Upgrade devise to 5.0.3 (Dependabot #124)

[DominicBM]

Summary

• Bumps devise from 4.9.0 to 5.0.3
• Fixes Dependabot alert [Snyk] Security upgrade puma from 3.12.1 to 3.12.4 #124: confirmable "change email" race condition that could allow a user to confirm an email address they no longer have access to (medium severity)
• Updates Gemfile pin from ~> 4.9.0 to ~> 5.0

Test plan

• CI passes (app boot + specs require GOOGLE_ANALYTICS_KEY env var, set in ECS secrets)
• Staging deploy smoke test: login, logout, password reset flow

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Upgraded the authentication library to version 5.0, providing access to the latest features and improvements in the authentication system.

[coderabbitai]

Walkthrough

The Gemfile dependency for the Devise authentication gem is upgraded from version ~> 4.9.0 to ~> 5.0. This represents a major version bump that may introduce breaking changes or new features requiring compatibility verification.

Changes

Cohort / File(s)	Summary
Devise Gem Update Gemfile	Major version upgrade of Devise gem from ~> 4.9.0 to ~> 5.0, potentially introducing breaking changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately summarizes the main change: upgrading the devise gem to version 5.0.3, and includes the Dependabot issue reference.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/devise-5.0.3

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

Gemfile (1)

23-23: Optional: Gem ordering.

RuboCop suggests devise should appear before httparty for alphabetical ordering. This is a minor style preference.

♻️ Optional fix for gem ordering

 gem 'googleauth', '~> 1.3.0'
+gem 'devise', '~> 5.0'
 gem 'httparty', '>= 0.24.0'
-gem 'devise', '~> 5.0'
 gem 'jquery-rails', '~> 4.5.1'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Gemfile` at line 23, Move the Gemfile entry for gem 'devise', '~> 5.0' so it
appears before the gem 'httparty' entry to satisfy RuboCop's alphabetical gem
ordering; update the Gemfile ordering accordingly and run bundle install /
rubocop to verify the style warning is resolved.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@Gemfile`:
- Line 23: Move the Gemfile entry for gem 'devise', '~> 5.0' so it appears
before the gem 'httparty' entry to satisfy RuboCop's alphabetical gem ordering;
update the Gemfile ordering accordingly and run bundle install / rubocop to
verify the style warning is resolved.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b3d26931-b74b-4d08-92db-b9bcdfcc449f

📥 Commits

Reviewing files that changed from the base of the PR and between eacd57e and 9543403.

⛔ Files ignored due to path filters (1)

• Gemfile.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• Gemfile