openfoodnetwork

mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-03-20 04:59:16 +00:00

Author	SHA1	Message	Date
Matt-Yorkley	6b0d5e01d5	Move preview pages to fixtures	2022-01-18 12:22:06 +00:00
Matt-Yorkley	accb9228ee	Tidy up embedding specs	2022-01-18 12:22:06 +00:00
Matt-Yorkley	d691940623	Simplify header checking in tests	2022-01-18 12:22:06 +00:00
Matt-Yorkley	6af5f46d30	Update CSP; re-enable Angular templates We really need to remove all those Angular templates as soon as possible, and then revert this commit...	2022-01-18 12:22:06 +00:00
Matt-Yorkley	e8f3fe8510	Update header checks in tests	2022-01-18 12:22:06 +00:00
Matt-Yorkley	dfbd384c95	Refactor embedding to a Concern	2022-01-18 12:22:06 +00:00
Matt-Yorkley	4649698fc4	Remove #set_response_headers	2022-01-18 12:19:54 +00:00
Matt-Yorkley	6a3ca98ac6	Add frame-ancestors to CSP	2022-01-18 12:19:54 +00:00
Matt-Yorkley	05abb63036	Remove X-Frame-Options header This header is largely deprecated, and is functionally replaced here by use of the frame-ancestors CSP configuration	2022-01-18 12:19:54 +00:00
Matt-Yorkley	ce9b64a848	Set Angular CSP If you don't set this flag, Angular helpfully attempts to check if this is disabled by triggering a CSP violation just to see what happens... 🙈	2022-01-18 12:19:54 +00:00
Matt-Yorkley	114a9d8993	Allow unsafe_inline	2022-01-18 12:19:54 +00:00
Matt-Yorkley	0fc6b4c882	Add some whitelisting	2022-01-18 12:19:54 +00:00
Matt-Yorkley	0dd97a631e	Set CSP configuration	2022-01-18 12:19:54 +00:00
Matt-Yorkley	e1849e5fb6	Merge pull request #8752 from openfoodfoundation/dependabot/bundler/bugsnag-6.24.1 Bump bugsnag from 6.24.0 to 6.24.1	2022-01-18 12:09:51 +00:00
jibees	8a3c188f31	Merge pull request #8753 from openfoodfoundation/dependabot/bundler/sidekiq-6.3.1 Bump sidekiq from 6.2.2 to 6.3.1	2022-01-18 12:17:20 +01:00
Matt-Yorkley	1f31aed56d	Merge pull request #8754 from Matt-Yorkley/json Bump json gem back up to 2.6.1	2022-01-18 10:29:26 +00:00
dependabot[bot]	6884da4f50	Bump sidekiq from 6.2.2 to 6.3.1 Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.2.2 to 6.3.1. - [Release notes](https://github.com/mperham/sidekiq/releases) - [Changelog](https://github.com/mperham/sidekiq/blob/main/Changes.md) - [Commits](https://github.com/mperham/sidekiq/compare/v6.2.2...v6.3.1) --- updated-dependencies: - dependency-name: sidekiq dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-18 10:26:09 +00:00
dependabot[bot]	e9dda6cd96	Bump bugsnag from 6.24.0 to 6.24.1 Bumps [bugsnag](https://github.com/bugsnag/bugsnag-ruby) from 6.24.0 to 6.24.1. - [Release notes](https://github.com/bugsnag/bugsnag-ruby/releases) - [Changelog](https://github.com/bugsnag/bugsnag-ruby/blob/master/CHANGELOG.md) - [Commits](https://github.com/bugsnag/bugsnag-ruby/compare/v6.24.0...v6.24.1) --- updated-dependencies: - dependency-name: bugsnag dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-18 10:25:40 +00:00
Transifex-Openfoodnetwork	98968591fc	Updating translations for config/locales/de_DE.yml	2022-01-18 21:25:22 +11:00
dependabot[bot]	cfd8f81b3a	Bump rails-i18n from 6.0.0 to 7.0.1 Bumps [rails-i18n](https://github.com/svenfuchs/rails-i18n) from 6.0.0 to 7.0.1. - [Release notes](https://github.com/svenfuchs/rails-i18n/releases) - [Changelog](https://github.com/svenfuchs/rails-i18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenfuchs/rails-i18n/commits) --- updated-dependencies: - dependency-name: rails-i18n dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-18 10:24:56 +00:00
Matt-Yorkley	383d938d7c	Bump json back up to 2.6.1	2022-01-18 10:24:43 +00:00
dependabot[bot]	c0e63d8299	Bump activerecord-import from 1.2.0 to 1.3.0 Bumps [activerecord-import](https://github.com/zdennis/activerecord-import) from 1.2.0 to 1.3.0. - [Release notes](https://github.com/zdennis/activerecord-import/releases) - [Changelog](https://github.com/zdennis/activerecord-import/blob/master/CHANGELOG.md) - [Commits](https://github.com/zdennis/activerecord-import/compare/v1.2.0...v1.3.0) --- updated-dependencies: - dependency-name: activerecord-import dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-18 10:24:29 +00:00
dependabot[bot]	661d678910	Bump rubocop-rails from 2.12.4 to 2.13.2 Bumps [rubocop-rails](https://github.com/rubocop/rubocop-rails) from 2.12.4 to 2.13.2. - [Release notes](https://github.com/rubocop/rubocop-rails/releases) - [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.12.4...v2.13.2) --- updated-dependencies: - dependency-name: rubocop-rails dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-18 10:23:59 +00:00
dependabot[bot]	0c2c853e8e	Bump ddtrace from 0.53.0 to 0.54.1 Bumps [ddtrace](https://github.com/DataDog/dd-trace-rb) from 0.53.0 to 0.54.1. - [Release notes](https://github.com/DataDog/dd-trace-rb/releases) - [Changelog](https://github.com/DataDog/dd-trace-rb/blob/master/CHANGELOG.md) - [Commits](https://github.com/DataDog/dd-trace-rb/compare/v0.53.0...v0.54.1) --- updated-dependencies: - dependency-name: ddtrace dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-18 10:23:17 +00:00
dependabot[bot]	944a899931	Bump monetize from 1.11.0 to 1.12.0 Bumps [monetize](https://github.com/RubyMoney/monetize) from 1.11.0 to 1.12.0. - [Release notes](https://github.com/RubyMoney/monetize/releases) - [Changelog](https://github.com/RubyMoney/monetize/blob/main/CHANGELOG.md) - [Commits](https://github.com/RubyMoney/monetize/compare/v1.11.0...v1.12.0) --- updated-dependencies: - dependency-name: monetize dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-18 10:22:31 +00:00
dependabot[bot]	64ecc5757f	Bump stripe from 5.39.0 to 5.42.0 Bumps [stripe](https://github.com/stripe/stripe-ruby) from 5.39.0 to 5.42.0. - [Release notes](https://github.com/stripe/stripe-ruby/releases) - [Changelog](https://github.com/stripe/stripe-ruby/blob/master/CHANGELOG.md) - [Commits](https://github.com/stripe/stripe-ruby/compare/v5.39.0...v5.42.0) --- updated-dependencies: - dependency-name: stripe dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-18 10:21:54 +00:00
dependabot[bot]	9ac5a1d379	Bump listen from 3.7.0 to 3.7.1 Bumps [listen](https://github.com/guard/listen) from 3.7.0 to 3.7.1. - [Release notes](https://github.com/guard/listen/releases) - [Commits](https://github.com/guard/listen/compare/v3.7.0...v3.7.1) --- updated-dependencies: - dependency-name: listen dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-18 10:21:14 +00:00
Matt-Yorkley	1fda316d4c	Merge pull request #8740 from Matt-Yorkley/rails-bump Update Rails from 6.1.4.1 to 6.1.4.4	2022-01-18 10:19:24 +00:00
Matt-Yorkley	eb12648538	Merge pull request #8742 from openfoodfoundation/dependabot/npm_and_yarn/browserslist-4.19.1 Bump browserslist from 4.16.3 to 4.19.1	2022-01-18 09:57:12 +00:00
jibees	fdba942c7e	Merge pull request #8734 from mkllnk/dependencies Restrict Dependabot to update only the lockfiles	2022-01-18 10:39:29 +01:00
Transifex-Openfoodnetwork	7d55bf9184	Updating translations for config/locales/en_FR.yml	2022-01-18 20:18:34 +11:00
Transifex-Openfoodnetwork	f8a9d9ecfa	Updating translations for config/locales/fr.yml	2022-01-18 20:18:22 +11:00
Matt-Yorkley	7c2b3cdf51	Fix param whitelisting Co-authored-by: Maikel <maikel@email.org.au>	2022-01-18 09:14:55 +00:00
Matt-Yorkley	3bfea510b2	Update spec/services/url_generator_spec.rb Co-authored-by: Maikel <maikel@email.org.au>	2022-01-18 08:45:46 +00:00
Maikel	7fb227710f	Merge pull request #8728 from shen-sat/6056-improve-auto-test-coverage-on-order-customer-details [6045] Add test for hiding billing address form and adding new customer on o…	2022-01-18 11:46:11 +11:00
dependabot[bot]	98a8036c7b	Bump browserslist from 4.16.3 to 4.19.1 Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.16.3 to 4.19.1. - [Release notes](https://github.com/browserslist/browserslist/releases) - [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md) - [Commits](https://github.com/browserslist/browserslist/compare/4.16.3...4.19.1) --- updated-dependencies: - dependency-name: browserslist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-18 00:42:43 +00:00
Maikel	1ad43964c1	Merge pull request #8737 from openfoodfoundation/dependabot/npm_and_yarn/storybook/addon-docs-6.4.13 Bump @storybook/addon-docs from 6.4.12 to 6.4.13	2022-01-18 11:31:58 +11:00
dependabot[bot]	de7860fd91	Bump @storybook/addon-docs from 6.4.12 to 6.4.13 Bumps [@storybook/addon-docs](https://github.com/storybookjs/storybook/tree/HEAD/addons/docs) from 6.4.12 to 6.4.13. - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v6.4.13/addons/docs) --- updated-dependencies: - dependency-name: "@storybook/addon-docs" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-18 00:16:49 +00:00
Maikel	ac0c8e8419	Merge pull request #8736 from openfoodfoundation/dependabot/npm_and_yarn/storybook/addon-controls-6.4.13 Bump @storybook/addon-controls from 6.4.12 to 6.4.13	2022-01-18 11:09:18 +11:00
dependabot[bot]	8d14b4d1fe	Bump @storybook/addon-controls from 6.4.12 to 6.4.13 Bumps [@storybook/addon-controls](https://github.com/storybookjs/storybook/tree/HEAD/addons/controls) from 6.4.12 to 6.4.13. - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v6.4.13/addons/controls) --- updated-dependencies: - dependency-name: "@storybook/addon-controls" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-18 00:05:06 +00:00
Maikel	d5f5b3065a	Merge pull request #8735 from openfoodfoundation/dependabot/npm_and_yarn/storybook/server-6.4.13 Bump @storybook/server from 6.4.12 to 6.4.13	2022-01-18 11:02:35 +11:00
Matt-Yorkley	8f883d53a3	Update Rails from 6.1.4.1 to 6.1.4.4	2022-01-17 21:37:09 +00:00
Matt-Yorkley	1cbb0d8bbd	Update all locales with the latest Transifex translations v4.1.13	2022-01-17 21:00:43 +00:00
Matt-Yorkley	bf6b221aa5	Merge pull request #8720 from openfoodfoundation/transifex Transifex	2022-01-17 20:58:26 +00:00
Matt-Yorkley	632d94ee37	Merge pull request #8733 from Matt-Yorkley/bump-stimulusjs Update to StimulusJS 3.0.1	2022-01-17 20:56:54 +00:00
Filipe	067f90b17c	Merge pull request #8712 from Matt-Yorkley/oc-mails OC notifications	2022-01-17 20:30:40 +00:00
Filipe	8114eb1c9f	Merge pull request #8666 from openfoodfoundation/stripe-controller Extract new StripeController	2022-01-17 20:21:40 +00:00
Filipe	62f0de75ee	Merge pull request #8679 from Matt-Yorkley/drop-jquery-ujs Drop jquery_ujs	2022-01-17 16:30:25 +00:00
Jean-Baptiste Bellet	c22f3ec1db	Add locale to stripe elements options to display messages in right language List of supported language by stripe elements: https://stripe.com/docs/js/appendix/supported_locales	2022-01-17 15:10:51 +01:00
Transifex-Openfoodnetwork	084bbe576c	Updating translations for config/locales/en_FR.yml	2022-01-17 21:19:59 +11:00

... 44 45 46 47 48 ...

25508 Commits