raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-03-14 04:04:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
23,651 Commits 16 Branches 456 Tags
adcdca812d37e9f4b341fe79d210d90f4e0fa7fd
Commit Graph

23651 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matt-Yorkley
4649698fc4 Remove #set_response_headers 2022-01-18 12:19:54 +00:00
Matt-Yorkley
6a3ca98ac6 Add frame-ancestors to CSP 2022-01-18 12:19:54 +00:00
Matt-Yorkley
05abb63036 Remove X-Frame-Options header 
This header is largely deprecated, and is functionally replaced here by use of the frame-ancestors CSP configuration
 2022-01-18 12:19:54 +00:00
Matt-Yorkley
ce9b64a848 Set Angular CSP 
If you don't set this flag, Angular helpfully attempts to check if this is disabled by *triggering* a CSP violation just to see what happens... 🙈
 2022-01-18 12:19:54 +00:00
Matt-Yorkley
114a9d8993 Allow unsafe_inline 2022-01-18 12:19:54 +00:00
Matt-Yorkley
0fc6b4c882 Add some whitelisting 2022-01-18 12:19:54 +00:00
Matt-Yorkley
0dd97a631e Set CSP configuration 2022-01-18 12:19:54 +00:00
Matt-Yorkley
e1849e5fb6 Merge pull request #8752 from openfoodfoundation/dependabot/bundler/bugsnag-6.24.1 
Bump bugsnag from 6.24.0 to 6.24.1
 2022-01-18 12:09:51 +00:00
jibees
8a3c188f31 Merge pull request #8753 from openfoodfoundation/dependabot/bundler/sidekiq-6.3.1 
Bump sidekiq from 6.2.2 to 6.3.1
 2022-01-18 12:17:20 +01:00
Matt-Yorkley
1f31aed56d Merge pull request #8754 from Matt-Yorkley/json 
Bump json gem back up to 2.6.1
 2022-01-18 10:29:26 +00:00
dependabot[bot]
6884da4f50 Bump sidekiq from 6.2.2 to 6.3.1 
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.2.2 to 6.3.1.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v6.2.2...v6.3.1)

---
updated-dependencies:
- dependency-name: sidekiq
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-18 10:26:09 +00:00
dependabot[bot]
e9dda6cd96 Bump bugsnag from 6.24.0 to 6.24.1 
Bumps [bugsnag](https://github.com/bugsnag/bugsnag-ruby) from 6.24.0 to 6.24.1.
- [Release notes](https://github.com/bugsnag/bugsnag-ruby/releases)
- [Changelog](https://github.com/bugsnag/bugsnag-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bugsnag/bugsnag-ruby/compare/v6.24.0...v6.24.1)

---
updated-dependencies:
- dependency-name: bugsnag
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-18 10:25:40 +00:00
Transifex-Openfoodnetwork
98968591fc Updating translations for config/locales/de_DE.yml 2022-01-18 21:25:22 +11:00
dependabot[bot]
cfd8f81b3a Bump rails-i18n from 6.0.0 to 7.0.1 
Bumps [rails-i18n](https://github.com/svenfuchs/rails-i18n) from 6.0.0 to 7.0.1.
- [Release notes](https://github.com/svenfuchs/rails-i18n/releases)
- [Changelog](https://github.com/svenfuchs/rails-i18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/svenfuchs/rails-i18n/commits)

---
updated-dependencies:
- dependency-name: rails-i18n
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-18 10:24:56 +00:00
Matt-Yorkley
383d938d7c Bump json back up to 2.6.1 2022-01-18 10:24:43 +00:00
dependabot[bot]
c0e63d8299 Bump activerecord-import from 1.2.0 to 1.3.0 
Bumps [activerecord-import](https://github.com/zdennis/activerecord-import) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/zdennis/activerecord-import/releases)
- [Changelog](https://github.com/zdennis/activerecord-import/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zdennis/activerecord-import/compare/v1.2.0...v1.3.0)

---
updated-dependencies:
- dependency-name: activerecord-import
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-18 10:24:29 +00:00
dependabot[bot]
661d678910 Bump rubocop-rails from 2.12.4 to 2.13.2 
Bumps [rubocop-rails](https://github.com/rubocop/rubocop-rails) from 2.12.4 to 2.13.2.
- [Release notes](https://github.com/rubocop/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.12.4...v2.13.2)

---
updated-dependencies:
- dependency-name: rubocop-rails
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-18 10:23:59 +00:00
dependabot[bot]
0c2c853e8e Bump ddtrace from 0.53.0 to 0.54.1 
Bumps [ddtrace](https://github.com/DataDog/dd-trace-rb) from 0.53.0 to 0.54.1.
- [Release notes](https://github.com/DataDog/dd-trace-rb/releases)
- [Changelog](https://github.com/DataDog/dd-trace-rb/blob/master/CHANGELOG.md)
- [Commits](https://github.com/DataDog/dd-trace-rb/compare/v0.53.0...v0.54.1)

---
updated-dependencies:
- dependency-name: ddtrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-18 10:23:17 +00:00
dependabot[bot]
944a899931 Bump monetize from 1.11.0 to 1.12.0 
Bumps [monetize](https://github.com/RubyMoney/monetize) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/RubyMoney/monetize/releases)
- [Changelog](https://github.com/RubyMoney/monetize/blob/main/CHANGELOG.md)
- [Commits](https://github.com/RubyMoney/monetize/compare/v1.11.0...v1.12.0)

---
updated-dependencies:
- dependency-name: monetize
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-18 10:22:31 +00:00
dependabot[bot]
64ecc5757f Bump stripe from 5.39.0 to 5.42.0 
Bumps [stripe](https://github.com/stripe/stripe-ruby) from 5.39.0 to 5.42.0.
- [Release notes](https://github.com/stripe/stripe-ruby/releases)
- [Changelog](https://github.com/stripe/stripe-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stripe/stripe-ruby/compare/v5.39.0...v5.42.0)

---
updated-dependencies:
- dependency-name: stripe
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-18 10:21:54 +00:00
dependabot[bot]
9ac5a1d379 Bump listen from 3.7.0 to 3.7.1 
Bumps [listen](https://github.com/guard/listen) from 3.7.0 to 3.7.1.
- [Release notes](https://github.com/guard/listen/releases)
- [Commits](https://github.com/guard/listen/compare/v3.7.0...v3.7.1)

---
updated-dependencies:
- dependency-name: listen
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-18 10:21:14 +00:00
Matt-Yorkley
1fda316d4c Merge pull request #8740 from Matt-Yorkley/rails-bump 
Update Rails from 6.1.4.1 to 6.1.4.4
 2022-01-18 10:19:24 +00:00
Matt-Yorkley
eb12648538 Merge pull request #8742 from openfoodfoundation/dependabot/npm_and_yarn/browserslist-4.19.1 
Bump browserslist from 4.16.3 to 4.19.1
 2022-01-18 09:57:12 +00:00
jibees
fdba942c7e Merge pull request #8734 from mkllnk/dependencies 
Restrict Dependabot to update only the lockfiles
 2022-01-18 10:39:29 +01:00
Transifex-Openfoodnetwork
7d55bf9184 Updating translations for config/locales/en_FR.yml 2022-01-18 20:18:34 +11:00
Transifex-Openfoodnetwork
f8a9d9ecfa Updating translations for config/locales/fr.yml 2022-01-18 20:18:22 +11:00
Matt-Yorkley
7c2b3cdf51 Fix param whitelisting 
Co-authored-by: Maikel <maikel@email.org.au>
 2022-01-18 09:14:55 +00:00
Matt-Yorkley
3bfea510b2 Update spec/services/url_generator_spec.rb 
Co-authored-by: Maikel <maikel@email.org.au>
 2022-01-18 08:45:46 +00:00
Maikel
7fb227710f Merge pull request #8728 from shen-sat/6056-improve-auto-test-coverage-on-order-customer-details 
[6045] Add test for hiding billing address form and adding new customer on o…
 2022-01-18 11:46:11 +11:00
dependabot[bot]
98a8036c7b Bump browserslist from 4.16.3 to 4.19.1 
Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.16.3 to 4.19.1.
- [Release notes](https://github.com/browserslist/browserslist/releases)
- [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md)
- [Commits](https://github.com/browserslist/browserslist/compare/4.16.3...4.19.1)

---
updated-dependencies:
- dependency-name: browserslist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-18 00:42:43 +00:00
Maikel
1ad43964c1 Merge pull request #8737 from openfoodfoundation/dependabot/npm_and_yarn/storybook/addon-docs-6.4.13 
Bump @storybook/addon-docs from 6.4.12 to 6.4.13
 2022-01-18 11:31:58 +11:00
dependabot[bot]
de7860fd91 Bump @storybook/addon-docs from 6.4.12 to 6.4.13 
Bumps [@storybook/addon-docs](https://github.com/storybookjs/storybook/tree/HEAD/addons/docs) from 6.4.12 to 6.4.13.
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v6.4.13/addons/docs)

---
updated-dependencies:
- dependency-name: "@storybook/addon-docs"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-18 00:16:49 +00:00
Maikel
ac0c8e8419 Merge pull request #8736 from openfoodfoundation/dependabot/npm_and_yarn/storybook/addon-controls-6.4.13 
Bump @storybook/addon-controls from 6.4.12 to 6.4.13
 2022-01-18 11:09:18 +11:00
dependabot[bot]
8d14b4d1fe Bump @storybook/addon-controls from 6.4.12 to 6.4.13 
Bumps [@storybook/addon-controls](https://github.com/storybookjs/storybook/tree/HEAD/addons/controls) from 6.4.12 to 6.4.13.
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v6.4.13/addons/controls)

---
updated-dependencies:
- dependency-name: "@storybook/addon-controls"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-18 00:05:06 +00:00
Maikel
d5f5b3065a Merge pull request #8735 from openfoodfoundation/dependabot/npm_and_yarn/storybook/server-6.4.13 
Bump @storybook/server from 6.4.12 to 6.4.13
 2022-01-18 11:02:35 +11:00
Matt-Yorkley
8f883d53a3 Update Rails from 6.1.4.1 to 6.1.4.4 2022-01-17 21:37:09 +00:00
Matt-Yorkley
1cbb0d8bbd Update all locales with the latest Transifex translations v4.1.13 2022-01-17 21:00:43 +00:00
Matt-Yorkley
bf6b221aa5 Merge pull request #8720 from openfoodfoundation/transifex 
Transifex
 2022-01-17 20:58:26 +00:00
Matt-Yorkley
632d94ee37 Merge pull request #8733 from Matt-Yorkley/bump-stimulusjs 
Update to StimulusJS 3.0.1
 2022-01-17 20:56:54 +00:00
Filipe
067f90b17c Merge pull request #8712 from Matt-Yorkley/oc-mails 
OC notifications
 2022-01-17 20:30:40 +00:00
Filipe
8114eb1c9f Merge pull request #8666 from openfoodfoundation/stripe-controller 
Extract new StripeController
 2022-01-17 20:21:40 +00:00
Filipe
62f0de75ee Merge pull request #8679 from Matt-Yorkley/drop-jquery-ujs 
Drop jquery_ujs
 2022-01-17 16:30:25 +00:00
Jean-Baptiste Bellet
c22f3ec1db Add locale to stripe elements options to display messages in right language 
List of supported language by stripe elements:
https://stripe.com/docs/js/appendix/supported_locales
 2022-01-17 15:10:51 +01:00
Transifex-Openfoodnetwork
084bbe576c Updating translations for config/locales/en_FR.yml 2022-01-17 21:19:59 +11:00
Transifex-Openfoodnetwork
d870e972ae Updating translations for config/locales/fr.yml 2022-01-17 21:11:58 +11:00
dependabot[bot]
6c622b170f Bump @storybook/server from 6.4.12 to 6.4.13 
Bumps [@storybook/server](https://github.com/storybookjs/storybook/tree/HEAD/app/server) from 6.4.12 to 6.4.13.
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v6.4.13/app/server)

---
updated-dependencies:
- dependency-name: "@storybook/server"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-17 09:08:04 +00:00
Maikel Linke
bbafe9ff94 Restrict Dependabot to update only the lockfiles 
This enables us to specify versions in the Gemfile and package.json and
Dependabot won't suggest updates we excluded that way.
 2022-01-17 11:42:14 +11:00
Matt-Yorkley
ac9fef883d Fix Jest issue with updated StimulusJS package 2022-01-16 12:25:54 +00:00
Matt-Yorkley
c499f0757f Bump StimulusJS to 3.0.1 2022-01-16 12:25:54 +00:00
Matt-Yorkley
31b4c06ea3 Update rendering and shipping_type_selector directive 2022-01-16 11:30:58 +00:00