Upgrade LMS Rails version to 6.0.5

[brendanshean]

WHAT

Upgrade LMS from 5.2.8 to 6.0.5

WHY

Newer versions of Rails provide new features as well as security enhancements.

HOW

Update Gemfile with new Rails version. Then, after lots of flipping switches with Gemfile.lock, run bundle.

A couple of specs had to be fixed:
1. Fixing module_parent calls: parent will be deprecated in Rails 6 so update those calls to module_parent
2. Fix time comparison: as_json calls in Rails 6 converts ActiveSupport::TimeWithZone values to strings whereas it currently leaves the object as a ActiveSupport::TimeWithZone. (NB: Comparisons with these objects are tricky, see here and here)

Addendum 1:
Cookie serialization is updated to hybrid per this post

Addendum 2:
Removed livingstyleguide gem from development group since it breaks development build. This was missed on heroku since the gem doesn't run.

Screenshots

(If applicable. Also, please censor any sensitive data)

Notion Card Links

(Please provide links to any relevant Notion card(s) relevant to this PR.)

PR Checklist	Your Answer
Have you added and/or updated tests?	YES
Have you deployed to Staging?	YES
Self-Review: Have you done an initial self-review of the code below on Github?	YES
Spec Review: Have you reviewed the spec and ensured this meets requirements and/or matches design mockups?	N/A

[anathomical]

I like the consolidation you did here for items we should do later analysis on regarding whether we use these or not. It may be worth going ahead and creating a Task card in Notion so that we remember to come back and do this.

[brendanshean]

I'm planning on doing an audit after the 6.1 upgrade.

[anathomical]

This seems to be a reasonable solution to this problem. I've generally fallen back to coercing string representations, but this feel cleaner.

[dandrabik]

👍 Thanks for your work on this. I left a few small comments on things to double check, but nothing is blocking.

[dandrabik]

I'm curious the about why the change away from a locked patch version. I would think even a patch upgrade of Rails would be a manually planned/tested endeavor, so curious what we gain from this change.

[brendanshean]

I've viewed patch upgrades even with Rails as safe updates, but I will change it back to the locked version since I don't really have a strong preference.

[dandrabik]

Just to clarify, does this empty file mean this functionality is off (that's what we would want)? Wondering since we are using the secure_headers gem to set CSP here. We'd want to ensure that these don't conflict.

[brendanshean]

This was autogenerated, but I agree that it's confusing. I will remove it.

[dandrabik]

Nice that they provide a migration path. I don't think this is an issue for how we use cookies, but just flagging it in case it comes up:

SPOILER! When using the :json or :hybrid serializer, you should be aware that not all Ruby objects can be serialized as JSON. For example, Date and Time objects will be serialized as strings, and Hashes will have their keys stringified.