raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-04-09 07:56:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
35,109 Commits 16 Branches 461 Tags
0ffd4dcc35fcfb2fdb8569c1936ec751232325ad
Commit Graph

35109 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gaetan Craig-Riou
6596afc562 Fix flaky spec, contain_exactly doesn't care about the order 2025-11-10 13:29:30 +11:00
Maikel
587f76415b Merge pull request #13656 from pacodelaluna/replace-alias-attribute-with-alias-method 
Replace alias_attribute with alias_method
 2025-11-10 11:50:33 +11:00
dependabot[bot]
665aee6eb0 Bump openid_connect from 2.3.0 to 2.3.1 
Bumps [openid_connect](https://github.com/nov/openid_connect) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/nov/openid_connect/releases)
- [Changelog](https://github.com/nov/openid_connect/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nov/openid_connect/compare/v2.3.0...v2.3.1)

---
updated-dependencies:
- dependency-name: openid_connect
  dependency-version: 2.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 00:48:19 +00:00
Gaetan Craig-Riou
5e505c1240 Merge pull request #13683 from openfoodfoundation/dependabot/bundler/omniauth_openid_connect-0.8.0 
Bump omniauth_openid_connect from 0.7.1 to 0.8.0
 2025-11-10 11:46:51 +11:00
Gaetan Craig-Riou
e948f89625 Merge pull request #13682 from openfoodfoundation/dependabot/bundler/activerecord-session_store-2.2.0 
Bump activerecord-session_store from 2.1.0 to 2.2.0
 2025-11-10 11:31:56 +11:00
Gaetan Craig-Riou
f42b91f414 Merge pull request #13681 from openfoodfoundation/dependabot/bundler/spring-4.4.0 
Bump spring from 4.2.1 to 4.4.0
 2025-11-10 11:25:57 +11:00
Gaetan Craig-Riou
3e8a34c5f3 Per dicussion, remove super admin from migration 2025-11-10 11:14:56 +11:00
Gaetan Craig-Riou
1101310845 Enable variant_tag for recent enterprise and admins 
Recent entperise are enterprise created after 11th of August which
should not have access to inventory
 2025-11-10 11:14:56 +11:00
Gaetan Craig-Riou
0745028c06 Fix checking if variant tag is enabled 
variant_tag feature check should happen per enterprise basis, but we
still want super admin to so see variant tag. To do so we check if the
user is amdin or if any of the current user enterprise has variant tag
enable.
 2025-11-10 11:14:56 +11:00
Rachel Arnould
94bda6d0f8 Merge pull request #13592 from rioug/13266-tag-variant-tag-rule 
[Variant tags] Add tag rules for variant
 2025-11-07 14:14:50 +01:00
David Rodríguez
915d03a66a Change CreditCardRemover specs to not send raw credit card data 
If I re-record cassettes for these specs using my test API key, I get
the following errors:

```
1) Stripe::CreditCardRemover#remove Stripe customer exists and is not deleted deletes the credit card clone and the customer
   Failure/Error:
     Stripe::PaymentMethod.create(
       {
         type: 'card',
         card: {
           number: '4242424242424242',
           exp_month: 8,
           exp_year: Time.zone.now.year.next,
           cvc: '314',
         },
       },

   Stripe::CardError:
     Sending credit card numbers directly to the Stripe API is generally unsafe. We suggest you use test tokens that map to the test card you are using, see https://stripe.com/docs/testing. To enable testing raw card data APIs, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.
   # ./spec/lib/stripe/credit_card_remover_spec.rb:16:in `block (3 levels) in <main>'
   # ./spec/lib/stripe/credit_card_remover_spec.rb:44:in `block (4 levels) in <main>'
   # ./spec/lib/stripe/credit_card_remover_spec.rb:56:in `block (4 levels) in <main>'
   # ./spec/base_spec_helper.rb:208:in `block (2 levels) in <main>'
   # ./spec/base_spec_helper.rb:155:in `block (3 levels) in <main>'
   # ./spec/base_spec_helper.rb:155:in `block (2 levels) in <main>'
   # -e:1:in `<main>'
```

Use test payment methods instead as suggested by the error.
 2025-11-06 18:30:45 +01:00
Filipe
1422b440e4 Merge pull request #13493 from dacook/bump-stripe-v13 
Bump stripe to v13
 2025-11-06 13:48:52 +00:00
Filipe
95ad87d840 Merge pull request #13666 from chahmedejaz/bugfix/13519-order-disappear-from-orders-page 
Order lines are deleted when one tries to capture a payment after order cycle is closed
 2025-11-06 13:07:36 +00:00
Konrad
7357419f6f Merge pull request #13652 from navaneethkp36/13651-fix-button-size-order-confirmation 
Make the width of "Back to Store" and "Back to Website" buttons consistent with other buttons in order confirmation page
 2025-11-05 19:29:42 +01:00
François Turbelin
e07ebc21b9 Use instance_double when possible in enterprise model spec 2025-11-05 16:31:20 +01:00
filipefurtad0
8e5404a268 Replaces negative assertion with a positive assertion 
Adds test case on white spece

Refactors to have tests as shared_examples
 2025-11-05 11:12:55 +00:00
filipefurtad0
04fc729a5a Changes tests not to trigger error 
after https://github.com/openfoodfoundation/openfoodnetwork/pull/13571 was merged
 2025-11-05 10:34:52 +00:00
filipefurtad0
8818a98230 Catches exceptions on final_weight_volume inputs 2025-11-05 10:34:52 +00:00
David Rodríguez
d3efa3afa6 Remove pretty-quick 
Because:

* We already have reviewdog running prettier in CI.
* We already removed the associated commit hooks.
* Running plain prettier is already very fast in our case.
 2025-11-05 10:08:04 +01:00
David Rodríguez
4414879b3f Completely remove codeclimate as well 
Most of it is already disabled, and the stuff that's not actually
disabled don't seem worth enough for me to keep it.
 2025-11-05 10:08:04 +01:00
David Rodríguez
3c7aac59e9 Remove ancient rubocop plugin from codeclimate config 
We already get RuboCop offense information through reviewdog.
 2025-11-05 10:08:04 +01:00
David Rodríguez
41cd40a55b Completely get rid of hound 
We already get RuboCop offense information through reviewdog.
 2025-11-05 10:08:04 +01:00
David Rodríguez
a0e8111b3a Remove spurious scss-lint configuration 
It was broken due to several reasons:

* Bad globs from not catching up after file renames.
* Bad rule indentation.

Also, the scss-lint project itself recommends using other tools, because
it relies on the ruby SASS implementation while upstream has moved to a
dart-based implementation.

Even when you fix the config and try to run the tool, you feel the pain
of this deviation:

```
$ scss-lint
(...)

app/webpacker/css/admin/grid.scss:10:1 [E] Syntax: Syntax Error: Invalid CSS after "$col-width: math": expected selector or at-rule, was ".div($total-col..."

(...)
```

The grid.scss file use using `math.div` feature, which is only supported
by the `sass` version based on dart. `scss-lint` will never be able to
parse this file at all.

Also, we're already handling scss rule formatting through prettier.

Because of all these reasons, it's best to forget about scss-lint.
 2025-11-05 10:08:03 +01:00
David Rodríguez
8f07ee5bf7 Move haml-lint from hound to reviewdog 
We can somewhat easily get it passing and integrate nice with reviewdog
by adding a TODO file for the rules that we had enabled, so that we
don't need to correct anything now, but we still get alerted for new
offenses. So I say let's keep it and enforce it from now on.
 2025-11-05 10:08:03 +01:00
David Rodríguez
43da235d15 Make sure all linters run even if some of them fails 2025-11-05 10:08:03 +01:00
dependabot[bot]
3252de19a3 Bump omniauth_openid_connect from 0.7.1 to 0.8.0 
Bumps [omniauth_openid_connect](https://github.com/omniauth/omniauth_openid_connect) from 0.7.1 to 0.8.0.
- [Changelog](https://github.com/omniauth/omniauth_openid_connect/blob/master/CHANGELOG.md)
- [Commits](https://github.com/omniauth/omniauth_openid_connect/compare/v0.7.1...v0.8.0)

---
updated-dependencies:
- dependency-name: omniauth_openid_connect
  dependency-version: 0.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-05 09:04:05 +00:00
dependabot[bot]
fd3bd062fe Bump activerecord-session_store from 2.1.0 to 2.2.0 
Bumps [activerecord-session_store](https://github.com/rails/activerecord-session_store) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/rails/activerecord-session_store/releases)
- [Changelog](https://github.com/rails/activerecord-session_store/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/activerecord-session_store/compare/v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: activerecord-session_store
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-05 09:02:12 +00:00
dependabot[bot]
029d447d98 Bump spring from 4.2.1 to 4.4.0 
Bumps [spring](https://github.com/rails/spring) from 4.2.1 to 4.4.0.
- [Release notes](https://github.com/rails/spring/releases)
- [Changelog](https://github.com/rails/spring/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/spring/compare/v4.2.1...v4.4.0)

---
updated-dependencies:
- dependency-name: spring
  dependency-version: 4.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-05 09:01:40 +00:00
David Cook
8e5fac9fb3 Merge pull request #13632 from rioug/security-247-code-injection 
[security] Fix potential code injection
 2025-11-05 16:34:37 +11:00
Gaetan Craig-Riou
30c0bcc910 Merge pull request #13678 from deivid-rodriguez/remove-debugger-linecache 
Remove debugger-linecache
 2025-11-05 11:14:11 +11:00
Gaetan Craig-Riou
1a4ba9b689 Merge pull request #13672 from openfoodfoundation/dependabot/bundler/i18n-tasks-1.0.15 
Bump i18n-tasks from 1.0.14 to 1.0.15
 2025-11-05 10:21:46 +11:00
Gaetan Craig-Riou
4de8191e27 Merge pull request #13579 from openfoodfoundation/dependabot/bundler/flipper-ui-1.3.6 
Bump flipper-ui from 1.3.0 to 1.3.6
 2025-11-05 10:06:43 +11:00
Gaetan Craig-Riou
472ca5a16b Merge pull request #13490 from openfoodfoundation/dependabot/bundler/turbo_power-0.7.0 
Bump turbo_power from 0.6.2 to 0.7.0
 2025-11-05 10:00:07 +11:00
Gaetan Craig-Riou
dab626031b Merge pull request #13041 from openfoodfoundation/dependabot/npm_and_yarn/turbo_power-0.7.1 
Bump turbo_power from 0.7.0 to 0.7.1
 2025-11-05 09:57:40 +11:00
Ahmed Ejaz
913dded766 Refactor order cycle handling to simplify closed cycle checks and improve redirection messaging 2025-11-05 02:50:01 +05:00
filipefurtad0
a36b7ce01a deletes all old VCR cassettes 2025-11-04 15:40:45 +00:00
David Cook
e4be336630 Bump Stripe to v13 2025-11-04 15:36:53 +00:00
David Cook
cae13df2c7 Bump Stripe to v12 
re-recording cassettes with script/test-stripe-live
 2025-11-04 15:32:05 +00:00
David Cook
81796db6e5 Fix date-dependent spec 2025-11-04 15:17:45 +00:00
David Cook
ba3553854e Allow script to continue if you've already deleted the old files 2025-11-04 15:17:45 +00:00
David Rodríguez
c386d1af01 Remove debugger-linecache 
This gem has not been updated since 2013 and serves no purpose these
days.
 2025-11-04 10:22:37 +01:00
David Rodríguez
9566075dee Tweak Dependabot config 2025-11-04 08:57:10 +01:00
dependabot[bot]
9916b361e4 Bump turbo_power from 0.6.2 to 0.7.0 
Bumps [turbo_power](https://github.com/marcoroth/turbo_power-rails) from 0.6.2 to 0.7.0.
- [Release notes](https://github.com/marcoroth/turbo_power-rails/releases)
- [Commits](https://github.com/marcoroth/turbo_power-rails/compare/v0.6.2...v0.7.0)

---
updated-dependencies:
- dependency-name: turbo_power
  dependency-version: 0.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-03 11:05:43 +00:00
François Turbelin
b2d7d797d9 Use wrap_parameters to handle address params on Customer v1 API 2025-11-03 11:35:39 +01:00
David Rodríguez
7076afecfb Bump state_machines related gems again 
This fixes warnings like

```
$ bundle exec rspec spec/system/admin/users_spec.rb:179
(...)
Instance method "invalid?" is already defined in Spree::Payment(id: integer, amount: decimal, order_id: integer, created_at: datetime, updated_at: datetime, source_id: integer, source_type: string, payment_method_id: integer, state: string, response_code: string, avs_response: string, identifier: string, cvv_response_code: string, cvv_response_message: text, captured_at: datetime, redirect_auth_url: string),
use generic helper instead or set StateMachines::Machine.ignore_method_conflicts = true.

(...)
```
 2025-11-03 10:56:16 +01:00
François Turbelin
e385b9f708 Revert "Use customer-nested params for Customer v1 API writing operations" 
This reverts commit cf4cd311b3.
 2025-11-03 10:32:26 +01:00
dependabot[bot]
2b9b02aeea Bump i18n-tasks from 1.0.14 to 1.0.15 
Bumps [i18n-tasks](https://github.com/glebm/i18n-tasks) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/glebm/i18n-tasks/releases)
- [Changelog](https://github.com/glebm/i18n-tasks/blob/main/CHANGES.md)
- [Commits](https://github.com/glebm/i18n-tasks/compare/v1.0.14...v1.0.15)

---
updated-dependencies:
- dependency-name: i18n-tasks
  dependency-version: 1.0.15
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-03 09:06:01 +00:00
dependabot[bot]
009b5e5ff1 Bump flipper-ui from 1.3.0 to 1.3.6 
Bumps [flipper-ui](https://github.com/flippercloud/flipper) from 1.3.0 to 1.3.6.
- [Release notes](https://github.com/flippercloud/flipper/releases)
- [Changelog](https://github.com/flippercloud/flipper/blob/main/Changelog.md)
- [Commits](https://github.com/flippercloud/flipper/compare/v1.3.0...v1.3.6)

---
updated-dependencies:
- dependency-name: flipper-ui
  dependency-version: 1.3.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-03 17:31:57 +11:00
dependabot[bot]
7c310e7e46 Bump turbo_power from 0.7.0 to 0.7.1 
Bumps [turbo_power](https://github.com/marcoroth/turbo_power) from 0.7.0 to 0.7.1.
- [Release notes](https://github.com/marcoroth/turbo_power/releases)
- [Commits](https://github.com/marcoroth/turbo_power/compare/v0.7.0...v0.7.1)

---
updated-dependencies:
- dependency-name: turbo_power
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-03 05:17:35 +00:00
Gaetan Craig-Riou
bd0db57768 Per review, more concise code 2025-11-03 15:58:27 +11:00