From e3de71668af044c9466e7c401da24747cb8a009b Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Tue, 7 Apr 2020 13:15:48 +0100
Subject: [PATCH 1/3] Depend on a spree version in which spree_core doesnt
 depend on deface AND remove deface from list of dependencies

---
 Gemfile      |  1 -
 Gemfile.lock | 14 +++-----------
 2 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/Gemfile b/Gemfile
index b01600d0d3..30def03b30 100644
--- a/Gemfile
+++ b/Gemfile
@@ -70,7 +70,6 @@ gem 'angularjs-file-upload-rails', '~> 2.4.1'
 gem 'blockenspiel'
 gem 'custom_error_message', github: 'jeremydurham/custom-err-msg'
 gem 'dalli'
-gem 'deface', '1.0.2'
 gem 'diffy'
 gem 'figaro'
 gem 'geocoder'
diff --git a/Gemfile.lock b/Gemfile.lock
index 1cf17a8cd4..9698de0377 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -23,7 +23,7 @@ GIT
 
 GIT
   remote: https://github.com/openfoodfoundation/spree.git
-  revision: 8a8585a43cd04d1a50dc65227f337a91b18d66d5
+  revision: e10ca1f689b1658040b081939b7523f6fb68895a
   branch: 2-0-4-stable
   specs:
     spree_core (2.0.4)
@@ -32,14 +32,13 @@ GIT
       awesome_nested_set (= 2.1.5)
       aws-sdk (~> 1.11.1)
       cancan (~> 1.6.10)
-      deface (>= 0.9.1)
       ffaker (~> 1.16)
       highline (= 1.6.18)
       httparty (~> 0.11)
       json (>= 1.7.7)
       kaminari (~> 0.14.1)
       money (= 5.1.1)
-      paperclip (~> 3.0)
+      paperclip (~> 3.4.1)
       paranoia (~> 1.3)
       rails (~> 3.2.14)
       ransack (= 0.7.2)
@@ -167,7 +166,6 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.10.0)
-    colorize (0.8.1)
     combine_pdf (1.0.16)
       ruby-rc4 (>= 0.1.5)
     compass (1.0.3)
@@ -201,11 +199,6 @@ GEM
     ddtrace (0.34.1)
       msgpack
     debugger-linecache (1.2.0)
-    deface (1.0.2)
-      colorize (>= 0.5.8)
-      nokogiri (~> 1.6.0)
-      polyglot
-      rails (>= 3.1)
     delayed_job (4.1.8)
       activesupport (>= 3.0, < 6.1)
     delayed_job_active_record (4.1.4)
@@ -238,7 +231,7 @@ GEM
       railties (>= 3.0.0)
     faraday (1.0.0)
       multipart-post (>= 1.2, < 3)
-    ffaker (1.22.1)
+    ffaker (1.32.1)
     ffi (1.12.2)
     figaro (1.1.1)
       thor (~> 0.14)
@@ -715,7 +708,6 @@ DEPENDENCIES
   db2fog
   ddtrace
   debugger-linecache
-  deface (= 1.0.2)
   delayed_job_active_record
   delayed_job_web
   devise (~> 2.2.5)

From 71ffa6b17841fb2556a818c6dda8670d018d1583 Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Tue, 7 Apr 2020 13:20:49 +0100
Subject: [PATCH 2/3] Upgrade nokogiri as much as possible (it's not an
 explicit dependency of OFN and we dont need to control the version now, so I
 remove it from Gemfile)

---
 Gemfile      | 2 --
 Gemfile.lock | 7 +++----
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/Gemfile b/Gemfile
index 30def03b30..f3b6d8220d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -9,8 +9,6 @@ gem 'rails-i18n', '~> 3.0.0'
 gem 'rails_safe_tasks', '~> 1.0'
 
 gem "activerecord-import"
-# Patched version. See http://rubysec.com/advisories/CVE-2015-5312/.
-gem 'nokogiri', '>= 1.6.7.1'
 
 gem "catalog", path: "./engines/catalog"
 gem "order_management", path: "./engines/order_management"
diff --git a/Gemfile.lock b/Gemfile.lock
index 9698de0377..a52fb38d06 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -442,7 +442,7 @@ GEM
     method_source (0.9.2)
     mime-types (1.25.1)
     mini_mime (1.0.1)
-    mini_portile2 (2.1.0)
+    mini_portile2 (2.4.0)
     mini_racer (0.2.9)
       libv8 (>= 6.9.411)
     momentjs-rails (2.20.1)
@@ -454,8 +454,8 @@ GEM
     multi_xml (0.6.0)
     multipart-post (2.1.1)
     newrelic_rpm (3.18.1.330)
-    nokogiri (1.6.8.1)
-      mini_portile2 (~> 2.1.0)
+    nokogiri (1.10.9)
+      mini_portile2 (~> 2.4.0)
     oauth2 (1.4.4)
       faraday (>= 0.8, < 2.0)
       jwt (>= 1.0, < 3.0)
@@ -737,7 +737,6 @@ DEPENDENCIES
   mini_racer (= 0.2.9)
   momentjs-rails
   newrelic_rpm (~> 3.0)
-  nokogiri (>= 1.6.7.1)
   oauth2 (~> 1.4.4)
   ofn-qz!
   oj

From 4aad80c134e7ad23293a18c2204f4f65e40c9bff Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Tue, 7 Apr 2020 15:36:14 +0100
Subject: [PATCH 3/3] Update message for capybara with new upgrade blocker

---
 Gemfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Gemfile b/Gemfile
index f3b6d8220d..983493975e 100644
--- a/Gemfile
+++ b/Gemfile
@@ -122,7 +122,7 @@ group :test, :development do
   # Pretty printed test output
   gem 'atomic'
   gem 'awesome_print'
-  gem 'capybara', '>= 2.18.0' # 3.0 requires nokogiri 1.8
+  gem 'capybara', '>= 2.18.0' # 3.0 requires rack 1.6 that only works with Rails 4.2
   gem 'database_cleaner', '0.7.1', require: false
   gem "factory_bot_rails", require: false
   gem 'fuubar', '~> 2.5.0'