Update Rails, Octokit gems

[aduth]

Why: To resolve security advisories which are currently causing builds to fail.

Release notes:

• https://rubyonrails.org/2022/7/12/Rails-Versions-7-0-3-1-6-1-6-1-6-0-5-1-and-5-2-8-1-have-been-released
• https://github.com/octokit/octokit.rb/releases/tag/v4.25.0

I had to be rather tactical with the upgrade, since bundle update rails octokit upgraded a lot of other dependencies which caused some compatibility issues (specifically Zeitwerk 2.6.0 setup warnings and Faraday 2.0.0 removed retry middleware).

Click to see example warnings

08:57:12 web.1         | WARNING: Zeitwerk defines the constant ActiveJob after the directory
08:57:12 web.1         | 
08:57:12 web.1         |     /gems/3.0.0/gems/good_job-2.7.4/lib/active_job
08:57:12 web.1         | 
08:57:12 web.1         | To prevent that, please configure the loader to ignore it:
08:57:12 web.1         | 
08:57:12 web.1         |     loader.ignore("#{__dir__}/active_job")
08:57:12 web.1         | 
08:57:12 web.1         | Otherwise, there is a flag to silence this warning:
08:57:12 web.1         | 
08:57:12 web.1         |     Zeitwerk::Loader.for_gem(warn_on_extra_files: false)

08:57:16 web.1         | To use retry middleware with Faraday v2.0+, install `faraday-retry` gem

Process:

• bundle update rails
• bundle update octokit --conservative
• Manual downgrade zeitwerk in Gemfile.lock from 2.6.0 to 2.5.4

[mitchellhenke]

For posterity, we don’t serialize any columns as YAML so we shouldn’t be directly vulnerable to this 🙂