Skip to content

Issue: #300 Update rack to resolve vulnerabilities#301

Merged
jonrandahl merged 29 commits intodevfrom
issue/300-update-rack-to-resolve-vulnerabilities
Nov 3, 2025
Merged

Issue: #300 Update rack to resolve vulnerabilities#301
jonrandahl merged 29 commits intodevfrom
issue/300-update-rack-to-resolve-vulnerabilities

Conversation

@jonrandahl
Copy link
Contributor

@jonrandahl jonrandahl commented Nov 3, 2025
edited
Loading

chore: update rack and related dependencies to address vulnerabilities

  • Upgrade rack and web server related packages to resolve known security issues
  • Bump Ruby on Rails and core dependencies for latest security, performance, and compatibility improvements
  • Remove unused and deprecated test, browser, and assertion libraries to simplify the test environment
  • Modernise test assertions and migrate away from deprecated syntax for improved maintainability
  • Refine test helper setup and dependency loading for better reliability, particularly with integration tests
  • Update linting, test, security, and development tools to latest compatible versions

Note

Currently there is a "warning" in the start-up logs
Use 'after_stopped', 'on_stopped' is deprecated and will be removed in v8
which is not caught by the JSON rails logger, that is from the puma-metrics gem and outside of our control until the developer releases an update accordingly. I've created a ticket here for follow-up: https://github.com/epimorphics/front-end-backlog/issues/71

Relates to #300

@jonrandahl
chore: relax faraday gem version constraints
1f55e96 
- Change constrained versions to minimum versions
- Update configuration to allow more flexible dependency selection
@jonrandahl
chore: upgrade major framework and related gems
aa776bd 
- Bump major and minor versions of the primary framework and its core dependencies
- Update all direct and transitive dependencies to match new framework requirements
- Add a new direct dependency in the stack as required by dependencies
- Cover all parts of the framework: core, storage, job, view, text, and support
- Update development tool versions for compatibility
- Synchronise downstream dependency versions to prevent mismatches
- Change compatibility constraints for testing gems to fit new versions
@jonrandahl
chore: update general dependencies
3a4a538 
- Bump patch and minor versions for supporting libraries
- Synchronise runtime, dev, and utility gems with upstream
- Narrow compatibility range for styling and template packages
- Lightly adjust the version of the core style library
@jonrandahl
chore: bump faraday and dependencies
4b094af 
- Update faraday to latest minor version
- Ensure compatibility with updated faraday-net_http and logger
- Keep deps current for improved functionality
@jonrandahl
chore: update json and net-http gems
9fd9814 
- Bump json gem to a newer version for nested data handling
- Raise net-http gem version to latest patch
- Follow security and performance improvements from upstream
@jonrandahl
chore: bump json_rails_logger version
450ec69 
- Update logger dependency to the latest minor release
- Improve compatibility and gain recent fixes
- Prepare for potential new features from upstream
@jonrandahl
chore: remove unused minitest-capybara gem
57def89 
- Cleans up testing dependencies by dropping unnecessary gem
- Simplifies test setup and reduces maintenance overhead
@jonrandahl
chore: add csv gem to dependencies
48b65da 
- Include csv in the dependencies list
- Update lockfile to reflect csv addition
@jonrandahl
test: use correct test superclass
9b55c65 
- Switch superclass to appropriate integration test base
@jonrandahl
test: improve minitest and capybara integration
22223ec 
- Restore MiniTest constant for compatibility
- Explicitly require related support gem
- Integrate capybara dsl into test base
- Ensure capybara sessions reset after each test
@jonrandahl
test: swap deprecated assertion for refute
36071ad 
- Replace legacy negative assertions with standard refute
- Use modern assertion syntax in specs for better consistency
- Improve readability and future compatibility of tests
@jonrandahl
test: update gem requires and helper setup
007e081 
- Defer require for select test gems for flexibility
- Set up rails env and environment file loading earlier
- Add compatibility alias for legacy minitest constant use
- Add comments explaining ordering and intent in helpers
- Require minitest-vcr and minitest/spec in setup
@jonrandahl
test: refactor array assertion style in controller tests
c43c6d4 
- Switches from specialised assertion helpers to standard assertion macros
- Updates CSV array type and length checks to use assert_kind_of and assert_operator
- Makes assertions more consistent and less reliant on framework-specific syntax
@jonrandahl
test: unify expectation syntax in search feature tests
97e5a94 
- Changes expected values to argument-first order in equality assertions
- Replaces 'must_equal' and 'must_be' helpers with assert_equal and assert_operator
- Standardises core assertion approach
@jonrandahl
test: modernise expectation syntax in hash extension tests
a4191a6 
- Updates all equality and nil assertions to standard macros
- Changes from old-style helpers to assert_equal and refute_nil
- Applies changes throughout multiple nested and default hash behaviour tests
@jonrandahl
chore: update puma server and metrics
b7027e9 
- Bump versions for performance and security
- Increase version for puma to latest release
- Update puma-metrics to match new dependency requirements
- Ensure compatibility in requirements for both packages
@jonrandahl
chore: bump jquery-rails dependency for minor update
cc8fcb5 
- Updates a frontend library to the latest patch version
- Ensures compatibility and includes minor bug fixes from upstream
@jonrandahl
chore: update Sentry library to latest version
d1d6e19 
- Upgrades monitoring tools to address compatibility and security
- Ensures better integration with current dependencies
- Prepares for upcoming platform and library changes
@jonrandahl
chore: update linting dependencies to resolve vulnerabilities
f9ad01e 
- Updates several packages to newer versions for improved security
- Addresses known vulnerabilities for compliance and stability
- Enhances compatibility with latest dependency versions
- Keeps development tools current and up to date
@jonrandahl
chore: update test dependencies to address security issues
8eb509f 
- Bumps several dependencies to include latest security patches
- Improves overall reliability by resolving known vulnerabilities
- Keeps components in sync with supported upstream versions
@jonrandahl
chore: update lsp and tooling dependencies
a7c86d8 
- Bumps language server and code analysis tool versions for latest features and fixes
- Relaxes version constraint on type signature tool to enhance compatibility
- Adds support utility for documentation
- Prepares for improved compatibility and potential vulnerability fixes
@jonrandahl
chore: update dependency for improved compatibility
fee1633 
- Bumps component version to ensure compatibility with other libraries
- Addresses potential issues with outdated dependency
- Prepares project for future updates and security patches
@jonrandahl
chore: update test dependencies and remove unused gems
4b2e1d5 
- Removes unused browser test and driver dependencies
- Updates browser driver gems to latest versions
- Streamlines test group for more reliable dependency management
@jonrandahl
chore: remove test dependency on vcr integration
ea6a8a4 
- Remove test gem for vcr integration and its dependencies
- Clean up references to vcr integration in dependency config
- Update gem group for tests
- Simplify dependency lock entries for fewer test deps
@jonrandahl
chore: clean up test helper vcr setup
685e00a 
- Remove direct loading of removed test support lib
- Simplify initialisation of test helper for spec usage
- Drop compatibility code for removed integration
@jonrandahl
chore: update documentation dependency version
4d22033 
- Bumps documentation library version to address minor issues
- Ensures compatibility and improved developer experience
@jonrandahl
refactor: remove deprecated timezone config option
f490510 
- Removes setting for legacy time zone preservation to clean up config
- Prepares for compatibility with future framework versions
@jonrandahl
docs: Updated CHANGELOG
e8f1f8b 
- Update framework and core dependencies to address security issues
- Modernise test suite for improved compatibility and maintainability
- Remove unused test and integration dependencies
- Fix deprecation warnings and compatibility with latest versions
- Improve test logging for better clarity
- Add missing dependency for compatibility with newer language versions
@jonrandahl jonrandahl self-assigned this Nov 3, 2025
@jonrandahl jonrandahl marked this pull request as ready for review November 3, 2025 16:18
@jonrandahl
chore: clean up changelog entries
b999e26 
- Reorganises mention of deprecated configuration removal
bogdanadrianmarc
bogdanadrianmarc approved these changes Nov 3, 2025
View reviewed changes
Copy link
Contributor

@bogdanadrianmarc bogdanadrianmarc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@jonrandahl jonrandahl merged commit 5c25826 into dev Nov 3, 2025
2 checks passed
@jonrandahl jonrandahl deleted the issue/300-update-rack-to-resolve-vulnerabilities branch November 3, 2025 17:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bogdanadrianmarc bogdanadrianmarc bogdanadrianmarc approved these changes

@ajtucker ajtucker Awaiting requested review from ajtucker

@DanielCouzens DanielCouzens Awaiting requested review from DanielCouzens

Assignees

@jonrandahl jonrandahl

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jonrandahl @bogdanadrianmarc