Bump actionpack from 7.2.1.1 to 7.2.2.1

[dependabot]

Bumps actionpack from 7.2.1.1 to 7.2.2.1.

Release notes

Sourced from actionpack's releases.

7.2.2.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Add validation to content security policies to disallow spaces and semicolons. Developers should use multiple arguments, and different directive methods instead.

  [CVE-2024-54133]

  Gannon McGibbon

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

... (truncated)

Commits

• 33beb0a Preparing for 7.2.2.1 release
• 3da2479 Add CSP directive validation
• d0dcb8f Preparing for 7.2.2 release
• 2975a88 Merge remote-tracking branch 'origin/7-2-sec' into 7-2-stable
• 7750d64 Preparing for 7.2.1.2 release
• 05dabd7 Add author to the CHANGELOG entries
• 5f5349f Merge remote-tracking branch 'origin/7-2-sec' into 7-2-stable
• 566ccc9 Merge pull request #53222 from seanpdoyle/csp-docs-links
• 6637543 Merge pull request #53202 from byroot/ruby-3.4-hash-inspect
• 080edd5 Fix URI::DEFAULT_PARSER warnings
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[jrgriffiniii]

The following error was raised on CircleCI, and I am not certain why. I am diagnosing this:

[kelynch]

@jrgriffiniii It looks like there's a failing test on this PR.

[hectorcorrea]

For what is worth, the failing test seems to be a flaky test and it's documented here: #2002

[hectorcorrea]

Let's deploy to staging to make sure the background jobs work as expected.

[hectorcorrea]

@jrgriffiniii Looks like staging is broken after I deploy this...let's touch base when you are back.

[hectorcorrea]

This is the error that I see on staging (via cat /var/log/nginx/error.log) after deploying this branch:

[ E 2025-01-09 21:17:43.9086 2953438/Tn age/Cor/Con/CheckoutSession.cpp:282 ]: [Client 8-619] Cannot checkout session because a spawning error occurred. The identifier of the error is 3089911c. Please see earlier logs for details about the error.
App 3226505 output: I, [2025-01-09T21:17:54.792171 #3226505]  INFO -- ddtrace: [ddtrace] DATADOG CONFIGURATION - CORE - {"date":"2025-01-09T21:17:54Z","os_name":"x86_64-pc-linux-gnu","version":"1.23.3","lang":"ruby","lang_version":"3.1.0","env":null,"service":"current","dd_version":null,"debug":false,"tags":null,"runtime_metrics_enabled":false,"vm":"ruby-3.1.0","health_metrics_enabled":false,"profiling_enabled":false}
App 3226505 output: Error: The application encountered the following error: uninitialized constant ApplicationCable::ActionCable
App 3226505 output: 
App 3226505 output:   class Channel < ActionCable::Channel::Base
App 3226505 output:                   ^^^^^^^^^^^
App 3226505 output: Did you mean?  ActionMailer (NameError)
App 3226505 output:     /opt/pdc_describe/releases/20250109211537/app/channels/application_cable/channel.rb:4:in `<module:ApplicationCable>'
App 3226505 output:     /opt/pdc_describe/releases/20250109211537/app/channels/application_cable/channel.rb:2:in `<main>'
App 3226505 output:     <internal:/usr/local/lib/ruby/site_ruby/3.1.0/rubygems/core_ext/kernel_require.rb>:37:in `require'
App 3226505 output:     <internal:/usr/local/lib/ruby/site_ruby/3.1.0/rubygems/core_ext/kernel_require.rb>:37:in `require'
App 3226505 output:     /opt/pdc_describe/shared/bundle/ruby/3.1.0/gems/bootsnap-1.18.4/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
App 3226505 output:     /opt/pdc_describe/shared/bundle/ruby/3.1.0/gems/zeitwerk-2.6.18/lib/zeitwerk/kernel.rb:26:in `requir

[hectorcorrea]

Made the PR a draft until we figure the issue in Staging (see notes above) so that we don't accidentally merge it and break production too.