shopify_app 11.3.1 → 11.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d03b6142b691376caced56548c2ac277ca9a8b148040e9a09fb47256fa8c6667
-  data.tar.gz: 0fa432c529c6b3b36da1edad1c8e0895f40a8e9b97bd65bb48cc20a8933541a6
+  metadata.gz: 14c540b5ab61f25b6a0ad180f76161ae69536d8fcf52f623bd997055b145e02a
+  data.tar.gz: 69be07412bfd24ca729a2e4d1207a7884d71418e5773337ddb477118d2594e86
 SHA512:
-  metadata.gz: 372d058a3d474acf4c5a82dd52f50e22fe5d36ee049a54700eb7fc57bd7d130b38fd57e4bb6fd4ce7267b4f3f8eeeaf21cd29bb5b2e74bc1ac461066cde872e6
-  data.tar.gz: d6758972dbd21542e438ad361584ced0fa85c48470486ed42b3545ae6fb920a818dba199815d9b84bf4dc0c24d93a0232114f84a425b1a936482c9aa9b431b12
+  metadata.gz: 901b0a51d2891756243f0903d23833dc3399b158fb27f703a5fe3f977550db9c7d87116b83b1c568de57236855704e80d1dec91fe2094a6cf4280abaff116219
+  data.tar.gz: 172ac0593c9ee3c0dd870a585e122feaeae4b387df367c6962d239e0a79a784c247bc1645ecbe3a3264ae3b57142bbd0854bc34a67461e134374214419a3125c

data/.travis.yml

@@ -6,8 +6,6 @@ before_script:
     - "sudo chown root /opt/google/chrome/chrome-sandbox"
     - "sudo chmod 4755 /opt/google/chrome/chrome-sandbox"
 language: ruby
-before_install:
-  - gem update --system
 cache:
   bundler: true
   directories:

data/CHANGELOG.md

@@ -1,3 +1,30 @@
+11.6.0
+-----
+* Enable SameSite=None; Secure by default on all cookies for embedded apps [#851](https://github.com/Shopify/shopify_app/pull/851)
+  * Ensures compatibility of embedded apps with upcoming Chrome version 80 changes to cookie behaviour
+  * Configurable via `ShopifyApp.configuration.enable_same_site_none` (default true for embedded apps)
+
+11.5.1
+-----
+* Revert per-user token support temporarily
+
+11.5.0
+-----
+* Modularizes durable session storage
+* Introduces per-user token support and user session management
+
+11.4.0
+-----
+* Remove `dotenv-rails` dependency. [#835](https://github.com/Shopify/shopify_app/pull/835)
+
+11.3.2
+-----
+* Fix hosts generator in Rails 5 [#823](https://github.com/Shopify/shopify_app/pull/823)
+
+11.3.1
+-----
+* Bump browser_sniffer version to 1.1.3 [#824](https://github.com/Shopify/shopify_app/pull/824)
+
 11.3.0
 -----
 * Update assets to be compatible with Rails 6 [#808](https://github.com/Shopify/shopify_app/pull/808)

data/README.md

@@ -171,6 +171,13 @@ $ rails generate shopify_app:app_proxy_controller
 
 This optional generator, not included with the default generator, creates the app proxy controller to handle proxy requests to the app from your shop storefront, modifies 'config/routes.rb' with a namespace route, and an example view which displays current shop information using the LiquidAPI
 
+### Marketing Extension Generator
+
+```sh
+$ rails generate shopify_app:add_marketing_activity_extension
+```
+
+This will create a controller with the endpoints required to build a [marketing activities extension](https://help.shopify.com/en/api/embedded-apps/app-extensions/shopify-admin/marketing-activities). The extension will be generated with a base url at `/marketing_activities`, which should also be configured in partners.
 
 ### Controllers, Routes and Views
 

data/config/locales/nl.yml

@@ -1,20 +1,20 @@
 ---
 nl:
-  logged_out: je bent afgemeld
+  logged_out: u bent afgemeld
   could_not_log_in: Kon niet aanmelden bij Shopify-winkel
   invalid_shop_url: Ongeldig winkeldomein
   enable_cookies_heading: Schakel cookies in van %{app}
-  enable_cookies_body: Je moet cookies in deze browser handmatig inschakelen om %{app}
+  enable_cookies_body: U moet cookies in deze browser handmatig inschakelen om %{app}
     binnen Shopify te gebruiken.
-  enable_cookies_footer: Met cookies kan de app je verifiëren door je voorkeuren en
+  enable_cookies_footer: Met cookies kan de app u verifiëren door uw voorkeuren en
     persoonlijke informatie tijdelijk op te slaan. Ze vervallen na 30 dagen.
   enable_cookies_action: Schakel cookies in
-  top_level_interaction_heading: Je browser moet %{app} verifiëren
-  top_level_interaction_body: Je browser heeft apps nodig zoals %{app} om je toegang
-    te vragen tot cookies voordat Shopify het voor je kan openen.
+  top_level_interaction_heading: Uw browser moet %{app} verifiëren
+  top_level_interaction_body: Uw browser heeft apps nodig zoals %{app} om u toegang
+    te vragen tot cookies voordat Shopify het voor u kan openen.
   top_level_interaction_action: Doorgaan
   request_storage_access_heading: "%{app} heeft toegang tot cookies nodig"
-  request_storage_access_body: Hiermee kan de app je verifiëren door je persoonlijke
+  request_storage_access_body: Hiermee kan de app u verifiëren door uw persoonlijke
     gegevens tijdelijk op te slaan. Klik op Doorgaan en sta cookies toe om de app
     te gebruiken.
   request_storage_access_footer: Cookies verlopen na 30 dagen.

data/lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb

@@ -0,0 +1,39 @@
+require 'rails/generators/base'
+
+module ShopifyApp
+  module Generators
+    class AddMarketingActivityExtensionGenerator < Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+
+      def generate_app_extension
+        template "marketing_activities_controller.rb", "app/controllers/marketing_activities_controller.rb"
+        generate_routes
+      end
+
+      private
+
+      def generate_routes
+        inject_into_file(
+          'config/routes.rb',
+          optimize_indentation(routes, 2),
+          after: "root :to => 'home#index'\n"
+        )
+      end
+
+      def routes
+        <<~EOS
+
+          resource :marketing_activities, only: [:create, :update] do
+            patch :resume
+            patch :pause
+            patch :delete
+            post :republish
+            post :preload_form_data
+            post :preview
+            post :errors
+          end
+        EOS
+      end
+    end
+  end
+end

data/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+class MarketingActivitiesController < ExtensionVerificationController
+  def preload_form_data
+    preload_data = {
+      "form_data": {
+        "budget": {
+          "currency": "USD",
+        }
+      }
+    }
+    render(json: preload_data, status: :ok)
+  end
+
+  def update
+    render(json: {}, status: :accepted)
+  end
+
+  def pause
+    render(json: {}, status: :accepted)
+  end
+
+  def resume
+    render(json: {}, status: :accepted)
+  end
+
+  def delete
+    render(json: {}, status: :accepted)
+  end
+
+  def preview
+    placeholder_img = "https://cdn.shopify.com/s/files/1/0533/2089/files/placeholder-images-image_small.png"
+    preview_response = {
+      "desktop": {
+        "preview_url": placeholder_img,
+        "content_type": "text/html",
+        "width": 360,
+        "height": 200
+      },
+      "mobile": {
+        "preview_url": placeholder_img,
+        "content_type": "text/html",
+        "width": 360,
+        "height": 200
+      }
+    }
+    render(json: preview_response, status: :ok)
+  end
+
+  def create
+    render(json: {}, status: :ok)
+  end
+
+  def republish
+    render(json: {}, status: :accepted)
+  end
+
+  def errors
+    request_id = params[:request_id]
+    message = params[:message]
+
+    Rails.logger.info("[Marketing Activity App Error Feedback] Request id: #{request_id}, message: #{message}")
+
+    render(json: {}, status: :ok)
+  end
+end

data/lib/generators/shopify_app/install/install_generator.rb

@@ -11,10 +11,6 @@ module ShopifyApp
       class_option :embedded, type: :string, default: 'true'
       class_option :api_version, type: :string, default: nil
 
-      def add_dotenv_gem
-        gem('dotenv-rails', group: [:test, :development])
-      end
-
       def create_shopify_app_initializer
         @application_name = format_array_argument(options['application_name'])
         @scope = format_array_argument(options['scope'])
@@ -67,7 +63,7 @@ module ShopifyApp
       def insert_hosts_into_development_config
         inject_into_file(
           'config/environments/development.rb',
-          "  config.hosts << /\\h+.ngrok.io/\n",
+          "  config.hosts = (config.hosts rescue []) << /\\h+.ngrok.io/\n",
           after: "Rails.application.configure do\n"
         )
       end

data/lib/generators/shopify_app/install/templates/shopify_app.rb

@@ -8,7 +8,7 @@ ShopifyApp.configure do |config|
   config.embedded_app = <%= embedded_app? %>
   config.after_authenticate_job = false
   config.api_version = "<%= @api_version %>"
-  config.session_repository = ShopifyApp::InMemorySessionStore
+  config.session_repository = 'ShopifyApp::InMemorySessionStore'
 end
 
 # ShopifyApp::Utils.fetch_known_api_versions                        # Uncomment to fetch known api versions from shopify servers on boot

data/lib/shopify_app.rb

@@ -24,6 +24,9 @@ module ShopifyApp
   # utils
   require 'shopify_app/utils'
 
+  # controllers
+  require 'shopify_app/controllers/extension_verification_controller'
+
   # controller concerns
   require 'shopify_app/controller_concerns/localization'
   require 'shopify_app/controller_concerns/itp'
@@ -40,6 +43,9 @@ module ShopifyApp
   require 'shopify_app/managers/webhooks_manager'
   require 'shopify_app/managers/scripttags_manager'
 
+  # middleware
+  require 'shopify_app/middleware/same_site_cookie_middleware'
+
   # session
   require 'shopify_app/session/session_storage'
   require 'shopify_app/session/session_repository'

data/lib/shopify_app/configuration.rb

@@ -14,7 +14,7 @@ module ShopifyApp
     attr_accessor :webhooks
     attr_accessor :scripttags
     attr_accessor :after_authenticate_job
-    attr_accessor :session_repository
+    attr_reader :session_repository
     attr_accessor :api_version
 
     # customise urls
@@ -34,6 +34,9 @@ module ShopifyApp
     # allow namespacing webhook jobs
     attr_accessor :webhook_jobs_namespace
 
+    # allow enabling of same site none on cookies
+    attr_accessor :enable_same_site_none
+
     def initialize
       @root_url = '/'
       @myshopify_domain = 'myshopify.com'
@@ -47,13 +50,8 @@ module ShopifyApp
     end
 
     def session_repository=(klass)
-      if Rails.configuration.cache_classes
-        ShopifyApp::SessionRepository.storage = klass
-      else
-        ActiveSupport::Reloader.to_prepare do
-          ShopifyApp::SessionRepository.storage = klass
-        end
-      end
+      @session_repository = klass
+      ShopifyApp::SessionRepository.storage = klass
     end
 
     def has_webhooks?
@@ -63,6 +61,10 @@ module ShopifyApp
     def has_scripttags?
       scripttags.present?
     end
+
+    def enable_same_site_none
+      @enable_same_site_none.nil? ? embedded_app? : @enable_same_site_none
+    end
   end
 
   def self.configuration

data/lib/shopify_app/controllers/extension_verification_controller.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class ExtensionVerificationController < ActionController::Base
+  protect_from_forgery with: :null_session
+  before_action :verify_request
+
+  private
+
+  def verify_request
+    hmac_header = request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
+    request_body = request.body.read
+    secret = ShopifyApp.configuration.secret
+    digest = OpenSSL::Digest.new('sha256')
+
+    expected_hmac = Base64.strict_encode64(OpenSSL::HMAC.digest(digest, secret, request_body))
+    head(:unauthorized) unless ActiveSupport::SecurityUtils.secure_compare(expected_hmac, hmac_header)
+  end
+end

data/lib/shopify_app/engine.rb

@@ -12,5 +12,9 @@ module ShopifyApp
         storage_access.svg
       ]
     end
+
+    initializer "shopify_app.middleware" do |app|
+      app.config.middleware.insert_before(ActionDispatch::Cookies, ShopifyApp::SameSiteCookieMiddleware)
+    end
   end
 end

data/lib/shopify_app/middleware/same_site_cookie_middleware.rb

@@ -0,0 +1,60 @@
+module ShopifyApp
+  class SameSiteCookieMiddleware
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      _status, headers, _body = @app.call(env)
+    ensure
+      user_agent = env['HTTP_USER_AGENT']
+
+      if headers && headers['Set-Cookie'] && !SameSiteCookieMiddleware.same_site_none_incompatible?(user_agent) &&
+          ShopifyApp.configuration.enable_same_site_none
+
+        cookies = headers['Set-Cookie'].split("\n").compact
+
+        cookies.each do |cookie|
+          unless cookie.include?("; SameSite")
+            headers['Set-Cookie'] = headers['Set-Cookie'].gsub("#{cookie}", "#{cookie}; secure; SameSite=None")
+          end
+        end
+      end
+    end
+
+    def self.same_site_none_incompatible?(user_agent)
+      sniffer = BrowserSniffer.new(user_agent)
+
+      webkit_same_site_bug?(sniffer) || drops_unrecognized_same_site_cookies?(sniffer)
+    rescue
+      true
+    end
+
+    def self.webkit_same_site_bug?(sniffer)
+      (sniffer.os == :ios && sniffer.os_version.match?(/^([0-9]|1[12])[\.\_]/)) ||
+        (sniffer.os == :mac && sniffer.browser == :safari && sniffer.os_version.match?(/^10[\.\_]14/))
+    end
+
+    def self.drops_unrecognized_same_site_cookies?(sniffer)
+      (chromium_based?(sniffer) && sniffer.major_browser_version >= 51 && sniffer.major_browser_version <= 66) ||
+        (uc_browser?(sniffer) && !uc_browser_version_at_least?(sniffer: sniffer, major: 12, minor: 13, build: 2))
+    end
+
+    def self.chromium_based?(sniffer)
+      sniffer.browser_name.downcase.match?(/chrom(e|ium)/)
+    end
+
+    def self.uc_browser?(sniffer)
+      sniffer.user_agent.downcase.match?(/uc\s?browser/)
+    end
+
+    def self.uc_browser_version_at_least?(sniffer:, major:, minor:, build:)
+      digits = sniffer.browser_version.split('.').map(&:to_i)
+      return false unless digits.count >= 3
+
+      return digits[0] > major if digits[0] != major
+      return digits[1] > minor if digits[1] != minor
+      digits[2] >= build
+    end
+  end
+end

data/lib/shopify_app/version.rb

@@ -1,3 +1,3 @@
 module ShopifyApp
-  VERSION = '11.3.1'.freeze
+  VERSION = '11.6.0'.freeze
 end

data/package-lock.json

@@ -5909,12 +5909,6 @@
       "integrity": "sha512-Ya52jSX2u7QKghxeoFGpLwCtGlt7j0oY9DYb5apt9nPlJ42ID+ulTXESnt/qAQcoSERyZ5sl3LDIOw0nAn/5DA==",
       "dev": true
     },
-    "serialize-javascript": {
-      "version": "1.9.1",
-      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.9.1.tgz",
-      "integrity": "sha512-0Vb/54WJ6k5v8sSWN09S0ora+Hnr+cX40r9F170nT+mSkaxltoE/7R3OrIdBSUv1OoiobH1QoWQbCnAO+e8J1A==",
-      "dev": true
-    },
     "set-blocking": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
@@ -6497,31 +6491,6 @@
         }
       }
     },
-    "terser-webpack-plugin": {
-      "version": "1.4.1",
-      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-1.4.1.tgz",
-      "integrity": "sha512-ZXmmfiwtCLfz8WKZyYUuuHf3dMYEjg8NrjHMb0JqHVHVOSkzp3cW2/XG1fP3tRhqEqSzMwzzRQGtAPbs4Cncxg==",
-      "dev": true,
-      "requires": {
-        "cacache": "12.0.3",
-        "find-cache-dir": "2.1.0",
-        "is-wsl": "1.1.0",
-        "schema-utils": "1.0.0",
-        "serialize-javascript": "1.9.1",
-        "source-map": "0.6.1",
-        "terser": "4.3.1",
-        "webpack-sources": "1.4.3",
-        "worker-farm": "1.7.0"
-      },
-      "dependencies": {
-        "source-map": {
-          "version": "0.6.1",
-          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
-          "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
-          "dev": true
-        }
-      }
-    },
     "through2": {
       "version": "2.0.5",
       "resolved": "https://registry.npmjs.org/through2/-/through2-2.0.5.tgz",
@@ -6878,9 +6847,9 @@
       }
     },
     "webpack": {
-      "version": "4.40.2",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-4.40.2.tgz",
-      "integrity": "sha512-5nIvteTDCUws2DVvP9Qe+JPla7kWPPIDFZv55To7IycHWZ+Z5qBdaBYPyuXWdhggTufZkQwfIK+5rKQTVovm2A==",
+      "version": "4.41.3",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-4.41.3.tgz",
+      "integrity": "sha512-EcNzP9jGoxpQAXq1VOoTet0ik7/VVU1MovIfcUSAjLowc7GhcQku/sOXALvq5nPpSei2HF6VRhibeJSC3i/Law==",
       "dev": true,
       "requires": {
         "@webassemblyjs/ast": "1.8.5",
@@ -6903,7 +6872,7 @@
         "node-libs-browser": "2.2.1",
         "schema-utils": "1.0.0",
         "tapable": "1.1.3",
-        "terser-webpack-plugin": "1.4.1",
+        "terser-webpack-plugin": "1.4.3",
         "watchpack": "1.6.0",
         "webpack-sources": "1.4.3"
       },
@@ -6925,6 +6894,35 @@
           "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.4.1.tgz",
           "integrity": "sha512-RO1ibKvd27e6FEShVFfPALuHI3WjSVNeK5FIsmme/LYRNxjKuNj+Dt7bucLa6NdSv3JcVTyMlm9kGR84z1XpaQ==",
           "dev": true
+        },
+        "serialize-javascript": {
+          "version": "2.1.2",
+          "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-2.1.2.tgz",
+          "integrity": "sha512-rs9OggEUF0V4jUSecXazOYsLfu7OGK2qIn3c7IPBiffz32XniEp/TX9Xmc9LQfK2nQ2QKHvZ2oygKUGU0lG4jQ==",
+          "dev": true
+        },
+        "source-map": {
+          "version": "0.6.1",
+          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+          "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+          "dev": true
+        },
+        "terser-webpack-plugin": {
+          "version": "1.4.3",
+          "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-1.4.3.tgz",
+          "integrity": "sha512-QMxecFz/gHQwteWwSo5nTc6UaICqN1bMedC5sMtUc7y3Ha3Q8y6ZO0iCR8pq4RJC8Hjf0FEPEHZqcMB/+DFCrA==",
+          "dev": true,
+          "requires": {
+            "cacache": "12.0.3",
+            "find-cache-dir": "2.1.0",
+            "is-wsl": "1.1.0",
+            "schema-utils": "1.0.0",
+            "serialize-javascript": "2.1.2",
+            "source-map": "0.6.1",
+            "terser": "4.3.1",
+            "webpack-sources": "1.4.3",
+            "worker-farm": "1.7.0"
+          }
         }
       }
     },

data/package.json

@@ -19,9 +19,10 @@
     "mocha-debug": "^0.0.1",
     "sinon": "^7.4.2",
     "sinon-chai": "^3.2.0",
-    "webpack": "^4.40.2"
+    "webpack": "^4.41.3"
   },
   "scripts": {
     "test": "./node_modules/.bin/karma start --browsers ChromeHeadless --single-run"
-  }
+  },
+  "version": "11.6.0"
 }

data/shopify_app.gemspec

@@ -14,7 +14,6 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency('rails', '> 5.2.1')
   s.add_runtime_dependency('shopify_api', '~> 8.0')
   s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.2.0')
-  s.add_runtime_dependency('dotenv-rails', '~> 2.7.5')
 
   s.add_development_dependency('rake')
   s.add_development_dependency('byebug')

data/yarn.lock

@@ -4360,10 +4360,10 @@ semver@^6.3.0:
   resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d"
   integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==
 
-serialize-javascript@^1.7.0:
-  version "1.9.1"
-  resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-1.9.1.tgz#cfc200aef77b600c47da9bb8149c943e798c2fdb"
-  integrity sha512-0Vb/54WJ6k5v8sSWN09S0ora+Hnr+cX40r9F170nT+mSkaxltoE/7R3OrIdBSUv1OoiobH1QoWQbCnAO+e8J1A==
+serialize-javascript@^2.1.2:
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-2.1.2.tgz#ecec53b0e0317bdc95ef76ab7074b7384785fa61"
+  integrity sha512-rs9OggEUF0V4jUSecXazOYsLfu7OGK2qIn3c7IPBiffz32XniEp/TX9Xmc9LQfK2nQ2QKHvZ2oygKUGU0lG4jQ==
 
 set-blocking@^2.0.0, set-blocking@~2.0.0:
   version "2.0.0"
@@ -4769,16 +4769,16 @@ tar@^4:
     safe-buffer "^5.1.2"
     yallist "^3.0.3"
 
-terser-webpack-plugin@^1.4.1:
-  version "1.4.1"
-  resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-1.4.1.tgz#61b18e40eaee5be97e771cdbb10ed1280888c2b4"
-  integrity sha512-ZXmmfiwtCLfz8WKZyYUuuHf3dMYEjg8NrjHMb0JqHVHVOSkzp3cW2/XG1fP3tRhqEqSzMwzzRQGtAPbs4Cncxg==
+terser-webpack-plugin@^1.4.3:
+  version "1.4.3"
+  resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-1.4.3.tgz#5ecaf2dbdc5fb99745fd06791f46fc9ddb1c9a7c"
+  integrity sha512-QMxecFz/gHQwteWwSo5nTc6UaICqN1bMedC5sMtUc7y3Ha3Q8y6ZO0iCR8pq4RJC8Hjf0FEPEHZqcMB/+DFCrA==
   dependencies:
     cacache "^12.0.2"
     find-cache-dir "^2.1.0"
     is-wsl "^1.1.0"
     schema-utils "^1.0.0"
-    serialize-javascript "^1.7.0"
+    serialize-javascript "^2.1.2"
     source-map "^0.6.1"
     terser "^4.1.2"
     webpack-sources "^1.4.0"
@@ -5083,10 +5083,10 @@ webpack-sources@^1.4.0, webpack-sources@^1.4.1:
     source-list-map "^2.0.0"
     source-map "~0.6.1"
 
-webpack@^4.40.2:
-  version "4.40.2"
-  resolved "https://registry.yarnpkg.com/webpack/-/webpack-4.40.2.tgz#d21433d250f900bf0facbabe8f50d585b2dc30a7"
-  integrity sha512-5nIvteTDCUws2DVvP9Qe+JPla7kWPPIDFZv55To7IycHWZ+Z5qBdaBYPyuXWdhggTufZkQwfIK+5rKQTVovm2A==
+webpack@^4.41.3:
+  version "4.41.3"
+  resolved "https://registry.yarnpkg.com/webpack/-/webpack-4.41.3.tgz#cb7592c43080337dbc9be9e98fc6478eb3981026"
+  integrity sha512-EcNzP9jGoxpQAXq1VOoTet0ik7/VVU1MovIfcUSAjLowc7GhcQku/sOXALvq5nPpSei2HF6VRhibeJSC3i/Law==
   dependencies:
     "@webassemblyjs/ast" "1.8.5"
     "@webassemblyjs/helper-module-context" "1.8.5"
@@ -5108,7 +5108,7 @@ webpack@^4.40.2:
     node-libs-browser "^2.2.1"
     schema-utils "^1.0.0"
     tapable "^1.1.3"
-    terser-webpack-plugin "^1.4.1"
+    terser-webpack-plugin "^1.4.3"
     watchpack "^1.6.0"
     webpack-sources "^1.4.1"
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 11.3.1
+  version: 11.6.0
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-21 00:00:00.000000000 Z
+date: 2020-01-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: browser_sniffer
@@ -66,20 +66,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 2.2.0
-- !ruby/object:Gem::Dependency
-  name: dotenv-rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 2.7.5
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 2.7.5
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -253,6 +239,8 @@ files:
 - karma.conf.js
 - lib/generators/shopify_app/add_after_authenticate_job/add_after_authenticate_job_generator.rb
 - lib/generators/shopify_app/add_after_authenticate_job/templates/after_authenticate_job.rb
+- lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb
+- lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb
 - lib/generators/shopify_app/add_webhook/add_webhook_generator.rb
 - lib/generators/shopify_app/add_webhook/templates/webhook_job.rb
 - lib/generators/shopify_app/app_proxy_controller/app_proxy_controller_generator.rb
@@ -296,11 +284,13 @@ files:
 - lib/shopify_app/controller_concerns/localization.rb
 - lib/shopify_app/controller_concerns/login_protection.rb
 - lib/shopify_app/controller_concerns/webhook_verification.rb
+- lib/shopify_app/controllers/extension_verification_controller.rb
 - lib/shopify_app/engine.rb
 - lib/shopify_app/jobs/scripttags_manager_job.rb
 - lib/shopify_app/jobs/webhooks_manager_job.rb
 - lib/shopify_app/managers/scripttags_manager.rb
 - lib/shopify_app/managers/webhooks_manager.rb
+- lib/shopify_app/middleware/same_site_cookie_middleware.rb
 - lib/shopify_app/session/in_memory_session_store.rb
 - lib/shopify_app/session/session_repository.rb
 - lib/shopify_app/session/session_storage.rb