Merged
Conversation
Notable changes: * Rack 3.x sends all HTTP headers uncapital. I don't like it either, but that's the way it is. Any case-sensitive header matching will need to be updated accordingly. * Puma 4.x doesn't slot into Rack 3.x, so we are now on Puma 7. There are no configuration differences between them, and it seems to even run a little faster. * Rubocop added more checks; the only one that caught anything was `RSpecRails/HttpStatusNameConsistency`, where we were using the deprecated `:unprocessable_entity` symbol instead of `:unprocessable_content`. * Selenium 4 removes the ability to specify Chrome logging parameters the way we were doing it. There is a (slightly more complex) way to do it, but `ALL` seems to be the default now anyway, so just remove this for now. * Brakeman 8 brings full Rails 8 compatibility. * Lots of other security, bug, and QOI improvements. Closes: AP-270
awilfox
requested review from
anarchivist,
danschmidt5189,
davezuckerman,
jason-raitz and
yzhoubk
davezuckerman
approved these changes
Feb 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Notable changes:
Rack 3.x sends all HTTP headers uncapital. I don't like it either, but that's the way it is. Any case-sensitive header matching will need to be updated accordingly.
Puma 4.x doesn't slot into Rack 3.x, so we are now on Puma 7. There are no configuration differences between them, and it seems to even run a little faster.
Rubocop added more checks; the only one that caught anything was
RSpecRails/HttpStatusNameConsistency, where we were using the deprecated:unprocessable_entitysymbol instead of:unprocessable_content.Selenium 4 removes the ability to specify Chrome logging parameters the way we were doing it. There is a (slightly more complex) way to do it, but
ALLseems to be the default now anyway, so just remove this for now.Brakeman 8 brings full Rails 8 compatibility.
Lots of other security, bug, and QOI improvements.
Closes: AP-270
sassc-railsis pulled in as a dependency of Bootstrap; they allow three(!) separate implementations now, so I just pulled in the one we were using before.Pulling in @danschmidt5189 because I'm not sure if the header case change is going to affect any of our monitoring or observability.