Push dependabot updates to main

Gemfile.lock

@@ -114,23 +114,23 @@ GEM
       aws-sdk-ses (~> 1, >= 1.50.0)
       aws-sdk-sesv2 (~> 1, >= 1.34.0)
     aws-eventstream (1.4.0)
-    aws-partitions (1.1154.0)
-    aws-sdk-core (3.232.0)
+    aws-partitions (1.1212.0)
+    aws-sdk-core (3.242.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
       aws-sigv4 (~> 1.9)
       base64
       bigdecimal
       jmespath (~> 1, >= 1.6.1)
       logger
-    aws-sdk-kms (1.112.0)
-      aws-sdk-core (~> 3, >= 3.231.0)
+    aws-sdk-kms (1.121.0)
+      aws-sdk-core (~> 3, >= 3.241.4)
       aws-sigv4 (~> 1.5)
     aws-sdk-rails (5.1.0)
       aws-sdk-core (~> 3)
       railties (>= 7.1.0)
-    aws-sdk-s3 (1.198.0)
-      aws-sdk-core (~> 3, >= 3.231.0)
+    aws-sdk-s3 (1.208.0)
+      aws-sdk-core (~> 3, >= 3.234.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
     aws-sdk-ses (1.90.0)
@@ -157,7 +157,7 @@ GEM
     base64 (0.3.0)
     bcrypt (3.1.20)
     benchmark (0.4.1)
-    bigdecimal (3.2.3)
+    bigdecimal (4.0.1)
     bindata (2.5.1)
     bindex (0.8.1)
     bootsnap (1.18.6)
@@ -343,8 +343,8 @@ GEM
     minitest (5.25.5)
     msgpack (1.8.0)
     multi_json (1.17.0)
-    multi_xml (0.7.2)
-      bigdecimal (~> 3.1)
+    multi_xml (0.8.1)
+      bigdecimal (>= 3.1, < 5)
     net-http (0.6.0)
       uri
     net-imap (0.5.10)
@@ -425,7 +425,7 @@ GEM
     puma (6.6.1)
       nio4r (~> 2.0)
     racc (1.8.1)
-    rack (3.2.1)
+    rack (3.2.3)
     rack-attack (6.7.0)
       rack (>= 1.0, < 4)
     rack-cors (3.0.0)
@@ -615,7 +615,7 @@ GEM
       unicode-emoji (~> 4.0, >= 4.0.4)
     unicode-emoji (4.0.4)
     uniform_notifier (1.18.0)
-    uri (1.0.3)
+    uri (1.0.4)
     useragent (0.16.11)
     version_gem (1.1.9)
     virtus (2.0.0)

config/environments/development.rb

@@ -99,5 +99,5 @@
   # Apply autocorrection by RuboCop to files generated by `bin/rails generate`.
   # config.generators.apply_rubocop_autocorrect_after_generate!
 
-  config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
+  config.public_file_server.enabled = true
 end

config/environments/production.rb

@@ -18,15 +18,12 @@
   # Do not fall back to assets pipeline if a precompiled asset is missed.
   config.assets.compile = false
 
-  # Let Cloud Foundry / container platforms serve precompiled assets from /public.
-  config.public_file_server.enabled = ENV["RAILS_SERVE_STATIC_FILES"].present?
+  # We are not running NGINX/Apache server in production so let Rails serve static files from `public/`.
+  config.public_file_server.enabled = true
+
   # Cache assets for far-future expiry since they are all digest stamped.
-  # Add CORS headers for static assets to support SRI (Subresource Integrity) checks
-  # when assets are served from ASSET_HOST (different origin than the page)
+  # CORS headers are managed by rack-cors, see config/application.rb
   config.public_file_server.headers = {
-    'Access-Control-Allow-Origin' => '*',
-    'Access-Control-Allow-Methods' => 'GET, OPTIONS',
-    'Access-Control-Allow-Headers' => 'Origin, X-Requested-With, Content-Type, Accept',
     'Cache-Control' => "public, max-age=#{1.year.to_i}"
   }
 

config/environments/staging.rb

@@ -20,16 +20,10 @@
   # or in config/master.key. This key is used to decrypt credentials (and other encrypted files).
   # config.require_master_key = true
 
-  # Disable serving static files from the `/public` folder by default since
-  # Apache or NGINX already handles this.
-  config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
+  config.public_file_server.enabled = true
 
-  # Add CORS headers for static assets to support SRI (Subresource Integrity) checks
-  # when assets are served from ASSET_HOST (different origin than the page)
+  # Cache assets for far-future expiry since they are all digest stamped.
   config.public_file_server.headers = {
-    'Access-Control-Allow-Origin' => '*',
-    'Access-Control-Allow-Methods' => 'GET, OPTIONS',
-    'Access-Control-Allow-Headers' => 'Origin, X-Requested-With, Content-Type, Accept',
     'Cache-Control' => "public, max-age=#{1.year.to_i}"
   }
 

touchpoints.yml

@@ -11,7 +11,6 @@ applications:
     LOGIN_GOV_IDP_BASE_URL: https://secure.login.gov/
     LOGIN_GOV_REDIRECT_URI: https://touchpoints.app.cloud.gov/users/auth/login_dot_gov/callback
     RAILS_ENV: production
-    RAILS_SERVE_STATIC_FILES: "true"
     TOUCHPOINTS_WEB_DOMAIN: touchpoints.app.cloud.gov
     INDEX_URL: /admin
     SKIP_WIDGET_RENDERER: "true"