Rails 7.0 update (#25668)

Gemfile

@@ -4,7 +4,7 @@ source 'https://rubygems.org'
 ruby '>= 3.0.0'
 
 gem 'puma', '~> 6.3'
-gem 'rails', '~> 6.1.7'
+gem 'rails', '~> 7.0'
 gem 'sprockets', '~> 3.7.2'
 gem 'thor', '~> 1.2'
 gem 'rack', '~> 2.2.7'
@@ -66,7 +66,7 @@ gem 'pundit', '~> 2.3'
 gem 'premailer-rails'
 gem 'rack-attack', '~> 6.6'
 gem 'rack-cors', '~> 2.0', require: 'rack/cors'
-gem 'rails-i18n', '~> 6.0'
+gem 'rails-i18n', '~> 7.0'
 gem 'rails-settings-cached', '~> 0.6', git: 'https://github.com/mastodon/rails-settings-cached.git', branch: 'v0.6.6-aliases-true'
 gem 'redcarpet', '~> 3.6'
 gem 'redis', '~> 4.5', require: ['redis', 'redis/connection/hiredis']

Gemfile.lock

@@ -18,40 +18,47 @@ GIT
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.1.7.4)
-      actionpack (= 6.1.7.4)
-      activesupport (= 6.1.7.4)
+    actioncable (7.0.6)
+      actionpack (= 7.0.6)
+      activesupport (= 7.0.6)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.7.4)
-      actionpack (= 6.1.7.4)
-      activejob (= 6.1.7.4)
-      activerecord (= 6.1.7.4)
-      activestorage (= 6.1.7.4)
-      activesupport (= 6.1.7.4)
+    actionmailbox (7.0.6)
+      actionpack (= 7.0.6)
+      activejob (= 7.0.6)
+      activerecord (= 7.0.6)
+      activestorage (= 7.0.6)
+      activesupport (= 7.0.6)
       mail (>= 2.7.1)
-    actionmailer (6.1.7.4)
-      actionpack (= 6.1.7.4)
-      actionview (= 6.1.7.4)
-      activejob (= 6.1.7.4)
-      activesupport (= 6.1.7.4)
+      net-imap
+      net-pop
+      net-smtp
+    actionmailer (7.0.6)
+      actionpack (= 7.0.6)
+      actionview (= 7.0.6)
+      activejob (= 7.0.6)
+      activesupport (= 7.0.6)
       mail (~> 2.5, >= 2.5.4)
+      net-imap
+      net-pop
+      net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.7.4)
-      actionview (= 6.1.7.4)
-      activesupport (= 6.1.7.4)
-      rack (~> 2.0, >= 2.0.9)
+    actionpack (7.0.6)
+      actionview (= 7.0.6)
+      activesupport (= 7.0.6)
+      rack (~> 2.0, >= 2.2.4)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.7.4)
-      actionpack (= 6.1.7.4)
-      activerecord (= 6.1.7.4)
-      activestorage (= 6.1.7.4)
-      activesupport (= 6.1.7.4)
+    actiontext (7.0.6)
+      actionpack (= 7.0.6)
+      activerecord (= 7.0.6)
+      activestorage (= 7.0.6)
+      activesupport (= 7.0.6)
+      globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (6.1.7.4)
-      activesupport (= 6.1.7.4)
+    actionview (7.0.6)
+      activesupport (= 7.0.6)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
@@ -61,27 +68,26 @@ GEM
       activemodel (>= 4.1, < 7.1)
       case_transform (>= 0.2)
       jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
-    activejob (6.1.7.4)
-      activesupport (= 6.1.7.4)
+    activejob (7.0.6)
+      activesupport (= 7.0.6)
       globalid (>= 0.3.6)
-    activemodel (6.1.7.4)
-      activesupport (= 6.1.7.4)
-    activerecord (6.1.7.4)
-      activemodel (= 6.1.7.4)
-      activesupport (= 6.1.7.4)
-    activestorage (6.1.7.4)
-      actionpack (= 6.1.7.4)
-      activejob (= 6.1.7.4)
-      activerecord (= 6.1.7.4)
-      activesupport (= 6.1.7.4)
+    activemodel (7.0.6)
+      activesupport (= 7.0.6)
+    activerecord (7.0.6)
+      activemodel (= 7.0.6)
+      activesupport (= 7.0.6)
+    activestorage (7.0.6)
+      actionpack (= 7.0.6)
+      activejob (= 7.0.6)
+      activerecord (= 7.0.6)
+      activesupport (= 7.0.6)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (6.1.7.4)
+    activesupport (7.0.6)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-      zeitwerk (~> 2.3)
     addressable (2.8.4)
       public_suffix (>= 2.0.2, < 6.0)
     aes_key_wrap (1.1.0)
@@ -508,21 +514,20 @@ GEM
       rack
     rack-test (2.1.0)
       rack (>= 1.3)
-    rails (6.1.7.4)
-      actioncable (= 6.1.7.4)
-      actionmailbox (= 6.1.7.4)
-      actionmailer (= 6.1.7.4)
-      actionpack (= 6.1.7.4)
-      actiontext (= 6.1.7.4)
-      actionview (= 6.1.7.4)
-      activejob (= 6.1.7.4)
-      activemodel (= 6.1.7.4)
-      activerecord (= 6.1.7.4)
-      activestorage (= 6.1.7.4)
-      activesupport (= 6.1.7.4)
+    rails (7.0.6)
+      actioncable (= 7.0.6)
+      actionmailbox (= 7.0.6)
+      actionmailer (= 7.0.6)
+      actionpack (= 7.0.6)
+      actiontext (= 7.0.6)
+      actionview (= 7.0.6)
+      activejob (= 7.0.6)
+      activemodel (= 7.0.6)
+      activerecord (= 7.0.6)
+      activestorage (= 7.0.6)
+      activesupport (= 7.0.6)
       bundler (>= 1.15.0)
-      railties (= 6.1.7.4)
-      sprockets-rails (>= 2.0.0)
+      railties (= 7.0.6)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
@@ -533,15 +538,16 @@ GEM
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    rails-i18n (6.0.0)
+    rails-i18n (7.0.7)
       i18n (>= 0.7, < 2)
-      railties (>= 6.0.0, < 7)
-    railties (6.1.7.4)
-      actionpack (= 6.1.7.4)
-      activesupport (= 6.1.7.4)
+      railties (>= 6.0.0, < 8)
+    railties (7.0.6)
+      actionpack (= 7.0.6)
+      activesupport (= 7.0.6)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
+      zeitwerk (~> 2.5)
     rainbow (3.1.1)
     rake (13.0.6)
     rdf (3.2.11)
@@ -688,7 +694,7 @@ GEM
       climate_control (>= 0.0.3, < 1.0)
     thor (1.2.2)
     tilt (2.2.0)
-    timeout (0.3.2)
+    timeout (0.4.0)
     tpm-key_attestation (0.12.0)
       bindata (~> 2.4)
       openssl (> 2.0)
@@ -839,9 +845,9 @@ DEPENDENCIES
   rack-attack (~> 6.6)
   rack-cors (~> 2.0)
   rack-test (~> 2.1)
-  rails (~> 6.1.7)
+  rails (~> 7.0)
   rails-controller-testing (~> 1.0)
-  rails-i18n (~> 6.0)
+  rails-i18n (~> 7.0)
   rails-settings-cached (~> 0.6)!
   rdf-normalize (~> 0.5)
   redcarpet (~> 3.6)

app/lib/inline_renderer.rb

@@ -37,7 +37,7 @@ class InlineRenderer
   private
 
   def preload_associations_for_status
-    ActiveRecord::Associations::Preloader.new.preload(@object, {
+    ActiveRecord::Associations::Preloader.new(records: @object, associations: {
       active_mentions: :account,
 
       reblog: {

app/lib/rss/channel.rb

@@ -16,7 +16,7 @@ class RSS::Channel < RSS::Element
   end
 
   def last_build_date(date)
-    append_element('lastBuildDate', date.to_formatted_s(:rfc822))
+    append_element('lastBuildDate', date.to_fs(:rfc822))
   end
 
   def image(url, title, link)

app/lib/rss/item.rb

@@ -20,7 +20,7 @@ class RSS::Item < RSS::Element
   end
 
   def pub_date(date)
-    append_element('pubDate', date.to_formatted_s(:rfc822))
+    append_element('pubDate', date.to_fs(:rfc822))
   end
 
   def description(str)

app/models/announcement.rb

@@ -80,7 +80,7 @@ class Announcement < ApplicationRecord
       end
     end
 
-    ActiveRecord::Associations::Preloader.new.preload(records, :custom_emoji)
+    ActiveRecord::Associations::Preloader.new(records: records, associations: :custom_emoji)
     records
   end
 

app/models/concerns/account_search.rb

@@ -122,7 +122,7 @@ module AccountSearch
       tsquery = generate_query_for_search(terms)
 
       find_by_sql([BASIC_SEARCH_SQL, { limit: limit, offset: offset, tsquery: tsquery }]).tap do |records|
-        ActiveRecord::Associations::Preloader.new.preload(records, :account_stat)
+        ActiveRecord::Associations::Preloader.new(records: records, associations: :account_stat)
       end
     end
 
@@ -131,7 +131,7 @@ module AccountSearch
       sql_template = following ? ADVANCED_SEARCH_WITH_FOLLOWING : ADVANCED_SEARCH_WITHOUT_FOLLOWING
 
       find_by_sql([sql_template, { id: account.id, limit: limit, offset: offset, tsquery: tsquery }]).tap do |records|
-        ActiveRecord::Associations::Preloader.new.preload(records, :account_stat)
+        ActiveRecord::Associations::Preloader.new(records: records, associations: :account_stat)
       end
     end
 

app/models/concerns/status_safe_reblog_insert.rb

@@ -4,41 +4,41 @@ module StatusSafeReblogInsert
   extend ActiveSupport::Concern
 
   class_methods do
-    # This is a hack to ensure that no reblogs of discarded statuses are created,
-    # as this cannot be enforced through database constraints the same way we do
-    # for reblogs of deleted statuses.
+    # This patch overwrites the built-in ActiveRecord `_insert_record` method to
+    # ensure that no reblogs of discarded statuses are created, as this cannot be
+    # enforced through DB constraints the same way as reblogs of deleted statuses
     #
-    # To achieve this, we redefine the internal method responsible for issuing
-    # the "INSERT" statement and replace the "INSERT INTO ... VALUES ..." query
-    # with an "INSERT INTO ... SELECT ..." query with a "WHERE deleted_at IS NULL"
-    # clause on the reblogged status to ensure consistency at the database level.
+    # We redefine the internal method responsible for issuing the `INSERT`
+    # statement and replace the `INSERT INTO ... VALUES ...` query with an `INSERT
+    # INTO ... SELECT ...` query with a `WHERE deleted_at IS NULL` clause on the
+    # reblogged status to ensure consistency at the database level.
     #
-    # Otherwise, the code is kept as close as possible to ActiveRecord::Persistence
-    # code, and actually calls it if we are not handling a reblog.
+    # The code is kept similar to ActiveRecord::Persistence code and calls it
+    # directly when we are not handling a reblog.
     def _insert_record(values)
-      return super unless values.is_a?(Hash) && values['reblog_of_id'].present?
+      return super unless values.is_a?(Hash) && values['reblog_of_id']&.value.present?
 
       primary_key = self.primary_key
       primary_key_value = nil
 
-      if primary_key
-        primary_key_value = values[primary_key]
-
-        if !primary_key_value && prefetch_primary_key?
+      if prefetch_primary_key? && primary_key
+        values[primary_key] ||= begin
           primary_key_value = next_sequence_value
-          values[primary_key] = primary_key_value
+          _default_attributes[primary_key].with_cast_value(primary_key_value)
         end
       end
 
-      # The following line is where we differ from stock ActiveRecord implementation
+      # The following line departs from stock ActiveRecord
+      # Original code was:
+      # im.insert(values.transform_keys { |name| arel_table[name] })
+      # Instead, we use a custom builder when a reblog is happening:
       im = _compile_reblog_insert(values)
 
-      # Since we are using SELECT instead of VALUES, a non-error `nil` return is possible.
-      # For our purposes, it's equivalent to a foreign key constraint violation
-      result = connection.insert(im, "#{self} Create", primary_key || false, primary_key_value)
-      raise ActiveRecord::InvalidForeignKey, "(reblog_of_id)=(#{values['reblog_of_id']}) is not present in table \"statuses\"" if result.nil?
-
-      result
+      connection.insert(im, "#{self} Create", primary_key || false, primary_key_value).tap do |result|
+        # Since we are using SELECT instead of VALUES, a non-error `nil` return is possible.
+        # For our purposes, it's equivalent to a foreign key constraint violation
+        raise ActiveRecord::InvalidForeignKey, "(reblog_of_id)=(#{values['reblog_of_id'].value}) is not present in table \"statuses\"" if result.nil?
+      end
     end
 
     def _compile_reblog_insert(values)
@@ -54,9 +54,9 @@ module StatusSafeReblogInsert
 
       binds = []
       reblog_bind = nil
-      values.each do |name, value|
+      values.each do |name, attribute|
         attr = arel_table[name]
-        bind = predicate_builder.build_bind_attribute(attr.name, value)
+        bind = predicate_builder.build_bind_attribute(attr.name, attribute.value)
 
         im.columns << attr
         binds << bind

app/models/notification.rb

@@ -111,7 +111,7 @@ class Notification < ApplicationRecord
 
         # Instead of using the usual `includes`, manually preload each type.
         # If polymorphic associations are loaded with the usual `includes`, other types of associations will be loaded more.
-        ActiveRecord::Associations::Preloader.new.preload(grouped_notifications, associations)
+        ActiveRecord::Associations::Preloader.new(records: grouped_notifications, associations: associations)
       end
 
       unique_target_statuses = notifications.filter_map(&:target_status).uniq

app/serializers/initial_state_serializer.rb

@@ -83,7 +83,10 @@ class InitialStateSerializer < ActiveModel::Serializer
   def accounts
     store = {}
 
-    ActiveRecord::Associations::Preloader.new.preload([object.current_account, object.admin, object.owner, object.disabled_account, object.moved_to_account].compact, [:account_stat, :user, { moved_to_account: [:account_stat, :user] }])
+    ActiveRecord::Associations::Preloader.new(
+      records: [object.current_account, object.admin, object.owner, object.disabled_account, object.moved_to_account].compact,
+      associations: [:account_stat, :user, { moved_to_account: [:account_stat, :user] }]
+    )
 
     store[object.current_account.id.to_s]  = ActiveModelSerializers::SerializableResource.new(object.current_account, serializer: REST::AccountSerializer) if object.current_account
     store[object.admin.id.to_s]            = ActiveModelSerializers::SerializableResource.new(object.admin, serializer: REST::AccountSerializer) if object.admin

app/services/account_search_service.rb

@@ -93,7 +93,7 @@ class AccountSearchService < BaseService
                            .objects
                            .compact
 
-    ActiveRecord::Associations::Preloader.new.preload(records, :account_stat)
+    ActiveRecord::Associations::Preloader.new(records: records, associations: :account_stat)
 
     records
   rescue Faraday::ConnectionFailed, Parslet::ParseFailed

app/services/batched_remove_status_service.rb

@@ -8,7 +8,10 @@ class BatchedRemoveStatusService < BaseService
   # @param [Hash] options
   # @option [Boolean] :skip_side_effects Do not modify feeds and send updates to streaming API
   def call(statuses, **options)
-    ActiveRecord::Associations::Preloader.new.preload(statuses, options[:skip_side_effects] ? :reblogs : [:account, :tags, reblogs: :account])
+    ActiveRecord::Associations::Preloader.new(
+      records: statuses,
+      associations: options[:skip_side_effects] ? :reblogs : [:account, :tags, reblogs: :account]
+    )
 
     statuses_and_reblogs = statuses.flat_map { |status| [status] + status.reblogs }
 
@@ -17,7 +20,10 @@ class BatchedRemoveStatusService < BaseService
     # rely on direct visibility statuses being relatively rare.
     statuses_with_account_conversations = statuses.select(&:direct_visibility?)
 
-    ActiveRecord::Associations::Preloader.new.preload(statuses_with_account_conversations, [mentions: :account])
+    ActiveRecord::Associations::Preloader.new(
+      records: statuses_with_account_conversations,
+      associations: [mentions: :account]
+    )
 
     statuses_with_account_conversations.each(&:unlink_from_conversations!)
 

config/application.rb

@@ -60,7 +60,15 @@ require_relative '../lib/mastodon/redis_config'
 module Mastodon
   class Application < Rails::Application
     # Initialize configuration defaults for originally generated Rails version.
-    config.load_defaults 6.1
+    config.load_defaults 7.0
+
+    # TODO: Release a version which uses the 7.0 defaults as specified above,
+    # but preserves the 6.1 cache format as set below. In a subsequent change,
+    # remove this line setting to 6.1 cache format, and then release another version.
+    # https://guides.rubyonrails.org/upgrading_ruby_on_rails.html#new-activesupport-cache-serialization-format
+    # https://github.com/mastodon/mastodon/pull/24241#discussion_r1162890242
+    config.active_support.cache_format_version = 6.1
+
     config.add_autoload_paths_to_load_path = false
 
     # Settings in config/environments/* take precedence over those specified here.

config/environments/development.rb

@@ -1,10 +1,12 @@
 # frozen_string_literal: true
 
+require 'active_support/core_ext/integer/time'
+
 Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
-  # In the development environment your application's code is reloaded on
-  # every request. This slows down response time but is perfect for development
+  # In the development environment your application's code is reloaded any time
+  # it changes. This slows down response time but is perfect for development
   # since you don't have to restart the web server when you make code changes.
   config.cache_classes = false
 
@@ -14,13 +16,22 @@ Rails.application.configure do
   # Show full error reports.
   config.consider_all_requests_local = true
 
+  # Enable server timing
+  config.server_timing = true
+
   # Enable/disable caching. By default caching is disabled.
   # Run rails dev:cache to toggle caching.
   if Rails.root.join('tmp', 'caching-dev.txt').exist?
     config.action_controller.perform_caching = true
+    config.action_controller.enable_fragment_cache_logging = true
+
     config.cache_store = :redis_cache_store, REDIS_CACHE_PARAMS
+    config.public_file_server.headers = {
+      'Cache-Control' => "public, max-age=#{2.days.to_i}",
+    }
   else
     config.action_controller.perform_caching = false
+
     config.cache_store = :null_store
   end
 
@@ -43,12 +54,19 @@ Rails.application.configure do
   # Print deprecation notices to the Rails logger.
   config.active_support.deprecation = :log
 
+  # Raise exceptions for disallowed deprecations.
+  config.active_support.disallowed_deprecation = :raise
+
+  # Tell Active Support which deprecation messages to disallow.
+  config.active_support.disallowed_deprecation_warnings = []
+
   # Raise an error on page load if there are pending migrations.
   config.active_record.migration_error = :page_load
 
+  # Highlight code that triggered database queries in logs.
+  config.active_record.verbose_query_logs = true
+
   # Debug mode disables concatenation and preprocessing of assets.
-  # This option may cause significant delays in view rendering with a large
-  # number of complex assets.
   config.assets.debug = true
 
   # Suppress logger output for asset requests.
@@ -59,12 +77,14 @@ Rails.application.configure do
   # Raises helpful error messages.
   config.assets.raise_runtime_errors = true
 
-  # Raises error for missing translations
-  # config.action_view.raise_on_missing_translations = true
+  # Raises error for missing translations.
+  # config.i18n.raise_on_missing_translations = true
+
+  # Annotate rendered view with file names.
+  # config.action_view.annotate_rendered_view_with_filenames = true
 
-  # Use an evented file watcher to asynchronously detect changes in source code,
-  # routes, locales, etc. This feature depends on the listen gem.
-  # config.file_watcher = ActiveSupport::EventedFileUpdateChecker
+  # Uncomment if you wish to allow Action Cable access from any origin.
+  # config.action_cable.disable_request_forgery_protection = true
 
   config.action_mailer.default_options = { from: 'notifications@localhost' }
 

config/environments/production.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "active_support/core_ext/integer/time"
+
 Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
@@ -21,20 +23,24 @@ Rails.application.configure do
   # or in config/master.key. This key is used to decrypt credentials (and other encrypted files).
   # config.require_master_key = true
 
-  ActiveSupport::Logger.new(STDOUT).tap do |logger|
-    logger.formatter = config.log_formatter
-    config.logger = ActiveSupport::TaggedLogging.new(logger)
-  end
+  # Compress CSS using a preprocessor.
+  # config.assets.css_compressor = :sass
 
   # Do not fallback to assets pipeline if a precompiled asset is missed.
   config.assets.compile = false
 
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
+  # config.asset_host = "http://assets.example.com"
+
   # Specifies the header that your server uses for sending files.
   config.action_dispatch.x_sendfile_header = ENV['SENDFILE_HEADER'] if ENV['SENDFILE_HEADER'].present?
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache
+  # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX
 
   # Allow to specify public IP of reverse proxy if it's needed
   config.action_dispatch.trusted_proxies = ENV['TRUSTED_PROXY_IP'].split(/(?:\s*,\s*|\s+)/).map { |item| IPAddr.new(item) } if ENV['TRUSTED_PROXY_IP'].present?
 
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   config.force_ssl = true
   config.ssl_options = {
     redirect: {
@@ -42,6 +48,8 @@ Rails.application.configure do
     }
   }
 
+  # Include generic and useful information about system operation, but avoid logging too much
+  # information to avoid inadvertent exposure of personally identifiable information (PII).
   # Use the lowest log level to ensure availability of diagnostic information
   # when problems arise.
   config.log_level = ENV.fetch('RAILS_LOG_LEVEL', 'info').to_sym
@@ -52,6 +60,12 @@ Rails.application.configure do
   # Use a different cache store in production.
   config.cache_store = :redis_cache_store, REDIS_CACHE_PARAMS
 
+  # Use a real queuing backend for Active Job (and separate queues per environment).
+  # config.active_job.queue_adapter     = :resque
+  # config.active_job.queue_name_prefix = "mastodon_production"
+
+  config.action_mailer.perform_caching = false
+
   # Ignore bad email addresses and do not raise email delivery errors.
   # Set this to true and configure the email server for immediate delivery to raise delivery errors.
   # config.action_mailer.raise_delivery_errors = false
@@ -75,6 +89,15 @@ Rails.application.configure do
     end
   end
 
+  # Use a different logger for distributed setups.
+  # require "syslog/logger"
+  # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new "app-name")
+
+  ActiveSupport::Logger.new(STDOUT).tap do |logger|
+    logger.formatter = config.log_formatter
+    config.logger = ActiveSupport::TaggedLogging.new(logger)
+  end
+
   # Do not dump schema after migrations.
   config.active_record.dump_schema_after_migration = false
 

config/environments/test.rb

@@ -1,27 +1,28 @@
 # frozen_string_literal: true
 
+require 'active_support/core_ext/integer/time'
+
+# The test environment is used exclusively to run your application's
+# test suite. You never need to work with it otherwise. Remember that
+# your test database is "scratch space" for the test suite and is wiped
+# and recreated between test runs. Don't rely on the data there!
+
 Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
-  # The test environment is used exclusively to run your application's
-  # test suite. You never need to work with it otherwise. Remember that
-  # your test database is "scratch space" for the test suite and is wiped
-  # and recreated between test runs. Don't rely on the data there!
+  # Turn false under Spring and add config.action_view.cache_template_loading = true.
   config.cache_classes = true
 
-  # Do not eager load code on boot. This avoids loading your whole application
-  # just for the purpose of running a single test. If you are using a tool that
-  # preloads Rails for running tests, you may have to set it to true.
-  config.eager_load = false
+  # Eager loading loads your whole application. When running a single test locally,
+  # this probably isn't necessary. It's a good idea to do in a continuous integration
+  # system, or in some way before deploying your code.
+  config.eager_load = ENV['CI'].present?
 
-  config.assets.digest = false
+  config.assets_digest = false
 
   # Show full error reports and disable caching.
   config.consider_all_requests_local       = true
   config.action_controller.perform_caching = false
-
-  # The default store, file_store is shared by processes parallelly executed
-  # and should not be used.
   config.cache_store = :memory_store
 
   # Raise exceptions instead of rendering exception templates.
@@ -29,6 +30,7 @@ Rails.application.configure do
 
   # Disable request forgery protection in test environment.
   config.action_controller.allow_forgery_protection = false
+
   config.action_mailer.perform_caching = false
 
   config.action_mailer.default_options = { from: 'notifications@localhost' }
@@ -48,8 +50,8 @@ Rails.application.configure do
   config.x.vapid_private_key = vapid_key.private_key
   config.x.vapid_public_key = vapid_key.public_key
 
-  # Raises error for missing translations
-  # config.action_view.raise_on_missing_translations = true
+  # Raise exceptions for disallowed deprecations.
+  config.active_support.disallowed_deprecation = :raise
 
   config.i18n.default_locale = :en
   config.i18n.fallbacks = true
@@ -59,6 +61,15 @@ Rails.application.configure do
     # Ref: https://github.com/mastodon/mastodon/issues/23644
     10.times { |i| Status.allocate.instance_variable_set(:"@ivar_#{i}", nil) }
   end
+
+  # Tell Active Support which deprecation messages to disallow.
+  config.active_support.disallowed_deprecation_warnings = []
+
+  # Raises error for missing translations.
+  # config.i18n.raise_on_missing_translations = true
+
+  # Annotate rendered view with file names.
+  # config.action_view.annotate_rendered_view_with_filenames = true
 end
 
 Paperclip::Attachment.default_options[:path] = Rails.root.join('spec', 'test_files', ':class', ':id_partition', ':style.:extension')

config/initializers/assets.rb

@@ -5,11 +5,12 @@
 # Version of your assets, change this if you want to expire all your assets.
 Rails.application.config.assets.version = '1.0'
 
-# Add additional assets to the asset load path
-# Rails.application.config.assets.paths << 'node_modules'
+# Add additional assets to the asset load path.
+# Rails.application.config.assets.paths << Emoji.images_path
 
 # Precompile additional assets.
-# application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
-# Rails.application.config.assets.precompile += %w()
+# application.js, application.css, and all non-JS/CSS in the app/assets
+# folder are already added.
+# Rails.application.config.assets.precompile += %w( admin.js admin.css )
 
 Rails.application.config.assets.initialize_on_precompile = true

config/initializers/cookie_rotator.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+Rails.application.config.after_initialize do
+  Rails.application.config.action_dispatch.cookies_rotations.tap do |cookies|
+    authenticated_encrypted_cookie_salt = Rails.application.config.action_dispatch.authenticated_encrypted_cookie_salt
+    signed_cookie_salt = Rails.application.config.action_dispatch.signed_cookie_salt
+
+    secret_key_base = Rails.application.secret_key_base
+
+    key_generator = ActiveSupport::KeyGenerator.new(
+      secret_key_base, iterations: 1000, hash_digest_class: OpenSSL::Digest::SHA1
+    )
+    key_len = ActiveSupport::MessageEncryptor.key_len
+
+    old_encrypted_secret = key_generator.generate_key(authenticated_encrypted_cookie_salt, key_len)
+    old_signed_secret = key_generator.generate_key(signed_cookie_salt)
+
+    cookies.rotate :encrypted, old_encrypted_secret
+    cookies.rotate :signed, old_signed_secret
+  end
+end

config/initializers/filter_parameter_logging.rb

@@ -2,5 +2,9 @@
 
 # Be sure to restart your server when you modify this file.
 
-# Configure sensitive parameters which will be filtered from the log file.
-Rails.application.config.filter_parameters += [:password, :private_key, :public_key, :otp_attempt]
+# Configure parameters to be filtered from the log file. Use this to limit dissemination of
+# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported
+# notations and behaviors.
+Rails.application.config.filter_parameters += [
+  :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
+]

config/initializers/new_framework_defaults_7_0.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# TODO
+# The Rails 7.0 framework default here is to set this true. However, we have a
+# location in devise that redirects where we don't have an easy ability to
+# override a method or set a config option, but where the redirect does not
+# provide this option.
+# https://github.com/heartcombo/devise/blob/v4.9.2/app/controllers/devise/confirmations_controller.rb#L28
+# Once a solution is found, this line can be removed.
+Rails.application.config.action_controller.raise_on_open_redirects = false

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2023_07_02_151753) do
+ActiveRecord::Schema[6.1].define(version: 2023_07_02_151753) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"

package.json

@@ -44,7 +44,7 @@
     "@formatjs/intl-pluralrules": "^5.2.2",
     "@gamestdio/websocket": "^0.3.2",
     "@github/webauthn-json": "^2.1.1",
-    "@rails/ujs": "^6.1.7",
+    "@rails/ujs": "^7.0.6",
     "@reduxjs/toolkit": "^1.9.5",
     "abortcontroller-polyfill": "^1.7.5",
     "arrow-key-navigation": "^1.2.0",

yarn.lock

@@ -1754,10 +1754,10 @@
   resolved "https://registry.yarnpkg.com/@popperjs/core/-/core-2.11.8.tgz#6b79032e760a0899cd4204710beede972a3a185f"
   integrity sha512-P1st0aksCrn9sGZhp8GMYwBnQsbvAWsZAX44oXNNvLHGqAOcoVxmjZiohstwQ7SqKnbR47akdNi+uleWD8+g6A==
 
-"@rails/ujs@^6.1.7":
-  version "6.1.7"
-  resolved "https://registry.yarnpkg.com/@rails/ujs/-/ujs-6.1.7.tgz#b09dc5b2105dd267e8374c47e4490240451dc7f6"
-  integrity sha512-0e7WQ4LE/+LEfW2zfAw9ppsB6A8RmxbdAUPAF++UT80epY+7emuQDkKXmaK0a9lp6An50RvzezI0cIQjp1A58w==
+"@rails/ujs@^7.0.6":
+  version "7.0.6"
+  resolved "https://registry.yarnpkg.com/@rails/ujs/-/ujs-7.0.6.tgz#fd8937c92335f3da9495e07292511ad5f7547a6a"
+  integrity sha512-s5v3AC6AywOIFMz0RIMW83Xc8FPIvKMkP3ZHFlM4ISNkhdUwP9HdhVtxxo6z3dIhe9vI0Our2A8kN/QpUV02Qg==
 
 "@redis/bloom@1.2.0":
   version "1.2.0"