raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-04-01 06:41:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
34,470 Commits 15 Branches 460 Tags
f8ca8ae942e35d14ece55f1b134d889544145f21
Commit Graph

2619 Commits

Author SHA1 Message Date
David Cook
52e4293e90 Merge pull request #13673 from deivid-rodriguez/bump-state-machines 
Bump state_machines related gems again
 2025-11-11 13:22:53 +11:00
Gaetan Craig-Riou
cff6fcf52e Merge pull request #13697 from openfoodfoundation/dependabot/bundler/roadie-rails-3.4.0 
Bump roadie-rails from 3.2.0 to 3.4.0
 2025-11-11 09:50:52 +11:00
Gaetan Craig-Riou
4083aa82b8 Merge pull request #13696 from openfoodfoundation/dependabot/bundler/digest-3.2.1 
Bump digest from 3.2.0 to 3.2.1
 2025-11-11 09:47:02 +11:00
Gaetan Craig-Riou
ac61ef1f81 Merge pull request #13695 from openfoodfoundation/dependabot/bundler/paper_trail-17.0.0 
Bump paper_trail from 15.1.0 to 17.0.0
 2025-11-11 09:45:13 +11:00
dependabot[bot]
13a955d45a Bump roadie-rails from 3.2.0 to 3.4.0 
Bumps [roadie-rails](https://github.com/Mange/roadie-rails) from 3.2.0 to 3.4.0.
- [Changelog](https://github.com/Mange/roadie-rails/blob/master/Changelog.md)
- [Commits](https://github.com/Mange/roadie-rails/compare/v3.2.0...v3.4.0)

---
updated-dependencies:
- dependency-name: roadie-rails
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 09:41:12 +00:00
dependabot[bot]
7a06c72534 Bump digest from 3.2.0 to 3.2.1 
Bumps [digest](https://github.com/ruby/digest) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/ruby/digest/releases)
- [Commits](https://github.com/ruby/digest/compare/v3.2.0...v3.2.1)

---
updated-dependencies:
- dependency-name: digest
  dependency-version: 3.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 09:40:38 +00:00
dependabot[bot]
cdb572f347 Bump paper_trail from 15.1.0 to 17.0.0 
Bumps [paper_trail](https://github.com/paper-trail-gem/paper_trail) from 15.1.0 to 17.0.0.
- [Release notes](https://github.com/paper-trail-gem/paper_trail/releases)
- [Changelog](https://github.com/paper-trail-gem/paper_trail/blob/master/CHANGELOG.md)
- [Commits](https://github.com/paper-trail-gem/paper_trail/compare/v15.1.0...v17.0.0)

---
updated-dependencies:
- dependency-name: paper_trail
  dependency-version: 17.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 09:39:38 +00:00
dependabot[bot]
8f44b06244 Bump devise-i18n from 1.12.1 to 1.15.0 
Bumps [devise-i18n](https://github.com/devise-i18n/devise-i18n) from 1.12.1 to 1.15.0.
- [Release notes](https://github.com/devise-i18n/devise-i18n/releases)
- [Changelog](https://github.com/devise-i18n/devise-i18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/devise-i18n/devise-i18n/compare/v1.12.1...v1.15.0)

---
updated-dependencies:
- dependency-name: devise-i18n
  dependency-version: 1.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 09:39:04 +00:00
Maikel
7c4714288d Merge pull request #13675 from deivid-rodriguez/unify-linters 
Unify linters and linter related tools
 2025-11-10 16:24:36 +11:00
dependabot[bot]
665aee6eb0 Bump openid_connect from 2.3.0 to 2.3.1 
Bumps [openid_connect](https://github.com/nov/openid_connect) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/nov/openid_connect/releases)
- [Changelog](https://github.com/nov/openid_connect/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nov/openid_connect/compare/v2.3.0...v2.3.1)

---
updated-dependencies:
- dependency-name: openid_connect
  dependency-version: 2.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 00:48:19 +00:00
Gaetan Craig-Riou
5e505c1240 Merge pull request #13683 from openfoodfoundation/dependabot/bundler/omniauth_openid_connect-0.8.0 
Bump omniauth_openid_connect from 0.7.1 to 0.8.0
 2025-11-10 11:46:51 +11:00
Gaetan Craig-Riou
e948f89625 Merge pull request #13682 from openfoodfoundation/dependabot/bundler/activerecord-session_store-2.2.0 
Bump activerecord-session_store from 2.1.0 to 2.2.0
 2025-11-10 11:31:56 +11:00
Gaetan Craig-Riou
f42b91f414 Merge pull request #13681 from openfoodfoundation/dependabot/bundler/spring-4.4.0 
Bump spring from 4.2.1 to 4.4.0
 2025-11-10 11:25:57 +11:00
Filipe
1422b440e4 Merge pull request #13493 from dacook/bump-stripe-v13 
Bump stripe to v13
 2025-11-06 13:48:52 +00:00
David Rodríguez
8f07ee5bf7 Move haml-lint from hound to reviewdog 
We can somewhat easily get it passing and integrate nice with reviewdog
by adding a TODO file for the rules that we had enabled, so that we
don't need to correct anything now, but we still get alerted for new
offenses. So I say let's keep it and enforce it from now on.
 2025-11-05 10:08:03 +01:00
dependabot[bot]
3252de19a3 Bump omniauth_openid_connect from 0.7.1 to 0.8.0 
Bumps [omniauth_openid_connect](https://github.com/omniauth/omniauth_openid_connect) from 0.7.1 to 0.8.0.
- [Changelog](https://github.com/omniauth/omniauth_openid_connect/blob/master/CHANGELOG.md)
- [Commits](https://github.com/omniauth/omniauth_openid_connect/compare/v0.7.1...v0.8.0)

---
updated-dependencies:
- dependency-name: omniauth_openid_connect
  dependency-version: 0.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-05 09:04:05 +00:00
dependabot[bot]
fd3bd062fe Bump activerecord-session_store from 2.1.0 to 2.2.0 
Bumps [activerecord-session_store](https://github.com/rails/activerecord-session_store) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/rails/activerecord-session_store/releases)
- [Changelog](https://github.com/rails/activerecord-session_store/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/activerecord-session_store/compare/v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: activerecord-session_store
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-05 09:02:12 +00:00
dependabot[bot]
029d447d98 Bump spring from 4.2.1 to 4.4.0 
Bumps [spring](https://github.com/rails/spring) from 4.2.1 to 4.4.0.
- [Release notes](https://github.com/rails/spring/releases)
- [Changelog](https://github.com/rails/spring/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/spring/compare/v4.2.1...v4.4.0)

---
updated-dependencies:
- dependency-name: spring
  dependency-version: 4.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-05 09:01:40 +00:00
Gaetan Craig-Riou
30c0bcc910 Merge pull request #13678 from deivid-rodriguez/remove-debugger-linecache 
Remove debugger-linecache
 2025-11-05 11:14:11 +11:00
Gaetan Craig-Riou
1a4ba9b689 Merge pull request #13672 from openfoodfoundation/dependabot/bundler/i18n-tasks-1.0.15 
Bump i18n-tasks from 1.0.14 to 1.0.15
 2025-11-05 10:21:46 +11:00
Gaetan Craig-Riou
4de8191e27 Merge pull request #13579 from openfoodfoundation/dependabot/bundler/flipper-ui-1.3.6 
Bump flipper-ui from 1.3.0 to 1.3.6
 2025-11-05 10:06:43 +11:00
David Cook
e4be336630 Bump Stripe to v13 2025-11-04 15:36:53 +00:00
David Cook
cae13df2c7 Bump Stripe to v12 
re-recording cassettes with script/test-stripe-live
 2025-11-04 15:32:05 +00:00
David Rodríguez
c386d1af01 Remove debugger-linecache 
This gem has not been updated since 2013 and serves no purpose these
days.
 2025-11-04 10:22:37 +01:00
dependabot[bot]
9916b361e4 Bump turbo_power from 0.6.2 to 0.7.0 
Bumps [turbo_power](https://github.com/marcoroth/turbo_power-rails) from 0.6.2 to 0.7.0.
- [Release notes](https://github.com/marcoroth/turbo_power-rails/releases)
- [Commits](https://github.com/marcoroth/turbo_power-rails/compare/v0.6.2...v0.7.0)

---
updated-dependencies:
- dependency-name: turbo_power
  dependency-version: 0.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-03 11:05:43 +00:00
David Rodríguez
7076afecfb Bump state_machines related gems again 
This fixes warnings like

```
$ bundle exec rspec spec/system/admin/users_spec.rb:179
(...)
Instance method "invalid?" is already defined in Spree::Payment(id: integer, amount: decimal, order_id: integer, created_at: datetime, updated_at: datetime, source_id: integer, source_type: string, payment_method_id: integer, state: string, response_code: string, avs_response: string, identifier: string, cvv_response_code: string, cvv_response_message: text, captured_at: datetime, redirect_auth_url: string),
use generic helper instead or set StateMachines::Machine.ignore_method_conflicts = true.

(...)
```
 2025-11-03 10:56:16 +01:00
dependabot[bot]
2b9b02aeea Bump i18n-tasks from 1.0.14 to 1.0.15 
Bumps [i18n-tasks](https://github.com/glebm/i18n-tasks) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/glebm/i18n-tasks/releases)
- [Changelog](https://github.com/glebm/i18n-tasks/blob/main/CHANGES.md)
- [Commits](https://github.com/glebm/i18n-tasks/compare/v1.0.14...v1.0.15)

---
updated-dependencies:
- dependency-name: i18n-tasks
  dependency-version: 1.0.15
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-03 09:06:01 +00:00
dependabot[bot]
009b5e5ff1 Bump flipper-ui from 1.3.0 to 1.3.6 
Bumps [flipper-ui](https://github.com/flippercloud/flipper) from 1.3.0 to 1.3.6.
- [Release notes](https://github.com/flippercloud/flipper/releases)
- [Changelog](https://github.com/flippercloud/flipper/blob/main/Changelog.md)
- [Commits](https://github.com/flippercloud/flipper/compare/v1.3.0...v1.3.6)

---
updated-dependencies:
- dependency-name: flipper-ui
  dependency-version: 1.3.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-03 17:31:57 +11:00
Gaetan Craig-Riou
96f715b62b Merge pull request #13661 from deivid-rodriguez/ruby-3.2 
Bump Ruby from 3.1.7 to 3.2.9
 2025-11-03 13:29:40 +11:00
David Rodríguez
0c392d5302 Drop version constraints for pg and pry entirely, so their versions can be fully managed by Dependabot 
Co-authored-by: Maikel <maikel@email.org.au>
 2025-10-31 09:18:12 +01:00
David Rodríguez
e71a2603bd Bump pry to a version that plays nice with Ruby 3.2 
Otherwise you get the following error when starting RSpec:

```
(...)
An error occurred while loading base_spec_helper.
Failure/Error: require 'pry' unless ENV['CI']

NameError:
  undefined method `=~' for class `Pry::Code'
# ./spec/base_spec_helper.rb:10:in `<top (required)>'
No examples found.
(...)
```
 2025-10-31 09:18:11 +01:00
David Rodríguez
5aea527962 Use Bundler version that comes with Ruby 3.2.9 by default 2025-10-31 09:18:11 +01:00
David Rodríguez
05b3e97a0e Bump Ruby from 3.1.7 to 3.2.9 
Release announcements:

* https://www.ruby-lang.org/en/news/2025/07/24/ruby-3-2-9-released/
* https://www.ruby-lang.org/en/news/2025/03/26/ruby-3-2-8-released/
* https://www.ruby-lang.org/en/news/2025/02/04/ruby-3-2-7-released/
* https://www.ruby-lang.org/en/news/2024/10/30/ruby-3-2-6-released/
* https://www.ruby-lang.org/en/news/2024/07/26/ruby-3-2-5-released/
* https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-2-4-released/
* https://www.ruby-lang.org/en/news/2024/01/18/ruby-3-2-3-released/
* https://www.ruby-lang.org/en/news/2023/03/30/ruby-3-2-2-released/
* https://www.ruby-lang.org/en/news/2023/02/08/ruby-3-2-1-released/
* https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/

Also autocorrect new offenses.
 2025-10-31 09:18:11 +01:00
dependabot[bot]
3efe0c7835 Bump paranoia from 2.6.3 to 2.6.4 
Bumps [paranoia](https://github.com/rubysherpas/paranoia) from 2.6.3 to 2.6.4.
- [Release notes](https://github.com/rubysherpas/paranoia/releases)
- [Changelog](https://github.com/rubysherpas/paranoia/blob/core/CHANGELOG.md)
- [Commits](https://github.com/rubysherpas/paranoia/compare/v2.6.3...v2.6.4)

---
updated-dependencies:
- dependency-name: paranoia
  dependency-version: 2.6.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-29 09:02:20 +00:00
Maikel
ff16b575c4 Merge pull request #13653 from deivid-rodriguez/bump-rubocop 
Bump rubocop to 1.86.6
 2025-10-29 12:00:31 +11:00
Maikel
faa826a76e Merge pull request #13647 from deivid-rodriguez/remove-obsoleted-gem 
Remove obsolete gem
 2025-10-29 11:44:59 +11:00
Maikel
1e02084f95 Merge pull request #13646 from deivid-rodriguez/bump-ruby 
Bump Ruby from 3.1.4 to 3.1.7
 2025-10-29 11:43:04 +11:00
David Rodríguez
4c6d894bc0 Bump RuboCop to 1.86.6 
There were a few changes needed:

* Plugins are now specified through `plugin:` config keyword.
* All plugin gems need to be specified explicitly in Gemfile since they
  are no longer dependencies of plugins already specified explicitly.
* All plugin gems need to be updated in other to use the new APIs.
* One cop was renamed.
* New offenses safe to correct were corrected directly with `bundle exec
  rubocop -a`.
* New offenses unsafe to correct were added to the TODO configuration
  with `bundle exec rubocop --auto-gen-config --auto-gen-only-exclude
  --exclude-limit 1400 --no-auto-gen-timestamp`.
 2025-10-27 11:30:33 +01:00
David Rodríguez
e09d78dfb2 Remove obsolete gem 
Even without it, Rails seems to do this by default:

```console
$ RAILS_ENV=production SITE_URL=foo.bar SECRET_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx bin/rails db:drop
I, [2025-10-23T12:38:12.383244 #32647]  INFO -- : [dotenv] Loaded .env
I, [2025-10-23T12:38:12.383292 #32647]  INFO -- : [dotenv] Loaded .env
W, [2025-10-23T12:38:12.411675 #32647]  WARN -- [Bugsnag]: No valid API key has been set, notifications will not be sent
bin/rails aborted!
ActiveRecord::ProtectedEnvironmentError: You are attempting to run a destructive action against your 'production' database.
If you are sure you want to continue, run the same command with the environment variable:
DISABLE_DATABASE_ENVIRONMENT_CHECK=1

Tasks: TOP => db:drop => db:check_protected_environments
(See full trace by running task with --trace)
```

And the gem hasn't been updated in 10 years, so probably best to get rid
of it.
 2025-10-23 12:41:37 +02:00
David Rodríguez
dad7cfc180 Bump Ruby from 3.1.4 to 3.1.7 
Release announcmenets:

* https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-1-5-released/
* https://www.ruby-lang.org/en/news/2024/05/29/ruby-3-1-6-released/
* https://www.ruby-lang.org/en/news/2025/03/26/ruby-3-1-7-released/
 2025-10-23 10:34:21 +02:00
dependabot[bot]
fb437fb34d Bump knapsack_pro from 8.1.2 to 8.4.0 
Bumps [knapsack_pro](https://github.com/KnapsackPro/knapsack_pro-ruby) from 8.1.2 to 8.4.0.
- [Changelog](https://github.com/KnapsackPro/knapsack_pro-ruby/blob/main/CHANGELOG.md)
- [Commits](https://github.com/KnapsackPro/knapsack_pro-ruby/compare/v8.1.2...v8.4.0)

---
updated-dependencies:
- dependency-name: knapsack_pro
  dependency-version: 8.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-22 09:02:10 +00:00
dependabot[bot]
479d52a2bb Bump activerecord-import from 1.6.0 to 2.2.0 
Bumps [activerecord-import](https://github.com/zdennis/activerecord-import) from 1.6.0 to 2.2.0.
- [Changelog](https://github.com/zdennis/activerecord-import/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zdennis/activerecord-import/compare/v1.6.0...v2.2.0)

---
updated-dependencies:
- dependency-name: activerecord-import
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-21 09:02:00 +00:00
dependabot[bot]
02ea3cb61c Bump webmock from 3.23.1 to 3.25.1 
Bumps [webmock](https://github.com/bblimke/webmock) from 3.23.1 to 3.25.1.
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.23.1...v3.25.1)

---
updated-dependencies:
- dependency-name: webmock
  dependency-version: 3.25.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-20 09:26:20 +00:00
David Cook
93e6f9034c Merge pull request #13602 from deivid-rodriguez/bump-mini_magick 
Update mini_magick to a version that plays nice with imagemagick v7
 2025-10-20 15:26:20 +11:00
dependabot[bot]
7f937fd4b1 Bump state_machines-activerecord from 0.9.0 to 0.31.0 
Bumps [state_machines-activerecord](https://github.com/state-machines/state_machines-activerecord) from 0.9.0 to 0.31.0.
- [Release notes](https://github.com/state-machines/state_machines-activerecord/releases)
- [Changelog](https://github.com/state-machines/state_machines-activerecord/blob/master/CHANGELOG.md)
- [Commits](https://github.com/state-machines/state_machines-activerecord/compare/v0.9.0...state_machines-activerecord/v0.31.0)

---
updated-dependencies:
- dependency-name: state_machines-activerecord
  dependency-version: 0.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-15 09:02:41 +00:00
dependabot[bot]
980cc9c724 Bump redis from 5.2.0 to 5.4.1 
Bumps [redis](https://github.com/redis/redis-rb) from 5.2.0 to 5.4.1.
- [Changelog](https://github.com/redis/redis-rb/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/redis-rb/compare/v5.2.0...v5.4.1)

---
updated-dependencies:
- dependency-name: redis
  dependency-version: 5.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-14 09:01:55 +00:00
David Rodríguez
c72f9477cd bundle update mini_magick 
This is mainly to shush a lot of warnings when running the test suite,
like the following:

```
WARNING: The convert command is deprecated in IMv7, use "magick" instead of "convert" or "magick convert"
```
 2025-10-14 08:17:12 +02:00
dependabot[bot]
755116e713 Bump flipper from 1.3.0 to 1.3.6 
Bumps [flipper](https://github.com/flippercloud/flipper) from 1.3.0 to 1.3.6.
- [Release notes](https://github.com/flippercloud/flipper/releases)
- [Changelog](https://github.com/flippercloud/flipper/blob/main/Changelog.md)
- [Commits](https://github.com/flippercloud/flipper/compare/v1.3.0...v1.3.6)

---
updated-dependencies:
- dependency-name: flipper
  dependency-version: 1.3.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-13 09:20:50 +00:00
Maikel
084f7a8a47 Merge pull request #13590 from openfoodfoundation/dependabot/bundler/newrelic_rpm-9.22.0 
Bump newrelic_rpm from 9.9.0 to 9.22.0
 2025-10-13 10:05:50 +11:00
dependabot[bot]
e2410105ce Bump rack from 2.2.19 to 2.2.20 
Bumps [rack](https://github.com/rack/rack) from 2.2.19 to 2.2.20.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/v2.2.19...v2.2.20)

---
updated-dependencies:
- dependency-name: rack
  dependency-version: 2.2.20
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-10 18:59:10 +00:00