Bump rails from 7.1.3.4 to 7.2.0 (#615)

* Bump rails from 7.1.3.4 to 7.2.0 Bumps [rails](https://github.com/rails/rails) from 7.1.3.4 to 7.2.0. - [Release notes](https://github.com/rails/rails/releases) - [Commits](rails/rails@v7.1.3.4...v7.2.0) --- updated-dependencies: - dependency-name: rails dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Update gemset.nix * Perform actual rails update * Fix deprecation warning * Use ActiveJob test adapter in tests * Fix rescan runner model tests --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com> Co-authored-by: Charlotte Van Petegem <[email protected]>
accentor · Aug 10, 2024 · d5283d3 · d5283d3
1 parent de73dea
commit d5283d3
Show file tree

Hide file tree

Showing 14 changed files with 212 additions and 157 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -47,4 +47,7 @@ jobs:
       env:
         RAILS_ENV: "test"
       run: |
-        bundle exec rubocop -c .rubocop.yml
+        bundle exec rubocop -c .rubocop.yml -f github
+    - name: Scan with brakeman
+      run: |
+        bundle exec brakeman --no-pager
diff --git a/Gemfile b/Gemfile
@@ -4,7 +4,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 ruby '~> 3.3.0'
 
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem 'rails', '~> 7.1'
+gem 'rails', '~> 7.2'
 # Use postgresql as the database for Active Record
 gem 'pg', '>= 1.2.3', '< 2.0'
 # Use Puma as the app server
@@ -48,10 +48,12 @@ group :development, :test do
 end
 
 group :development do
-  gem 'annotate', '~> 3.2' # Remove workaround in lib/tasks/annotate.rb when https://github.com/ctran/annotate_models/issues/696 is fixed
-  gem 'rubocop', '~> 1.65'
-  gem 'rubocop-factory_bot', '~> 2.26'
-  gem 'rubocop-minitest', '~> 0.35.1'
-  gem 'rubocop-rails', '~> 2.25'
-  gem 'ruby-lsp', '~> 0.17.12'
+  gem 'annotate', '~> 3.2', require: false # Remove workaround in lib/tasks/annotate.rb when https://github.com/ctran/annotate_models/issues/696 is fixed
+  gem 'rubocop', '~> 1.65', require: false
+  gem 'rubocop-factory_bot', '~> 2.26', require: false
+  gem 'rubocop-minitest', '~> 0.35.1', require: false
+  gem 'rubocop-rails', '~> 2.25', require: false
+  gem 'ruby-lsp', '~> 0.17.12', require: false
+
+  gem 'brakeman', require: false
 end
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,51 +1,46 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.1.3.4)
-      actionpack (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
+    actioncable (7.2.0)
+      actionpack (= 7.2.0)
+      activesupport (= 7.2.0)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
       zeitwerk (~> 2.6)
-    actionmailbox (7.1.3.4)
-      actionpack (= 7.1.3.4)
-      activejob (= 7.1.3.4)
-      activerecord (= 7.1.3.4)
-      activestorage (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
-      mail (>= 2.7.1)
-      net-imap
-      net-pop
-      net-smtp
-    actionmailer (7.1.3.4)
-      actionpack (= 7.1.3.4)
-      actionview (= 7.1.3.4)
-      activejob (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
-      mail (~> 2.5, >= 2.5.4)
-      net-imap
-      net-pop
-      net-smtp
+    actionmailbox (7.2.0)
+      actionpack (= 7.2.0)
+      activejob (= 7.2.0)
+      activerecord (= 7.2.0)
+      activestorage (= 7.2.0)
+      activesupport (= 7.2.0)
+      mail (>= 2.8.0)
+    actionmailer (7.2.0)
+      actionpack (= 7.2.0)
+      actionview (= 7.2.0)
+      activejob (= 7.2.0)
+      activesupport (= 7.2.0)
+      mail (>= 2.8.0)
       rails-dom-testing (~> 2.2)
-    actionpack (7.1.3.4)
-      actionview (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
+    actionpack (7.2.0)
+      actionview (= 7.2.0)
+      activesupport (= 7.2.0)
       nokogiri (>= 1.8.5)
       racc
-      rack (>= 2.2.4)
+      rack (>= 2.2.4, < 3.2)
       rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    actiontext (7.1.3.4)
-      actionpack (= 7.1.3.4)
-      activerecord (= 7.1.3.4)
-      activestorage (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
+      useragent (~> 0.16)
+    actiontext (7.2.0)
+      actionpack (= 7.2.0)
+      activerecord (= 7.2.0)
+      activestorage (= 7.2.0)
+      activesupport (= 7.2.0)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.1.3.4)
-      activesupport (= 7.1.3.4)
+    actionview (7.2.0)
+      activesupport (= 7.2.0)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
@@ -55,31 +50,32 @@ GEM
       activemodel (>= 4.1)
       case_transform (>= 0.2)
       jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
-    activejob (7.1.3.4)
-      activesupport (= 7.1.3.4)
+    activejob (7.2.0)
+      activesupport (= 7.2.0)
       globalid (>= 0.3.6)
-    activemodel (7.1.3.4)
-      activesupport (= 7.1.3.4)
-    activerecord (7.1.3.4)
-      activemodel (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
+    activemodel (7.2.0)
+      activesupport (= 7.2.0)
+    activerecord (7.2.0)
+      activemodel (= 7.2.0)
+      activesupport (= 7.2.0)
       timeout (>= 0.4.0)
-    activestorage (7.1.3.4)
-      actionpack (= 7.1.3.4)
-      activejob (= 7.1.3.4)
-      activerecord (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
+    activestorage (7.2.0)
+      actionpack (= 7.2.0)
+      activejob (= 7.2.0)
+      activerecord (= 7.2.0)
+      activesupport (= 7.2.0)
       marcel (~> 1.0)
-    activesupport (7.1.3.4)
+    activesupport (7.2.0)
       base64
       bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
       minitest (>= 5.1)
-      mutex_m
-      tzinfo (~> 2.0)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
     annotate (3.2.0)
       activerecord (>= 3.2, < 8.0)
       rake (>= 10.4, < 14.0)
@@ -89,6 +85,8 @@ GEM
     bigdecimal (3.1.8)
     bootsnap (1.18.4)
       msgpack (~> 1.2)
+    brakeman (6.1.2)
+      racc
     builder (3.3.0)
     case_transform (0.2)
       activesupport
@@ -158,8 +156,7 @@ GEM
     mocha (2.4.5)
       ruby2_keywords (>= 0.0.5)
     msgpack (1.7.2)
-    mutex_m (0.2.0)
-    net-imap (0.4.12)
+    net-imap (0.4.14)
       date
       net-protocol
     net-pop (0.1.2)
@@ -196,31 +193,31 @@ GEM
     rackup (2.1.0)
       rack (>= 3)
       webrick (~> 1.8)
-    rails (7.1.3.4)
-      actioncable (= 7.1.3.4)
-      actionmailbox (= 7.1.3.4)
-      actionmailer (= 7.1.3.4)
-      actionpack (= 7.1.3.4)
-      actiontext (= 7.1.3.4)
-      actionview (= 7.1.3.4)
-      activejob (= 7.1.3.4)
-      activemodel (= 7.1.3.4)
-      activerecord (= 7.1.3.4)
-      activestorage (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
+    rails (7.2.0)
+      actioncable (= 7.2.0)
+      actionmailbox (= 7.2.0)
+      actionmailer (= 7.2.0)
+      actionpack (= 7.2.0)
+      actiontext (= 7.2.0)
+      actionview (= 7.2.0)
+      activejob (= 7.2.0)
+      activemodel (= 7.2.0)
+      activerecord (= 7.2.0)
+      activestorage (= 7.2.0)
+      activesupport (= 7.2.0)
       bundler (>= 1.15.0)
-      railties (= 7.1.3.4)
+      railties (= 7.2.0)
     rails-dom-testing (2.2.0)
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    railties (7.1.3.4)
-      actionpack (= 7.1.3.4)
-      activesupport (= 7.1.3.4)
-      irb
+    railties (7.2.0)
+      actionpack (= 7.2.0)
+      activesupport (= 7.2.0)
+      irb (~> 1.13)
       rackup (>= 1.0.0)
       rake (>= 12.2)
       thor (~> 1.0, >= 1.2.2)
@@ -269,6 +266,7 @@ GEM
       ffi (~> 1.12)
       logger
     ruby2_keywords (0.0.5)
+    securerandom (0.3.1)
     simplecov (0.21.2)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
@@ -283,6 +281,7 @@ GEM
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.5.0)
+    useragent (0.16.10)
     wahwah (1.6.4)
     webrick (1.8.1)
     websocket-driver (0.7.6)
@@ -299,6 +298,7 @@ DEPENDENCIES
   annotate (~> 3.2)
   bcrypt (~> 3.1)
   bootsnap (~> 1.18.4)
+  brakeman
   codecov (~> 0.6.0)
   debug (~> 1.9)
   factory_bot_rails (~> 6.4)
@@ -311,7 +311,7 @@ DEPENDENCIES
   puma (~> 6.4)
   pundit (~> 2.3)
   rack-cors (~> 2.0)
-  rails (~> 7.1)
+  rails (~> 7.2)
   rubocop (~> 1.65)
   rubocop-factory_bot (~> 2.26)
   rubocop-minitest (~> 0.35.1)
@@ -326,4 +326,4 @@ RUBY VERSION
    ruby 3.3.0p0
 
 BUNDLED WITH
-   2.5.9
+   2.5.11
diff --git a/app/models/playlist.rb b/app/models/playlist.rb
@@ -15,8 +15,8 @@ class Playlist < ApplicationRecord
   belongs_to :user
   has_many :items, class_name: 'PlaylistItem', dependent: :destroy
 
-  enum access: { shared: 0, personal: 1, secret: 2 }
-  enum playlist_type: { album: 0, artist: 1, track: 2 }
+  enum :access, { shared: 0, personal: 1, secret: 2 }
+  enum :playlist_type, { album: 0, artist: 1, track: 2 }
 
   scope :with_item_ids, lambda {
     left_joins(:items)

diff --git a/app/models/track_artist.rb b/app/models/track_artist.rb
@@ -15,7 +15,7 @@
 class TrackArtist < ApplicationRecord
   include HasNormalized
 
-  enum role: { main: 0, performer: 1, composer: 2, conductor: 3, remixer: 4, producer: 5, arranger: 6 }
+  enum :role, { main: 0, performer: 1, composer: 2, conductor: 3, remixer: 4, producer: 5, arranger: 6 }
 
   belongs_to :track
   belongs_to :artist

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -9,7 +9,7 @@
 #
 
 class User < ApplicationRecord
-  enum permission: { user: 0, moderator: 1, admin: 2 }
+  enum :permission, { user: 0, moderator: 1, admin: 2 }
 
   has_secure_password
 

diff --git a/config/application.rb b/config/application.rb
@@ -17,7 +17,7 @@
 module Accentor
   class Application < Rails::Application
     # Initialize configuration defaults for originally generated Rails version.
-    config.load_defaults 7.1
+    config.load_defaults 7.2
 
     # Please, add to the `ignore` list any other `lib` subdirectories that do
     # not contain `.rb` files, or that should not be reloaded or eager loaded.

diff --git a/config/brakeman.ignore b/config/brakeman.ignore
@@ -0,0 +1,29 @@
+{
+  "ignored_warnings": [
+    {
+      "warning_type": "File Access",
+      "warning_code": 16,
+      "fingerprint": "4cca0972cd94dfed36bd9c5de56d9194b5f9fa2df9cea101e054130f95d5556f",
+      "check_name": "SendFile",
+      "message": "Model attribute used in file name",
+      "file": "app/controllers/tracks_controller.rb",
+      "line": 85,
+      "link": "https://brakemanscanner.org/docs/warning_types/file_access/",
+      "code": "send_file(Track.find(params[:id]).audio_file.full_path)",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "TracksController",
+        "method": "download"
+      },
+      "user_input": "Track.find(params[:id]).audio_file.full_path",
+      "confidence": "Medium",
+      "cwe_id": [
+        22
+      ],
+      "note": "The attribute is not configurable by users, but rather set by the scan job"
+    }
+  ],
+  "updated": "2024-08-10 11:14:43 +0200",
+  "brakeman_version": "6.1.2"
+}
diff --git a/config/environments/test.rb b/config/environments/test.rb
@@ -49,6 +49,9 @@
   # Raises error for missing translations.
   config.i18n.raise_on_missing_translations = true
 
+  # Use ActiveJob test adapter in tests
+  config.active_job.queue_adapter = :test
+
   # Annotate rendered view with file names.
   # config.action_view.annotate_rendered_view_with_filenames = true