CLDC-4429 and CLDC-4242: dependency updates (#3312)

* CLDC-4429: push fix commented to test failure on review app

* CLDC-4429: remove redundant fix

* CLDC-4229: update alpine to 3.22 in dockerfile

* CLDC-4229: update alpine to 3.21 to avoid upgrading node

* CLDC-4229: allow node 22

* CLDC-4229: excplitlyupgrade for security patches

* CLDC-4229: allow both node versions temporarily

* CLDC-4229: upgrade ruby and node at the same tiem

* CLDC-4229: upgrade gemfile

* CLDC-4229: bump to node 24

* CLDC-4229: update docs

* CLDC-4229: limit node to within 24

* CLDC-4229: upgrade at start of file

* CLDC-4229: upgrade at start of file

* CLDC-4229: remove stale ruby version references

* CLDC-4429: respond to wiz comments

* CLDC-4429: use same firefox

.github/workflows/run_tests.yml

@@ -38,7 +38,6 @@ jobs:
 
     env:
       RAILS_ENV: test
-      GEMFILE_RUBY_VERSION: 3.1.1
       DB_HOST: localhost
       DB_DATABASE: data_collector
       DB_USERNAME: postgres
@@ -59,7 +58,7 @@ jobs:
         uses: actions/setup-node@v4
         with:
           cache: yarn
-          node-version: 20
+          node-version: 24
 
       # This is temporary to fix flaky parallel tests due to `secret_key_base` being read before it's set
       - name: Create local secret
@@ -102,7 +101,6 @@ jobs:
 
     env:
       RAILS_ENV: test
-      GEMFILE_RUBY_VERSION: 3.1.1
       DB_HOST: localhost
       DB_DATABASE: data_collector
       DB_USERNAME: postgres
@@ -122,7 +120,7 @@ jobs:
         uses: actions/setup-node@v4
         with:
           cache: yarn
-          node-version: 20
+          node-version: 24
 
       - name: Create database
         run: |
@@ -160,7 +158,6 @@ jobs:
 
     env:
       RAILS_ENV: test
-      GEMFILE_RUBY_VERSION: 3.1.1
       DB_HOST: localhost
       DB_DATABASE: data_collector
       DB_USERNAME: postgres
@@ -180,7 +177,7 @@ jobs:
         uses: actions/setup-node@v4
         with:
           cache: yarn
-          node-version: 20
+          node-version: 24
 
       - name: Create database
         run: |
@@ -218,7 +215,6 @@ jobs:
 
     env:
       RAILS_ENV: test
-      GEMFILE_RUBY_VERSION: 3.1.1
       DB_HOST: localhost
       DB_DATABASE: data_collector
       DB_USERNAME: postgres
@@ -239,7 +235,7 @@ jobs:
         uses: actions/setup-node@v4
         with:
           cache: yarn
-          node-version: 20
+          node-version: 24
 
       - name: Create local secret
         run: |
@@ -281,7 +277,6 @@ jobs:
 
     env:
       RAILS_ENV: test
-      GEMFILE_RUBY_VERSION: 3.1.1
       DB_HOST: localhost
       DB_DATABASE: data_collector
       DB_USERNAME: postgres
@@ -302,7 +297,7 @@ jobs:
         uses: actions/setup-node@v4
         with:
           cache: yarn
-          node-version: 20
+          node-version: 24
 
       - name: Create local secret
         run: |
@@ -344,7 +339,6 @@ jobs:
 
     env:
       RAILS_ENV: test
-      GEMFILE_RUBY_VERSION: 3.1.1
       DB_HOST: localhost
       DB_DATABASE: data_collector
       DB_USERNAME: postgres
@@ -365,7 +359,7 @@ jobs:
         uses: actions/setup-node@v4
         with:
           cache: yarn
-          node-version: 20
+          node-version: 24
 
       - name: Create database
         run: |
@@ -396,7 +390,7 @@ jobs:
         uses: actions/setup-node@v4
         with:
           cache: yarn
-          node-version: 20
+          node-version: 24
 
       - name: Install packages and symlink local dependencies
         run: |

.nvmrc

@@ -1 +1 @@
-20
+24

.ruby-version

@@ -1 +1 @@
-3.4.4
+3.4.9

Dockerfile

@@ -1,7 +1,10 @@
-FROM ruby:3.4.4-alpine3.20 as base
+FROM ruby:3.4.9-alpine3.23 as base
 
 WORKDIR /app
 
+# Upgrade base packages to pick up latest security patches
+RUN apk upgrade --no-cache
+
 # Add the timezone as it's not configured by default in Alpine
 RUN apk add --update --no-cache tzdata && \
     cp /usr/share/zoneinfo/Europe/London /etc/localtime && \
@@ -10,7 +13,7 @@ RUN apk add --update --no-cache tzdata && \
 # build-base: compilation tools for bundle
 # yarn: node package manager
 # postgresql-dev: postgres driver and libraries
-RUN apk add --no-cache build-base=0.5-r3 busybox=1.36.1-r29 nodejs=20.15.1-r0 yarn=1.22.22-r0 bash=5.2.26-r0 libpq-dev yaml-dev linux-headers
+RUN apk add --no-cache build-base busybox nodejs yarn bash libpq-dev yaml-dev linux-headers
 
 # Bundler version should be the same version as what the Gemfile.lock was bundled with
 RUN gem install bundler:2.6.4 --no-document
@@ -40,14 +43,14 @@ RUN bundle config set without ""
 RUN bundle install --jobs=4 --no-binstubs --no-cache
 
 # Install gecko driver for Capybara tests
-RUN apk add firefox
+RUN apk add firefox=145.0-r0
 RUN wget https://github.com/mozilla/geckodriver/releases/download/v0.31.0/geckodriver-v0.31.0-linux64.tar.gz \
     && tar -xvzf geckodriver-v0.31.0-linux64.tar.gz \
     && rm geckodriver-v0.31.0-linux64.tar.gz \
     && chmod +x geckodriver \
     && mv geckodriver /usr/local/bin/
 
-CMD bundle exec rake parallel:setup && bundle exec rake parallel:spec
+CMD ["sh", "-c", "bundle exec rake parallel:setup && bundle exec rake parallel:spec"]
 
 FROM base as development
 
@@ -61,7 +64,7 @@ RUN bundle install --jobs=4 --no-binstubs --no-cache
 
 USER nonroot
 
-CMD bundle exec rails s -e ${RAILS_ENV} -p ${PORT} --binding=0.0.0.0
+CMD ["sh", "-c", "bundle exec rails s -e ${RAILS_ENV} -p ${PORT} --binding=0.0.0.0"]
 
 FROM base as production
 
@@ -75,4 +78,4 @@ RUN chown -R nonroot performance_test
 
 USER nonroot
 
-CMD bundle exec rails s -e ${RAILS_ENV} -p ${PORT} --binding=0.0.0.0
+CMD ["sh", "-c", "bundle exec rails s -e ${RAILS_ENV} -p ${PORT} --binding=0.0.0.0"]

Gemfile

@@ -3,7 +3,7 @@
 source "https://rubygems.org"
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
-ruby "3.4.4"
+ruby "3.4.9"
 
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails', branch: 'main'
 gem "rails", "~> 7.2.2"

Gemfile.lock

@@ -648,7 +648,7 @@ DEPENDENCIES
   webmock
 
 RUBY VERSION
-   ruby 3.4.4p0
+   ruby 3.4.9p82
 
 BUNDLED WITH
    2.6.4

docs/setup.md

@@ -70,21 +70,19 @@ We recommend using [nvm](https://github.com/nvm-sh/nvm) to manage NodeJS version
 4. Install Ruby and Bundler
 
    ```bash
-   rbenv install 3.4.4
-   rbenv global 3.4.4
+   rbenv install 3.4.9
+   rbenv global 3.4.9
    source ~/.bashrc
    gem install bundler
    ```
 
 5. Install JavaScript dependencies
 
-   Note that we currently use node v16, which is no longer the latest LTS version so you will need to specify the version number when installing
-
    macOS (using nvm):
 
    ```bash
-   nvm install 20
-   nvm use 20
+   nvm install 24
+   nvm use 24
    brew install yarn
    ```
 

package.json

@@ -2,7 +2,7 @@
   "name": "data-collector",
   "private": true,
   "engines": {
-    "node": "^20.0.0"
+    "node": "^24.0.0"
   },
   "dependencies": {
     "@babel/core": "^7.17.7",