Bump rails from 8.0.3 to 8.1.1

[dependabot]

Bumps rails from 8.0.3 to 8.1.1.

Release notes

Sourced from rails's releases.

8.1.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• Respect remove_hidden_field_autocomplete config in form builder hidden_field.

  Rafael Mendonça França

Action Pack

• Allow methods starting with underscore to be action methods.

  Disallowing methods starting with an underscore from being action methods was an unintended side effect of the performance optimization in 207a254.

  Fixes #55985.

  Rafael Mendonça França

Active Job

• Only index new serializers.

  Jesse Sharps

Action Mailer

• No changes.

Action Cable

... (truncated)

Commits

• 90a1eaa Preparing for 8.1.1 release
• 0ce0ce1 Upgrade sigstore gem to 0.2.2
• 271acd5 Sync CHANGELOG
• 7574698 Merge pull request #56020 from harsh183/hd/getting_started/fix_line_num_typo
• 89cb7bf Fix railties/CHANGELOG.md offense at 8-1-stable
• 7919bda Restore header
• f007f9c Disable SSL default config for out of the box Kamal deployments (#56010)
• 234b569 Merge pull request #56008 from chaadow/fix_nesting_loop_rails
• 21a8742 Merge pull request #55992 from jsharpify/jsharpify-reduce-deprecation-warnings
• a7ba88b Merge pull request #56001 from hachi8833/update_wishlists
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[Mr0grog]

Fixes #1272! 😄

[Mr0grog]

That said, I’m going to ship this separately from the other dependency updates this month, since it’s pretty major and requires more manual upgrade steps and checks.

[Mr0grog]

Other thoughts:

• Rails's built-in healthcheck controller now outputs JSON (see issue 55092). We might want to update ours to follow a similar schema for what we show (we also show more other data).

• The changelog says:

  Use secret_key_base from ENV or credentials when present locally.

  When ENV["SECRET_KEY_BASE"] or Rails.application.credentials.secret_key_base is set for test or development, it is used for the Rails.config.secret_key_base, instead of generating a tmp/local_secret.txt file.

  So we may be able to drop some of our old-style customizations around this:

  web-monitoring-db/config/secrets.yml

  Lines 19 to 22 in bc5aea2

  	# Do not keep production secrets in the repository,
  	# instead read values from the environment.
  	production:
  	secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>

  and

  web-monitoring-db/config/application.rb

  Lines 17 to 25 in bc5aea2

  	# Re-instate secrets for simpler management of `secret_key_base`. We currently use other methods for managing
  	# secrets in production, so it doesn't make a whole lot of sense to migrate to credentials (which replaces secrets)
  	# just for secret_key_base (which then requires more complicated key management work).
  	# TODO: consider dropping this entirely in favor of better .env file management (and still no Rails credentials).
  	config.secrets = config_for(:secrets)
  	config.secret_key_base = config.secrets[:secret_key_base]
  	def secrets
  	config.secrets
  	end

  Need to investigate more.

[Mr0grog]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[Mr0grog]

There are a bunch of warnings caused by Devise. It’s fixed in Devise v5 (not yet released, but supposed to be “soon”) and it sounds like they are not planning to backport to v4. So we just have to live with them for now.

[Mr0grog]

Decided I’m not really going to worry about the secrets thing here. I think what we are doing goes a little farther, and I don’t really want to mess with it at the moment.