shopify_app 17.2.1 → 18.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c3196fb2b6cba6107aee7ad481c745d3c76121f5f07a2f99e812f5e0dc206baa
-  data.tar.gz: 4243a519b5e601238974ba566c978badf4fe2132f5c2e5616f2dd35e2f0557ba
+  metadata.gz: a17cc09be2742af3a0e91af4ac4c2e3d4ab246ae10c31dc2c26b1138058f1846
+  data.tar.gz: afd2922bb83d113c1c4d16c240db9455d1d63478cd2e231fd4e27d3aebb01958
 SHA512:
-  metadata.gz: 3cd70a25dc28f3eedafe42dcf312d15a63d2775cd7f98457f6a431574aef1a7e5566fbb033c1ed67ed207ad88cb356741a38f642765b057b4fc9c288df82f008
-  data.tar.gz: a30861d15e1db1bf447c655d5a889921dc991e421723781cd9f4cceb3828a91b73a6b73aa696df95cdcefca6f23caf1fd3834ffe4e9cad5b1bb4b4a90d187ff0
+  metadata.gz: a19c5616ec96c8c454077dd114f4aedd215725e1af274eadc05d2989812bc5bd3b4674b9a850af3b28f7171b9f60c7db7a89398a97cf3ad8ad3023482a8ddd1d
+  data.tar.gz: f6eb5a88f94cab3f1555d017f0fada8809661716739186382a5038d880596ba451e2791f616f03400d95ab44c739720feae6b3f677a8188e56f000172b365c8d

data/CHANGELOG.md

@@ -1,5 +1,22 @@
-Unreleased
+18.0.3 (Jan 7, 2022)
 ----------
+* Change regexp to match standard ngrok URLs. [#1311](https://github.com/Shopify/shopify_app/pull/1311)
+* Make `EnsureAuthenticatedLinks` compatible with AppBridge 2.0. [#1277](https://github.com/Shopify/shopify_app/pull/1277)
+  * Includes the `host` parameter when redirecting to the splash page in an unauthenticated state.
+
+18.0.2 (Jun 15, 2021)
+----------
+* Added careers link to readme. [#1274](https://github.com/Shopify/shopify_app/pull/1274)
+
+18.0.1 (May 7, 2021)
+----------
+* Fix bug causing OAuth flow to fail due to CSP violation. [#1265](https://github.com/Shopify/shopify_app/pull/1265)
+
+18.0.0 (May 3, 2021)
+----------
+* Support OmniAuth 2.x 
+  * If your app has custom OmniAuth configuration, please refer to the [OmniAuth 2.0 upgrade guide](https://github.com/omniauth/omniauth/wiki/Upgrading-to-2.0).
+* Support App Bridge version 2.x in the Embedded App layout. [#1241](https://github.com/Shopify/shopify_app/pull/1241)
 
 17.2.1 (April 1, 2021)
 ----------

data/Gemfile.lock

@@ -1,10 +1,11 @@
 PATH
   remote: .
   specs:
-    shopify_app (17.2.1)
-      browser_sniffer (~> 1.2.2)
-      jwt (~> 2.2.1)
-      omniauth-shopify-oauth2 (~> 2.2.2)
+    shopify_app (18.0.3)
+      browser_sniffer (~> 1.4.0)
+      jwt (>= 2.2.3)
+      omniauth-rails_csrf_protection
+      omniauth-shopify-oauth2 (~> 2.3)
       rails (> 5.2.1, < 6.2)
       redirect_safely (~> 1.0)
       shopify_api (~> 9.4)
@@ -79,12 +80,12 @@ GEM
       minitest (>= 5.1)
       tzinfo (~> 2.0)
       zeitwerk (~> 2.3)
-    addressable (2.7.0)
+    addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
     ast (2.4.1)
     binding_of_caller (0.8.0)
       debug_inspector (>= 0.0.1)
-    browser_sniffer (1.2.2)
+    browser_sniffer (1.4.0)
     builder (3.2.4)
     byebug (11.1.3)
     coderay (1.1.3)
@@ -93,28 +94,46 @@ GEM
     crass (1.0.6)
     debug_inspector (0.0.3)
     erubi (1.10.0)
-    faraday (1.3.0)
+    faraday (1.9.3)
+      faraday-em_http (~> 1.0)
+      faraday-em_synchrony (~> 1.0)
+      faraday-excon (~> 1.1)
+      faraday-httpclient (~> 1.0)
+      faraday-multipart (~> 1.0)
       faraday-net_http (~> 1.0)
+      faraday-net_http_persistent (~> 1.0)
+      faraday-patron (~> 1.0)
+      faraday-rack (~> 1.0)
+      faraday-retry (~> 1.0)
+      ruby2_keywords (>= 0.0.4)
+    faraday-em_http (1.0.0)
+    faraday-em_synchrony (1.0.0)
+    faraday-excon (1.1.0)
+    faraday-httpclient (1.0.1)
+    faraday-multipart (1.0.2)
       multipart-post (>= 1.2, < 3)
-      ruby2_keywords
     faraday-net_http (1.0.1)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    graphql (1.12.6)
-    graphql-client (0.16.0)
+    faraday-net_http_persistent (1.2.0)
+    faraday-patron (1.0.0)
+    faraday-rack (1.0.0)
+    faraday-retry (1.0.3)
+    globalid (1.0.0)
+      activesupport (>= 5.0)
+    graphql (1.13.4)
+    graphql-client (0.17.0)
       activesupport (>= 3.0)
-      graphql (~> 1.8)
+      graphql (~> 1.10)
     hashdiff (1.0.1)
-    hashie (4.1.0)
+    hashie (5.0.0)
     i18n (1.8.9)
       concurrent-ruby (~> 1.0)
-    jwt (2.2.2)
+    jwt (2.3.0)
     loofah (2.9.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    marcel (1.0.0)
+    marcel (1.0.2)
     method_source (0.9.2)
     mini_mime (1.0.3)
     mini_portile2 (2.5.0)
@@ -123,7 +142,7 @@ GEM
     multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
-    nio4r (2.5.7)
+    nio4r (2.5.8)
     nokogiri (1.11.2)
       mini_portile2 (~> 2.5.0)
       racc (~> 1.4)
@@ -133,15 +152,19 @@ GEM
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    omniauth (1.9.1)
+    omniauth (2.0.4)
       hashie (>= 3.4.6)
       rack (>= 1.6.2, < 3)
-    omniauth-oauth2 (1.5.0)
-      oauth2 (~> 1.1)
-      omniauth (~> 1.2)
-    omniauth-shopify-oauth2 (2.2.3)
+      rack-protection
+    omniauth-oauth2 (1.7.2)
+      oauth2 (~> 1.4)
+      omniauth (>= 1.9, < 3)
+    omniauth-rails_csrf_protection (1.0.0)
+      actionpack (>= 4.2)
+      omniauth (~> 2.0)
+    omniauth-shopify-oauth2 (2.3.2)
       activesupport
-      omniauth-oauth2 (~> 1.5.0)
+      omniauth-oauth2 (~> 1.5)
     parallel (1.20.1)
     parser (2.7.2.0)
       ast (~> 2.4.1)
@@ -156,6 +179,8 @@ GEM
     public_suffix (4.0.6)
     racc (1.5.2)
     rack (2.2.3)
+    rack-protection (2.1.0)
+      rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rails (6.1.3.1)
@@ -209,20 +234,21 @@ GEM
     rubocop-shopify (1.0.7)
       rubocop (~> 1.4)
     ruby-progressbar (1.10.1)
-    ruby2_keywords (0.0.4)
-    shopify_api (9.4.1)
+    ruby2_keywords (0.0.5)
+    shopify_api (9.5)
       activeresource (>= 4.1.0, < 6.0.0)
       graphql-client
       rack
+      webrick
     sprockets (4.0.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.2.2)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
+    sprockets-rails (3.4.2)
+      actionpack (>= 5.2)
+      activesupport (>= 5.2)
       sprockets (>= 3.0.0)
     sqlite3 (1.4.2)
-    thor (1.1.0)
+    thor (1.2.1)
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
     unicode-display_width (1.7.0)
@@ -230,7 +256,8 @@ GEM
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    websocket-driver (0.7.3)
+    webrick (1.7.0)
+    websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
     zeitwerk (2.4.2)
@@ -254,4 +281,4 @@ DEPENDENCIES
   webmock
 
 BUNDLED WITH
-   2.1.4
+   2.2.22

data/README.md

@@ -1,5 +1,7 @@
 # Shopify App
 
+**Shopify is doubling our engineering staff in 2021! [Join our team and work on libraries like this one.](https://smrtr.io/5GGrK)**
+
 [![Version][gem]][gem_url] [![Build Status](https://github.com/Shopify/shopify_app/workflows/CI/badge.svg)](https://github.com/Shopify/shopify_app/actions?query=workflow%3ACI) ![Supported Rails version][supported_rails_version]
 
 [gem]: https://img.shields.io/gem/v/shopify_app.svg
@@ -23,7 +25,6 @@ This gem includes a Rails engine, generators, modules, and mixins that help crea
 ## Requirements
 
 > **Rails compatibility** 
-> * Rails 6.1 or above is not yet supported due to the new `cookies_same_site_protection` setting. 
 > * Use Shopify App `<= v7.2.8` if you need to work with Rails 4.
 
 To become a Shopify app developer, you will need a [Shopify Partners](https://www.shopify.com/partners) account. Explore the [Shopify dev docs](https://shopify.dev/concepts/shopify-introduction) to learn more about [building Shopify apps](https://shopify.dev/concepts/apps).

data/app/assets/javascripts/shopify_app/post_redirect.js

@@ -0,0 +1,9 @@
+(function() {
+  function redirect() {
+    var form = document.getElementById("redirect-form");
+    if (form) {
+      form.submit();
+    }
+  }
+  document.addEventListener("DOMContentLoaded", redirect);
+})();

data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb

@@ -10,9 +10,22 @@ module ShopifyApp
 
     private
 
+    def splash_page
+      splash_page_with_params(
+        return_to: request.fullpath,
+        shop: current_shopify_domain,
+        host: params[:host]
+      )
+    end
+
+    def splash_page_with_params(params)
+      uri = URI(root_path)
+      uri.query = params.compact.to_query
+      uri.to_s
+    end
+
     def redirect_to_splash_page
-      splash_page_path = root_path(return_to: request.fullpath, shop: current_shopify_domain)
-      redirect_to(splash_page_path)
+      redirect_to(splash_page)
     rescue ShopifyApp::LoginProtection::ShopifyDomainNotFound => error
       Rails.logger.warn("[ShopifyApp::EnsureAuthenticatedLinks] Redirecting to login: [#{error.class}] "\
                          "Could not determine current shop domain")

data/app/controllers/shopify_app/sessions_controller.rb

@@ -150,7 +150,11 @@ module ShopifyApp
     end
 
     def authenticate_in_context
-      redirect_to("#{main_app.root_path}auth/shopify")
+      post_redirect_to_auth_shopify
+    end
+
+    def post_redirect_to_auth_shopify
+      render('shopify_app/shared/post_redirect_to_auth_shopify', layout: false)
     end
 
     def authenticate_at_top_level

data/app/views/shopify_app/shared/post_redirect_to_auth_shopify.html.erb

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <base target="_top">
+  <title>Redirecting…</title>
+  <%= javascript_include_tag('shopify_app/post_redirect', crossorigin: 'anonymous', integrity: true) %>
+</head>
+<body>
+  <%= form_tag '/auth/shopify', id: 'redirect-form' %>
+</body>
+</html>

data/docs/Troubleshooting.md

@@ -11,11 +11,14 @@
 [App installation](#app-installation)
   * [My app won't install](#my-app-wont-install)
   * [My app keeps redirecting to login](#my-app-keeps-redirecting-to-login)
+  * [My app returns 401 during oauth](#my-app-returns-401-during-oauth)
 
 [JWT session tokens](#jwt-session-tokens)
   * [My app is still using cookies to authenticate](#my-app-is-still-using-cookies-to-authenticate)
   * [My app can't make requests to the Shopify API](#my-app-cant-make-requests-to-the-shopify-api)
 
+[Migrating to App Bridge 2.0](#migrating-to-app-bridge-2.0)
+
 ## Generators
 
 ### The shopify_app:install generator hangs
@@ -65,6 +68,10 @@ Alternatively, you can upgrade to [`v17.2.0` of the shopify_app gem](/docs/Upgra
 
 This issue can occur when the session (the model you set as `ShopifyApp::SessionRepository.storage`) isn't deleted when the user uninstalls your app. A possible fix for this is listening to the `app/uninstalled` webhook and deleting the corresponding session in the webhook handler.
 
+### My app returns 401 during oauth
+
+If your local dev env uses the `cookie_store` session storage strategy, you may encounter 401 errors during oauth due to a race condition between asset requests and `/auth/shopify`. You should be able to work around for local testing by using a different browser or session storage strategy.  [Read more about the status of this issue](https://github.com/Shopify/shopify_app/issues/1269).
+
 ## JWT session tokens
 
 ### My app is still using cookies to authenticate
@@ -138,4 +145,15 @@ _Example:_ If your embedded app cannot handle server-side XHR redirects, then co
 X-Shopify-API-Request-Failure-Unauthorized: true
 ```
 
-Then, use the [Shopify App Bridge Redirect](https://shopify.dev/tools/app-bridge/actions/navigation/redirect) action to redirect your app frontend to the app login URL if this header is set.
+Then, use the [Shopify App Bridge Redirect](https://shopify.dev/tools/app-bridge/actions/navigation/redirect) action to redirect your app frontend to the app login URL if this header is set.
+
+## Migrating to App Bridge 2.0
+
+In order to upgrade your embedded app to the latest App Bridge 2.0 version, please refer to the [migration guide](https://shopify.dev/tutorials/migrate-your-app-to-app-bridge-2).
+
+To ensure that your app's embedded layout doesn't import App Bridge 2.0 before fully migrating, make the following change to bind it to v1.x.
+
+```diff
+ - <script src="https://unpkg.com/@shopify/app-bridge"></script>
+ + <script src="https://unpkg.com/@shopify/app-bridge@1"></script>
+``` 

data/docs/shopify_app/engine.md

@@ -15,7 +15,7 @@ While you can customize the login view by creating a `/app/views/shopify_app/ses
 
 ```ruby
 ShopifyApp.configure do |config|
-  config.login_url = 'https://my.domain.com/nested/login'
+  config.login_url = 'https://example.com/nested/login'
 end
 ```
 
@@ -77,6 +77,6 @@ class ReviewsController < ApplicationController
 end
 ```
 
-Create your app proxy URL in the [Shopify Partners dashboard](https://partners.shopify.com/organizations), making sure to point it to `https://your_app_website.com/app_proxy`.
+Create your app proxy URL in the [Shopify Partners dashboard](https://partners.shopify.com/organizations), making sure to point it to `https://example.com/app_proxy`.
 
 ![Creating an App Proxy](/images/app-proxy-screenshot.png)

data/docs/shopify_app/handling-access-scopes-changes.md

@@ -1,5 +1,15 @@
 # Handling changes in access scopes
-The Shopify App gem provides handling changes to scopes for both shop/offline and user/online tokens. To enable your app to login via OAuth on scope changes, you can set the following configuration flag in your `config/initializers/shopify_app.rb`:
+## Updating the list of scopes the app requests
+
+Your app specifies the [access scopes](https://shopify.dev/api/usage/access-scopes) it requires in the Shopify App initializer, located at`config/initializers/shopify_app.rb`. To modify this list, update the comma-delimited configuration option:
+
+```ruby
+config.scope = "read_products,write_discounts"
+```
+
+## Requesting new scopes from merchants
+
+The Shopify App gem will automatically request new scopes from merchants for both shop/offline and user/online tokens. To enable your app to reauth via OAuth on scope changes, you can set the following configuration flag in your `config/initializers/shopify_app.rb`:
 ```ruby
 config.reauth_on_access_scope_changes = true
 ```

data/docs/shopify_app/script-tags.md

@@ -11,7 +11,7 @@ As with webhooks, ShopifyApp can manage your app's [ScriptTags](https://shopify-
 ```ruby
 ShopifyApp.configure do |config|
   config.scripttags = [
-    {event:'onload', src: 'https://my-shopifyapp.herokuapp.com/fancy.js'},
+    {event:'onload', src: 'https://example.com/fancy.js'},
     {event:'onload', src: ->(domain) { dynamic_tag_url(domain) } }
   ]
 end

data/docs/shopify_app/webhooks.md

@@ -12,7 +12,7 @@ ShopifyApp can manage your app's webhooks for you if you set which webhooks you
 ```ruby
 ShopifyApp.configure do |config|
   config.webhooks = [
-    {topic: 'carts/update', address: 'https://example-app.com/webhooks/carts_update'}
+    {topic: 'carts/update', address: 'https://example.com/webhooks/carts_update'}
   ]
 end
 ```
@@ -34,7 +34,7 @@ If you are only interested in particular fields, you can optionally filter the d
 ```ruby
 ShopifyApp.configure do |config|
   config.webhooks = [
-    {topic: 'products/update', address: 'https://example-app.com/webhooks/products_update', fields: ['title', 'vendor']}
+    {topic: 'products/update', address: 'https://example.com/webhooks/products_update', fields: ['title', 'vendor']}
   ]
 end
 ```

data/lib/generators/shopify_app/home_controller/templates/home_controller.rb

@@ -3,8 +3,16 @@
 class HomeController < AuthenticatedController
   include ShopifyApp::ShopAccessScopesVerification
 
+  before_action :set_host
+
   def index
     @products = ShopifyAPI::Product.find(:all, params: { limit: 10 })
     @webhooks = ShopifyAPI::Webhook.find(:all)
   end
+
+  private
+
+  def set_host
+    @host = params[:host]
+  end
 end

data/lib/generators/shopify_app/home_controller/templates/index.html.erb

@@ -18,7 +18,7 @@
 
         // Save a session token for future requests
         window.sessionToken = await new Promise((resolve) => {
-          app.subscribe(SessionToken.ActionType.RESPOND, (data) => {
+          app.subscribe(SessionToken.Action.RESPOND, (data) => {
             resolve(data.sessionToken || "");
           });
         });

data/lib/generators/shopify_app/home_controller/templates/unauthenticated_home_controller.rb

@@ -7,5 +7,6 @@ class HomeController < ApplicationController
 
   def index
     @shop_origin = current_shopify_domain
+    @host = params[:host]
   end
 end

data/lib/generators/shopify_app/install/install_generator.rb

@@ -67,7 +67,7 @@ module ShopifyApp
       def insert_hosts_into_development_config
         inject_into_file(
           'config/environments/development.rb',
-          "  config.hosts = (config.hosts rescue []) << /\\w+\\.ngrok\\.io/\n",
+          "  config.hosts = (config.hosts rescue []) << /\[-\w]+\\.ngrok\\.io/\n",
           after: "Rails.application.configure do\n"
         )
       end

data/lib/generators/shopify_app/install/templates/embedded_app.html.erb

@@ -24,11 +24,12 @@
 
     <%= render 'layouts/flash_messages' %>
 
-    <script src="https://unpkg.com/@shopify/app-bridge@1"></script>
+    <script src="https://unpkg.com/@shopify/app-bridge@2"></script>
 
     <%= content_tag(:div, nil, id: 'shopify-app-init', data: {
       api_key: ShopifyApp.configuration.api_key,
       shop_origin: @shop_origin || (@current_shopify_session.domain if @current_shopify_session),
+      host: @host,
       debug: Rails.env.development?
     } ) %>
 

data/lib/generators/shopify_app/install/templates/shopify_app.js

@@ -4,7 +4,7 @@ document.addEventListener('DOMContentLoaded', () => {
   var createApp = AppBridge.default;
   window.app = createApp({
     apiKey: data.apiKey,
-    shopOrigin: data.shopOrigin,
+    host: data.host,
   });
 
   var actions = AppBridge.actions;

data/lib/shopify_app/controller_concerns/login_protection.rb

@@ -9,6 +9,8 @@ module ShopifyApp
 
     class ShopifyDomainNotFound < StandardError; end
 
+    class ShopifyHostNotFound < StandardError; end
+
     included do
       after_action :set_test_cookie
       rescue_from ActiveResource::UnauthorizedAccess, with: :close_session
@@ -103,6 +105,12 @@ module ShopifyApp
       request.env['jwt.shopify_user_id']
     end
 
+    def host
+      return params[:host] if params[:host].present?
+
+      raise ShopifyHostNotFound
+    end
+
     def redirect_to_login
       if request.xhr?
         head(:unauthorized)
@@ -215,9 +223,8 @@ module ShopifyApp
     end
 
     def return_address
-      return base_return_address unless ShopifyApp.configuration.allow_jwt_authentication
-      return_address_with_params(shop: current_shopify_domain)
-    rescue ShopifyDomainNotFound
+      return_address_with_params(shop: current_shopify_domain, host: host)
+    rescue ShopifyDomainNotFound, ShopifyHostNotFound
       base_return_address
     end
 

data/lib/shopify_app/engine.rb

@@ -17,6 +17,7 @@ module ShopifyApp
     initializer "shopify_app.assets.precompile" do |app|
       app.config.assets.precompile += %w[
         shopify_app/redirect.js
+        shopify_app/post_redirect.js
         shopify_app/top_level.js
         shopify_app/enable_cookies.js
         shopify_app/request_storage_access.js

data/lib/shopify_app/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module ShopifyApp
-  VERSION = '17.2.1'
+  VERSION = '18.0.3'
 end

data/lib/shopify_app.rb

@@ -3,6 +3,7 @@ require 'shopify_app/version'
 
 # deps
 require 'shopify_api'
+require 'omniauth/rails_csrf_protection'
 require 'omniauth-shopify-oauth2'
 require 'redirect_safely'
 

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "17.2.1",
+  "version": "18.0.3",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",

data/service.yml

@@ -1,7 +1,4 @@
 audience: partner
 classification: library
-org_line: App & Partner Platform
-owners:
-  - Shopify/platform-dev-tools-education
 slack_channels:
-  - dev-tools-education
+- shopify_app_gem

data/shopify_app.gemspec

@@ -13,11 +13,12 @@ Gem::Specification.new do |s|
 
   s.metadata['allowed_push_host'] = 'https://rubygems.org'
 
-  s.add_runtime_dependency('browser_sniffer', '~> 1.2.2')
+  s.add_runtime_dependency('browser_sniffer', '~> 1.4.0')
+  s.add_runtime_dependency('omniauth-rails_csrf_protection')
   s.add_runtime_dependency('rails', '> 5.2.1', '< 6.2')
   s.add_runtime_dependency('shopify_api', '~> 9.4')
-  s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.2.2')
-  s.add_runtime_dependency('jwt', '~> 2.2.1')
+  s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.3')
+  s.add_runtime_dependency('jwt', '>= 2.2.3')
   s.add_runtime_dependency('redirect_safely', '~> 1.0')
 
   s.add_development_dependency('rake')

data/translation.yml

@@ -1,5 +1,5 @@
 source_language: en
-target_languages: [cs, da, de, es, fi, fr, hi, it, ja, ko, ms, nb, nl, pl, pt-BR, pt-PT, sv, th, tr, vi, zh-CN, zh-TW]
+target_languages: [cs, da, de, es, fi, fr, it, ja, ko, nb, nl, pl, pt-BR, pt-PT, sv, th, tr, vi, zh-CN, zh-TW]
 components:
   - name: 'merchant'
     paths:

data/yarn.lock

@@ -4519,9 +4519,9 @@ sprintf-js@~1.0.2:
   integrity sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=
 
 ssri@^6.0.1:
-  version "6.0.1"
-  resolved "https://registry.yarnpkg.com/ssri/-/ssri-6.0.1.tgz#2a3c41b28dd45b62b63676ecb74001265ae9edd8"
-  integrity sha512-3Wge10hNcT1Kur4PDFwEieXSCMCJs/7WvSACcrMYrNp+b8kDL1/0wJch5Ni2WrtwEa2IO8OsVfeKIciKCDx/QA==
+  version "6.0.2"
+  resolved "https://registry.yarnpkg.com/ssri/-/ssri-6.0.2.tgz#157939134f20464e7301ddba3e90ffa8f7728ac5"
+  integrity sha512-cepbSq/neFK7xB6A50KHN0xHDotYzq58wWCa5LeWqnPrHG8GzfEjO/4O8kpmcGW+oaxkvhEJCWgbgNk4/ZV93Q==
   dependencies:
     figgy-pudding "^3.5.1"
 
@@ -5115,9 +5115,9 @@ xtend@^4.0.0, xtend@~4.0.1:
   integrity sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==
 
 y18n@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/y18n/-/y18n-4.0.0.tgz#95ef94f85ecc81d007c264e190a120f0a3c8566b"
-  integrity sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w==
+  version "4.0.3"
+  resolved "https://registry.yarnpkg.com/y18n/-/y18n-4.0.3.tgz#b5f259c82cd6e336921efd7bfd8bf560de9eeedf"
+  integrity sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==
 
 yallist@^3.0.2:
   version "3.1.1"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 17.2.1
+  version: 18.0.3
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-01 00:00:00.000000000 Z
+date: 2022-01-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: browser_sniffer
@@ -16,14 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.2
+        version: 1.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.2
+        version: 1.4.0
+- !ruby/object:Gem::Dependency
+  name: omniauth-rails_csrf_protection
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -64,28 +78,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.2.2
+        version: '2.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.2.2
+        version: '2.3'
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 2.2.1
+        version: 2.2.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 2.2.1
+        version: 2.2.3
 - !ruby/object:Gem::Dependency
   name: redirect_safely
   requirement: !ruby/object:Gem::Requirement
@@ -272,6 +286,7 @@ files:
 - app/assets/javascripts/shopify_app/enable_cookies.js
 - app/assets/javascripts/shopify_app/itp_helper.js
 - app/assets/javascripts/shopify_app/partition_cookies.js
+- app/assets/javascripts/shopify_app/post_redirect.js
 - app/assets/javascripts/shopify_app/redirect.js
 - app/assets/javascripts/shopify_app/request_storage_access.js
 - app/assets/javascripts/shopify_app/storage_access.js
@@ -297,6 +312,7 @@ files:
 - app/views/shopify_app/sessions/new.html.erb
 - app/views/shopify_app/sessions/request_storage_access.html.erb
 - app/views/shopify_app/sessions/top_level_interaction.html.erb
+- app/views/shopify_app/shared/post_redirect_to_auth_shopify.html.erb
 - app/views/shopify_app/shared/redirect.html.erb
 - config/locales/cs.yml
 - config/locales/da.yml
@@ -305,11 +321,9 @@ files:
 - config/locales/es.yml
 - config/locales/fi.yml
 - config/locales/fr.yml
-- config/locales/hi.yml
 - config/locales/it.yml
 - config/locales/ja.yml
 - config/locales/ko.yml
-- config/locales/ms.yml
 - config/locales/nb.yml
 - config/locales/nl.yml
 - config/locales/pl.yml
@@ -445,7 +459,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.2.20
 signing_key: 
 specification_version: 4
 summary: This gem is used to get quickly started with the Shopify API

data/config/locales/hi.yml

@@ -1,23 +0,0 @@
----
-hi:
-  logged_out: सफलतापूर्वक लॉग आउट कर दिया
-  could_not_log_in: Shopify स्टोर में लॉग इन नहीं किया जा सका
-  invalid_shop_url: अमान्य शॉप डोमेन
-  enable_cookies_heading: "%{app} के कुकीज़ सक्षम करें"
-  enable_cookies_body: आपको %{app} का उपयोग Shopify में करने के लिए इस ब्राउज़र में
-    कुकीज़ मैन्युअल रूप से सक्षम करने चाहिए.
-  enable_cookies_footer: कुकीज़ अस्थायी रूप से आपकी वरीयताएं और व्यक्तिगत जानकारी स्टोर
-    कर ऐप को आपको प्रमाणित करने देते हैं. इनकी समय-सीमा 30 दिनों बाद समाप्त हो जाती
-    है.
-  enable_cookies_action: कुकीज़ को सक्षम करें
-  top_level_interaction_heading: आपके ब्राउज़र को %{app} प्रमाणित करने की आवश्यकता
-    है
-  top_level_interaction_body: आपके ब्राउज़र को %{app} जैसे ऐप की ज़रूरत होती है, जो
-    Shopify द्वारा आपके लिए उसे खोलने से पहले कुकीज़ पर पहुंचने करने की अनुमति मांगे.
-  top_level_interaction_action: जारी रखें
-  request_storage_access_heading: "%{app} को कुकीज़ पर पहुंच करने की आवश्यकता है"
-  request_storage_access_body: यह आपकी व्यक्तिगत जानकारी अस्थायी रूप से स्टोर कर ऐप
-    को आपको प्रमाणित करने देता है. जारी रखें पर क्लिक करें और कुकीज़ को ऐप उपयोग करने
-    की अनुमति दें.
-  request_storage_access_footer: कुकीज़ की समय-सीमा 30 दिनों बाद समाप्त हो जाती है.
-  request_storage_access_action: जारी रखें

data/config/locales/ms.yml

@@ -1,22 +0,0 @@
----
-ms:
-  logged_out: Berjaya log keluar
-  could_not_log_in: Tidak dapat log masuk ke kedai Shopify
-  invalid_shop_url: Domain kedai tidak sah
-  enable_cookies_heading: Dayakan kuki dari %{app}
-  enable_cookies_body: Anda mesti mengaktifkan kuki secara manual dalam pelayar ini
-    untuk %{app} digunakan dalam Shopify.
-  enable_cookies_footer: Kuki membenarkan aplikasi mengesahkan anda dengan menyimpan
-    keutamaan dan maklumat peribadi anda buat sementara waktu. Ia tamat tempoh selepas
-    30 hari.
-  enable_cookies_action: Dayakan kuki
-  top_level_interaction_heading: Pelayar anda perlu mengesahkan %{app}
-  top_level_interaction_body: Pelayar anda memerlukan aplikasi seperti %{app} untuk
-    meminta anda akses kepada kuki sebelum Shopify boleh membukanya untuk anda.
-  top_level_interaction_action: Teruskan
-  request_storage_access_heading: "%{app} memerlukan akses kepada kuki"
-  request_storage_access_body: Ini membolehkan aplikasi mengesahkan anda dengan menyimpan
-    maklumat peribadi anda buat sementara waktu. Klik teruskan dan benarkan kuki untuk
-    menggunakan aplikasi.
-  request_storage_access_footer: Kuki akan tamat tempoh selepas 30 hari.
-  request_storage_access_action: Teruskan