Fix Faraday deprecations

[david-a-wheeler]

When running the test suite we see deprecation warnings; we need to fix them.

The warnings are:

WARNING: `Faraday::Connection#basic_auth` is deprecated; it will be removed in version 2.0.
While initializing your connection, use `#request(:basic_auth, ...)` instead.
See https://lostisland.github.io/faraday/middleware/authentication for more usage info.

[andrewfader]

Upgraded Faraday but we get warnings because of https://github.com/vcr/vcr/discussions/922

[david-a-wheeler]

Hmmm. Not sure what to do here. I wonder if there's a reasonable alternative to vcr.

[andrewfader]

@david-a-wheeler there are alternatives but I think vcr is the best-maintained and de facto standard gem for this purpose for ruby. It's kind of unfortunate that their license is too restrictive to be usable now. Even though the hippocratic license is actually just an MIT license with some kind of moral good clause that's probably legally moot anyway.

[andrewfader]

@david-a-wheeler we could also fork the last permissively licensed version of vcr and, having not looked at their fixes, clean-room update and fix the Faraday problems. We could call it vcr-libre and release it too.

[Apteryks]

That'd be commit 842b2bf89099dc91f2c643d0d85d1abd54eb7e85 of vcr. It's packaged in GNU Guix as ruby-vcr-expat with a prominent comment about not updating it from such commit (due to the license being nonfree for later versions).

[david-a-wheeler]

I hate to fork, that's not a good long-term solution & cherry-picking commits may have licensing questions as well.

The vcr gem is only used during testing, it's not run in production, and it's not something we create (we're just using it). So maybe we can make an exception for vcr. I'll have to pass it through LF legal.