Bumps [rails](https://github.com/rails/rails) from 5.1.7 to 5.2.3.

- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/rails/compare/v5.1.7...v5.2.3)

.rubocop.yml

@@ -268,3 +268,11 @@ Layout/MultilineMethodCallIndentation:
 Style/HashSyntax:
   Exclude:
     - "**/*.rake"
+
+Rails/Exit:
+  Exclude:
+    - "config/initializers/*.rb"
+
+Rails/Output:
+  Exclude:
+    - "config/initializers/*.rb"

Gemfile

@@ -2,11 +2,12 @@ source 'https://rubygems.org'
 
 # core - base
 ruby '2.5.5'
-gem 'rails', '5.1.7'
+gem 'rails', '5.2.3'
 
 # core - rails additions
 gem 'activerecord-import'
 gem 'activerecord-session_store'
+gem 'bootsnap', require: false
 gem 'composite_primary_keys'
 gem 'json'
 gem 'rails-observers'

Gemfile.lock

@@ -49,39 +49,39 @@ GEM
   specs:
     aasm (5.0.0)
       concurrent-ruby (~> 1.0)
-    actioncable (5.1.7)
-      actionpack (= 5.1.7)
+    actioncable (5.2.3)
+      actionpack (= 5.2.3)
       nio4r (~> 2.0)
-      websocket-driver (~> 0.6.1)
-    actionmailer (5.1.7)
-      actionpack (= 5.1.7)
-      actionview (= 5.1.7)
-      activejob (= 5.1.7)
+      websocket-driver (>= 0.6.1)
+    actionmailer (5.2.3)
+      actionpack (= 5.2.3)
+      actionview (= 5.2.3)
+      activejob (= 5.2.3)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.1.7)
-      actionview (= 5.1.7)
-      activesupport (= 5.1.7)
+    actionpack (5.2.3)
+      actionview (= 5.2.3)
+      activesupport (= 5.2.3)
       rack (~> 2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.1.7)
-      activesupport (= 5.1.7)
+    actionview (5.2.3)
+      activesupport (= 5.2.3)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.1.7)
-      activesupport (= 5.1.7)
+    activejob (5.2.3)
+      activesupport (= 5.2.3)
       globalid (>= 0.3.6)
-    activemodel (5.1.7)
-      activesupport (= 5.1.7)
-    activerecord (5.1.7)
-      activemodel (= 5.1.7)
-      activesupport (= 5.1.7)
-      arel (~> 8.0)
-    activerecord-import (1.0.1)
+    activemodel (5.2.3)
+      activesupport (= 5.2.3)
+    activerecord (5.2.3)
+      activemodel (= 5.2.3)
+      activesupport (= 5.2.3)
+      arel (>= 9.0)
+    activerecord-import (1.0.2)
       activerecord (>= 3.2)
     activerecord-nulldb-adapter (0.3.9)
       activerecord (>= 2.0.0)
@@ -91,16 +91,20 @@ GEM
       multi_json (~> 1.11, >= 1.11.2)
       rack (>= 1.5.2, < 3)
       railties (>= 4.0)
-    activesupport (5.1.7)
+    activestorage (5.2.3)
+      actionpack (= 5.2.3)
+      activerecord (= 5.2.3)
+      marcel (~> 0.3.1)
+    activesupport (5.2.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    acts_as_list (0.9.16)
+    acts_as_list (0.9.19)
       activerecord (>= 3.0)
     addressable (2.5.2)
       public_suffix (>= 2.0.2, < 4.0)
-    arel (8.0.0)
+    arel (9.0.0)
     argon2 (2.0.2)
       ffi (~> 1.9)
       ffi-compiler (>= 0.1)
@@ -112,6 +116,8 @@ GEM
     biz (1.8.2)
       clavius (~> 1.0)
       tzinfo
+    bootsnap (1.3.2)
+      msgpack (~> 1.0)
     browser (2.5.3)
     buftok (0.2.0)
     builder (3.2.3)
@@ -141,8 +147,8 @@ GEM
       coffee-script
       execjs
       json
-    composite_primary_keys (10.0.5)
-      activerecord (~> 5.1.0, >= 5.1.6)
+    composite_primary_keys (11.2.0)
+      activerecord (~> 5.2.1)
     concurrent-ruby (1.1.5)
     coveralls (0.8.23)
       json (>= 1.8, < 3)
@@ -156,7 +162,7 @@ GEM
     daemons (1.3.1)
     dalli (2.7.10)
     debug_inspector (0.0.3)
-    delayed_job (4.1.5)
+    delayed_job (4.1.7)
       activesupport (>= 3.0, < 5.3)
     delayed_job_active_record (4.1.3)
       activerecord (>= 3.0, < 5.3)
@@ -268,17 +274,21 @@ GEM
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     lumberjack (1.0.13)
+    marcel (0.3.3)
+      mimemagic (~> 0.3.2)
     memoizable (0.4.2)
       thread_safe (~> 0.3, >= 0.3.1)
     method_source (0.9.2)
     mime-types (3.2.2)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2019.0331)
+    mimemagic (0.3.3)
     mini_mime (1.0.1)
     mini_portile2 (2.4.0)
     mini_racer (0.2.4)
       libv8 (>= 6.3)
     minitest (5.11.3)
+    msgpack (1.2.4)
     multi_json (1.13.1)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
@@ -366,17 +376,18 @@ GEM
       rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (5.1.7)
-      actioncable (= 5.1.7)
-      actionmailer (= 5.1.7)
-      actionpack (= 5.1.7)
-      actionview (= 5.1.7)
-      activejob (= 5.1.7)
-      activemodel (= 5.1.7)
-      activerecord (= 5.1.7)
-      activesupport (= 5.1.7)
+    rails (5.2.3)
+      actioncable (= 5.2.3)
+      actionmailer (= 5.2.3)
+      actionpack (= 5.2.3)
+      actionview (= 5.2.3)
+      activejob (= 5.2.3)
+      activemodel (= 5.2.3)
+      activerecord (= 5.2.3)
+      activestorage (= 5.2.3)
+      activesupport (= 5.2.3)
       bundler (>= 1.3.0)
-      railties (= 5.1.7)
+      railties (= 5.2.3)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.4)
       actionpack (>= 5.0.1.x)
@@ -389,12 +400,12 @@ GEM
       loofah (~> 2.2, >= 2.2.2)
     rails-observers (0.1.5)
       activemodel (>= 4.0)
-    railties (5.1.7)
-      actionpack (= 5.1.7)
-      activesupport (= 5.1.7)
+    railties (5.2.3)
+      actionpack (= 5.2.3)
+      activesupport (= 5.2.3)
       method_source
       rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
+      thor (>= 0.19.0, < 2.0)
     rainbow (3.0.0)
     raindrops (0.19.0)
     rake (12.3.2)
@@ -522,9 +533,9 @@ GEM
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff
-    websocket-driver (0.6.5)
+    websocket-driver (0.7.1)
       websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.3)
+    websocket-extensions (0.1.4)
     writeexcel (1.0.5)
     xpath (3.2.0)
       nokogiri (~> 1.8)
@@ -548,6 +559,7 @@ DEPENDENCIES
   autodiscover!
   autoprefixer-rails
   biz
+  bootsnap
   browser
   byebug
   capybara
@@ -602,7 +614,7 @@ DEPENDENCIES
   pry-stack_explorer
   puma
   rack-livereload
-  rails (= 5.1.7)
+  rails (= 5.2.3)
   rails-controller-testing
   rails-observers
   rb-fsevent

app/controllers/application_controller/prevents_csrf.rb

@@ -2,6 +2,9 @@ module ApplicationController::PreventsCsrf
   extend ActiveSupport::Concern
 
   included do
+    # disable Rails default (>= 5.2) CSRF checks
+    skip_before_action :verify_authenticity_token, raise: false
+
     before_action :verify_csrf_token
     after_action  :set_csrf_token_headers
   end

app/controllers/monitoring_controller.rb

@@ -102,7 +102,7 @@ curl http://localhost/api/v1/monitoring/health_check?token=XXX
     handler_attempts_map = {}
     failed_jobs.order(:created_at).limit(10).each do |job|
 
-      job_name = if job.name == 'ActiveJob::QueueAdapters::DelayedJobAdapter::JobWrapper'.freeze
+      job_name = if job.class.name == 'Delayed::Backend::ActiveRecord::Job'.freeze && job.payload_object.respond_to?(:job_data)
                    job.payload_object.job_data['job_class']
                  else
                    job.name

app/jobs/application_job.rb

@@ -9,12 +9,9 @@ class ApplicationJob < ActiveJob::Base
   # e.g. in the MonitoringController.
   # This is a workaround to sync ActiveJob#executions to Delayed::Job#attempts
   # until we resolve this dependency.
-  around_enqueue do |job, block|
-    block.call.tap do |delayed_job|
-      # skip test adapter
-      break if delayed_job.is_a?(Array)
-
-      delayed_job.update!(attempts: job.executions)
-    end
+  after_enqueue do |job|
+    # update the column right away without loading Delayed::Job record
+    # see: https://stackoverflow.com/a/34264580
+    Delayed::Job.where(id: job.provider_job_id).update_all(attempts: job.executions) # rubocop:disable Rails/SkipsModelValidations
   end
 end

app/models/activity_stream.rb

@@ -5,8 +5,8 @@ class ActivityStream < ApplicationModel
   self.table_name = 'activity_streams'
 
   # rubocop:disable Rails/InverseOf
-  belongs_to :object, class_name: 'ObjectLookup', foreign_key: 'activity_stream_object_id'
-  belongs_to :type,   class_name: 'TypeLookup',   foreign_key: 'activity_stream_type_id'
+  belongs_to :object, class_name: 'ObjectLookup', foreign_key: 'activity_stream_object_id', optional: true
+  belongs_to :type,   class_name: 'TypeLookup',   foreign_key: 'activity_stream_type_id', optional: true
   # rubocop:enable Rails/InverseOf
 
   # the noop is needed since Layout/EmptyLines detects

app/models/application_model/can_associations.rb

@@ -134,7 +134,7 @@ returns
       next if association_attributes_ignored.include?(assoc_name)
 
       eager_load.push(assoc_name)
-      pluck.push("#{ActiveRecord::Base.connection.quote_table_name(assoc.table_name)}.id AS #{ActiveRecord::Base.connection.quote_table_name(assoc_name)}")
+      pluck.push(Arel.sql("#{ActiveRecord::Base.connection.quote_table_name(assoc.table_name)}.id AS #{ActiveRecord::Base.connection.quote_table_name(assoc_name)}"))
       keys.push("#{assoc_name.to_s.singularize}_ids")
     end
 

app/models/authorization.rb

@@ -1,7 +1,7 @@
 # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
 
 class Authorization < ApplicationModel
-  belongs_to    :user
+  belongs_to    :user, optional: true
   after_create  :delete_user_cache
   after_update  :delete_user_cache
   after_destroy :delete_user_cache

app/models/avatar.rb

@@ -1,7 +1,7 @@
 # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
 
 class Avatar < ApplicationModel
-  belongs_to :object_lookup
+  belongs_to :object_lookup, optional: true
 
 =begin