This major upgrade brings RailsGoat up to date with the latest versions:
- Ruby 2.6.5 → 3.3.6
- Rails 6.0.0 → 8.0.4
## Key Changes
### Dependencies
- Upgraded all gems to Rails 8-compatible versions
- Removed deprecated gems: therubyracer, coffee-rails, poltergeist,
travis-lint, rails-perftest, unicorn, powder, rubocop-github
- Updated puma to 6.6.1, sqlite3 to 2.8.1, rspec-rails to 8.0.2
- Added modern Rails 8 features: importmap-rails, stimulus-rails, turbo-rails
- Replaced poltergeist with selenium-webdriver for integration tests
### Code Changes
- Converted CoffeeScript files to plain JavaScript
- Updated test configuration to use Selenium headless driver
- Updated database schema to Rails 8 format
## Testing
- Application starts successfully and responds to requests
- Test suite runs with 23 examples (14 intentional vulnerability failures)
- Database migrations applied successfully
## Notes
This upgrade maintains all intentional security vulnerabilities that make
RailsGoat an effective training tool. The failing tests are expected and
demonstrate the vulnerabilities the application is designed to teach.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Adding Capybara to verify replay-ability of hacking vulnerabilities. I
imagine these may want to be kept on a different branch for QA and
educational purposes, but not distributed with master when forked.
This commit also includes demonstrating the SQL Injection vulnerability.
Ken Johnson