Update non-production gem group minor versions

[LindseySaari]

Issue Description

The non-production gem groups are defined as test and development. In an effort to keep our gems up to date, we should approach the less risky updates first. The next least risky update after the patch versions, includes the non-production gems (test and development) and their minor version updates.

In the case of regression caused by a gem update, gems should be updated in isolation. For the less risky updates, we could make separate pull requests or at least separate commits for each grouped update for these or not.

bundle update --conservative --group development --minor
bundle update --conservative --group test --minor

or

bundle update --conservative --group development test --minor

Bundler’s --conservative option prevents updates in any “Production” gem that is also a dependency of a“Non-production” gem.

Gem update spreadsheet

Remaining gems to update:

• factory bot
• [ ]

---

Acceptance Criteria

• Run automated test suite
• Test manually
• Check each updated gem’s CHANGELOG — if available — for potential backward-incompatible changes.

---

[LindseySaari]

Need to come back to rubocop-rails minor update — it depends on rubocop >= 0.90.0', '< 2.0'. Will revisit after the rubocop major version update (dev/test)

[LindseySaari]

An Issue with Simplecov > 0.18 reporting to CodeClimate still exists. See here

[rileyanderson]

@dillo We are updating Brakeman to the latest version (department-of-veterans-affairs/vets-api#6223) and as a result some code in the health_quest module has been flagged:

Confidence: Medium
Category: Mass Assignment
Check: MassAssignment
Message: Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys
Code: params.require(:questionnaireResponse).permit!
File: modules/health_quest/app/controllers/health_quest/v0/questionnaire_manager_controller.rb
Line: 21

Confidence: Medium
Category: Mass Assignment
Check: MassAssignment
Message: Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys
Code: params.require(:questionnaire_response).permit!
File: modules/health_quest/app/controllers/health_quest/v0/questionnaire_responses_controller.rb
Line: 21

Could you take a look at this and let me know if there is a specific reason you are using permit! and if we can change this to allow for exact keys? Thanks!

[dillo]

@rileyanderson The reason for using permit! is because there is no ActiveRecord or a database behind this endpoint call in the vets-api. However, in the interest of keeping it clean and adhering to security conventions, we will be permitting exact keys in the next sprint or two.