7.0.8)
-      activestorage (= 7.0.8)
-      activesupport (= 7.0.8)
+      zeitwerk (~> 2.6)
+    actionmailbox (7.1.1)
+      actionpack (= 7.1.1)
+      activejob (= 7.1.1)
+      activerecord (= 7.1.1)
+      activestorage (= 7.1.1)
+      activesupport (= 7.1.1)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.0.8)
-      actionpack (= 7.0.8)
-      actionview (= 7.0.8)
-      activejob (= 7.0.8)
-      activesupport (= 7.0.8)
+    actionmailer (7.1.1)
+      actionpack (= 7.1.1)
+      actionview (= 7.1.1)
+      activejob (= 7.1.1)
+      activesupport (= 7.1.1)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
-      rails-dom-testing (~> 2.0)
-    actionpack (7.0.8)
-      actionview (= 7.0.8)
-      activesupport (= 7.0.8)
-      rack (~> 2.0, >= 2.2.4)
+      rails-dom-testing (~> 2.2)
+    actionpack (7.1.1)
+      actionview (= 7.1.1)
+      activesupport (= 7.1.1)
+      nokogiri (>= 1.8.5)
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (7.0.8)
-      actionpack (= 7.0.8)
-      activerecord (= 7.0.8)
-      activestorage (= 7.0.8)
-      activesupport (= 7.0.8)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    actiontext (7.1.1)
+      actionpack (= 7.1.1)
+      activerecord (= 7.1.1)
+      activestorage (= 7.1.1)
+      activesupport (= 7.1.1)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.0.8)
-      activesupport (= 7.0.8)
+    actionview (7.1.1)
+      activesupport (= 7.1.1)
       builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (7.0.8)
-      activesupport (= 7.0.8)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activejob (7.1.1)
+      activesupport (= 7.1.1)
       globalid (>= 0.3.6)
-    activemodel (7.0.8)
-      activesupport (= 7.0.8)
-    activerecord (7.0.8)
-      activemodel (= 7.0.8)
-      activesupport (= 7.0.8)
-    activestorage (7.0.8)
-      actionpack (= 7.0.8)
-      activejob (= 7.0.8)
-      activerecord (= 7.0.8)
-      activesupport (= 7.0.8)
+    activemodel (7.1.1)
+      activesupport (= 7.1.1)
+    activerecord (7.1.1)
+      activemodel (= 7.1.1)
+      activesupport (= 7.1.1)
+      timeout (>= 0.4.0)
+    activestorage (7.1.1)
+      actionpack (= 7.1.1)
+      activejob (= 7.1.1)
+      activerecord (= 7.1.1)
+      activesupport (= 7.1.1)
       marcel (~> 1.0)
-      mini_mime (>= 1.1.0)
-    activesupport (7.0.8)
+    activesupport (7.1.1)
+      base64
+      bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
+      mutex_m
       tzinfo (~> 2.0)
     addressable (2.8.5)
       public_suffix (>= 2.0.2, < 6.0)
     aes_key_wrap (1.1.0)
     ast (2.4.2)
     attr_required (1.0.1)
     awesome_print (1.9.2)
+    base64 (0.1.1)
+    bigdecimal (3.1.4)
     bindata (2.4.14)
     bootsnap (1.16.0)
       msgpack (~> 1.2)
@@ -107,6 +117,8 @@ GEM
     docile (1.4.0)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
+    drb (2.1.1)
+      ruby2_keywords
     erubi (1.12.0)
     et-orbi (1.2.7)
       tzinfo
@@ -196,6 +208,10 @@ GEM
       multi_xml (>= 0.5.2)
     i18n (1.14.1)
       concurrent-ruby (~> 1.0)
+    io-console (0.6.0)
+    irb (1.8.3)
+      rdoc
+      reline (>= 0.3.8)
     json (2.6.3)
     json-jwt (1.16.3)
       activesupport (>= 4.2)
@@ -235,6 +251,7 @@ GEM
     minitest (5.20.0)
     msgpack (1.6.0)
     multi_xml (0.6.0)
+    mutex_m (0.1.2)
     net-imap (0.4.1)
       date
       net-protocol
@@ -526,6 +543,8 @@ GEM
       pry (>= 0.13, < 0.15)
     pry-rails (0.3.9)
       pry (>= 0.10.4)
+    psych (5.1.1)
+      stringio
     public_suffix (5.0.3)
     puma (6.4.0)
       nio4r (~> 2.0)
@@ -543,45 +562,55 @@ GEM
       rack (~> 2.2, >= 2.2.4)
     rack-proxy (0.7.7)
       rack
+    rack-session (1.0.1)
+      rack (< 3)
     rack-test (2.1.0)
       rack (>= 1.3)
-    rails (7.0.8)
-      actioncable (= 7.0.8)
-      actionmailbox (= 7.0.8)
-      actionmailer (= 7.0.8)
-      actionpack (= 7.0.8)
-      actiontext (= 7.0.8)
-      actionview (= 7.0.8)
-      activejob (= 7.0.8)
-      activemodel (= 7.0.8)
-      activerecord (= 7.0.8)
-      activestorage (= 7.0.8)
-      activesupport (= 7.0.8)
+    rackup (1.0.0)
+      rack (< 3)
+      webrick
+    rails (7.1.1)
+      actioncable (= 7.1.1)
+      actionmailbox (= 7.1.1)
+      actionmailer (= 7.1.1)
+      actionpack (= 7.1.1)
+      actiontext (= 7.1.1)
+      actionview (= 7.1.1)
+      activejob (= 7.1.1)
+      activemodel (= 7.1.1)
+      activerecord (= 7.1.1)
+      activestorage (= 7.1.1)
+      activesupport (= 7.1.1)
       bundler (>= 1.15.0)
-      railties (= 7.0.8)
+      railties (= 7.1.1)
     rails-dom-testing (2.2.0)
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    railties (7.0.8)
-      actionpack (= 7.0.8)
-      activesupport (= 7.0.8)
-      method_source
+    railties (7.1.1)
+      actionpack (= 7.1.1)
+      activesupport (= 7.1.1)
+      irb
+      rackup (>= 1.0.0)
       rake (>= 12.2)
-      thor (~> 1.0)
-      zeitwerk (~> 2.5)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
     rainbow (3.1.1)
     rake (13.0.6)
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
+    rdoc (6.5.0)
+      psych (>= 4.0.0)
     redis (4.8.1)
     redis-namespace (1.11.0)
       redis (>= 4)
     regexp_parser (2.8.2)
+    reline (0.3.9)
+      io-console (~> 0.5)
     request_store (1.5.1)
       rack (>= 1.4)
     rest-client (2.1.0)
@@ -685,6 +714,7 @@ GEM
       concurrent-ruby (~> 1.0)
       rack (>= 2.2.4, < 4)
     statsd-ruby (1.5.0)
+    stringio (3.0.8)
     swd (2.0.2)
       activesupport (>= 3)
       attr_required (>= 0.0.5)
@@ -765,7 +795,7 @@ DEPENDENCIES
   pg
   pry-byebug
   pry-rails
-  rails (= 7.0.8)
+  rails (= 7.1.1)
   rspec-rails
   rubocop-govuk
   sentry-sidekiq

app/controllers/concerns/authenticated_api_concern.rb

@@ -7,7 +7,7 @@ module AuthenticatedApiConcern
     before_action do
       @govuk_account_session = AccountSession.deserialise(
         encoded_session: request.headers[HEADER_NAME],
-        session_secret: Rails.application.secrets.session_secret,
+        session_secret: Rails.application.credentials.session_secret,
       )
 
       head :unauthorized unless @govuk_account_session

app/controllers/internal/authentication_controller.rb

@@ -20,7 +20,7 @@ def callback
     auth_request.delete
 
     govuk_account_session = AccountSession.new(
-      session_secret: Rails.application.secrets.session_secret,
+      session_secret: Rails.application.credentials.session_secret,
       user_id: details.fetch(:id_token).sub,
       mfa: details.fetch(:mfa),
       digital_identity_session: true,
@@ -51,7 +51,7 @@ def oidc_end_session_url
     end_session_endpoint = oidc_client.end_session_endpoint
     id_token = AccountSession.deserialise(
       encoded_session: request.headers["HTTP_GOVUK_ACCOUNT_SESSION"],
-      session_secret: Rails.application.secrets.session_secret,
+      session_secret: Rails.application.credentials.session_secret,
     )&.id_token
 
     if id_token

app/controllers/internal/match_user_by_email_controller.rb

@@ -24,7 +24,7 @@ def fetch_session_if_present
 
     @govuk_account_session = AccountSession.deserialise(
       encoded_session:,
-      session_secret: Rails.application.secrets.session_secret,
+      session_secret: Rails.application.credentials.session_secret,
     )
   rescue AccountSession::ReauthenticateUserError
     @govuk_account_session = nil

app/controllers/personalisation_controller.rb

@@ -5,7 +5,7 @@ class PersonalisationController < ApplicationController
   before_action do
     @govuk_account_session = AccountSession.deserialise(
       encoded_session: @account_session_header,
-      session_secret: Rails.application.secrets.session_secret,
+      session_secret: Rails.application.credentials.session_secret,
     )
 
     end_session! unless @govuk_account_session

app/lib/oidc_client.rb

@@ -15,12 +15,12 @@ class BackchannelLogoutFailure < RuntimeError; end
            to: :discover
 
   def initialize
-    @provider_uri = Rails.application.secrets.oauth_provider_url
-    @client_id = Rails.application.secrets.oauth_client_id
-    @secret = Rails.application.secrets.oauth_client_secret
+    @provider_uri = Rails.application.credentials.oauth_provider_url
+    @client_id = Rails.application.credentials.oauth_client_id
+    @secret = Rails.application.credentials.oauth_client_secret
 
-    if Rails.application.secrets.oauth_client_private_key.present?
-      @private_key = OpenSSL::PKey::RSA.new Rails.application.secrets.oauth_client_private_key
+    if Rails.application.credentials.oauth_client_private_key.present?
+      @private_key = OpenSSL::PKey::RSA.new Rails.application.credentials.oauth_client_private_key
     end
   end
 

app/models/user.rb

@@ -1,4 +1,4 @@
 class User < ApplicationRecord
   include GDS::SSO::User
-  serialize :permissions, Array
+  serialize :permissions, type: Array
 end

config/environments/test.rb

@@ -35,7 +35,7 @@
   config.cache_store = :null_store
 
   # Raise exceptions instead of rendering exception templates.
-  config.action_dispatch.show_exceptions = false
+  config.action_dispatch.show_exceptions = :none
 
   # Disable request forgery protection in test environment.
   config.action_controller.allow_forgery_protection = false

config/initializers/secrets_to_credentials.rb

@@ -0,0 +1,8 @@
+# Rails 7 has begung to deprecate Rails.application.secrets in favour
+# of Rails.application.credentials, but that adds the burden of master key
+# adminstration without giving us any benefit (because our production
+# secrets are handled as env vars, not committed to our repo. Here we
+# loads the config/secrets.YML values into Rails.application.credentials,
+# retaining the existing behaviour while dropping deprecated references.
+
+Rails.application.credentials.merge!(Rails.application.config_for(:secrets))

spec/service_consumers/pact_helper.rb

@@ -59,7 +59,7 @@ def url_encode(str)
     WebMock.enable!
     WebMock.reset!
 
-    allow(Rails.application.secrets).to receive(:oauth_client_private_key).and_return(nil)
+    allow(Rails.application.credentials).to receive(:oauth_client_private_key).and_return(nil)
 
     stub_oidc_discovery
     stub_token_response

spec/support/helpers/govuk_account_session_helper.rb

@@ -6,7 +6,7 @@ def placeholder_govuk_account_session(options = {})
   def placeholder_govuk_account_session_object(options = {})
     AccountSession.new(
       **{
-        session_secret: Rails.application.secrets.session_secret,
+        session_secret: Rails.application.credentials.session_secret,
         id_token: "id-token",
         user_id: "user-id",
         mfa: false,