Articles by Gelsey Torres

How To Delay A Rails Upgrade

Maintaining an up-to-date Ruby on Rails application is crucial for performance, security, and feature enhancements. However, finding the time for a full-scale upgrade can be challenging. In this blog post, we’ll explore practical steps you can take to delay a Rails upgrade when you don’t have the immediate bandwidth but want to set the stage for a seamless process in the future.

Read more

How to use Brakeman to find Rails security vulnerabilities

Security is a huge concern for web applications. To protect your Rails app from potential vulnerabilities and threats, it’s essential to perform regular security assessments. Brakeman, a widely used static analysis tool for Ruby on Rails, can help you identify security vulnerabilities proactively.

In this article, we’ll explore how to use Brakeman to check your Rails app for security vulnerabilities.

Read more

How ActionDispatch::Response#content_type Changed between Rails 5.2 to 6.1

If you have ever upgraded Rails from 5.2 to 6.0, you might have run into issues with changes that had been made to the value of ActionDispatch::Response#content_type between the two versions.

If you have been lucky, you might not have even noticed there was a problem until Rails 6.0, after coming across this deprecation message:

Rails 6.1 will return Content-Type header without modification. If you want just the MIME type, please use `#media_type` instead.

What happened with ActionDispatch::Response#content_type between Rails 5.2 to 6.1? In this article, we will go into some background to learn what this method does, look at the differences in ActionDispatch::Response#content_type’s return value between the several Rails versions, and how you can fix the problem if you come across it in your codebase.

Read more

Why You Might Not Want to Run `rails app:update`.

At, we don’t always run rails app:update in our process to upgrade Rails apps.

It might seem like a sacrilege - after all, that’s why the task was created, to make upgrading Rails as painless as possible, right? But we have found while upgrading dozens of applications that running rails app:update isn’t the best idea in all situations.

In this article, you will learn what rails app:update does, when it should not be used, and how to upgrade your Rails app without it.

Note: In Rails versions before 5.0, rails app:update was called rake rails:update.

Read more

The Dangerous Query Method Deprecation

Have you ever tried to update a Rails app from 5.2 to 6.0, or from 6.0 to 6.1? If so, you might have seen this deprecation:

DEPRECATION WARNING: Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s): "random()". Non-attribute arguments will be disallowed in Rails 6.0. This method should not be called with user-provided values, such as request parameters or model attributes. Known-safe values can be passed by wrapping them in Arel.sql(). (called from ...)

Note: While this deprecation message mentions Rails 6.0 as the version where the behavior is disallowed, that change was postponed, so the deprecation also shows in Rails 6.0. The behavior is actually disallowed in Rails 6.1.

What does this deprecation mean exactly? In this article, I will explain that in plain English, what issue it is trying to prevent, and how to fix the problem if you come across it in your codebase.

Read more

An introduction to software quality

At, we talk a lot about software quality. It’s how we determine whether a client is a good fit for an upgrade. The less technical debt a codebase has, the easier it is to maintain, and the more likely a Rails upgrade will go smoothly. But what determines whether software is “good quality”? In this article, we will talk about what software quality is, and explain the metrics that people use when talking about how to measure it.

Read more
Get the book