raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-01-27 21:06:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
34,725 Commits 18 Branches 451 Tags
d0f48687e28e7094de4580e6e04691cb2a0799ec
Commit Graph

34725 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gaetan Craig-Riou
ac61ef1f81 Merge pull request #13695 from openfoodfoundation/dependabot/bundler/paper_trail-17.0.0 
Bump paper_trail from 15.1.0 to 17.0.0
 2025-11-11 09:45:13 +11:00
Gaetan Craig-Riou
924c421b75 Merge pull request #13694 from openfoodfoundation/dependabot/bundler/devise-i18n-1.15.0 
Bump devise-i18n from 1.12.1 to 1.15.0
 2025-11-11 09:41:43 +11:00
dependabot[bot]
71262d18a0 Bump @testing-library/dom from 9.3.4 to 10.4.1 
Bumps [@testing-library/dom](https://github.com/testing-library/dom-testing-library) from 9.3.4 to 10.4.1.
- [Release notes](https://github.com/testing-library/dom-testing-library/releases)
- [Changelog](https://github.com/testing-library/dom-testing-library/blob/main/CHANGELOG.md)
- [Commits](https://github.com/testing-library/dom-testing-library/compare/v9.3.4...v10.4.1)

---
updated-dependencies:
- dependency-name: "@testing-library/dom"
  dependency-version: 10.4.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 22:41:11 +00:00
David Rodríguez
9645660d87 Fix tag rule visibility select box options hidden by save bar 2025-11-10 17:32:11 +01:00
filipefurtad0
f18487ea68 Update all locales with the latest Transifex translations v5.3.5 2025-11-10 11:22:54 +00:00
dependabot[bot]
13a955d45a Bump roadie-rails from 3.2.0 to 3.4.0 
Bumps [roadie-rails](https://github.com/Mange/roadie-rails) from 3.2.0 to 3.4.0.
- [Changelog](https://github.com/Mange/roadie-rails/blob/master/Changelog.md)
- [Commits](https://github.com/Mange/roadie-rails/compare/v3.2.0...v3.4.0)

---
updated-dependencies:
- dependency-name: roadie-rails
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 09:41:12 +00:00
dependabot[bot]
7a06c72534 Bump digest from 3.2.0 to 3.2.1 
Bumps [digest](https://github.com/ruby/digest) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/ruby/digest/releases)
- [Commits](https://github.com/ruby/digest/compare/v3.2.0...v3.2.1)

---
updated-dependencies:
- dependency-name: digest
  dependency-version: 3.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 09:40:38 +00:00
dependabot[bot]
cdb572f347 Bump paper_trail from 15.1.0 to 17.0.0 
Bumps [paper_trail](https://github.com/paper-trail-gem/paper_trail) from 15.1.0 to 17.0.0.
- [Release notes](https://github.com/paper-trail-gem/paper_trail/releases)
- [Changelog](https://github.com/paper-trail-gem/paper_trail/blob/master/CHANGELOG.md)
- [Commits](https://github.com/paper-trail-gem/paper_trail/compare/v15.1.0...v17.0.0)

---
updated-dependencies:
- dependency-name: paper_trail
  dependency-version: 17.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 09:39:38 +00:00
dependabot[bot]
8f44b06244 Bump devise-i18n from 1.12.1 to 1.15.0 
Bumps [devise-i18n](https://github.com/devise-i18n/devise-i18n) from 1.12.1 to 1.15.0.
- [Release notes](https://github.com/devise-i18n/devise-i18n/releases)
- [Changelog](https://github.com/devise-i18n/devise-i18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/devise-i18n/devise-i18n/compare/v1.12.1...v1.15.0)

---
updated-dependencies:
- dependency-name: devise-i18n
  dependency-version: 1.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 09:39:04 +00:00
Gaetan Craig-Riou
e8b81c1ff6 Fix variant filtering 
We don't want to filter out variant missing producer, so that the user
can address the problem.
 2025-11-10 16:29:27 +11:00
Gaetan Craig-Riou
ab443fa50f Refactor the clone template to use local variable 
and add define locals on the template
 2025-11-10 16:29:27 +11:00
Gaetan Craig-Riou
25d55fec24 Filter out variant the user is not allowed to update 
With a product with mutiple variant, we can end in a scenario where a
user sees variant associated to producer it doesn't have permission for.
This prevents the user from updating any variant. This fix filter out
variant a user shoudn't be seeing
 2025-11-10 16:29:27 +11:00
Gaetan Craig-Riou
61f8b5c7f4 Add strict locals for some products V3 templates 
Rails now allows you to define which local a template is expecting:
https://edgeguides.rubyonrails.org/7_1_release_notes.html#allow-templates-to-set-strict-locals
 2025-11-10 16:29:27 +11:00
Maikel
7c4714288d Merge pull request #13675 from deivid-rodriguez/unify-linters 
Unify linters and linter related tools
 2025-11-10 16:24:36 +11:00
Maikel
b6e393eabb Merge pull request #13662 from filipefurtad0/spec_deprecation_nil_in_sum 
Catches exceptions on final_weight_volume inputs
 2025-11-10 15:25:49 +11:00
Gaetan Craig-Riou
d18aeb9918 Merge pull request #13687 from openfoodfoundation/dependabot/bundler/openid_connect-2.3.1 
Bump openid_connect from 2.3.0 to 2.3.1
 2025-11-10 15:15:32 +11:00
Gaetan Craig-Riou
6596afc562 Fix flaky spec, contain_exactly doesn't care about the order 2025-11-10 13:29:30 +11:00
Maikel
587f76415b Merge pull request #13656 from pacodelaluna/replace-alias-attribute-with-alias-method 
Replace alias_attribute with alias_method
 2025-11-10 11:50:33 +11:00
dependabot[bot]
665aee6eb0 Bump openid_connect from 2.3.0 to 2.3.1 
Bumps [openid_connect](https://github.com/nov/openid_connect) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/nov/openid_connect/releases)
- [Changelog](https://github.com/nov/openid_connect/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nov/openid_connect/compare/v2.3.0...v2.3.1)

---
updated-dependencies:
- dependency-name: openid_connect
  dependency-version: 2.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 00:48:19 +00:00
Gaetan Craig-Riou
5e505c1240 Merge pull request #13683 from openfoodfoundation/dependabot/bundler/omniauth_openid_connect-0.8.0 
Bump omniauth_openid_connect from 0.7.1 to 0.8.0
 2025-11-10 11:46:51 +11:00
Gaetan Craig-Riou
e948f89625 Merge pull request #13682 from openfoodfoundation/dependabot/bundler/activerecord-session_store-2.2.0 
Bump activerecord-session_store from 2.1.0 to 2.2.0
 2025-11-10 11:31:56 +11:00
Gaetan Craig-Riou
f42b91f414 Merge pull request #13681 from openfoodfoundation/dependabot/bundler/spring-4.4.0 
Bump spring from 4.2.1 to 4.4.0
 2025-11-10 11:25:57 +11:00
Gaetan Craig-Riou
3e8a34c5f3 Per dicussion, remove super admin from migration 2025-11-10 11:14:56 +11:00
Gaetan Craig-Riou
1101310845 Enable variant_tag for recent enterprise and admins 
Recent entperise are enterprise created after 11th of August which
should not have access to inventory
 2025-11-10 11:14:56 +11:00
Gaetan Craig-Riou
0745028c06 Fix checking if variant tag is enabled 
variant_tag feature check should happen per enterprise basis, but we
still want super admin to so see variant tag. To do so we check if the
user is amdin or if any of the current user enterprise has variant tag
enable.
 2025-11-10 11:14:56 +11:00
Rachel Arnould
94bda6d0f8 Merge pull request #13592 from rioug/13266-tag-variant-tag-rule 
[Variant tags] Add tag rules for variant
 2025-11-07 14:14:50 +01:00
David Rodríguez
915d03a66a Change CreditCardRemover specs to not send raw credit card data 
If I re-record cassettes for these specs using my test API key, I get
the following errors:

```
1) Stripe::CreditCardRemover#remove Stripe customer exists and is not deleted deletes the credit card clone and the customer
   Failure/Error:
     Stripe::PaymentMethod.create(
       {
         type: 'card',
         card: {
           number: '4242424242424242',
           exp_month: 8,
           exp_year: Time.zone.now.year.next,
           cvc: '314',
         },
       },

   Stripe::CardError:
     Sending credit card numbers directly to the Stripe API is generally unsafe. We suggest you use test tokens that map to the test card you are using, see https://stripe.com/docs/testing. To enable testing raw card data APIs, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.
   # ./spec/lib/stripe/credit_card_remover_spec.rb:16:in `block (3 levels) in <main>'
   # ./spec/lib/stripe/credit_card_remover_spec.rb:44:in `block (4 levels) in <main>'
   # ./spec/lib/stripe/credit_card_remover_spec.rb:56:in `block (4 levels) in <main>'
   # ./spec/base_spec_helper.rb:208:in `block (2 levels) in <main>'
   # ./spec/base_spec_helper.rb:155:in `block (3 levels) in <main>'
   # ./spec/base_spec_helper.rb:155:in `block (2 levels) in <main>'
   # -e:1:in `<main>'
```

Use test payment methods instead as suggested by the error.
 2025-11-06 18:30:45 +01:00
Filipe
1422b440e4 Merge pull request #13493 from dacook/bump-stripe-v13 
Bump stripe to v13
 2025-11-06 13:48:52 +00:00
Filipe
95ad87d840 Merge pull request #13666 from chahmedejaz/bugfix/13519-order-disappear-from-orders-page 
Order lines are deleted when one tries to capture a payment after order cycle is closed
 2025-11-06 13:07:36 +00:00
Konrad
7357419f6f Merge pull request #13652 from navaneethkp36/13651-fix-button-size-order-confirmation 
Make the width of "Back to Store" and "Back to Website" buttons consistent with other buttons in order confirmation page
 2025-11-05 19:29:42 +01:00
François Turbelin
e07ebc21b9 Use instance_double when possible in enterprise model spec 2025-11-05 16:31:20 +01:00
filipefurtad0
8e5404a268 Replaces negative assertion with a positive assertion 
Adds test case on white spece

Refactors to have tests as shared_examples
 2025-11-05 11:12:55 +00:00
filipefurtad0
04fc729a5a Changes tests not to trigger error 
after https://github.com/openfoodfoundation/openfoodnetwork/pull/13571 was merged
 2025-11-05 10:34:52 +00:00
filipefurtad0
8818a98230 Catches exceptions on final_weight_volume inputs 2025-11-05 10:34:52 +00:00
David Rodríguez
d3efa3afa6 Remove pretty-quick 
Because:

* We already have reviewdog running prettier in CI.
* We already removed the associated commit hooks.
* Running plain prettier is already very fast in our case.
 2025-11-05 10:08:04 +01:00
David Rodríguez
4414879b3f Completely remove codeclimate as well 
Most of it is already disabled, and the stuff that's not actually
disabled don't seem worth enough for me to keep it.
 2025-11-05 10:08:04 +01:00
David Rodríguez
3c7aac59e9 Remove ancient rubocop plugin from codeclimate config 
We already get RuboCop offense information through reviewdog.
 2025-11-05 10:08:04 +01:00
David Rodríguez
41cd40a55b Completely get rid of hound 
We already get RuboCop offense information through reviewdog.
 2025-11-05 10:08:04 +01:00
David Rodríguez
a0e8111b3a Remove spurious scss-lint configuration 
It was broken due to several reasons:

* Bad globs from not catching up after file renames.
* Bad rule indentation.

Also, the scss-lint project itself recommends using other tools, because
it relies on the ruby SASS implementation while upstream has moved to a
dart-based implementation.

Even when you fix the config and try to run the tool, you feel the pain
of this deviation:

```
$ scss-lint
(...)

app/webpacker/css/admin/grid.scss:10:1 [E] Syntax: Syntax Error: Invalid CSS after "$col-width: math": expected selector or at-rule, was ".div($total-col..."

(...)
```

The grid.scss file use using `math.div` feature, which is only supported
by the `sass` version based on dart. `scss-lint` will never be able to
parse this file at all.

Also, we're already handling scss rule formatting through prettier.

Because of all these reasons, it's best to forget about scss-lint.
 2025-11-05 10:08:03 +01:00
David Rodríguez
8f07ee5bf7 Move haml-lint from hound to reviewdog 
We can somewhat easily get it passing and integrate nice with reviewdog
by adding a TODO file for the rules that we had enabled, so that we
don't need to correct anything now, but we still get alerted for new
offenses. So I say let's keep it and enforce it from now on.
 2025-11-05 10:08:03 +01:00
David Rodríguez
43da235d15 Make sure all linters run even if some of them fails 2025-11-05 10:08:03 +01:00
dependabot[bot]
3252de19a3 Bump omniauth_openid_connect from 0.7.1 to 0.8.0 
Bumps [omniauth_openid_connect](https://github.com/omniauth/omniauth_openid_connect) from 0.7.1 to 0.8.0.
- [Changelog](https://github.com/omniauth/omniauth_openid_connect/blob/master/CHANGELOG.md)
- [Commits](https://github.com/omniauth/omniauth_openid_connect/compare/v0.7.1...v0.8.0)

---
updated-dependencies:
- dependency-name: omniauth_openid_connect
  dependency-version: 0.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-05 09:04:05 +00:00
dependabot[bot]
fd3bd062fe Bump activerecord-session_store from 2.1.0 to 2.2.0 
Bumps [activerecord-session_store](https://github.com/rails/activerecord-session_store) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/rails/activerecord-session_store/releases)
- [Changelog](https://github.com/rails/activerecord-session_store/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/activerecord-session_store/compare/v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: activerecord-session_store
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-05 09:02:12 +00:00
dependabot[bot]
029d447d98 Bump spring from 4.2.1 to 4.4.0 
Bumps [spring](https://github.com/rails/spring) from 4.2.1 to 4.4.0.
- [Release notes](https://github.com/rails/spring/releases)
- [Changelog](https://github.com/rails/spring/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/spring/compare/v4.2.1...v4.4.0)

---
updated-dependencies:
- dependency-name: spring
  dependency-version: 4.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-05 09:01:40 +00:00
David Cook
8e5fac9fb3 Merge pull request #13632 from rioug/security-247-code-injection 
[security] Fix potential code injection
 2025-11-05 16:34:37 +11:00
Gaetan Craig-Riou
30c0bcc910 Merge pull request #13678 from deivid-rodriguez/remove-debugger-linecache 
Remove debugger-linecache
 2025-11-05 11:14:11 +11:00
Gaetan Craig-Riou
1a4ba9b689 Merge pull request #13672 from openfoodfoundation/dependabot/bundler/i18n-tasks-1.0.15 
Bump i18n-tasks from 1.0.14 to 1.0.15
 2025-11-05 10:21:46 +11:00
Gaetan Craig-Riou
4de8191e27 Merge pull request #13579 from openfoodfoundation/dependabot/bundler/flipper-ui-1.3.6 
Bump flipper-ui from 1.3.0 to 1.3.6
 2025-11-05 10:06:43 +11:00
Gaetan Craig-Riou
472ca5a16b Merge pull request #13490 from openfoodfoundation/dependabot/bundler/turbo_power-0.7.0 
Bump turbo_power from 0.6.2 to 0.7.0
 2025-11-05 10:00:07 +11:00
Gaetan Craig-Riou
dab626031b Merge pull request #13041 from openfoodfoundation/dependabot/npm_and_yarn/turbo_power-0.7.1 
Bump turbo_power from 0.7.0 to 0.7.1
 2025-11-05 09:57:40 +11:00