diff --git a/Gemfile b/Gemfile
index 12cb0216f4..b911ef7828 100644
--- a/Gemfile
+++ b/Gemfile
@@ -75,7 +75,7 @@ gem 'redis-rails'
 gem 'openstax_utilities'
 
 # API versioning and documentation
-gem 'openstax_api'
+gem 'openstax_api', github: 'openstax/openstax_api', ref: '0c5a748554c8d8a14ba8201a717321a9ce996f8c'
 
 # Notify developers of Exceptions in production
 gem 'openstax_rescue_from'
diff --git a/Gemfile.lock b/Gemfile.lock
index e0773a0c44..31d13b7276 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -18,6 +18,24 @@ GIT
       railties (>= 3.1)
       sass-rails
 
+GIT
+  remote: https://github.com/openstax/openstax_api.git
+  revision: 0c5a748554c8d8a14ba8201a717321a9ce996f8c
+  ref: 0c5a748554c8d8a14ba8201a717321a9ce996f8c
+  specs:
+    openstax_api (9.6.1)
+      addressable
+      doorkeeper
+      exception_notification
+      lev (>= 12.1.0)
+      openstax_utilities
+      rails (>= 6, <= 8)
+      representable
+      responders
+      roar
+      roar-rails (>= 1)
+      uber
+
 GIT
   remote: https://github.com/openstax/path_prefixer.git
   revision: e3edfc70589bc90fcffba63b417260a88c1377d7
@@ -497,18 +515,6 @@ GEM
       active_attr
       rails (>= 5.0, < 7.0)
       restforce
-    openstax_api (9.6.0)
-      addressable
-      doorkeeper
-      exception_notification
-      lev (>= 12.1.0)
-      openstax_utilities
-      rails (>= 6, <= 8)
-      representable
-      responders
-      roar
-      roar-rails (>= 1)
-      uber
     openstax_healthcheck (1.0.1)
       rails (>= 3.0)
     openstax_rescue_from (4.2.1)
@@ -653,13 +659,13 @@ GEM
       hashie (>= 1.2.0, < 6.0)
       jwt (>= 1.5.6)
     rexml (3.3.8)
-    roar (1.1.1)
-      representable (~> 3.0)
-    roar-rails (1.1.0)
+    roar (1.2.0)
+      representable (~> 3.1)
+    roar-rails (1.2.0)
       actionpack
       railties (>= 3.0.0)
       responders
-      roar (~> 1.1.0)
+      roar (~> 1.2)
       test_xml (>= 0.1.6)
       uber (< 0.2.0)
     rspec (3.13.0)
@@ -736,9 +742,6 @@ GEM
     snaky_hash (2.0.1)
       hashie
       version_gem (~> 1.1, >= 1.1.1)
-    spring (4.2.1)
-    spring-commands-rspec (1.0.4)
-      spring (>= 0.9.1)
     sprockets (3.7.5)
       base64
       concurrent-ruby (~> 1.0)
@@ -861,7 +864,7 @@ DEPENDENCIES
   omniauth-google-oauth2
   omniauth-identity
   omniauth-twitter
-  openstax_api
+  openstax_api!
   openstax_healthcheck
   openstax_path_prefixer!
   openstax_rescue_from
@@ -895,8 +898,6 @@ DEPENDENCIES
   sentry-ruby
   shoulda-matchers
   smarter_csv
-  spring
-  spring-commands-rspec
   timecop
   uglifier
   vcr
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index ebecdc12be..acc3ba1669 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -144,7 +144,7 @@ def update_user
           application_user.roles = au[:roles].split(',').map(&:strip)
           application_user
         end
-        @user.update_attributes! user_params
+        @user.update! user_params
       end
     end
   end
diff --git a/app/controllers/legacy/users_controller.rb b/app/controllers/legacy/users_controller.rb
index 63086fdbd9..150e753ca5 100644
--- a/app/controllers/legacy/users_controller.rb
+++ b/app/controllers/legacy/users_controller.rb
@@ -18,7 +18,7 @@ def update
 
       respond_to do |format|
         format.json do
-          if current_user.update_attributes(user_params)
+          if current_user.update(user_params)
             security_log :user_updated, user_params: user_params
 
             render json: { full_name: current_user.full_name }, status: :ok
diff --git a/app/controllers/oauth/applications_controller.rb b/app/controllers/oauth/applications_controller.rb
index 1a012b38fc..abe9ad3671 100644
--- a/app/controllers/oauth/applications_controller.rb
+++ b/app/controllers/oauth/applications_controller.rb
@@ -69,9 +69,9 @@ def edit
 
     def update
       OSU::AccessPolicy.require_action_allowed!(:update, @user, @application)
-      
+
       Doorkeeper::Application.transaction do
-        if add_application_owners && @application.update_attributes(app_params)
+        if add_application_owners && @application.update(app_params)
           security_log :application_updated, application_id: @application.id,
                                             application_params: app_params
           flash[:notice] = I18n.t(
@@ -137,18 +137,18 @@ def add_application_owners
       member_ids = validated_member_ids
       return false if @application.errors.any?
       return true if !current_user.is_administrator? && current_user.oauth_applications.include?(@application)
-    
-      @application.owner.update_attributes(member_ids: member_ids)
+
+      @application.owner.update(member_ids: member_ids)
     end
 
     def validated_member_ids
       return [] if !params[:member_ids].present?
-    
+
       if !params[:member_ids].match(SPACE_SEPARATED_NUMBERS_REGEX)
         @application.errors.add(:owner, 'Member Ids must be a space separated list of integers')
         return false
       end
-    
+
       member_ids = params[:member_ids].split.map(&:to_i)
       member_ids.each do |member_id|
         if !User.where(id: member_id).exists?
@@ -165,7 +165,7 @@ def set_current_member_ids
 
     def authenticate_admin_or_oauth_application_owner!
       return if current_user.oauth_applications.any?
-      admin_authentication! 
+      admin_authentication!
     end
   end
 end
diff --git a/app/handlers/signup_start.rb b/app/handlers/signup_start.rb
index e9f33254a6..b1bb0e0854 100644
--- a/app/handlers/signup_start.rb
+++ b/app/handlers/signup_start.rb
@@ -26,7 +26,7 @@ def handle
 
     # is there a pre_auth_state and it's email is unchanged
     if existing_pre_auth_state.try(:contact_info_value) == email
-      existing_pre_auth_state.update_attributes(role: signup_params.role)
+      existing_pre_auth_state.update(role: signup_params.role)
       outputs.pre_auth_state = existing_pre_auth_state
       # pre_auth_state may have been created in session start
       # and the the confirmation email will not yet have been sent
diff --git a/app/routines/newflow/ensure_unverified_user.rb b/app/routines/newflow/ensure_unverified_user.rb
index ade20b548c..8458f7c9e0 100644
--- a/app/routines/newflow/ensure_unverified_user.rb
+++ b/app/routines/newflow/ensure_unverified_user.rb
@@ -7,7 +7,7 @@ class EnsureUnverifiedUser
 
     def exec(user)
       if user.state == 'needs_profile'
-        user.update_attributes(state: 'unverified', is_newflow: true)
+        user.update(state: 'unverified', is_newflow: true)
         transfer_errors_from(user, { type: :verbatim }, :fail_if_errors)
 
         SecurityLog.create(
diff --git a/app/routines/transfer_authentications.rb b/app/routines/transfer_authentications.rb
index dd56a9ea9d..c6aecfea7f 100644
--- a/app/routines/transfer_authentications.rb
+++ b/app/routines/transfer_authentications.rb
@@ -1,4 +1,4 @@
-# Firstly, persists or updates (with `update_attributes`) an `Authentication` for the given user.
+# Firstly, persists or updates (with `update`) an `Authentication` for the given user.
 #
 # Secondly, if the authentication(s) already belonged to a user, and
 # that user can be destroyed, then we destroy that user.
@@ -13,7 +13,7 @@ def exec(authentications, newer_user)
     authentications = [authentications] if !(authentications.is_a?(Array))
     authentications.each do |authentication|
       existing_user = authentication.user
-      authentication.update_attributes(user_id: newer_user.id)
+      authentication.update(user_id: newer_user.id)
       transfer_errors_from(authentication, {type: :verbatim}, :fail_if_errors)
 
       if existing_user && can_be_destroyed?(existing_user)
diff --git a/app/views/layouts/admin.html.erb b/app/views/layouts/admin.html.erb
index b3908d5a79..80ddb75acd 100644
--- a/app/views/layouts/admin.html.erb
+++ b/app/views/layouts/admin.html.erb
@@ -50,8 +50,6 @@
 
             <li><%= link_to 'Security Log', main_app.routes.url_helpers.admin_security_log_path %></li>
 
-            <li><%= link_to 'Settings', main_app.routes.url_helpers.admin_rails_settings_ui_path %></li>
-
             <li class="dropdown">
               <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Banners<span class="caret"></span></a>
               <ul class="dropdown-menu">
diff --git a/spec/features/admin/users_spec.rb b/spec/features/admin/users_spec.rb
index 7bc3feb2f2..6bec4c5c46 100644
--- a/spec/features/admin/users_spec.rb
+++ b/spec/features/admin/users_spec.rb
@@ -5,8 +5,7 @@
     before(:each) do
       @admin_user = create_admin_user
       visit '/'
-      complete_login_username_or_email_screen('admin')
-      complete_login_password_screen('password')
+      complete_newflow_log_in_screen('admin', 'password')
     end
 
     context "with a user with salesforce contact ID set" do
diff --git a/spec/models/security_log_spec.rb b/spec/models/security_log_spec.rb
index 00203870ec..3b7a8e9af8 100644
--- a/spec/models/security_log_spec.rb
+++ b/spec/models/security_log_spec.rb
@@ -14,7 +14,7 @@
     expect{security_log.update_attribute :event_type, :admin_created}.to(
       raise_error ActiveRecord::ReadOnlyRecord
     )
-    expect{security_log.update_attributes event_type: :admin_created}.to(
+    expect{security_log.update event_type: :admin_created}.to(
       raise_error ActiveRecord::ReadOnlyRecord
     )
   end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 008ed10964..05ee1b2ba2 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -30,7 +30,7 @@
 
     context 'when the names start populated' do
       before(:each) {
-        user.update_attributes(first_name: "John", last_name: "Smith")
+        user.update(first_name: "John", last_name: "Smith")
       }
 
       it 'is invalid for the first name to become blank' do
@@ -125,7 +125,7 @@
     it 'cannot be updated' do
       user = FactoryBot.create :user
       old_uuid = user.uuid
-      user.update_attributes(first_name: 'New')
+      user.update(first_name: 'New')
       expect(user.reload.first_name).to eq('New')
       expect(user.uuid).to eq(old_uuid)
 
@@ -146,7 +146,7 @@
     it 'cannot be updated' do
       user = FactoryBot.create :user
       old_identifier = user.support_identifier
-      user.update_attributes(first_name: 'New')
+      user.update(first_name: 'New')
       expect(user.reload.first_name).to eq('New')
       expect(user.support_identifier).to eq(old_identifier)
 
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 75eaba7c65..a7b47dae8f 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -169,6 +169,8 @@ def database_cleaner_strategy
     # `true` in RSpec 4.
     mocks.verify_partial_doubles = true
   end
+
+  config.full_backtrace = !!ENV["BACKTRACE"]
 end
 
 """
@@ -296,7 +298,7 @@ def error_msg model, *args
   end
 
   options[:message] = error
-  Lev::BetterActiveModelErrors.generate_message instance, field, :invalid, options
+  ActiveModel::Error.generate_message field, :invalid, instance, options
 end
 
 # From: https://github.com/rspec/rspec-rails/issues/925#issuecomment-164094792
diff --git a/spec/support/feature_helpers.rb b/spec/support/feature_helpers.rb
index 4bf0686a2f..bcd3f3d5b4 100644
--- a/spec/support/feature_helpers.rb
+++ b/spec/support/feature_helpers.rb
@@ -29,7 +29,7 @@ def create_user_with_plone_password
 
 def create_admin_user
   user = create_user 'admin'
-  user.update_attributes!(is_administrator: true)
+  user.update!(is_administrator: true)
   user
 end