From 39a8de3bc2207848e62c8d115eb8cd0fb0e8707a Mon Sep 17 00:00:00 2001 From: Petrik Date: Sat, 9 Nov 2024 11:08:14 +0100 Subject: [PATCH] [rails] Upgrade to Rails 8. --- frameworks/Ruby/rails/Gemfile | 2 +- frameworks/Ruby/rails/Gemfile.lock | 175 +++++++++--------- .../rails/config/environments/development.rb | 29 +-- .../rails/config/environments/production.rb | 41 ++-- .../Ruby/rails/config/environments/test.rb | 15 +- .../initializers/filter_parameter_logging.rb | 6 +- 6 files changed, 127 insertions(+), 141 deletions(-) diff --git a/frameworks/Ruby/rails/Gemfile b/frameworks/Ruby/rails/Gemfile index 846b2777d7e..9b7458ae417 100644 --- a/frameworks/Ruby/rails/Gemfile +++ b/frameworks/Ruby/rails/Gemfile @@ -1,6 +1,6 @@ source 'https://rubygems.org' -gem 'rails', '~> 7.2.0' +gem 'rails', '~> 8.0.0' gem 'redis', '~> 5.0' gem 'tzinfo-data' diff --git a/frameworks/Ruby/rails/Gemfile.lock b/frameworks/Ruby/rails/Gemfile.lock index 2d348650520..010270b9617 100644 --- a/frameworks/Ruby/rails/Gemfile.lock +++ b/frameworks/Ruby/rails/Gemfile.lock @@ -1,67 +1,67 @@ GEM remote: https://rubygems.org/ specs: - actioncable (7.2.1.1) - actionpack (= 7.2.1.1) - activesupport (= 7.2.1.1) + actioncable (8.0.0) + actionpack (= 8.0.0) + activesupport (= 8.0.0) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.2.1.1) - actionpack (= 7.2.1.1) - activejob (= 7.2.1.1) - activerecord (= 7.2.1.1) - activestorage (= 7.2.1.1) - activesupport (= 7.2.1.1) + actionmailbox (8.0.0) + actionpack (= 8.0.0) + activejob (= 8.0.0) + activerecord (= 8.0.0) + activestorage (= 8.0.0) + activesupport (= 8.0.0) mail (>= 2.8.0) - actionmailer (7.2.1.1) - actionpack (= 7.2.1.1) - actionview (= 7.2.1.1) - activejob (= 7.2.1.1) - activesupport (= 7.2.1.1) + actionmailer (8.0.0) + actionpack (= 8.0.0) + actionview (= 8.0.0) + activejob (= 8.0.0) + activesupport (= 8.0.0) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (7.2.1.1) - actionview (= 7.2.1.1) - activesupport (= 7.2.1.1) + actionpack (8.0.0) + actionview (= 8.0.0) + activesupport (= 8.0.0) nokogiri (>= 1.8.5) - racc - rack (>= 2.2.4, < 3.2) + rack (>= 2.2.4) rack-session (>= 1.0.1) rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (7.2.1.1) - actionpack (= 7.2.1.1) - activerecord (= 7.2.1.1) - activestorage (= 7.2.1.1) - activesupport (= 7.2.1.1) + actiontext (8.0.0) + actionpack (= 8.0.0) + activerecord (= 8.0.0) + activestorage (= 8.0.0) + activesupport (= 8.0.0) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.2.1.1) - activesupport (= 7.2.1.1) + actionview (8.0.0) + activesupport (= 8.0.0) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (7.2.1.1) - activesupport (= 7.2.1.1) + activejob (8.0.0) + activesupport (= 8.0.0) globalid (>= 0.3.6) - activemodel (7.2.1.1) - activesupport (= 7.2.1.1) - activerecord (7.2.1.1) - activemodel (= 7.2.1.1) - activesupport (= 7.2.1.1) + activemodel (8.0.0) + activesupport (= 8.0.0) + activerecord (8.0.0) + activemodel (= 8.0.0) + activesupport (= 8.0.0) timeout (>= 0.4.0) - activestorage (7.2.1.1) - actionpack (= 7.2.1.1) - activejob (= 7.2.1.1) - activerecord (= 7.2.1.1) - activesupport (= 7.2.1.1) + activestorage (8.0.0) + actionpack (= 8.0.0) + activejob (= 8.0.0) + activerecord (= 8.0.0) + activesupport (= 8.0.0) marcel (~> 1.0) - activesupport (7.2.1.1) + activesupport (8.0.0) base64 + benchmark (>= 0.3) bigdecimal concurrent-ruby (~> 1.0, >= 1.3.1) connection_pool (>= 2.2.5) @@ -71,14 +71,15 @@ GEM minitest (>= 5.1) securerandom (>= 0.3) tzinfo (~> 2.0, >= 2.0.5) + uri (>= 0.13.1) agoo (2.15.13) - async (2.17.0) - console (~> 1.26) + async (2.19.0) + console (~> 1.29) fiber-annotation io-event (~> 1.6, >= 1.6.5) async-container (0.18.3) async (~> 2.10) - async-http (0.82.1) + async-http (0.82.3) async (>= 2.10.2) async-pool (~> 0.9) io-endpoint (~> 0.14) @@ -97,16 +98,17 @@ GEM async async-container (~> 0.16) base64 (0.2.0) + benchmark (0.4.0) bigdecimal (3.1.8) builder (3.3.0) concurrent-ruby (1.3.4) connection_pool (2.4.1) - console (1.27.0) + console (1.29.0) fiber-annotation fiber-local (~> 1.1) json crass (1.0.6) - date (3.3.4) + date (3.4.1) drb (2.2.1) erubi (1.13.0) falcon (0.48.3) @@ -130,16 +132,16 @@ GEM activesupport (>= 6.1) i18n (1.14.6) concurrent-ruby (~> 1.0) - io-console (0.7.2) + io-console (0.8.0) io-endpoint (0.14.0) - io-event (1.7.2) - io-stream (0.6.0) + io-event (1.7.3) + io-stream (0.6.1) irb (1.14.1) rdoc (>= 4.0.0) reline (>= 0.4.2) json (2.8.1) localhost (1.3.1) - logger (1.6.1) + logger (1.6.2) loofah (2.23.1) crass (~> 1.0.2) nokogiri (>= 1.12.0) @@ -150,11 +152,11 @@ GEM net-smtp mapping (1.1.1) marcel (1.0.4) - metrics (0.12.0) + metrics (0.12.1) mini_mime (1.1.5) mini_portile2 (2.8.8) - minitest (5.25.1) - net-imap (0.4.17) + minitest (5.25.4) + net-imap (0.5.1) date net-protocol net-pop (0.1.2) @@ -167,27 +169,29 @@ GEM nokogiri (1.16.8) mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.16.8-arm64-darwin) + nokogiri (1.16.8-x86_64-darwin) racc (~> 1.4) nokogiri (1.16.8-x86_64-linux) racc (~> 1.4) openssl (3.2.0) - pg (1.5.8) + pg (1.5.9) process-metrics (0.3.0) console (~> 1.8) json (~> 2) samovar (~> 2.1) protocol-hpack (1.5.1) - protocol-http (0.40.0) + protocol-http (0.42.0) protocol-http1 (0.28.1) protocol-http (~> 0.22) - protocol-http2 (0.19.3) + protocol-http2 (0.19.4) protocol-hpack (~> 1.4) protocol-http (~> 0.18) + traces protocol-rack (0.10.1) protocol-http (~> 0.37) rack (>= 1.0) - psych (5.1.2) + psych (5.2.1) + date stringio puma (6.5.0) nio4r (~> 2.0) @@ -197,23 +201,22 @@ GEM rack (>= 3.0.0) rack-test (2.1.0) rack (>= 1.3) - rackup (2.1.0) + rackup (2.2.1) rack (>= 3) - webrick (~> 1.8) - rails (7.2.1.1) - actioncable (= 7.2.1.1) - actionmailbox (= 7.2.1.1) - actionmailer (= 7.2.1.1) - actionpack (= 7.2.1.1) - actiontext (= 7.2.1.1) - actionview (= 7.2.1.1) - activejob (= 7.2.1.1) - activemodel (= 7.2.1.1) - activerecord (= 7.2.1.1) - activestorage (= 7.2.1.1) - activesupport (= 7.2.1.1) + rails (8.0.0) + actioncable (= 8.0.0) + actionmailbox (= 8.0.0) + actionmailer (= 8.0.0) + actionpack (= 8.0.0) + actiontext (= 8.0.0) + actionview (= 8.0.0) + activejob (= 8.0.0) + activemodel (= 8.0.0) + activerecord (= 8.0.0) + activestorage (= 8.0.0) + activesupport (= 8.0.0) bundler (>= 1.15.0) - railties (= 7.2.1.1) + railties (= 8.0.0) rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest @@ -221,46 +224,46 @@ GEM rails-html-sanitizer (1.6.1) loofah (~> 2.21) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) - railties (7.2.1.1) - actionpack (= 7.2.1.1) - activesupport (= 7.2.1.1) + railties (8.0.0) + actionpack (= 8.0.0) + activesupport (= 8.0.0) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) thor (~> 1.0, >= 1.2.2) zeitwerk (~> 2.6) rake (13.2.1) - rdoc (6.7.0) + rdoc (6.8.1) psych (>= 4.0.0) redis (5.3.0) redis-client (>= 0.22.0) redis-client (0.22.2) connection_pool - reline (0.5.10) + reline (0.5.12) io-console (~> 0.5) samovar (2.3.0) console (~> 1.0) mapping (~> 1.0) - securerandom (0.3.1) - stringio (3.1.1) + securerandom (0.4.0) + stringio (3.1.2) thor (1.3.2) - timeout (0.4.1) - traces (0.13.1) + timeout (0.4.2) + traces (0.14.1) trilogy (2.8.1) tzinfo (2.0.6) concurrent-ruby (~> 1.0) tzinfo-data (1.2024.2) tzinfo (>= 1.0.0) - useragent (0.16.10) - webrick (1.8.2) + uri (1.0.2) + useragent (0.16.11) websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) - zeitwerk (2.7.0) + zeitwerk (2.7.1) PLATFORMS - arm64-darwin-20 ruby + x86_64-darwin-22 x86_64-linux DEPENDENCIES @@ -269,10 +272,10 @@ DEPENDENCIES pg (~> 1.5) puma (~> 6.4) rackup - rails (~> 7.2.0) + rails (~> 8.0.0) redis (~> 5.0) trilogy (~> 2.8.1) tzinfo-data BUNDLED WITH - 2.3.3 + 2.5.16 diff --git a/frameworks/Ruby/rails/config/environments/development.rb b/frameworks/Ruby/rails/config/environments/development.rb index 6a2306dbabc..ab2b0a86d2f 100644 --- a/frameworks/Ruby/rails/config/environments/development.rb +++ b/frameworks/Ruby/rails/config/environments/development.rb @@ -3,9 +3,7 @@ Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # In the development environment your application's code is reloaded any time - # it changes. This slows down response time but is perfect for development - # since you don't have to restart the web server when you make code changes. + # Make code changes take effect immediately without server restart. config.enable_reloading = true # Do not eager load code on boot. @@ -17,35 +15,31 @@ # Enable server timing. config.server_timing = true - # Enable/disable caching. By default caching is disabled. - # Run rails dev:cache to toggle caching. + # Enable/disable Action Controller caching. By default Action Controller caching is disabled. + # Run rails dev:cache to toggle Action Controller caching. if Rails.root.join("tmp/caching-dev.txt").exist? config.action_controller.perform_caching = true config.action_controller.enable_fragment_cache_logging = true - - config.cache_store = :memory_store - config.public_file_server.headers = { "Cache-Control" => "public, max-age=#{2.days.to_i}" } + config.public_file_server.headers = { "cache-control" => "public, max-age=#{2.days.to_i}" } else config.action_controller.perform_caching = false - - config.cache_store = :null_store end + # Change to :null_store to avoid any caching. + config.cache_store = :memory_store + # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log - # Raise exceptions for disallowed deprecations. - config.active_support.disallowed_deprecation = :raise - - # Tell Active Support which deprecation messages to disallow. - config.active_support.disallowed_deprecation_warnings = [] - # Raise an error on page load if there are pending migrations. config.active_record.migration_error = :page_load # Highlight code that triggered database queries in logs. config.active_record.verbose_query_logs = true + # Append comments with runtime information tags to SQL queries in logs. + config.active_record.query_log_tags_enabled = true + # Raises error for missing translations. # config.i18n.raise_on_missing_translations = true @@ -54,7 +48,4 @@ # Raise error when a before_action's only/except options reference missing actions. config.action_controller.raise_on_missing_callback_actions = true - - # Apply autocorrection by RuboCop to files generated by `bin/rails generate`. - # config.generators.apply_rubocop_autocorrect_after_generate! end diff --git a/frameworks/Ruby/rails/config/environments/production.rb b/frameworks/Ruby/rails/config/environments/production.rb index c6594e5d17d..331a2687e8f 100644 --- a/frameworks/Ruby/rails/config/environments/production.rb +++ b/frameworks/Ruby/rails/config/environments/production.rb @@ -6,19 +6,17 @@ # Code is not reloaded between requests. config.enable_reloading = false - # Eager load code on boot. This eager loads most of Rails and - # your application in memory, allowing both threaded web servers - # and those relying on copy on write to perform better. - # Rake tasks automatically ignore this option for performance. + # Eager load code on boot for better performance and memory savings (ignored by Rake tasks). config.eager_load = true - # Full error reports are disabled and caching is turned on. + # Full error reports are disabled. config.consider_all_requests_local = false + + # Turn on fragment caching in view templates. config.action_controller.perform_caching = true - # Ensures that a master key has been made available in ENV["RAILS_MASTER_KEY"], config/master.key, or an environment - # key such as config/credentials/production.key. This key is used to decrypt credentials (and other encrypted files). - # config.require_master_key = true + # Cache assets for far-future expiry since they are all digest stamped. + config.public_file_server.headers = { "cache-control" => "public, max-age=#{1.year.to_i}" } # Disable serving static files from `public/`, relying on NGINX/Apache to do so instead. # This disables the ActionDispatch::Static middleware. @@ -27,12 +25,7 @@ # Enable serving of images, stylesheets, and JavaScripts from an asset server. # config.asset_host = "http://assets.example.com" - # Specifies the header that your server uses for sending files. - # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache - # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX - # Assume all access to the app is happening through a SSL-terminating reverse proxy. - # Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies. # config.assume_ssl = true # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. @@ -41,14 +34,19 @@ # Skip http-to-https redirect for the default health check endpoint. # config.ssl_options = { redirect: { exclude: ->(request) { request.path == "/up" } } } - # Prepend all log lines with the following tags. - config.log_tags = [ :request_id ] + # Log to STDOUT with the current request id as a default log tag. + # config.log_tags = [ :request_id ] + config.logger = ActiveSupport::TaggedLogging.logger(STDOUT) - # "info" includes generic and useful information about system operation, but avoids logging too much - # information to avoid inadvertent exposure of personally identifiable information (PII). If you - # want to log everything, set the level to "debug". + # Change to "debug" to log everything (including potentially personally-identifiable information!) config.log_level = :fatal + # Prevent health checks from clogging up the logs. + config.silence_healthcheck_path = "/up" + + # Don't log any deprecations. + config.active_support.report_deprecations = false + # Use a different cache store in production. config.cache_store = :redis_cache_store, { url: ENV['REDIS_URL'], @@ -66,17 +64,18 @@ # the I18n.default_locale when a translation cannot be found). config.i18n.fallbacks = true - # Don't log any deprecations. - config.active_support.report_deprecations = false - # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false + # Only use :id for inspections in production. + config.active_record.attributes_for_inspect = [ :id ] + # Enable DNS rebinding protection and other `Host` header attacks. # config.hosts = [ # "example.com", # Allow requests from example.com # /.*\.example\.com/ # Allow requests from subdomains like `www.example.com` # ] + # # Skip DNS rebinding protection for the default health check endpoint. # config.host_authorization = { exclude: ->(request) { request.path == "/up" } } end diff --git a/frameworks/Ruby/rails/config/environments/test.rb b/frameworks/Ruby/rails/config/environments/test.rb index 999db7091ef..14bc29e0659 100644 --- a/frameworks/Ruby/rails/config/environments/test.rb +++ b/frameworks/Ruby/rails/config/environments/test.rb @@ -1,5 +1,3 @@ -require "active_support/core_ext/integer/time" - # The test environment is used exclusively to run your application's # test suite. You never need to work with it otherwise. Remember that # your test database is "scratch space" for the test suite and is wiped @@ -17,12 +15,11 @@ # loading is working properly before deploying your code. config.eager_load = ENV["CI"].present? - # Configure public file server for tests with Cache-Control for performance. - config.public_file_server.headers = { "Cache-Control" => "public, max-age=#{1.hour.to_i}" } + # Configure public file server for tests with cache-control for performance. + config.public_file_server.headers = { "cache-control" => "public, max-age=3600" } - # Show full error reports and disable caching. + # Show full error reports. config.consider_all_requests_local = true - config.action_controller.perform_caching = false config.cache_store = :null_store # Render exception templates for rescuable exceptions and raise for other exceptions. @@ -34,12 +31,6 @@ # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr - # Raise exceptions for disallowed deprecations. - config.active_support.disallowed_deprecation = :raise - - # Tell Active Support which deprecation messages to disallow. - config.active_support.disallowed_deprecation_warnings = [] - # Raises error for missing translations. # config.i18n.raise_on_missing_translations = true diff --git a/frameworks/Ruby/rails/config/initializers/filter_parameter_logging.rb b/frameworks/Ruby/rails/config/initializers/filter_parameter_logging.rb index 4b34a036689..c0b717f7ecb 100644 --- a/frameworks/Ruby/rails/config/initializers/filter_parameter_logging.rb +++ b/frameworks/Ruby/rails/config/initializers/filter_parameter_logging.rb @@ -1,6 +1,8 @@ # Be sure to restart your server when you modify this file. -# Configure sensitive parameters which will be filtered from the log file. +# Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file. +# Use this to limit dissemination of sensitive information. +# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. Rails.application.config.filter_parameters += [ - :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn + :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc ]