Updates

.github/workflows/brakeman.yml

@@ -15,7 +15,7 @@ permissions:
 
 jobs:
   brakeman:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Harden Runner

.github/workflows/bundler-audit.yml

@@ -15,7 +15,7 @@ permissions:
 
 jobs:
   bundler-audit:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Harden Runner

.github/workflows/codeql.yml

@@ -27,7 +27,7 @@ permissions:
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     permissions:
       actions: read
       contents: read

.github/workflows/dependency-review.yml

@@ -10,7 +10,7 @@ permissions:
 
 jobs:
   dependency-review:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2

.github/workflows/docker.yml

@@ -14,7 +14,7 @@ permissions:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Harden Runner

.github/workflows/fasterer.yml

@@ -15,7 +15,7 @@ permissions:
 
 jobs:
   fasterer:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Harden Runner

.github/workflows/hadolint.yml

@@ -15,7 +15,7 @@ permissions:
 
 jobs:
   hadolint:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Harden Runner

.github/workflows/license_finder.yml

@@ -15,7 +15,7 @@ permissions:
 
 jobs:
   license_finder:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Harden Runner

.github/workflows/mdl.yml

@@ -15,7 +15,7 @@ permissions:
 
 jobs:
   mdl:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Harden Runner

.github/workflows/rails-assets.yml

@@ -15,7 +15,7 @@ permissions:
 
 jobs:
   precompile:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Harden Runner

.github/workflows/rspec.yml

@@ -24,11 +24,11 @@ permissions:
 
 jobs:
   rspec:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     services:
       postgres:
-        image: "postgres:17.0"
+        image: "postgres:17.2"
         env:
           POSTGRES_HOST_AUTH_METHOD: "trust"
           POSTGRES_USER: "runner"

.github/workflows/rubocop.yml

@@ -15,7 +15,7 @@ permissions:
 
 jobs:
   rubocop:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Harden Runner

.github/workflows/scorecards.yml

@@ -22,7 +22,7 @@ permissions: read-all
 jobs:
   analysis:
     name: Scorecard analysis
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     permissions:
       # Needed to upload the results to code-scanning dashboard.
       security-events: write

.github/workflows/standard.yml

@@ -15,7 +15,7 @@ permissions:
 
 jobs:
   standard:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Harden Runner

Dockerfile

@@ -27,8 +27,8 @@ ENV RAILS_ENV="production" \
     BOOTSNAP_READONLY="true"
 
 RUN set -eux; \
-    gem update --system "3.5.23" ; \
-    gem install bundler --version "2.5.23" --force
+    gem update --system "3.6.2" ; \
+    gem install bundler --version "2.6.2" --force
 
 # Throw-away build stage to reduce size of final image
 FROM base AS build

Gemfile.lock

@@ -526,4 +526,4 @@ RUBY VERSION
    ruby 3.3.6p108
 
 BUNDLED WITH
-   2.5.23
+   2.6.2