raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-01-27 21:06:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
34,725 Commits 18 Branches 451 Tags
d0f48687e28e7094de4580e6e04691cb2a0799ec
Commit Graph

34725 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Maikel Linke
94b75540e4 Replace Timecop with Rails' time helpers 
Rails 4.1 added time helpers but we never bothered using them. But now
I'm getting rid of the Timecop dependency and use standard helpers.

Beware though that the new helpers always freeze time. When you travel
to a certain date then the clock stops ticking while Timecop maintained
the passing of time.

The freezing of time could cause problems if you are trying to enforce a
timeout. But all current specs don't seem affected.

In most cases, the freezing will make it easier to avoid flaky specs.
 2025-08-22 16:57:04 +10:00
Maikel Linke
6e489d7770 Enforce required DFC permissions 2025-08-22 16:46:59 +10:00
Maikel Linke
81b1169e77 Configure undercover to exclude files 2025-08-22 16:13:20 +10:00
Maikel
4b558b4820 Merge pull request #13501 from openfoodfoundation/dependabot/npm_and_yarn/sha.js-2.4.12 
Bump sha.js from 2.4.11 to 2.4.12
 2025-08-22 16:12:26 +10:00
Maikel
e224b8f63b Merge pull request #13500 from openfoodfoundation/dependabot/npm_and_yarn/cipher-base-1.0.6 
Bump cipher-base from 1.0.4 to 1.0.6
 2025-08-22 16:11:30 +10:00
Maikel
80bb0606b4 Merge pull request #13499 from openfoodfoundation/dependabot/npm_and_yarn/floating-ui/dom-1.7.4 
Bump @floating-ui/dom from 1.7.3 to 1.7.4
 2025-08-22 15:50:47 +10:00
dependabot[bot]
499fcc791e Bump sha.js from 2.4.11 to 2.4.12 
Bumps [sha.js](https://github.com/crypto-browserify/sha.js) from 2.4.11 to 2.4.12.
- [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crypto-browserify/sha.js/compare/v2.4.11...v2.4.12)

---
updated-dependencies:
- dependency-name: sha.js
  dependency-version: 2.4.12
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-21 15:48:41 +00:00
dependabot[bot]
30dae3c3ea Bump cipher-base from 1.0.4 to 1.0.6 
Bumps [cipher-base](https://github.com/crypto-browserify/cipher-base) from 1.0.4 to 1.0.6.
- [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crypto-browserify/cipher-base/compare/v1.0.4...v1.0.6)

---
updated-dependencies:
- dependency-name: cipher-base
  dependency-version: 1.0.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-21 15:23:41 +00:00
dependabot[bot]
af247c32a3 Bump @floating-ui/dom from 1.7.3 to 1.7.4 
Bumps [@floating-ui/dom](https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom) from 1.7.3 to 1.7.4.
- [Release notes](https://github.com/floating-ui/floating-ui/releases)
- [Changelog](https://github.com/floating-ui/floating-ui/blob/master/packages/dom/CHANGELOG.md)
- [Commits](https://github.com/floating-ui/floating-ui/commits/@floating-ui/dom@1.7.4/packages/dom)

---
updated-dependencies:
- dependency-name: "@floating-ui/dom"
  dependency-version: 1.7.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-21 09:48:24 +00:00
Gareth
6f9dcf7e27 remove bundle check 2025-08-20 11:04:40 -04:00
Gareth
2d064bab64 Created a bundler service that runs once removing responsibilities from any other services. The bundler service always runs install which should still be pretty fast if nothing or only a few gems have changed. A healthcheck won't work unless bundler runs continuously which is impractical. Instead, a checksum is generated on bundle install and sentinels in the other services have a definite confirmation that bundle is complete. The nice thing about this approach is that web, webpack, and sidekiq (which share the same bundles dependencies) will not concurrently run bundle install solving dep install redundancies. 2025-08-20 10:13:20 -04:00
Gareth
b69eb9bdff Specified BUNDLE_PATH AND BUNDLE_APP_CONFIG in Dockerfile 2025-08-20 08:48:21 -04:00
David Cook
f79c1879bd Test that you can actually get to Stripe to connect your account 
Well.. almost.
 2025-08-20 13:06:59 +10:00
David Cook
646d538a3d Fix broken link 
This link would go to the enterprise edit screen, but didn't successfully select the payment methods panel.

Ideally, the spec would try to follow the link and verify that you can see the Connect with Stripe button. But it opens the link in a new tab and I'm not sure how to test that.
 2025-08-20 11:54:47 +10:00
David Cook
90288b8cbf Merge pull request #13492 from chahmedejaz/revert/dependabot/bundler/rexml-3.3.9 
500 Error preventing check out with Stripe payment method
v5.2.2 		2025-08-19 10:50:09 +10:00
Ahmed Ejaz
c821b0a285 revert "Bump rexml from 3.2.9 to 3.3.9" 2025-08-19 05:27:58 +05:00
Gareth
b95d798a27 Fixed webpack service so that web relies on its bundles. This has re-enabled JS 2025-08-18 12:24:27 -04:00
Gareth
e1e4aeac1f Added conditions to sidekiq too as it races db as well. Everything seems functional now 2025-08-18 11:52:52 -04:00
Gareth
c7ae47053e Added health check to avoid docker container racing 2025-08-18 11:38:57 -04:00
Gareth Rogers
5892ae1800 Merge branch 'master' into fix-docker-dependency-and-db-dev-env 2025-08-18 09:32:21 -04:00
Gaetan Craig-Riou
c37376d67e Merge pull request #13485 from openfoodfoundation/dependabot/bundler/bullet-8.0.8 
Bump bullet from 7.1.6 to 8.0.8
 2025-08-18 13:58:39 +10:00
Gaetan Craig-Riou
d3a2c09f66 Upgrade to postgres 16 
Postgres 16 is shipped with Ubuntu 24 which is the version we will be
moving to in production
 2025-08-18 10:45:54 +10:00
Gaetan Craig-Riou
d596e692d8 Upgrade postgres to version 14 
This is the version currently availablein Ubuntu 22
 2025-08-18 10:45:24 +10:00
Gaetan Craig-Riou
2df95dcbab No need to expose the postgres port 
There is no need to expose the port to the host, all container will be
running in the same network, so they will have access to database port.
 2025-08-18 10:45:18 +10:00
Ahmed Ejaz
7aa9b164e6 Add scope for ordering products by stock levels and update admin table header for on_hand sorting 2025-08-17 07:16:46 +05:00
Gareth
74368f939b By creating the db in the container on composition, the first migration file rejects the schema of the empty database. All I had to do was remove db creation from docker so that db:prepare will default to creating open_food_network_dev from schema.rb rather than perceiving a mismatch from the precreated docker db 2025-08-15 14:23:13 -04:00
Gareth
cb02cd39fe Reverting unexpected change to schema.rb as requested 2025-08-15 12:27:10 -04:00
dependabot[bot]
49ec5b2089 Bump bullet from 7.1.6 to 8.0.8 
Bumps [bullet](https://github.com/flyerhzm/bullet) from 7.1.6 to 8.0.8.
- [Changelog](https://github.com/flyerhzm/bullet/blob/main/CHANGELOG.md)
- [Commits](https://github.com/flyerhzm/bullet/compare/7.1.6...8.0.8)

---
updated-dependencies:
- dependency-name: bullet
  dependency-version: 8.0.8
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-15 09:56:17 +00:00
Maikel
92ef5fe3d5 Merge pull request #13483 from openfoodfoundation/dependabot/bundler/pdf-reader-2.15.0 
Bump pdf-reader from 2.12.0 to 2.15.0
v5.2.1 		2025-08-15 10:29:09 +10:00
Filipe
ae477b7e52 Merge pull request #13455 from kirst-n/13366-only-load-necessary-flatpickr 
Optimise loading of language-specific date pickers
 2025-08-14 23:24:59 +01:00
Filipe
0e191e5fca Merge pull request #13459 from rioug/13454-fix-redeemeing-voucher-when-using-paypal 
[VINE] Redeem voucher before redirecting to payment url
 2025-08-14 16:30:22 +01:00
dependabot[bot]
64f9ea6fc0 Bump pdf-reader from 2.12.0 to 2.15.0 
Bumps [pdf-reader](https://github.com/yob/pdf-reader) from 2.12.0 to 2.15.0.
- [Changelog](https://github.com/yob/pdf-reader/blob/main/CHANGELOG)
- [Commits](https://github.com/yob/pdf-reader/compare/v2.12.0...v2.15.0)

---
updated-dependencies:
- dependency-name: pdf-reader
  dependency-version: 2.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-14 10:01:32 +00:00
Maikel
058c6749da Merge pull request #13477 from openfoodfoundation/dependabot/bundler/timecop-0.9.10 
Bump timecop from 0.9.8 to 0.9.10
 2025-08-14 13:20:18 +10:00
Maikel
2d15ec4458 Merge pull request #13478 from openfoodfoundation/dependabot/bundler/activerecord-7.1.5.2 
Bump activerecord from 7.1.5.1 to 7.1.5.2
 2025-08-14 13:18:58 +10:00
dependabot[bot]
56eaa8bb98 Bump activerecord from 7.1.5.1 to 7.1.5.2 
Bumps [activerecord](https://github.com/rails/rails) from 7.1.5.1 to 7.1.5.2.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v8.0.2.1/activerecord/CHANGELOG.md)
- [Commits](https://github.com/rails/rails/compare/v7.1.5.1...v7.1.5.2)

---
updated-dependencies:
- dependency-name: activerecord
  dependency-version: 7.1.5.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-14 01:21:32 +00:00
Gaetan Craig-Riou
118e18a78e Tighten url validation 
Per recommendation from https://github.com/openfoodfoundation/openfoodnetwork/security/code-scanning/241
 2025-08-13 22:27:42 +10:00
Gaetan Craig-Riou
cbced144d5 Clean up styling 2025-08-13 22:21:35 +10:00
dependabot[bot]
1e1f1e1e1b Bump timecop from 0.9.8 to 0.9.10 
Bumps [timecop](https://github.com/travisjeffery/timecop) from 0.9.8 to 0.9.10.
- [Changelog](https://github.com/travisjeffery/timecop/blob/master/History.md)
- [Commits](https://github.com/travisjeffery/timecop/compare/v0.9.8...v0.9.10)

---
updated-dependencies:
- dependency-name: timecop
  dependency-version: 0.9.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-13 09:58:01 +00:00
Maikel Linke
1d2115766a Show product groups to platform user 
I removed the caching of `managed_enterprises` in Permissions because
it's just a scope and calling it again is very cheap. And that makes the
method a lot easier to read now that we have a conditional here.

Accessing the managed enterprises via the user instead of a separate
scope on the Enterprise model also reduce the SQL queries. We may want
to use this method in more places. I prefer to keep the
admin-conditional in a permissions class instead of in the model.
 2025-08-13 15:06:31 +10:00
Maikel Linke
6814ef43f4 Show addresses to platform users 2025-08-13 15:06:25 +10:00
Maikel Linke
c9e8294561 DRY with shared context 2025-08-13 15:02:09 +10:00
Maikel Linke
82d0e1bf68 Show enterprise to authorised platform user 2025-08-13 15:02:09 +10:00
Maikel Linke
b16e541a81 Show DFC catalog to authorised platform 2025-08-13 15:02:09 +10:00
Maikel Linke
c12d494de3 Demonstrate authentication as DFC client app 2025-08-13 15:02:09 +10:00
Maikel Linke
9be27842e1 Accepts tokens from Startin'Blox OIDC server 
The API controllers don't know the new type of user yet and will raise
errors but we can work on that bit by bit.
 2025-08-13 15:02:09 +10:00
Maikel Linke
2a7754edbf Add test for current token validation 2025-08-13 15:02:09 +10:00
Maikel Linke
cfeafbfc51 Update API docs with latest version 2025-08-13 15:02:08 +10:00
Maikel
1f8a9f9c76 Merge pull request #13470 from openfoodfoundation/dependabot/bundler/rack-2.2.14 
Bump rack from 2.2.11 to 2.2.14
 2025-08-13 12:45:59 +10:00
Maikel
b1893942ac Merge pull request #13469 from openfoodfoundation/dependabot/bundler/net-imap-0.4.20 
Bump net-imap from 0.4.10 to 0.4.20
 2025-08-13 12:40:50 +10:00
dependabot[bot]
ad59ed4d40 Bump rack from 2.2.11 to 2.2.14 
Bumps [rack](https://github.com/rack/rack) from 2.2.11 to 2.2.14.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/v2.2.11...v2.2.14)

---
updated-dependencies:
- dependency-name: rack
  dependency-version: 2.2.14
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-13 00:02:14 +00:00