raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-02-25 01:23:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
34,380 Commits 17 Branches 454 Tags
fd3bd062fed0ce74d4c039d83a929dfc73bbb31d
Commit Graph

34380 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
fd3bd062fe Bump activerecord-session_store from 2.1.0 to 2.2.0 
Bumps [activerecord-session_store](https://github.com/rails/activerecord-session_store) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/rails/activerecord-session_store/releases)
- [Changelog](https://github.com/rails/activerecord-session_store/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/activerecord-session_store/compare/v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: activerecord-session_store
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-05 09:02:12 +00:00
David Cook
8e5fac9fb3 Merge pull request #13632 from rioug/security-247-code-injection 
[security] Fix potential code injection
 2025-11-05 16:34:37 +11:00
Gaetan Craig-Riou
30c0bcc910 Merge pull request #13678 from deivid-rodriguez/remove-debugger-linecache 
Remove debugger-linecache
 2025-11-05 11:14:11 +11:00
Gaetan Craig-Riou
1a4ba9b689 Merge pull request #13672 from openfoodfoundation/dependabot/bundler/i18n-tasks-1.0.15 
Bump i18n-tasks from 1.0.14 to 1.0.15
 2025-11-05 10:21:46 +11:00
Gaetan Craig-Riou
4de8191e27 Merge pull request #13579 from openfoodfoundation/dependabot/bundler/flipper-ui-1.3.6 
Bump flipper-ui from 1.3.0 to 1.3.6
 2025-11-05 10:06:43 +11:00
Gaetan Craig-Riou
472ca5a16b Merge pull request #13490 from openfoodfoundation/dependabot/bundler/turbo_power-0.7.0 
Bump turbo_power from 0.6.2 to 0.7.0
 2025-11-05 10:00:07 +11:00
Gaetan Craig-Riou
dab626031b Merge pull request #13041 from openfoodfoundation/dependabot/npm_and_yarn/turbo_power-0.7.1 
Bump turbo_power from 0.7.0 to 0.7.1
 2025-11-05 09:57:40 +11:00
David Rodríguez
c386d1af01 Remove debugger-linecache 
This gem has not been updated since 2013 and serves no purpose these
days.
 2025-11-04 10:22:37 +01:00
dependabot[bot]
9916b361e4 Bump turbo_power from 0.6.2 to 0.7.0 
Bumps [turbo_power](https://github.com/marcoroth/turbo_power-rails) from 0.6.2 to 0.7.0.
- [Release notes](https://github.com/marcoroth/turbo_power-rails/releases)
- [Commits](https://github.com/marcoroth/turbo_power-rails/compare/v0.6.2...v0.7.0)

---
updated-dependencies:
- dependency-name: turbo_power
  dependency-version: 0.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-03 11:05:43 +00:00
dependabot[bot]
2b9b02aeea Bump i18n-tasks from 1.0.14 to 1.0.15 
Bumps [i18n-tasks](https://github.com/glebm/i18n-tasks) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/glebm/i18n-tasks/releases)
- [Changelog](https://github.com/glebm/i18n-tasks/blob/main/CHANGES.md)
- [Commits](https://github.com/glebm/i18n-tasks/compare/v1.0.14...v1.0.15)

---
updated-dependencies:
- dependency-name: i18n-tasks
  dependency-version: 1.0.15
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-03 09:06:01 +00:00
dependabot[bot]
009b5e5ff1 Bump flipper-ui from 1.3.0 to 1.3.6 
Bumps [flipper-ui](https://github.com/flippercloud/flipper) from 1.3.0 to 1.3.6.
- [Release notes](https://github.com/flippercloud/flipper/releases)
- [Changelog](https://github.com/flippercloud/flipper/blob/main/Changelog.md)
- [Commits](https://github.com/flippercloud/flipper/compare/v1.3.0...v1.3.6)

---
updated-dependencies:
- dependency-name: flipper-ui
  dependency-version: 1.3.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-03 17:31:57 +11:00
dependabot[bot]
7c310e7e46 Bump turbo_power from 0.7.0 to 0.7.1 
Bumps [turbo_power](https://github.com/marcoroth/turbo_power) from 0.7.0 to 0.7.1.
- [Release notes](https://github.com/marcoroth/turbo_power/releases)
- [Commits](https://github.com/marcoroth/turbo_power/compare/v0.7.0...v0.7.1)

---
updated-dependencies:
- dependency-name: turbo_power
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-03 05:17:35 +00:00
Gaetan Craig-Riou
bd0db57768 Per review, more concise code 2025-11-03 15:58:27 +11:00
Gaetan Craig-Riou
96f715b62b Merge pull request #13661 from deivid-rodriguez/ruby-3.2 
Bump Ruby from 3.1.7 to 3.2.9
 2025-11-03 13:29:40 +11:00
Maikel
33b4e38fc5 Merge pull request #13664 from openfoodfoundation/dependabot/npm_and_yarn/jasmine-core-5.12.1 
Bump jasmine-core from 5.12.0 to 5.12.1
 2025-11-03 13:11:49 +11:00
Maikel
27e4ae9892 Merge pull request #13639 from deivid-rodriguez/verify-latest-reviewdog 
Upgrade to latest reviewdog
 2025-11-03 12:28:01 +11:00
Gaetan Craig-Riou
f434d8b066 Merge pull request #13658 from openfoodfoundation/dependabot/bundler/paranoia-2.6.4 
Bump paranoia from 2.6.3 to 2.6.4
 2025-11-03 12:05:44 +11:00
Gaetan Craig-Riou
43d471f93d Merge pull request #13657 from openfoodfoundation/dependabot/npm_and_yarn/hotwired/turbo-8.0.20 
Bump @hotwired/turbo from 8.0.13 to 8.0.20
 2025-11-03 12:03:58 +11:00
David Rodríguez
0c392d5302 Drop version constraints for pg and pry entirely, so their versions can be fully managed by Dependabot 
Co-authored-by: Maikel <maikel@email.org.au>
 2025-10-31 09:18:12 +01:00
David Rodríguez
e71a2603bd Bump pry to a version that plays nice with Ruby 3.2 
Otherwise you get the following error when starting RSpec:

```
(...)
An error occurred while loading base_spec_helper.
Failure/Error: require 'pry' unless ENV['CI']

NameError:
  undefined method `=~' for class `Pry::Code'
# ./spec/base_spec_helper.rb:10:in `<top (required)>'
No examples found.
(...)
```
 2025-10-31 09:18:11 +01:00
David Rodríguez
5aea527962 Use Bundler version that comes with Ruby 3.2.9 by default 2025-10-31 09:18:11 +01:00
David Rodríguez
05b3e97a0e Bump Ruby from 3.1.7 to 3.2.9 
Release announcements:

* https://www.ruby-lang.org/en/news/2025/07/24/ruby-3-2-9-released/
* https://www.ruby-lang.org/en/news/2025/03/26/ruby-3-2-8-released/
* https://www.ruby-lang.org/en/news/2025/02/04/ruby-3-2-7-released/
* https://www.ruby-lang.org/en/news/2024/10/30/ruby-3-2-6-released/
* https://www.ruby-lang.org/en/news/2024/07/26/ruby-3-2-5-released/
* https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-2-4-released/
* https://www.ruby-lang.org/en/news/2024/01/18/ruby-3-2-3-released/
* https://www.ruby-lang.org/en/news/2023/03/30/ruby-3-2-2-released/
* https://www.ruby-lang.org/en/news/2023/02/08/ruby-3-2-1-released/
* https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/

Also autocorrect new offenses.
 2025-10-31 09:18:11 +01:00
Maikel Linke
f9b76fadbd Update all locales with the latest Transifex translations v5.3.4 2025-10-31 16:05:11 +11:00
Maikel
64f44b8a9b Merge pull request #13571 from pacodelaluna/update_sum_calcultation 
Update sum calculation in order_cycle_customer_totals spec
 2025-10-31 16:03:11 +11:00
Maikel Linke
5dfb7645cb Avoid enabling rubocop rule listed in todo file 2025-10-31 15:39:58 +11:00
Maikel Linke
74927dd03d Regenerate Rubocop todo file 2025-10-31 15:30:17 +11:00
François Turbelin
71dd398131 Apply cosmetics and fix specs 2025-10-31 15:20:44 +11:00
François Turbelin
245f0caedb Adjust sum for remaining reports 2025-10-31 15:20:44 +11:00
François Turbelin
18bc95c6a3 Update sum calculation in order_cycle_customer_totals spec 2025-10-31 15:20:44 +11:00
dependabot[bot]
7213dcf124 Bump jasmine-core from 5.12.0 to 5.12.1 
Bumps [jasmine-core](https://github.com/jasmine/jasmine) from 5.12.0 to 5.12.1.
- [Release notes](https://github.com/jasmine/jasmine/releases)
- [Changelog](https://github.com/jasmine/jasmine/blob/main/RELEASE.md)
- [Commits](https://github.com/jasmine/jasmine/compare/v5.12.0...v5.12.1)

---
updated-dependencies:
- dependency-name: jasmine-core
  dependency-version: 5.12.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-30 09:02:08 +00:00
David Rodríguez
e90569bdcc Adjust error format to latest prettier output 
To avoid generating an unnecessary annotation.
 2025-10-29 11:55:11 +01:00
David Rodríguez
404e27ab71 Run reviewdog directly 
So that we can control the version we run without depending on external
actions, and so that we use a consistent version for all linters.

At the same time, unify to running the latest version of reviewdog,
0.21.0, which also involves changing the deprecated `fail_on_error` flag
previously used by prettier action to `fail_level`.
 2025-10-29 11:55:10 +01:00
David Rodríguez
5af6d534df Use "nofilter" for prettier 
Now that we fixed all prettier issues.
 2025-10-29 11:55:03 +01:00
David Rodríguez
65410aabad Speed up rubocop reviewdog by skipping install 
Since we already run `bundle install` at the beginning of the job.
 2025-10-29 11:55:03 +01:00
David Rodríguez
2e78ea62b6 Change linters workflow label to reviewdog 2025-10-29 11:55:03 +01:00
David Rodríguez
201461918d Fix prettier offense 
I accidentally introduced this, not sure how, when correcting all
prettier issues.
 2025-10-29 11:55:03 +01:00
dependabot[bot]
3efe0c7835 Bump paranoia from 2.6.3 to 2.6.4 
Bumps [paranoia](https://github.com/rubysherpas/paranoia) from 2.6.3 to 2.6.4.
- [Release notes](https://github.com/rubysherpas/paranoia/releases)
- [Changelog](https://github.com/rubysherpas/paranoia/blob/core/CHANGELOG.md)
- [Commits](https://github.com/rubysherpas/paranoia/compare/v2.6.3...v2.6.4)

---
updated-dependencies:
- dependency-name: paranoia
  dependency-version: 2.6.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-29 09:02:20 +00:00
dependabot[bot]
e3d453e397 Bump @hotwired/turbo from 8.0.13 to 8.0.20 
Bumps [@hotwired/turbo](https://github.com/hotwired/turbo) from 8.0.13 to 8.0.20.
- [Release notes](https://github.com/hotwired/turbo/releases)
- [Commits](https://github.com/hotwired/turbo/compare/8.0.13...v8.0.20)

---
updated-dependencies:
- dependency-name: "@hotwired/turbo"
  dependency-version: 8.0.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-29 09:01:59 +00:00
Maikel
0ecfc23c67 Merge pull request #13644 from deivid-rodriguez/more-rspec-fixes 
Fix Rspec warnings and the broken Stripe intent API specs that fixing them revealed
 2025-10-29 15:04:22 +11:00
Maikel
ff16b575c4 Merge pull request #13653 from deivid-rodriguez/bump-rubocop 
Bump rubocop to 1.86.6
 2025-10-29 12:00:31 +11:00
Maikel
faa826a76e Merge pull request #13647 from deivid-rodriguez/remove-obsoleted-gem 
Remove obsolete gem
 2025-10-29 11:44:59 +11:00
Maikel
1e02084f95 Merge pull request #13646 from deivid-rodriguez/bump-ruby 
Bump Ruby from 3.1.4 to 3.1.7
 2025-10-29 11:43:04 +11:00
Maikel
44cca40db6 Merge pull request #13643 from deivid-rodriguez/fix-prettier-issues 
Fix all existing prettier issues
 2025-10-29 11:36:54 +11:00
David Cook
52174b1e06 Merge pull request #13645 from deivid-rodriguez/review-dog-write-checks 
Fix reviewdog workflow failing to create checks
 2025-10-29 09:17:26 +11:00
Filipe
cdf0777d8e Merge pull request #13641 from openfoodfoundation/dependabot/bundler/knapsack_pro-8.4.0 
Bump knapsack_pro from 8.1.2 to 8.4.0
 2025-10-28 12:31:44 +00:00
David Cook
9cb7c46b44 Merge pull request #13631 from rioug/13117-upgrade-node 
Upgrade to node version 24
 2025-10-28 10:52:34 +11:00
David Rodríguez
4c6d894bc0 Bump RuboCop to 1.86.6 
There were a few changes needed:

* Plugins are now specified through `plugin:` config keyword.
* All plugin gems need to be specified explicitly in Gemfile since they
  are no longer dependencies of plugins already specified explicitly.
* All plugin gems need to be updated in other to use the new APIs.
* One cop was renamed.
* New offenses safe to correct were corrected directly with `bundle exec
  rubocop -a`.
* New offenses unsafe to correct were added to the TODO configuration
  with `bundle exec rubocop --auto-gen-config --auto-gen-only-exclude
  --exclude-limit 1400 --no-auto-gen-timestamp`.
 2025-10-27 11:30:33 +01:00
David Rodríguez
27975252f5 Rename pm_card to payment_method_id 
And also remove a couple of now unused `let`'s that were already using
this terminology.

Co-authored-by: David Cook <david@openfoodnetwork.org.au>
 2025-10-27 10:52:36 +01:00
David Rodríguez
9fc82776ec Move Stripe test payment method handling to a single place 
And comment a bit on them.

Co-authored-by: David Cook <david@openfoodnetwork.org.au>
 2025-10-27 10:45:45 +01:00
David Rodríguez
2c8bf82426 Migrate some spec to not send raw card numbers to Stripe API 
If I regenerate the VCR cassetes for
spec/lib/stripe/payment_intent_validator_spec.rb, I get a lot of errors
like this:

```
Stripe::CardError:

Sending credit card numbers directly to the Stripe API is generally
unsafe. We suggest you use test tokens that map to the test card you are
using, see https://stripe.com/docs/testing. To enable testing raw card
data APIs, see
https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.
```

It seems the sandbox environment associated to my developer API keys is
not allowed to send raw credit card data.

Instead of requesting Stripe support to enable that, or regenerate
cassettes with the API keys in Bitwarden, I figured we could migrate the
tests to not use raw credit card data.
 2025-10-27 09:08:30 +01:00