diff --git a/app/views/layouts/default.html.erb b/app/views/layouts/default.html.erb
index 67a8c53cc..2ba869f8c 100644
--- a/app/views/layouts/default.html.erb
+++ b/app/views/layouts/default.html.erb
@@ -29,7 +29,7 @@
 
   <%= stylesheet_pack_tag "application" %>
   <% if CurrentUser.user.custom_style.present? && params.fetch(:css, "true").truthy?  %>
-    <%= stylesheet_link_tag custom_style_users_path(md5: Digest::MD5.hexdigest(CurrentUser.user.custom_style)), media: "screen" %>
+    <%= stylesheet_link_tag custom_style_users_path(md5: Digest::MD5.hexdigest(CurrentUser.user.custom_style)) %>
   <% end %>
 
   <% if current_page?(root_url) %>
diff --git a/bin/rails b/bin/rails
index 6fb4e4051..efc037749 100755
--- a/bin/rails
+++ b/bin/rails
@@ -1,4 +1,4 @@
 #!/usr/bin/env ruby
-APP_PATH = File.expand_path('../config/application', __dir__)
+APP_PATH = File.expand_path("../config/application", __dir__)
 require_relative "../config/boot"
 require "rails/commands"
diff --git a/bin/setup b/bin/setup
index 90700ac4f..ec47b79b3 100755
--- a/bin/setup
+++ b/bin/setup
@@ -2,7 +2,7 @@
 require "fileutils"
 
 # path to your application root.
-APP_ROOT = File.expand_path('..', __dir__)
+APP_ROOT = File.expand_path("..", __dir__)
 
 def system!(*args)
   system(*args) || abort("\n== Command #{args} failed ==")
@@ -13,24 +13,21 @@ FileUtils.chdir APP_ROOT do
   # This script is idempotent, so that you can run it at any time and get an expectable outcome.
   # Add necessary setup steps to this file.
 
-  puts '== Installing dependencies =='
-  system! 'gem install bundler --conservative'
-  system('bundle check') || system!('bundle install')
-
-  # Install JavaScript dependencies
-  system! 'bin/yarn'
+  puts "== Installing dependencies =="
+  system! "gem install bundler --conservative"
+  system("bundle check") || system!("bundle install")
 
   # puts "\n== Copying sample files =="
-  # unless File.exist?('config/database.yml')
-  #   FileUtils.cp 'config/database.yml.sample', 'config/database.yml'
+  # unless File.exist?("config/database.yml")
+  #   FileUtils.cp "config/database.yml.sample", "config/database.yml"
   # end
 
   puts "\n== Preparing database =="
-  system! 'bin/rails db:prepare'
+  system! "bin/rails db:prepare"
 
   puts "\n== Removing old logs and tempfiles =="
-  system! 'bin/rails log:clear tmp:clear'
+  system! "bin/rails log:clear tmp:clear"
 
   puts "\n== Restarting application server =="
-  system! 'bin/rails restart'
+  system! "bin/rails restart"
 end
diff --git a/config/application.rb b/config/application.rb
index 2f39d19be..ddb5e1b87 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -7,15 +7,16 @@
 require_relative 'boot'
 
 require "rails"
+require "active_model/railtie"
+require "active_job/railtie"
 require "active_record/railtie"
 # require "active_storage/engine"
 require "action_controller/railtie"
-require "action_view/railtie"
 require "action_mailer/railtie"
-require "active_job/railtie"
-# require "action_cable/engine"
 # require "action_mailbox/engine"
 # require "action_text/engine"
+require "action_view/railtie"
+# require "action_cable/engine"
 require "rails/test_unit/railtie"
 
 # Load the gems for the current Rails environment from the Gemfile.
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 38e1ddd63..c062cad43 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -14,15 +14,18 @@ Rails.application.configure do
   # Show full error reports.
   config.consider_all_requests_local = true
 
+  # Enable server timing
+  config.server_timing = true
+
   # Enable/disable caching. By default caching is disabled.
   # Run rails dev:cache to toggle caching.
-  if Rails.root.join('tmp', 'caching-dev.txt').exist?
+  if Rails.root.join("tmp/caching-dev.txt").exist?
     config.action_controller.perform_caching = true
     config.action_controller.enable_fragment_cache_logging = true
 
     config.cache_store = :memory_store
     config.public_file_server.headers = {
-      'Cache-Control' => "public, max-age=#{2.days.to_i}"
+      "Cache-Control" => "public, max-age=#{2.days.to_i}"
     }
   else
     config.action_controller.perform_caching = false
diff --git a/config/environments/production.rb b/config/environments/production.rb
index b1645ce7b..cb51b42ad 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -22,14 +22,14 @@ Rails.application.configure do
 
   # Disable serving static files from the `/public` folder by default since
   # Apache or NGINX already handles this.
-  config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
+  config.public_file_server.enabled = ENV["RAILS_SERVE_STATIC_FILES"].present?
 
   # Enable serving of images, stylesheets, and JavaScripts from an asset server.
-  # config.asset_host = 'http://assets.example.com'
+  # config.asset_host = "http://assets.example.com"
 
   # Specifies the header that your server uses for sending files.
-  # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
-  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache
+  # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   # config.force_ssl = true
@@ -60,21 +60,15 @@ Rails.application.configure do
   # the I18n.default_locale when a translation cannot be found).
   config.i18n.fallbacks = true
 
-  # Send deprecation notices to registered listeners.
-  config.active_support.deprecation = :notify
-
-  # Log disallowed deprecations.
-  config.active_support.disallowed_deprecation = :log
-
-  # Tell Active Support which deprecation messages to disallow.
-  config.active_support.disallowed_deprecation_warnings = []
+  # Don't log any deprecations.
+  config.active_support.report_deprecations = false
 
   # Use default logging formatter so that PID and timestamp are not suppressed.
   config.log_formatter = ::Logger::Formatter.new
 
   # Use a different logger for distributed setups.
   # require "syslog/logger"
-  # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name')
+  # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new "app-name")
 
   logger           = ActiveSupport::Logger.new(STDERR)
   logger.formatter = config.log_formatter
@@ -82,25 +76,4 @@ Rails.application.configure do
 
   # Do not dump schema after migrations.
   config.active_record.dump_schema_after_migration = false
-
-  # Inserts middleware to perform automatic connection switching.
-  # The `database_selector` hash is used to pass options to the DatabaseSelector
-  # middleware. The `delay` is used to determine how long to wait after a write
-  # to send a subsequent read to the primary.
-  #
-  # The `database_resolver` class is used by the middleware to determine which
-  # database is appropriate to use based on the time delay.
-  #
-  # The `database_resolver_context` class is used by the middleware to set
-  # timestamps for the last write to the primary. The resolver uses the context
-  # class timestamps to determine how long to wait before reading from the
-  # replica.
-  #
-  # By default Rails will store a last write timestamp in the session. The
-  # DatabaseSelector middleware is designed as such you can define your own
-  # strategy for connection switching and pass that into the middleware through
-  # these configuration options.
-  # config.active_record.database_selector = { delay: 2.seconds }
-  # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver
-  # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session
 end
diff --git a/config/environments/test.rb b/config/environments/test.rb
index d66c042f9..e57c0364b 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -8,17 +8,18 @@ require "active_support/core_ext/integer/time"
 Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
+  # Turn false under Spring and add config.action_view.cache_template_loading = true.
   config.cache_classes = true
 
-  # Do not eager load code on boot. This avoids loading your whole application
-  # just for the purpose of running a single test. If you are using a tool that
-  # preloads Rails for running tests, you may have to set it to true.
-  config.eager_load = false
+  # Eager loading loads your whole application. When running a single test locally,
+  # this probably isn't necessary. It's a good idea to do in a continuous integration
+  # system, or in some way before deploying your code.
+  config.eager_load = ENV["CI"].present?
 
   # Configure public file server for tests with Cache-Control for performance.
   config.public_file_server.enabled = true
   config.public_file_server.headers = {
-    'Cache-Control' => "public, max-age=#{1.hour.to_i}"
+    "Cache-Control" => "public, max-age=#{1.hour.to_i}"
   }
 
   # Show full error reports and disable caching.
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 35d0f26fc..3621f97f8 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -4,27 +4,23 @@
 # For further information see the following documentation
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
 
-# Rails.application.config.content_security_policy do |policy|
-#   policy.default_src :self, :https
-#   policy.font_src    :self, :https, :data
-#   policy.img_src     :self, :https, :data
-#   policy.object_src  :none
-#   policy.script_src  :self, :https
-#   policy.style_src   :self, :https
-#   # If you are using webpack-dev-server then specify webpack-dev-server host
-#   policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development?
-
-#   # Specify URI for violation reports
-#   # policy.report_uri "/csp-violation-report-endpoint"
+# Rails.application.configure do
+#   config.content_security_policy do |policy|
+#     policy.default_src :self, :https
+#     policy.font_src    :self, :https, :data
+#     policy.img_src     :self, :https, :data
+#     policy.object_src  :none
+#     policy.script_src  :self, :https
+#     policy.style_src   :self, :https
+#     # Specify URI for violation reports
+#     # policy.report_uri "/csp-violation-report-endpoint"
+#   end
+#
+#   # Generate session nonces for permitted importmap and inline scripts
+#   config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
+#   config.content_security_policy_nonce_directives = %w(script-src)
+#
+#   # Report CSP violations to a specified URI. See:
+#   # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
+#   # config.content_security_policy_report_only = true
 # end
-
-# If you are using UJS then enable automatic nonce generation
-# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }
-
-# Set the nonce only to specific directives
-# Rails.application.config.content_security_policy_nonce_directives = %w(script-src)
-
-# Report CSP violations to a specified URI
-# For further information see the following documentation:
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
-# Rails.application.config.content_security_policy_report_only = true
diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
index 3b1c1b5ed..e5a82f162 100644
--- a/config/initializers/cors.rb
+++ b/config/initializers/cors.rb
@@ -7,9 +7,9 @@
 
 # Rails.application.config.middleware.insert_before 0, Rack::Cors do
 #   allow do
-#     origins 'example.com'
+#     origins "example.com"
 #
-#     resource '*',
+#     resource "*",
 #       headers: :any,
 #       methods: [:get, :post, :put, :patch, :delete, :options, :head]
 #   end
diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb
new file mode 100644
index 000000000..097a1ebba
--- /dev/null
+++ b/config/initializers/new_framework_defaults_7_0.rb
@@ -0,0 +1,117 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file eases your Rails 7.0 framework defaults upgrade.
+#
+# Uncomment each configuration one by one to switch to the new default.
+# Once your application is ready to run with all new defaults, you can remove
+# this file and set the `config.load_defaults` to `7.0`.
+#
+# Read the Guide for Upgrading Ruby on Rails for more info on each option.
+# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html
+
+# `button_to` view helper will render `<button>` element, regardless of whether
+# or not the content is passed as the first argument or as a block.
+Rails.application.config.action_view.button_to_generates_button_tag = true
+
+# `stylesheet_link_tag` view helper will not render the media attribute by default.
+Rails.application.config.action_view.apply_stylesheet_media_default = false
+
+# Change the digest class for the key generators to `OpenSSL::Digest::SHA256`.
+# Changing this default means invalidate all encrypted messages generated by
+# your application and, all the encrypted cookies. Only change this after you
+# rotated all the messages using the key rotator.
+#
+# See upgrading guide for more information on how to build a rotator.
+# https://guides.rubyonrails.org/v7.0/upgrading_ruby_on_rails.html
+# Rails.application.config.active_support.key_generator_hash_digest_class = OpenSSL::Digest::SHA256
+
+# Change the digest class for ActiveSupport::Digest.
+# Changing this default means that for example Etags change and
+# various cache keys leading to cache invalidation.
+# Rails.application.config.active_support.hash_digest_class = OpenSSL::Digest::SHA256
+
+# Don't override ActiveSupport::TimeWithZone.name and use the default Ruby
+# implementation.
+# Rails.application.config.active_support.remove_deprecated_time_with_zone_name = true
+
+# Change the format of the cache entry.
+# Changing this default means that all new cache entries added to the cache
+# will have a different format that is not supported by Rails 6.1 applications.
+# Only change this value after your application is fully deployed to Rails 7.0
+# and you have no plans to rollback.
+# Rails.application.config.active_support.cache_format_version = 7.0
+
+# Calls `Rails.application.executor.wrap` around test cases.
+# This makes test cases behave closer to an actual request or job.
+# Several features that are normally disabled in test, such as Active Record query cache
+# and asynchronous queries will then be enabled.
+Rails.application.config.active_support.executor_around_test_case = true
+
+# Define the isolation level of most of Rails internal state.
+# If you use a fiber based server or job processor, you should set it to `:fiber`.
+# Otherwise the default of `:thread` if preferable.
+Rails.application.config.active_support.isolation_level = :thread
+
+# Set both the `:open_timeout` and `:read_timeout` values for `:smtp` delivery method.
+Rails.application.config.action_mailer.smtp_timeout = 5
+
+# The ActiveStorage video previewer will now use scene change detection to generate
+# better preview images (rather than the previous default of using the first frame
+# of the video).
+# Rails.application.config.active_storage.video_preview_arguments =
+#   "-vf 'select=eq(n\\,0)+eq(key\\,1)+gt(scene\\,0.015),loop=loop=-1:size=2,trim=start_frame=1' -frames:v 1 -f image2"
+
+# Automatically infer `inverse_of` for associations with a scope.
+Rails.application.config.active_record.automatic_scope_inversing = true
+
+# Raise when running tests if fixtures contained foreign key violations
+Rails.application.config.active_record.verify_foreign_keys_for_fixtures = true
+
+# Disable partial inserts.
+# This default means that all columns will be referenced in INSERT queries
+# regardless of whether they have a default or not.
+Rails.application.config.active_record.partial_inserts = false
+#
+# Protect from open redirect attacks in `redirect_back_or_to` and `redirect_to`.
+Rails.application.config.action_controller.raise_on_open_redirects = true
+
+# Change the variant processor for Active Storage.
+# Changing this default means updating all places in your code that
+# generate variants to use image processing macros and ruby-vips
+# operations. See the upgrading guide for detail on the changes required.
+# The `:mini_magick` option is not deprecated; it's fine to keep using it.
+# Rails.application.config.active_storage.variant_processor = :vips
+
+# If you're upgrading and haven't set `cookies_serializer` previously, your cookie serializer
+# was `:marshal`. Convert all cookies to JSON, using the `:hybrid` formatter.
+#
+# If you're confident all your cookies are JSON formatted, you can switch to the `:json` formatter.
+#
+# Continue to use `:marshal` for backward-compatibility with old cookies.
+#
+# If you have configured the serializer elsewhere, you can remove this.
+#
+# See https://guides.rubyonrails.org/action_controller_overview.html#cookies for more information.
+# Rails.application.config.action_dispatch.cookies_serializer = :hybrid
+
+# Enable parameter wrapping for JSON.
+# Previously this was set in an initializer. It's fine to keep using that initializer if you've customized it.
+# To disable parameter wrapping entirely, set this config to `false`.
+Rails.application.config.action_controller.wrap_parameters_by_default = true
+
+# Specifies whether generated namespaced UUIDs follow the RFC 4122 standard for namespace IDs provided as a
+# `String` to `Digest::UUID.uuid_v3` or `Digest::UUID.uuid_v5` method calls.
+#
+# See https://guides.rubyonrails.org/configuring.html#config-active-support-use-rfc4122-namespaced-uuids for
+# more information.
+Rails.application.config.active_support.use_rfc4122_namespaced_uuids = true
+
+# Change the default headers to disable browsers' flawed legacy XSS protection.
+Rails.application.config.action_dispatch.default_headers = {
+  "X-Frame-Options" => "SAMEORIGIN",
+  "X-XSS-Protection" => "0",
+  "X-Content-Type-Options" => "nosniff",
+  "X-Download-Options" => "noopen",
+  "X-Permitted-Cross-Domain-Policies" => "none",
+  "Referrer-Policy" => "strict-origin-when-cross-origin"
+}