Rails isn't considered GPL because of this dependency. It is in violation of the GPL¹, which is copyright infringement. Releasing the violating software under the GPL is one way to stop that infringement, but that's not an automatic legal mechanism.
If a copyright owner decides to pursue a GPL violation, they could get damages² and enforce that the infringement stops (i.e. cease using the GPL-licensed software). It's incredibly unlikely any judge would force anybody to release source code.
¹ Actually, Rails itself isn't even in violation, because the project satisfies all the obligations the GPL imposes. GitHub would be in violation.
² In this case, where infringement wasn't intentional, they'd probably get almost nothing provided that the defendant stopped infringing when they learned of it.
Rails was in a license violating situation, which doesn't make it GPL at all.
Then the outcome of a legal case trying to sue someone who is knowingly using rails which unknowingly pulls in a GPL licensed dependency might be less clean cut as you might think.
Lastly depending on the version of GPL and other factors like non-clean cut interpretations you might be able to argue that a company building a service using rails wouldn't need to make the service GPL even if they use GPL software to do so (if that GPL software is in the backend only!, not if it's in the UI). The reason is that the service is not distributed by them, it stays internally even through it is communicating with a website(html,css,js, not! server side rendering) which was distributed to the user.
The reason I mentioned GitHub Enterprise instead of GitHub website is because the former one is not a service. It is a software distributed to the end user.
Based on your comments, it seems that the existing releases of the GitHub Enterprise are in GPL violation states due to the transitive dependency.
But then an interesting question is how transitive copyright violations apply (because this is what a GPL violation legally is, you use the license to use it, nothing more and nothing less).
The reason I'm wondering about this is because the situation here is similar to a producer of e.g. cars buying a lets say seat to be put into the car and inside the seat they seat producer used some e.g. screws which violate copyright.
Would it be possible that the car manufacturer is hold
responsible for the copyright violation enacted by the seat producer? Unlikely I guess?
Would it still have some consequences? Surely, but likely negligible:
Violating GPL doesn't make any code become GPL (a common misconception) and copyright infringement laws are often based on monetary damage done by the infringement. And lets be honest how much damage is done in case the product is not sold, only given away for free and has competition which is also given away for free with even less constraints?
If a copyright owner decides to pursue a GPL violation, they could get damages² and enforce that the infringement stops (i.e. cease using the GPL-licensed software). It's incredibly unlikely any judge would force anybody to release source code.
¹ Actually, Rails itself isn't even in violation, because the project satisfies all the obligations the GPL imposes. GitHub would be in violation.
² In this case, where infringement wasn't intentional, they'd probably get almost nothing provided that the defendant stopped infringing when they learned of it.