raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-01-28 21:07:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
34,369 Commits 20 Branches 451 Tags
a36b7ce01ac4aa2bcccb2f83ec6eadcb6b7b06fd
Commit Graph

2593 Commits

Author SHA1 Message Date
David Cook
e4be336630 Bump Stripe to v13 2025-11-04 15:36:53 +00:00
David Cook
cae13df2c7 Bump Stripe to v12 
re-recording cassettes with script/test-stripe-live
 2025-11-04 15:32:05 +00:00
Gaetan Craig-Riou
96f715b62b Merge pull request #13661 from deivid-rodriguez/ruby-3.2 
Bump Ruby from 3.1.7 to 3.2.9
 2025-11-03 13:29:40 +11:00
David Rodríguez
0c392d5302 Drop version constraints for pg and pry entirely, so their versions can be fully managed by Dependabot 
Co-authored-by: Maikel <maikel@email.org.au>
 2025-10-31 09:18:12 +01:00
David Rodríguez
e71a2603bd Bump pry to a version that plays nice with Ruby 3.2 
Otherwise you get the following error when starting RSpec:

```
(...)
An error occurred while loading base_spec_helper.
Failure/Error: require 'pry' unless ENV['CI']

NameError:
  undefined method `=~' for class `Pry::Code'
# ./spec/base_spec_helper.rb:10:in `<top (required)>'
No examples found.
(...)
```
 2025-10-31 09:18:11 +01:00
David Rodríguez
5aea527962 Use Bundler version that comes with Ruby 3.2.9 by default 2025-10-31 09:18:11 +01:00
David Rodríguez
05b3e97a0e Bump Ruby from 3.1.7 to 3.2.9 
Release announcements:

* https://www.ruby-lang.org/en/news/2025/07/24/ruby-3-2-9-released/
* https://www.ruby-lang.org/en/news/2025/03/26/ruby-3-2-8-released/
* https://www.ruby-lang.org/en/news/2025/02/04/ruby-3-2-7-released/
* https://www.ruby-lang.org/en/news/2024/10/30/ruby-3-2-6-released/
* https://www.ruby-lang.org/en/news/2024/07/26/ruby-3-2-5-released/
* https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-2-4-released/
* https://www.ruby-lang.org/en/news/2024/01/18/ruby-3-2-3-released/
* https://www.ruby-lang.org/en/news/2023/03/30/ruby-3-2-2-released/
* https://www.ruby-lang.org/en/news/2023/02/08/ruby-3-2-1-released/
* https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/

Also autocorrect new offenses.
 2025-10-31 09:18:11 +01:00
dependabot[bot]
3efe0c7835 Bump paranoia from 2.6.3 to 2.6.4 
Bumps [paranoia](https://github.com/rubysherpas/paranoia) from 2.6.3 to 2.6.4.
- [Release notes](https://github.com/rubysherpas/paranoia/releases)
- [Changelog](https://github.com/rubysherpas/paranoia/blob/core/CHANGELOG.md)
- [Commits](https://github.com/rubysherpas/paranoia/compare/v2.6.3...v2.6.4)

---
updated-dependencies:
- dependency-name: paranoia
  dependency-version: 2.6.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-29 09:02:20 +00:00
Maikel
ff16b575c4 Merge pull request #13653 from deivid-rodriguez/bump-rubocop 
Bump rubocop to 1.86.6
 2025-10-29 12:00:31 +11:00
Maikel
faa826a76e Merge pull request #13647 from deivid-rodriguez/remove-obsoleted-gem 
Remove obsolete gem
 2025-10-29 11:44:59 +11:00
Maikel
1e02084f95 Merge pull request #13646 from deivid-rodriguez/bump-ruby 
Bump Ruby from 3.1.4 to 3.1.7
 2025-10-29 11:43:04 +11:00
David Rodríguez
4c6d894bc0 Bump RuboCop to 1.86.6 
There were a few changes needed:

* Plugins are now specified through `plugin:` config keyword.
* All plugin gems need to be specified explicitly in Gemfile since they
  are no longer dependencies of plugins already specified explicitly.
* All plugin gems need to be updated in other to use the new APIs.
* One cop was renamed.
* New offenses safe to correct were corrected directly with `bundle exec
  rubocop -a`.
* New offenses unsafe to correct were added to the TODO configuration
  with `bundle exec rubocop --auto-gen-config --auto-gen-only-exclude
  --exclude-limit 1400 --no-auto-gen-timestamp`.
 2025-10-27 11:30:33 +01:00
David Rodríguez
e09d78dfb2 Remove obsolete gem 
Even without it, Rails seems to do this by default:

```console
$ RAILS_ENV=production SITE_URL=foo.bar SECRET_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx bin/rails db:drop
I, [2025-10-23T12:38:12.383244 #32647]  INFO -- : [dotenv] Loaded .env
I, [2025-10-23T12:38:12.383292 #32647]  INFO -- : [dotenv] Loaded .env
W, [2025-10-23T12:38:12.411675 #32647]  WARN -- [Bugsnag]: No valid API key has been set, notifications will not be sent
bin/rails aborted!
ActiveRecord::ProtectedEnvironmentError: You are attempting to run a destructive action against your 'production' database.
If you are sure you want to continue, run the same command with the environment variable:
DISABLE_DATABASE_ENVIRONMENT_CHECK=1

Tasks: TOP => db:drop => db:check_protected_environments
(See full trace by running task with --trace)
```

And the gem hasn't been updated in 10 years, so probably best to get rid
of it.
 2025-10-23 12:41:37 +02:00
David Rodríguez
dad7cfc180 Bump Ruby from 3.1.4 to 3.1.7 
Release announcmenets:

* https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-1-5-released/
* https://www.ruby-lang.org/en/news/2024/05/29/ruby-3-1-6-released/
* https://www.ruby-lang.org/en/news/2025/03/26/ruby-3-1-7-released/
 2025-10-23 10:34:21 +02:00
dependabot[bot]
fb437fb34d Bump knapsack_pro from 8.1.2 to 8.4.0 
Bumps [knapsack_pro](https://github.com/KnapsackPro/knapsack_pro-ruby) from 8.1.2 to 8.4.0.
- [Changelog](https://github.com/KnapsackPro/knapsack_pro-ruby/blob/main/CHANGELOG.md)
- [Commits](https://github.com/KnapsackPro/knapsack_pro-ruby/compare/v8.1.2...v8.4.0)

---
updated-dependencies:
- dependency-name: knapsack_pro
  dependency-version: 8.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-22 09:02:10 +00:00
dependabot[bot]
479d52a2bb Bump activerecord-import from 1.6.0 to 2.2.0 
Bumps [activerecord-import](https://github.com/zdennis/activerecord-import) from 1.6.0 to 2.2.0.
- [Changelog](https://github.com/zdennis/activerecord-import/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zdennis/activerecord-import/compare/v1.6.0...v2.2.0)

---
updated-dependencies:
- dependency-name: activerecord-import
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-21 09:02:00 +00:00
dependabot[bot]
02ea3cb61c Bump webmock from 3.23.1 to 3.25.1 
Bumps [webmock](https://github.com/bblimke/webmock) from 3.23.1 to 3.25.1.
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.23.1...v3.25.1)

---
updated-dependencies:
- dependency-name: webmock
  dependency-version: 3.25.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 09:26:20 +00:00
David Cook
93e6f9034c Merge pull request #13602 from deivid-rodriguez/bump-mini_magick 
Update mini_magick to a version that plays nice with imagemagick v7
 2025-10-20 15:26:20 +11:00
dependabot[bot]
7f937fd4b1 Bump state_machines-activerecord from 0.9.0 to 0.31.0 
Bumps [state_machines-activerecord](https://github.com/state-machines/state_machines-activerecord) from 0.9.0 to 0.31.0.
- [Release notes](https://github.com/state-machines/state_machines-activerecord/releases)
- [Changelog](https://github.com/state-machines/state_machines-activerecord/blob/master/CHANGELOG.md)
- [Commits](https://github.com/state-machines/state_machines-activerecord/compare/v0.9.0...state_machines-activerecord/v0.31.0)

---
updated-dependencies:
- dependency-name: state_machines-activerecord
  dependency-version: 0.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-15 09:02:41 +00:00
dependabot[bot]
980cc9c724 Bump redis from 5.2.0 to 5.4.1 
Bumps [redis](https://github.com/redis/redis-rb) from 5.2.0 to 5.4.1.
- [Changelog](https://github.com/redis/redis-rb/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/redis-rb/compare/v5.2.0...v5.4.1)

---
updated-dependencies:
- dependency-name: redis
  dependency-version: 5.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-14 09:01:55 +00:00
David Rodríguez
c72f9477cd bundle update mini_magick 
This is mainly to shush a lot of warnings when running the test suite,
like the following:

```
WARNING: The convert command is deprecated in IMv7, use "magick" instead of "convert" or "magick convert"
```
 2025-10-14 08:17:12 +02:00
dependabot[bot]
755116e713 Bump flipper from 1.3.0 to 1.3.6 
Bumps [flipper](https://github.com/flippercloud/flipper) from 1.3.0 to 1.3.6.
- [Release notes](https://github.com/flippercloud/flipper/releases)
- [Changelog](https://github.com/flippercloud/flipper/blob/main/Changelog.md)
- [Commits](https://github.com/flippercloud/flipper/compare/v1.3.0...v1.3.6)

---
updated-dependencies:
- dependency-name: flipper
  dependency-version: 1.3.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-13 09:20:50 +00:00
Maikel
084f7a8a47 Merge pull request #13590 from openfoodfoundation/dependabot/bundler/newrelic_rpm-9.22.0 
Bump newrelic_rpm from 9.9.0 to 9.22.0
 2025-10-13 10:05:50 +11:00
dependabot[bot]
e2410105ce Bump rack from 2.2.19 to 2.2.20 
Bumps [rack](https://github.com/rack/rack) from 2.2.19 to 2.2.20.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/v2.2.19...v2.2.20)

---
updated-dependencies:
- dependency-name: rack
  dependency-version: 2.2.20
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-10 18:59:10 +00:00
dependabot[bot]
8b0207f4b1 Bump newrelic_rpm from 9.9.0 to 9.22.0 
Bumps [newrelic_rpm](https://github.com/newrelic/newrelic-ruby-agent) from 9.9.0 to 9.22.0.
- [Release notes](https://github.com/newrelic/newrelic-ruby-agent/releases)
- [Changelog](https://github.com/newrelic/newrelic-ruby-agent/blob/dev/CHANGELOG.md)
- [Commits](https://github.com/newrelic/newrelic-ruby-agent/compare/9.9.0...9.22.0)

---
updated-dependencies:
- dependency-name: newrelic_rpm
  dependency-version: 9.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-10 09:02:15 +00:00
dependabot[bot]
b5e3681eab Bump digest from 3.1.1 to 3.2.0 
Bumps [digest](https://github.com/ruby/digest) from 3.1.1 to 3.2.0.
- [Release notes](https://github.com/ruby/digest/releases)
- [Commits](https://github.com/ruby/digest/compare/v3.1.1...v3.2.0)

---
updated-dependencies:
- dependency-name: digest
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-08 09:02:21 +00:00
Gaetan Craig-Riou
d818162a9f Merge pull request #13568 from openfoodfoundation/dependabot/bundler/undercover-0.8.1 
Bump undercover from 0.7.4 to 0.8.1
 2025-10-08 09:56:22 +11:00
Gaetan Craig-Riou
9bd4d29027 Merge pull request #13567 from openfoodfoundation/dependabot/bundler/mime-types-3.7.0 
Bump mime-types from 3.5.2 to 3.7.0
 2025-10-08 09:51:59 +11:00
Gaetan Craig-Riou
742d442929 Merge pull request #13566 from openfoodfoundation/dependabot/bundler/rails-i18n-7.0.10 
Bump rails-i18n from 7.0.9 to 7.0.10
 2025-10-08 09:45:04 +11:00
dependabot[bot]
bb4b483469 Bump rack from 2.2.18 to 2.2.19 
Bumps [rack](https://github.com/rack/rack) from 2.2.18 to 2.2.19.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/v2.2.18...v2.2.19)

---
updated-dependencies:
- dependency-name: rack
  dependency-version: 2.2.19
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-07 19:44:09 +00:00
dependabot[bot]
286f05d05c Bump undercover from 0.7.4 to 0.8.1 
Bumps [undercover](https://github.com/grodowski/undercover) from 0.7.4 to 0.8.1.
- [Release notes](https://github.com/grodowski/undercover/releases)
- [Changelog](https://github.com/grodowski/undercover/blob/master/CHANGELOG.md)
- [Commits](https://github.com/grodowski/undercover/compare/v0.7.4...v0.8.1)

---
updated-dependencies:
- dependency-name: undercover
  dependency-version: 0.8.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-06 09:06:51 +00:00
dependabot[bot]
e9a750ce6d Bump mime-types from 3.5.2 to 3.7.0 
Bumps [mime-types](https://github.com/mime-types/ruby-mime-types) from 3.5.2 to 3.7.0.
- [Changelog](https://github.com/mime-types/ruby-mime-types/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mime-types/ruby-mime-types/compare/v3.5.2...v3.7.0)

---
updated-dependencies:
- dependency-name: mime-types
  dependency-version: 3.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-06 09:06:17 +00:00
dependabot[bot]
8942f3c72b Bump rails-i18n from 7.0.9 to 7.0.10 
Bumps [rails-i18n](https://github.com/svenfuchs/rails-i18n) from 7.0.9 to 7.0.10.
- [Changelog](https://github.com/svenfuchs/rails-i18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/svenfuchs/rails-i18n/compare/v7.0.9...v7.0.10)

---
updated-dependencies:
- dependency-name: rails-i18n
  dependency-version: 7.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-06 09:05:35 +00:00
dependabot[bot]
8c1e0bae92 Bump rswag-ui from 2.13.0 to 2.16.0 
Bumps [rswag-ui](https://github.com/rswag/rswag) from 2.13.0 to 2.16.0.
- [Release notes](https://github.com/rswag/rswag/releases)
- [Changelog](https://github.com/rswag/rswag/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rswag/rswag/compare/2.13.0...2.16.0)

---
updated-dependencies:
- dependency-name: rswag-ui
  dependency-version: 2.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-06 03:54:07 +00:00
dependabot[bot]
d27ffe5fca Bump rspec-rails from 6.1.2 to 7.1.1 
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 6.1.2 to 7.1.1.
- [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v6.1.2...v7.1.1)

---
updated-dependencies:
- dependency-name: rspec-rails
  dependency-version: 7.1.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-06 02:34:38 +00:00
David Cook
6c94650e51 Merge pull request #13516 from mkllnk/lock-sprockets 
Lock sprockets dependency to major version 3
 2025-10-06 12:05:10 +11:00
dependabot[bot]
7631fd422e Bump rack from 2.2.14 to 2.2.18 
Bumps [rack](https://github.com/rack/rack) from 2.2.14 to 2.2.18.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/v2.2.14...v2.2.18)

---
updated-dependencies:
- dependency-name: rack
  dependency-version: 2.2.18
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-25 17:32:06 +00:00
Maikel Linke
8bc82685ae Bump sprockets from 3.7.2 to 3.7.5 
Changelog: https://github.com/rails/sprockets/blob/3.x/CHANGELOG.md
 2025-09-01 16:56:22 +10:00
Maikel Linke
63125705ac Lock version of sprockets 2025-09-01 16:54:44 +10:00
Maikel Linke
524634b4ea Bump wkhtmltopdf-binary from 0.12.6.9 to 0.12.6.10 to support Debian 13 2025-08-28 11:46:21 +01:00
César López Ramírez
0b97171bb0 Update Gemfile.lock 
Upgrade wkhtmltopdf-binary to support Ubuntu 24.04
 2025-08-28 11:46:21 +01:00
Maikel Linke
94b75540e4 Replace Timecop with Rails' time helpers 
Rails 4.1 added time helpers but we never bothered using them. But now
I'm getting rid of the Timecop dependency and use standard helpers.

Beware though that the new helpers always freeze time. When you travel
to a certain date then the clock stops ticking while Timecop maintained
the passing of time.

The freezing of time could cause problems if you are trying to enforce a
timeout. But all current specs don't seem affected.

In most cases, the freezing will make it easier to avoid flaky specs.
 2025-08-22 16:57:04 +10:00
Ahmed Ejaz
c821b0a285 revert "Bump rexml from 3.2.9 to 3.3.9" 2025-08-19 05:27:58 +05:00
dependabot[bot]
49ec5b2089 Bump bullet from 7.1.6 to 8.0.8 
Bumps [bullet](https://github.com/flyerhzm/bullet) from 7.1.6 to 8.0.8.
- [Changelog](https://github.com/flyerhzm/bullet/blob/main/CHANGELOG.md)
- [Commits](https://github.com/flyerhzm/bullet/compare/7.1.6...8.0.8)

---
updated-dependencies:
- dependency-name: bullet
  dependency-version: 8.0.8
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-15 09:56:17 +00:00
dependabot[bot]
64f9ea6fc0 Bump pdf-reader from 2.12.0 to 2.15.0 
Bumps [pdf-reader](https://github.com/yob/pdf-reader) from 2.12.0 to 2.15.0.
- [Changelog](https://github.com/yob/pdf-reader/blob/main/CHANGELOG)
- [Commits](https://github.com/yob/pdf-reader/compare/v2.12.0...v2.15.0)

---
updated-dependencies:
- dependency-name: pdf-reader
  dependency-version: 2.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-14 10:01:32 +00:00
Maikel
058c6749da Merge pull request #13477 from openfoodfoundation/dependabot/bundler/timecop-0.9.10 
Bump timecop from 0.9.8 to 0.9.10
 2025-08-14 13:20:18 +10:00
dependabot[bot]
56eaa8bb98 Bump activerecord from 7.1.5.1 to 7.1.5.2 
Bumps [activerecord](https://github.com/rails/rails) from 7.1.5.1 to 7.1.5.2.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v8.0.2.1/activerecord/CHANGELOG.md)
- [Commits](https://github.com/rails/rails/compare/v7.1.5.1...v7.1.5.2)

---
updated-dependencies:
- dependency-name: activerecord
  dependency-version: 7.1.5.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-14 01:21:32 +00:00
dependabot[bot]
1e1f1e1e1b Bump timecop from 0.9.8 to 0.9.10 
Bumps [timecop](https://github.com/travisjeffery/timecop) from 0.9.8 to 0.9.10.
- [Changelog](https://github.com/travisjeffery/timecop/blob/master/History.md)
- [Commits](https://github.com/travisjeffery/timecop/compare/v0.9.8...v0.9.10)

---
updated-dependencies:
- dependency-name: timecop
  dependency-version: 0.9.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-13 09:58:01 +00:00
Maikel
1f8a9f9c76 Merge pull request #13470 from openfoodfoundation/dependabot/bundler/rack-2.2.14 
Bump rack from 2.2.11 to 2.2.14
 2025-08-13 12:45:59 +10:00
Maikel
b1893942ac Merge pull request #13469 from openfoodfoundation/dependabot/bundler/net-imap-0.4.20 
Bump net-imap from 0.4.10 to 0.4.20
 2025-08-13 12:40:50 +10:00