Changelog History
Page 8
-
v1.17.0 Changes
π This release contains mostly bug fixes, many of which are focused on Marketplace implementations. Thanks to @pmn4 for contributing many of the marketplace fixes and additions.
π There's also a little bit of cleanup of unused code in this release. This will likely be our last release on the 1.x line as our new work is focused on our 2.x version.
π Features
- feat: Prioritize Primary when multiple Shops match domain (#3528)
π Fixes
- π fix: custom tax rates not applied (#4806)
- π fix: console error tag name error pdp .. Resolves #4776 (#4790)
- π fix: email settings update on cancel (#4792)
- π fix: update detailView when its data changes (#4791)
- π fix: submitting the template edit form now works .. Resolves #4774 (#4780)
- π fix: edit groups panel (#4771)
- π fix: add translated text for adding user to group by admin (#4562)
- π fix: Hide Action View if Product Settings panel open (#4433)
- π fix: Import
getSlug
instead of usingthis.getSlug
(#4547) - π fix: Product Visibility for Marketplace Shops (#4425)
- π fix: cart item attributes (#4607)
- π fix: startup error before primary shop is created on initial startup (#4602)
- π fix: avoid infinite looping when taxes are enabled (11e95ba) .. Resolves #4620
- π fix: limit jest maxWorkers to 4 to improve CI perf (cd76a50)
π¨ Refactors
- π¨ refactor: Remove unused schemas (#4566)
Chores
- π³ chore: Rename the reaction-api Docker network (#4613)
- π chore: Use new CLI tool "propel" to deploy services to ECS (#4623)
-
v1.16.3 Changes
November 26, 2018v1.16.3
π Security Release
π§ We discovered a vulnerability that affects shops built on Reaction Commerce that use the Reaction-Social plugin with Facebook and the Facebook App Secret configured.
Overview
π This vulnerability has been present in every release that included the Reaction Social plugin. The App Secret is not used by Reaction Social and itβs unclear why the form for it was added to the application originally. It was introduced by a community contribution when the Reaction Social plugin was originally created. The App Secret should be removed from the Reaction Social panel. This will not have impact on the use of Facebook oAuth login which is set separately in the login services dashboard. If the same secret was used, it should be reset and a new token should be used for oAuth login via Facebook.
Vulnerability
π§ | oAuth Service Configuration Publication Vulnerability | | Severity | High | | Description | oAuth social plugin secrets could be shared with unauthenticated users via a publication. | | Affected Installations | Any shops with a configured Facebook appSecret in the Reaction Social dashboard. | | Affected Versions | All versions greater or equal to v0.5.3 | | Remediation | Apply patch or upgrade to patched version of Reaction Commerce. |
Patches
π Patches are attached to this release.
π Patches will download as a .zip file named: reaction-security-patches-2018-11-19-security-social-plugin.zip which contains the following patch files once uncompressed. These files have the versions they are applicable for in the name of the file.
π» Two patch files for removing the UI dependent on software version
π»fb-app-secret-ui-v0.14.0-v1.13.2-2018-11-19.patch
π»fb-app-secret-ui-v1.14.0-v2.0.0-rc.6-2018-11-19.patch
π Version specific migration patch file for removing the appSecret from the database
fb-app-secret-migration-v2.0.0-rc.6-2018-11-19.patch
fb-app-secret-migration-v1.17.0-2018-11-19.patch
fb-app-secret-migration-v1.16.0-2018-11-19.patch
fb-app-secret-migration-v1.15.0-2018-11-19.patch
fb-app-secret-migration-v1.14.0-2018-11-19.patch
fb-app-secret-migration-v1.13.0-2018-11-19.patch
fb-app-secret-migration-v1.12.0-2018-11-19.patch
fb-app-secret-migration-v1.11.0-2018-11-19.patch
fb-app-secret-migration-v1.10.0-2018-11-19.patch
Recommendations
Option 1: Install patched version of Reaction Commerce
β If you're using a version of Reaction Commerce >= v1.10.0, please install the latest patch version and run the migration included.
Option 2: Patch it yourself
β Remove Facebook App Secret from social plugin settings
Check the social settings operator panel. It can be accessed by clicking an icon (the "share-alt" icon) towards the bottom of the operator sidebar on the right of the screen
π Inside of the social settings panel, you will see the settings page for Facebook - if you have an βApp Secretβ configured in this section, remove it.
π If you prefer to do this with a migration, you can use the
fb-app-secret-migration-v1.{your-version}.x-2018-11-19.patch
migration patch that is appropriate for your version of Reaction. If youβre using an older version of Reaction and want to use a migration to unset the app secret, please contact [email protected] if you need assistance patching your version.Patch Reaction Commerce
π Apply patches to your version of Reaction Commerce. There are different patches for different versions of Reaction Commerce. These patches will remove the UI that permitted shop operators to add the Facebook App Secret to the social plugin panel.
β v1.14.0 - latest
π»fb-app-secret-ui-v1.14.0-v2.0.0-rc.6-2018-11-19.patch
v0.14.0 - v1.13.2
π»fb-app-secret-ui-v0.14.0-v1.13.2-2018-11-19.patch
π If youβre running a production shop on a version older than v0.14.0, please contact [email protected] for assistance in determining if patching the operator panel is necessary for your version.
Invalidate Existing Secrets
If you found a Facebook App Secret listed in your operator panel, you should invalidate it immediately from the Facebook App settings page.
Generate New Secrets
If you used this App Secret in any other applications or for Facebook oAuth login, you should generate and use a new secrets to continue to provide services to your customers. Do not add these secrets back into the social panel of Reaction Commerce.
-
v1.16.0 Changes
GraphQL
π Features
- feat: return absolute media URLs from GraphQL (#4565)
Meteor App
π Features
- feat 4571 Replace all Meteor.userId() with util function (#4582)
- feat: Improve animations and dynamically import animation libraries to reduce bundle size (#4500) .. Resolves #4441
π Fixes
- π fix: reaction error swallowing (#4592)
- π fix: update file-collections dependency from 0.5.0 to 0.6.0 (#4589)
- π fix: null check in email validation (#4520) .. Resolves #4502
- π fix: Add missing Shops.layout migration (#4609) .. Resolves #4608
-
v1.15.2 Changes
November 26, 2018v1.15.2
π Security Release
π§ We discovered a vulnerability that affects shops built on Reaction Commerce that use the Reaction-Social plugin with Facebook and the Facebook App Secret configured.
Overview
π This vulnerability has been present in every release that included the Reaction Social plugin. The App Secret is not used by Reaction Social and itβs unclear why the form for it was added to the application originally. It was introduced by a community contribution when the Reaction Social plugin was originally created. The App Secret should be removed from the Reaction Social panel. This will not have impact on the use of Facebook oAuth login which is set separately in the login services dashboard. If the same secret was used, it should be reset and a new token should be used for oAuth login via Facebook.
Vulnerability
π§ | oAuth Service Configuration Publication Vulnerability | | Severity | High | | Description | oAuth social plugin secrets could be shared with unauthenticated users via a publication. | | Affected Installations | Any shops with a configured Facebook appSecret in the Reaction Social dashboard. | | Affected Versions | All versions greater or equal to v0.5.3 | | Remediation | Apply patch or upgrade to patched version of Reaction Commerce. |
Patches
π Patches are attached to this release.
π Patches will download as a .zip file named: reaction-security-patches-2018-11-19-security-social-plugin.zip which contains the following patch files once uncompressed. These files have the versions they are applicable for in the name of the file.
π» Two patch files for removing the UI dependent on software version
π»fb-app-secret-ui-v0.14.0-v1.13.2-2018-11-19.patch
π»fb-app-secret-ui-v1.14.0-v2.0.0-rc.6-2018-11-19.patch
π Version specific migration patch file for removing the appSecret from the database
fb-app-secret-migration-v2.0.0-rc.6-2018-11-19.patch
fb-app-secret-migration-v1.17.0-2018-11-19.patch
fb-app-secret-migration-v1.16.0-2018-11-19.patch
fb-app-secret-migration-v1.15.0-2018-11-19.patch
fb-app-secret-migration-v1.14.0-2018-11-19.patch
fb-app-secret-migration-v1.13.0-2018-11-19.patch
fb-app-secret-migration-v1.12.0-2018-11-19.patch
fb-app-secret-migration-v1.11.0-2018-11-19.patch
fb-app-secret-migration-v1.10.0-2018-11-19.patch
Recommendations
Option 1: Install patched version of Reaction Commerce
β If you're using a version of Reaction Commerce >= v1.10.0, please install the latest patch version and run the migration included.
Option 2: Patch it yourself
β Remove Facebook App Secret from social plugin settings
Check the social settings operator panel. It can be accessed by clicking an icon (the "share-alt" icon) towards the bottom of the operator sidebar on the right of the screen
π Inside of the social settings panel, you will see the settings page for Facebook - if you have an βApp Secretβ configured in this section, remove it.
π If you prefer to do this with a migration, you can use the
fb-app-secret-migration-v1.{your-version}.x-2018-11-19.patch
migration patch that is appropriate for your version of Reaction. If youβre using an older version of Reaction and want to use a migration to unset the app secret, please contact [email protected] if you need assistance patching your version.Patch Reaction Commerce
π Apply patches to your version of Reaction Commerce. There are different patches for different versions of Reaction Commerce. These patches will remove the UI that permitted shop operators to add the Facebook App Secret to the social plugin panel.
β v1.14.0 - latest
π»fb-app-secret-ui-v1.14.0-v2.0.0-rc.6-2018-11-19.patch
v0.14.0 - v1.13.2
π»fb-app-secret-ui-v0.14.0-v1.13.2-2018-11-19.patch
π If youβre running a production shop on a version older than v0.14.0, please contact [email protected] for assistance in determining if patching the operator panel is necessary for your version.
Invalidate Existing Secrets
If you found a Facebook App Secret listed in your operator panel, you should invalidate it immediately from the Facebook App settings page.
Generate New Secrets
If you used this App Secret in any other applications or for Facebook oAuth login, you should generate and use a new secrets to continue to provide services to your customers. Do not add these secrets back into the social panel of Reaction Commerce.
-
v1.15.0 Changes
Sitemap Generator
π A sitemap generator plugin that creates and stores XML for a sitemap index, as well as sitemaps for tag pages, PDPs, and arbitrary URLs that can be added via an event hook.
π· There is a recurring job that runs every 24 hours (the specific interval can be changed) that generates the sitemaps. There is also a button to manually trigger a refresh, at Dashboard -> Shop -> Options - along with a notification that appears when it's completed.
π Use our GraphQL API for the Product Grid within the Meteor App
π As part of our push towards our GraphQL API, we've started to leverage the API inside of our existing Meteor app. This release converts our customer facing product grid from using Meteor Pub/Sub to consuming data from our GraphQL API instead. This is the first step in an ongoing initiative to start using the GraphQL API inside of our existing monolithic commerce application. See #4481 for a list of files changed.
GraphQL Checkout
π This release includes the first set of GraphQL APIs designed for stepping through a checkout. While we've started to consume this API within our Storefront Starter Kit, these APIs should be treated as unstable and subject to change. We've added mutations for setting an anonymous email -
setEmailOnAnonymousCart
and selecting fulfillment options -selectFulfillmentOptionForGroup
.A note on fulfillment options β‘οΈ Fulfillment options are what we're calling what used to be shipment options. In order to prepare ourselves for several types of fulfillment that do not necessarily include shipping, we're updating the checkout through order models, methods, and now our GraphQL API to be capable of grouping items into "Fulfillment Groups". This opens the door for several new types of fulfillments down the line such as In Store Pickup, Digital Downloads, Digital Key Generation, and anything else you can think up. We're not actively building any of these different fulfillment types into core, but want to ensure that it's possible and there's a clear direction to do so.
π₯ Breaking Changes
- β‘οΈ If a plugin adds an "afterCartUpdate" hook, it will no longer be called. Change the plugin code to use appEvents.on("afterCartUpdate" instead. (#4535)
- β‘οΈ If a plugin creates or updates a cart, be sure it calls appEvents.emit("afterCartCreate") or appEvents.emit("afterCartUpdate"), respectively, passing the proper arguments. If you do this within an appEvents.on hook for the same event, be sure to wrap the call in conditional logic to avoid an infinite loop. (#4535)
- π¨ We've refactored the
Shipment
schema to remove theitems
property. This will cause a breaking change for plugins expecting the items property to be there. Such plugins should be updated to use a combination of itemIds and the main items list. (#4531) - β Removed
requiresShipping
prop from products and catalog products. This has been replaced by an arraysupportedFulfillmentTypes
. Reaction's core admin interface did not provide a method for setting this prop, and we've left thesupportedFulfillmentTypes
out of the exiting operator interface. This change will emable us to show a "Shipping"/"Pick Up" selector for other items down the road. Will also permit creation of digital fulfillment types, etc. (#4554) - β‘οΈ The last argument of the setShipmentMethod Meteor method now expects just the method ID rather than the whole method object. Core client code has been updated, but you should update any custom code that calls this method.
- β Removed the resetShipmentMethod Meteor method
- β‘οΈ The
cart/setAnonymousUserEmail
Meteor method is removed. This does not break any core behavior, but it might require updates to any custom plugins.
GraphQL DevServer
π Features
- β‘οΈ feat(GraphQL): update fulfillment options for group (#4538)
- feat(GraphQL): Add resolver for Cart.totalItemQuantity (#4533)
- feat(GraphQL): add resolver for Cart.checkout (#4507)
- feat(GraphQL): Replace "cart/setAnonymousUserEmail" Meteor method with setEmailOnAnonymousCart mutation (#4564)
- feat(GraphQL): Implement selectFulfillmentOptionForGroup mutation (#4548)
π Fixes
- π fix(GraphQL): Fix CartItem.currentQuantity (#4508)
Meteor App
π Features
- feat: Convert product grid to consume GraphQL data (#4481) .. Resolves #4480
- feat: Fulfillment improvements (#4554)
- π feat: Plugin for auto-generated sitemaps (#4413) .. Resolves #4353
π Performance
- perf: improve orders sub speed by rearranging pipeline (#4555)
- π perf: Move formatPhoneNumber (and libphonenumber-js) server-side to reduce client bundle (#4517) .. Resolves #4516
π Fixes
- π fix: for sidebar unable to be opened (edge condition) (#4546) .. Resolves #4545
- π fix(marketplace): Default to Primary Shop when no domains match (#4544)
- π fix: sync lowInventoryThreshold number between variants and child options (#4519)
- π fix: Product prices showing as \$NaN.undefined on the customer product grid (#4518)
π¨ Refactors
- π¨ refactor: Refactor cart / fulfillment hooks (#4535)
- π¨ refactor fulfillment items (#4531)
- π¨ refactor: resolve reaction error (#4494) .. Resolves #4477
- π¨ refactor: Dynamically import Swiper to reduce client bundle size (#4515) .. Resolves #4514
Chores
- chore: Added production bundle size check to CircleCI (#4521)
Contributors
- π Thanks to @pmn4 for contributing to this release :tada:
-
v1.14.1 Changes
π Patch release
π Resolves issues found after releasing
1.14.0
- one causing jsdoc to fail during CI builds for themaster
branch, and another where method hooks were running incorrectly occasionally forcatalog/publish/products
andaccoutns/addressBookAdd
. See specific PRs for more details.Meteor App
π Bugfixes
- π fix: Ensure method hooks always run with correct timing (before and after method) (#4537) .. Resolves #4437
- π fix: jsdoc promise returns (#4539)
- π fix: Null Guarding in GroupsTableCell (#4440)
Contributors
π Thanks to @pmn4 for contributing to this release :tada:
π¦ NPM Package Version Changes
π There are no dependency changes in this release
-
v1.14.0 Changes
π Removing Optional Plugins
π As part of our focus simplifying the core Reaction application and improving performance, we've made the decision to remove optional plugins from the core application. From our blog post on this topic:
π¦ > Itβs about quality over quantity. As a part of our initiative to simplify Reaction, weβre focusing on providing one reference application per feature and moving all others over to community-sponsored packages. Weβll be migrating packages, APIs, and schemas over to npm. Itβs a standard approach to package management, one that improves the developer experience overall.
Hereβs how it will look:
π¦ | Category | Reaction default(s) | Community package(s) | | ---------- | ------------------------------- | -------------------------------- | π¦ | Payments | Stripe, example payment package | PayPal, Authorize.net, Braintree | | Taxes | Flat rate | Avalara, TaxCloud, TaxJar | | Shipping | Flat rate | Shippo | | Connectors | CSV connector | Shopify connector |
β‘οΈ As the first step of this process we've moved a number of packages from the https://github.com/reactioncommerce/reaction repo to independent repositories in the new https://github.com/reaction-contrib organization. You can install these packages by following the instructions located inside of each new repository. Once installed they should work as they did in v1.13. Any issues you have with updating these packages should be filed in the repos created for these packages and not in the core Reaction repo going forward. If you're interested in contributing to or helping to maintain any of the packages that we've moved to reaction-contrib, please reach out to @zenweasel and he can get you setup.
π The list of packages that have been removed in this release is as follows:
- Shopify
- TaxCloud
- Avalara
- Authorize.net
- Paypal
- Braintree
- TaxJar
- Advanced Inventory Management
- Shippo
- SMS
- Discount Rates (unused, not the same as our current discount codes)
- π² Logging (unused by core application)
π This work is listed as a breaking change. If your application relies on any of these packages, you will have to install them independently of Reaction going forward. This release will not destroy data associated with these plugins, so you should be able to safely update without losing information. However, please be sure to test this for your specific application before deploying to production and as always, backup your data before updating versions.
GraphQL Cart
π This release contains the Cart and Checkout GraphQL schemas along with several cart queries and mutations. We're starting to make some changes to the core cart schemas for Reaction and the process that we use to create and identify carts.
π One of these changes is when we create a cart for a customer. To this point, we've created a cart document for each and every visitor to a Reaction storefront. Going forward we'll be creating carts on demand. This means that a customer will not have a cart associated with them until they first add a product to the cart. This is how we've architected the GraphQL API to work and we've made some changes to the legacy Reaction cart system to put it in sync.
β‘οΈ We're signifincantly adjusting the Cart schema as well. The best way to understand all of this will be to read through the updated GraphQL Cart Schema in #4307 and #4390 but I'll try to note some things to be aware of going forward.
A cart will have either an account associated with it or may be anonymous.
π A cart will have an array of items associated with them. As we will be lazy in creating carts, when the cart is created this array of items will have at least one item in it. We do not destory carts if a customer removes all items from a cart, so it is possible that there will be an empty array of items inside of a cart.
One of the major changes to carts is related to how we store information necessary to create an order from a cart. We're introducing a new field
checkout
to the cart schema which you can dig into in #4309. This will be where fulfillment information, payment information, addresses and any other information necessary to process a checkout will be stored.π Recognizing the need to be able to handle orders which have items that require different types of fulfillment, we're organizing items into what we're calling "Fulfillment Groups." The most basic example is that a fulfillment group could be a group of items that is getting shipped to a specific address. For an order with
n
items, there can exist up ton
fulfillment groups within that cart. This specific release doesn't introduce any new functionality for adding new types of fulfillment groups or splitting a single cart into multiple fulfillments, but it does lay the groundwork for splitting orders, creating new fulfillment types such as an in store pickup, ship to store, digital downloads, or generated license keys.We're currently mapping this new GraphQL Schema to the existing Reaction Simple Schema, but will be transitioning all of our existing schemas to match (more or less) our new GraphQL schemas going forward.
A cart will still be associated with a single shop. This is consistent with current behavior.
There are two GraphQL Queries for fetching carts, one for getting anonymous carts
anonymousCartByCartId
and one for getting account cartsaccountCartByAccountId
π This release introduces GraphQL Mutations for creating carts, adding items to carts, removing items from carts, updating cart items, and reconciling carts when a customer with an anonymous cart logs into an account.
π
ReconcileCarts
is a new method which replaces and extends our previousmergeCarts
method with additional functionality. ReconcileCarts has 3 modes:merge
,keepAnonymousCart
, andkeepAccountCart
.merge
is the default mode and works identically to how the existingmergeCarts
method works, where the anonymous cart is combined with the account cart, items are deduped, and quantities are incremented to match the combined qty of the items in the carts.keepAnonymousCart
will keep only the items and the checkout information in the anonymous cart, andkeepAccountCart
will do the same but for the Account Cart.π₯ Breaking Changes
Meteor App
File Organization
- π We've moved all files from
/server
into plugins. All imports with paths that begin with /server will need to be changed for any custom code or community plugins. See the file changes in https://github.com/reactioncommerce/reaction/pull/4366/files to see examples of changing import paths from/server
to relevant plugin paths.
Cart
- β‘οΈ A cart is not created until items are added. Previously a cart was created for all users, including anonymous users, immediately if one was not found. This is not a breaking change for the core app, but any custom plugins may have code that will need to be updated to handle the possibility of there not being a cart.
- β‘οΈ Update the signature of most cart methods to take an optional cartToken string param. Update all places that call these methods to pass in the token for anonymous carts.
- β‘οΈ Carts and Orders no longer have userId. They now have accountId. Core client code has been updated, but custom code will need to look up the account for the user and then look up the cart or order from that.
- β‘οΈ The CartItem SimpleSchema no longer includes variants and product, i.e., the entire variant and product objects are not copied to the cart item. Instead, certain properties that are needed are copied directly to the CartItem object. For example, item.productSlug. See the updated schema.
- π
cart/removeCart
Meteor method behavior is the same as before, but the return value is now{ cart }
- β‘οΈ The signature of the "cart/setAnonymousUserEmail" method has changed. It now takes cartId, token arguments. The client code that calls it has been updated, but any custom code calling it will need to be updated.
- Accounts.loginWithAnonymous is no longer available to client code. This was only used in one place, and similar logic has replaced it in that spot.
- βͺ workflow/pushCartWorkflow and workflow/revertCartWorkflow methods now require that you pass in the cartId rather than guessing which cart you intend.
- In general, be aware that cart.accountId may now be null. Previously, it would be set even for anonymous carts, to the account for the user with "anonymous" role. For now, order.accountId is still set after an anonymous order is placed.
- The "Reaction.sessionId" stored ID is now used only for auto-login of anonymous users. It is not used by any of the cart code. Also, the "Sessions" collection is no longer written to or published to clients. It will not be dropped automatically, but you can drop it if you no longer need it.
Checkout
- π Stripe checkout now uses Stripe Elements - for more details see #4325
π· Tags
- π We're now limiting the tags publication to show only tags from the current active shop. This is more of a clarification of how this was supposed to work, but if you depended on all tags being published, this will cause unexpected behavior. See #4206 for specific changes.
Other
- π¦ Removal of previously included ancillary packages listed in the "Removing Optional Plugins" section
- π The function
createCatalogProduct
has been moved into it's own file. This function was not being exported and should not create any issues, but be aware. - The Catalog schema has been changed. It was in a "use at your own risk" state before this, but if you've been using it you may have to migrate some data
- π We've removed the core plugin
Logging
which was used only by the Avalara plugin to this point. If you relied on this plugin, you'll need to reinstall it.
GraphQL
- In the GraphQL context, there is no longer a methods object. Instead you can call any method with context.callMeteorMethod(name, ...args).
- π In the GraphQL context, context.queries is now namespaced by which plugin the queries come from. For example, context.queries.userAccount is now context.queries.accounts.userAccount.
Notable Features
π Deploy to Heroku Button
π We've added a deploy to Heroku button which should appear in the project readme now. You can now deploy Reaction to Heroku by clicking the "Deploy to Heroku" button and then filling out hte information required by Heroku.
Hashing Products
We're now hashing products to determine when a product changes that have not been published to the Catalog. This shows up as an indicator on the publish button when viewing a product that has unpublished changes.
Serve js and css from CDN
π We now provide an option to serve the bundled javascript and css files from a CDN. See #4316 for more information.
robots.txt
0οΈβ£ We've added a permissive default
robots.txt
file. This file permits all bots to crawl and disallows bots from crawling/resources
GraphQL DevServer
π Features
- feat: GraphQL Cart Schema (#4307)
- feat: GraphQL Cart checkout schemas (#4390)
- feat: Add anonymousCartByCartId GraphQL query (#4382)
- feat: createCart mutation, addCartItems mutation, and related cart/order schema changes (#4412)
- π feat: Meteor-free addressBookAdd method and GraphQL plugin reorg (#4167)
- feat: Add
resolveAccountFromAccountId
resolver (#4495) - π feat: remove cart items (#4474)
- β‘οΈ feat: update cart items quantity (#4472)
- feat: create reconcileCarts mutation (#4443)
- feat: Add accountCartByAccountId resolver (#4427)
Meteor App
π Features
- feat: Shippo address validation (#4086)
- feat: Use token to create Stripe charges (#4325)
- π feat: Create deploy to heroku button (#4320)
- π³ feat: enable oplog in development Docker Compose config (#4420)
- feat: Create product hash of published product properties (#4336)
- feat: added CDN settings to reaction (#4316)
- feat: Indicator to notify of pending product changes not yet published to catalog (#4383)
- feat(marketplace): Limit Tags Publication to Those for the Current Shop (#4206)
- feat: add robots.txt file (#4370)
- π feat: Remove account from anon carts, don't use session for carts (#4496)
- feat(marketplace): Consideration for Marketplace Shops on Different URLs (#3332)
π Fixes
- π fix: update and pin to latest version of sharp package (#4466)
- π fix: Use hashtags and tagIds to form tags obj (#4415) .. Resolves #4414
- π fix: Marketplace Settings (#4334) .. Resolves #4333
- π fix: update dependencies (#4444)
- π fix: Invalidate circleci caches (#4432)
- π fix: changing product handle throws 404 (#4403) Resolves #4023
- π fix: Tax and inventory toggle switches do not work (#4445) Resolves #4401
- π fix: Taxcloud with marketplace setup. (#4140) Resolves #4089
- π fix: Options now have parent's taxCode (#4182) Resolves #4141
- π fix(marketplace): also send notification to shop owners upon order creation (#4295)
- π fix: not publishing customer accounts (#4402) .. Resolves #4374
- π fix: Can't save discount codes (#4410) .. Resolves #4408
- π fix: Discount Codes React Table Not Rendering Correctly (#4411) .. Resolves #4247
- π fix: Unable to save custom tax rate (#4405) .. Resolves #4396
- π fix: low quantity/sold out flags not saving correctly in db (#4342)
- π fix: Scrolling to bottom adds more products to the view (#4243) .. Resolves #4090
- π fix: remove react-addons-create-fragment (#4164)
- π fix: change session active product when adding new product (#4313)
- π fix: missing styles on refund popover (#4300) .. Resolves #4005
- π fix: fix permissions of shop social settings (#4312)
- π fix: Archived products not being removed from Catalog (#4392)
- π fix: Default settings for parcel size (#4083)
- π fix: Update prerender.js (#4331)
- π fix(marketplace): Product Visibility for Marketplace Shops (#4259) .. Resolves #4092
- π fix: mislabeled schema (#4371)
- π fix: ActionView Component Typos (#4439)
- π fix: Cannot set replyTo or other field options when using Reaction.Email.send (#4380) .. Resolves #4343
- π fix: migration error preventing app startup (#4491)
- π fix: add media information to Variants and Options (#4468)
- π fix: Publish button infinite loop bug (#4488)
- π fix: client errors related to domain lookup changes (#4471)
π Performance
- perf: Dynamically import Moment locales to reduce client bundle size (#4455) .. Resolves #4454
- perf: Improve app startup time when large number of Accounts/Users exists (#4449) .. Resolves #4384
π¨ Refactors
- π¨ refactor: Use new Reaction component library components for the SMS settings form (#4318)
- π¨ refactor: Remove "Catalog" from menu (#4385)
- π¨ refactor: Move all /server files to plugins (#4366)
- π¨ refactor: Update Catalog Schema (#4421)
π Plugin Migration
- π¨ refactor: Remove Shopify plugin (#4395)
- π¨ refactor: Remove TaxCloud plugin (#4428)
- π¨ refactor: Remove Avalara plugin (#4398)
- π¨ refactor: Remove Authorize.net plugin (#4310)
- π¨ refactor: Remove Paypal plugin (#4339)
- π¨ refactor: Remove Braintree plugin (#4351)
- π¨ refactor: Remove disabled TaxJar plugin (#4348)
- π¨ refactor: Remove inventory package (#4388)
- π¨ refactor: Remove shipping-shippo plugin (#4460)
- π¨ refactor: Remove SMS plugin (#4451)
- π¨ refactor: Remove unused discount-rates plugin (#4458)
- π¨ refactor: remove unused logging (#4476)
Chores
- π chore: CircleCI step for deploying to an existing ECS cluster (#4487)
- π chore: make the snyk-security step a dependency for the docker-build step; sβ¦ (#4446)
Contributors
π Thanks to @pmn4 and @hrath2015 for contributing to this release :tada:
π¦ NPM Package Version Changes
This is a list of all new, changed, and removed dependencies that exist in our dependency graph for a production build. This does not include dev dependencies.
π New Dependencies
@babel/[email protected] @babel/[email protected] @emotion/[email protected] @emotion/[email protected] @emotion/[email protected] @emotion/[email protected] @emotion/[email protected] @emotion/[email protected] @emotion/[email protected] @reactioncommerce/[email protected] @types/[email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
β‘οΈ Updated Dependencies
[email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] /Users/spencer/reaction/reaction [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
β Removed Dependencies
42-cent-base 42-cent-util @braintree/wrap-promise @sindresorhus/is @types/node UNMET PEER DEPENDENCY graphql@^0.10.0 || ^0.11.0 || ^0.12.0 aphrodite array.prototype.flatten authorize-net base64url braintree buffer-crc32 cacheable-request chain-function clone-response connect-query dateformat debuglog deprecate duplexer3 from2 got has-symbol-support-x has-to-string-tag-x http-cache-semantics into-stream is-object is-plain-obj is-retry-allowed isemail isurl joi json-buffer json-stable-stringify jsonify jsonwebtoken keyv lodash.isboolean lodash.isinteger lodash.isnumber lodash.once lowercase-keys nexmo normalize-url p-cancelable p-is-promise p-timeout paypal-rest-sdk pop-iterate prepend-http q react-addons-create-fragment react-addons-pure-render-mixin responselike rootpath scmp shippo shopify-api-node sort-keys stopcock string-hash timed-out topo twilio url-parse-lax url-to-options weak-map
Metrics
π You don't improve what you don't measure. In efforts to improve the size of our bundles, the time to first paint, time to interactive, and overall performance of our applications, we're starting to report on bundle size and some performance metrics in every release. With effort and persistence, we'll see these numbers improve over time.
Bundle Size
π We measure bundle size by building the application using
meteor build
and then measuring the js and css bundle size with the commandwc -c /path/to/js-bundle-file.js
π» JS Modern Browsers: 4872kb π» JS Legacy Browsers: 5104kb π» CSS All Browsers: 392kb
-
v1.13.1 Changes
π This release exclusively includes a patch update to Meteor from
1.7.0.1
to1.7.0.3
π This release should be installed by anyone on Reaction 1.13.0 and includes an important security update to Node, updating to version 8.11.3 of Node, which is an important security release.
β‘οΈ The underlying meteor-babel npm package has also been updated to version 7.0.0-beta.51.
π Security
- β‘οΈ security: Update to Meteor 1.7.0.3 (#4368)
-
v1.13.0 Changes
Removal of Legacy Product Revision Control system
π The major change in this release is that we've removed the existing revision control system in favor of publishing Products to the Catalog. The existing revision control system contained some powerful ideas, but was complex and intertwined into many areas of the app that were not directly related to Product. By removing the old revision control system, we've paved the way to substantially improve product grid performance, especially for Operators and we've simplified the product publication logic.
π¦ This removes all code, hooks, collections, and packages related to revision control.
π₯ Breaking changes:
- π¦ Any custom packages that depend on the
Revision
control system. - Operators will no longer be able to "undo" changes to a product. Instead products are published through the catalog
- Any unpublished changes to products will be lost when upgrading to
1.13.0
. In this release, it's possible that if you were to downgrade that you would see the unpublished changes again, but that may cause unexpected behavior. We recommend either publishing or discarding any changes to your products before upgrading to this release. π Similarly, any products that have been created but not published will demonstrate unexpected behavior. To avoid this undesirable behavior, publish any newly created, unpublished products prior to upgrading to this release.
π All plugin authors will need to update your
package.json
with a change to the babel config similar to what was done here
β‘οΈ Update to Meteor 1.7
β‘οΈ This update brings some enormous improvements to the amount of time it takes to rebuild the application in development after making a file change. In some (less than perfectly scientific) tests that I ran testing file changes between 1.7 and 1.6.1 I saw 50%-90% improvements in the reload time. Your experience may vary depending on how much you've customized Reaction, your computer specs, and your specific development setup, but I fully expect this to be a noticeable improvement for anyone working with Reaction.
β‘οΈ There are some early reports that the included update to the MongoDB driver may have some kinks to work out, so I'd follow those issues on Meteor's repo if that's a cause for concern for you. These reports are all coming from a single person, and we haven't experienced any of these issues in particular yet, but we'll be keeping an eye on them.
π We ran into a few issues with
npm install
that we resolved in #4317. One product that came out of this investigation was some documentation for how to properly clean up and rebuild docker images in Reaction.To stop and clean up your images
docker-compose down -v --rmi local --remove-orphans
To rebuild your Reaction images
docker-compose up --build --force-recreate --renew-anon-volumes
If you only want to run Reaction and not the GraphQL DevServer
docker-compose up --build --force-recreate --renew-anon-volumes reaction
If you only want to run the DevServer and not the Meteor app
docker-compose up --build --force-recreate --renew-anon-volumes devserver
Meteor App
π Performance
- π perf: remove revision control (#4238)
- β‘οΈ perf: update to Meteor 1.7 (#4265)
π Bug Fixes
- π fix: Use catalog collection for PDP (#4324)
- π fix: Import fixture data only if collections empty (#4327) .. Resolves #4326
- π fix: Invalid class name: .variant-list-item-{variant._id} (#4217)
- π fix: NPM build issue in Docker build (#4317)
- π fix: add getAutoValues: false to discounts/codes/remove (#4288)
- π fix: hadolint image version (#4306)
- π fix: CI step failure to tag Docker image with latest release version (#4304)
- π fix: admin products publication slowness (#4260)
- π fix: remove inventoryPolicy check on low inventory (#4298)
π¨ Refactors
- π¨ refactor: non meteor schemas (#4266) .. Resolves #4263
β Tests
- β test: new mocks factory (#4276) .. Resolves #4246
- π¦ test: run snyk when package.json has changed or base is master (#4285)
π Docs
- π docs(jsdoc): document all Meteor Template helpers in 1 @namespace (#3841) .. Resolves #3840
GraphQL Dev Server
π Features
- feat: add Media to Tag Schema and GraphQL query (#4270)
Chore
- β‘οΈ chore: update default GraphQL query limit values (#4297)
Contributors
π Thanks to @mikeumus for contributing to this release. π
- π¦ Any custom packages that depend on the
-
v1.12.1 Changes
π Bug Fixes
- π fix: handle products without positions obj .. Resolves #4299
π This release is a hotfix for #4299 which was discovered shortly after v1.12.0 was released.
The issue was releated to a type error that was thrown during a migration:
If any documents in
Catalog
collection do not have apositions
property, migration fails on startup on first start after migration to v1.12.0. The migration is left locked. The error message is:0|reaction | TypeError: Cannot convert undefined or null to object 0|reaction | at Function.keys (<anonymous>) 0|reaction | at items.forEach (imports/plugins/core/versions/server/migrations/25_update_catalog_schema.js:28:12)