Skip to content

Upgrade Rails to 7.2.3.1 and fix boot-time logger NameError#83

Merged
SeanHealy33 merged 1 commit into
mainfrom
SeanHealy33/rails-boot-require-logger
Jul 6, 2026
Merged

Upgrade Rails to 7.2.3.1 and fix boot-time logger NameError#83
SeanHealy33 merged 1 commit into
mainfrom
SeanHealy33/rails-boot-require-logger

Conversation

@SeanHealy33

Copy link
Copy Markdown
Contributor

Context

On a clean checkout, script/rails/setup failed during Rails boot with:

NameError: uninitialized constant ActiveSupport::LoggerThreadSafeLevel::Logger

concurrent-ruby 1.3.5+ dropped its implicit logger require (the lockfile pins 1.3.7), and Rails 7.0.x referenced Logger at load time without first requiring Ruby's stdlib logger.

Rather than only patch the 7.0 line — which is end-of-life — this moves to Rails 7.2.3.1. Local Ruby (3.2.2) satisfies 7.2's >= 3.1 floor. ActiveSupport fixed the logger require upstream during the 7.1.x line, so the bump alone resolves the NameError; an explicit require 'logger' is kept in boot.rb as a zero-cost defensive guard.

Changes

File Change
rails/Gemfile rails 7.0.8.1 → 7.2.3.1; ruby '>= 3.0''>= 3.1'
rails/config/application.rb config.load_defaults 7.07.2
rails/config/boot.rb add defensive require 'logger'
rails/config/environments/development.rb config.cache_classes = falseconfig.enable_reloading = true (silences 7.1+ deprecation)
rails/test/test_helper.rb check_pending!check_all_pending! (former removed in Rails 7.1)
rails/Gemfile.lock regenerated via bundle update rails

Notable: the resolver downgraded minitest 6.0.1 → 5.27.0 to satisfy activesupport 7.2.3.1's minitest (>= 5.1, < 6) constraint. The test_helper.rb fix was required because ActiveRecord::Migration.check_pending! (removed in 7.1) made the test suite fail to load under 7.2.

Verification

  • script/rails/setup completes with no NameError
  • bundle exec rails --versionRails 7.2.3.1
  • bin/rails test → 0 failures, 0 errors (loads cleanly)
  • Server boots; POST /foo and POST /bar both return {"success":true}

🤖 Generated with Claude Code

On a clean checkout, `script/rails/setup` failed during boot with
`NameError: uninitialized constant ActiveSupport::LoggerThreadSafeLevel::Logger`.
concurrent-ruby 1.3.5+ dropped its implicit `logger` require, and Rails 7.0.x
referenced `Logger` at load time without requiring Ruby's stdlib logger first.

Rather than only patch 7.0, move off the end-of-life 7.0 line to 7.2.3.1
(Ruby 3.2.2 satisfies its >= 3.1 floor). ActiveSupport fixed the logger require
upstream in the 7.1.x line, so the bump alone resolves the NameError; an explicit
`require 'logger'` is kept in boot.rb as a zero-cost defensive guard.

- Gemfile: rails 7.0.8.1 -> 7.2.3.1, ruby >= 3.0 -> >= 3.1
- application.rb: load_defaults 7.0 -> 7.2
- boot.rb: add require 'logger'
- development.rb: cache_classes -> enable_reloading (7.1+ deprecation)
- test_helper.rb: check_pending! -> check_all_pending! (removed in Rails 7.1)

Verified: script/rails/setup completes, bin/rails test loads clean, and both
POST /foo and POST /bar return {"success":true}.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedgem/​rails@​7.0.8.1 ⏵ 7.2.3.110010090100100

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: gem activerecord is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: rails/Gemfile.lockgem/rails@7.2.3.1gem/activerecord@7.2.3.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore gem/activerecord@7.2.3.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: gem activesupport is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: rails/Gemfile.lockgem/rails@7.2.3.1gem/jquery-rails@4.6.0gem/sprockets-rails@3.4.2gem/activesupport@7.2.3.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore gem/activesupport@7.2.3.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: gem erb is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: rails/Gemfile.lockgem/rails@7.2.3.1gem/jquery-rails@4.6.0gem/erb@6.0.4

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore gem/erb@6.0.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: gem rdoc under GPL-2.0-only

License: GPL-2.0-only - The applicable license policy does not permit this license (5) (Ruby Gem Metadata)

License: GPL-2.0-only - The applicable license policy does not permit this license (5) (rdoc.gemspec)

From: rails/Gemfile.lockgem/rails@7.2.3.1gem/jquery-rails@4.6.0gem/rdoc@8.0.0

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore gem/rdoc@8.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@SeanHealy33
SeanHealy33 merged commit 9c50fec into main Jul 6, 2026
3 checks passed
@SeanHealy33
SeanHealy33 deleted the SeanHealy33/rails-boot-require-logger branch July 6, 2026 15:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants