RubyGems - shopify_app - Versions diffs - 18.0.2 → 19.1.0 - Mend

shopify_app 18.0.2 → 19.1.0

Files changed (112) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2fcfa987c56d06c327c1cff6e12350711473a1a265844b6f4f3c32b696c1495e
-  data.tar.gz: 57b44743afc3e0175fe408ccfa688bc0b8c28d7b99db6fae5e6c7ab1a843ec9a
+  metadata.gz: 0eed46621f78732a98d006f66631afbf2d5dcd17ed88af699ac20ff141df6ff6
+  data.tar.gz: 38180008e68e107e260eb0d629035ec65a8bd23915f361a4e9716ae4abca6604
 SHA512:
-  metadata.gz: 583dbf51eaa3a3a600a410eca4d30fab58776709f6882908ed72af5da222163bbeaeba6805682ed95100abcce1217aceeba5851fa9cf00836b7a1f1201f30289
-  data.tar.gz: 8dcb0f7bceb2f4ec7bcbe8eb5f5d5bb294767fa5ead28b1d329ef34a5119fd835f99669480514473a5e184b91f9e79f4abd9941399b269faf5522ce6f69e6eb7
+  metadata.gz: 3f0d7de43a22c940aa6e64ad343605b5ab4662d3cb9a9a4f21df3ba96f0fcee301f7430efed97dfcc55fe7b2b13dd7398c294895c08cbf777fb2b7b1fdce8fdf
+  data.tar.gz: 4671f6646686de7feb6c5b410ee435108fe98686bf35b6884e2305895d51038dbb7b24ac21d1da12b8e16dc71d831e6fbf769c5de510413b17d2c68cdfeb26ed

data/.github/workflows/build.yml CHANGED Viewed

@@ -2,9 +2,9 @@ name: CI
 on:
   push:
-    branches: [ master ]
+    branches: [ main ]
   pull_request:
-    branches: [ master ]
+    branches: [ main ]
 jobs:
   build:
@@ -12,7 +12,7 @@ jobs:
     name: Ruby ${{ matrix.version }}
     strategy:
       matrix:
-        version: [2.5, 2.6, 2.7]
+        version: ['2.6', '2.7', '3.0']
     steps:
       - uses: actions/checkout@v2
@@ -24,7 +24,7 @@ jobs:
           key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
       - name: Set up Ruby ${{ matrix.version }}
         uses: ruby/setup-ruby@v1
-        with:
+        with:
           ruby-version: ${{ matrix.version }}
           bundler-cache: true
       - name: Set up Node
@@ -38,4 +38,3 @@ jobs:
         run: |
           yarn test
           bundle exec rake test

data/.gitignore CHANGED Viewed

@@ -7,6 +7,7 @@ doc/
 *.log
 *.sqlite3
 test/tmp/*
+test/.generated/*
 .idea
 # ignore sprockets cache
 /test/dummy/tmp/*

data/.nvmrc CHANGED Viewed

	@@ -1 +1 @@
1	- 8.10.0
1	+ 12.22.8

data/.ruby-version CHANGED Viewed

	@@ -1 +1 @@
1	- 2.5.0
1	+ 3.0.3

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,53 @@
+Unreleased
+----------
+19.1.0 (June 20, 2022)
+----------
+* Add the `login_callback_url` config to allow overwriting that route as well, and mount the engine routes based on the configurations. [#1445](https://github.com/Shopify/shopify_app/pull/1445)
+* Add special headers when returning 401s from LoginProtection. [#1450](https://github.com/Shopify/shopify_app/pull/1450)
+* Add a new `billing` configuration which takes in a `ShopifyApp::BillingConfiguration` object and checks for payment on controllers with `Authenticated`. [#1455](https://github.com/Shopify/shopify_app/pull/1455)
+19.0.2 (April 27, 2022)
+----------
+* Fix regression in apps using online tokens. [#1413](https://github.com/Shopify/shopify_app/pull/1413)
+* Bump [Shopify API](https://github.com/Shopify/shopify_api) to version 10.0.3. It includes [these fixes](https://github.com/Shopify/shopify_api/blob/main/CHANGELOG.md#version-1003).
+19.0.1 (April 11, 2022)
+----------
+* Bump Shopify API (https://github.com/Shopify/shopify_api) to version 10.0.2. This update includes patch fixes since the initial v10 release.
+19.0.0 (April 6, 2022)
+----------
+* Use v10 of the Shopify API (https://github.com/Shopify/shopify_api). This update requires changes to an app - please refer to the [migration guide](https://github.com/Shopify/shopify_app/blob/main/docs/Upgrading.md) for details.
+BREAKING, please see migration notes.
+18.1.2 (Mar 3, 2022)
+----------
+* Use the App Bridge 2.0 redirect when attempting to break out of an iframe. This happens when an app is installed, requires new access scopes, or re-authentication because the login session is expired. [#1376](https://github.com/Shopify/shopify_app/pull/1376)
+18.1.1 (Feb 2, 2022)
+----------
+* Fix bug causing `unsafe-inline` CSP violation. [#1362](https://github.com/Shopify/shopify_app/pull/1362)
+18.1.0 (Jan 28, 2022)
+----------
+* Support Rails 7 [#1354](https://github.com/Shopify/shopify_app/pull/1354)
+* Fix webhooks handling in Ruby 3 [#1342](https://github.com/Shopify/shopify_app/pull/1342)
+* Update to Ruby 3 and drop support to Ruby 2.5 [#1359](https://github.com/Shopify/shopify_app/pull/1359)
+18.0.4 (Jan 27, 2022)
+----------
+* Use App Bridge client for redirect [#1247](https://github.com/Shopify/shopify_app/pull/1247)
+  * Replaces deprecated EASDK with App Bridge when redirecting out of an embedded iframe.
+18.0.3 (Jan 7, 2022)
+----------
+* Change regexp to match standard ngrok URLs. [#1311](https://github.com/Shopify/shopify_app/pull/1311)
+* Make `EnsureAuthenticatedLinks` compatible with AppBridge 2.0. [#1277](https://github.com/Shopify/shopify_app/pull/1277)
+  * Includes the `host` parameter when redirecting to the splash page in an unauthenticated state.
 18.0.2 (Jun 15, 2021)
 ----------
 * Added careers link to readme. [#1274](https://github.com/Shopify/shopify_app/pull/1274)
@@ -8,7 +58,7 @@
 18.0.0 (May 3, 2021)
 ----------
-* Support OmniAuth 2.x
+* Support OmniAuth 2.x
   * If your app has custom OmniAuth configuration, please refer to the [OmniAuth 2.0 upgrade guide](https://github.com/omniauth/omniauth/wiki/Upgrading-to-2.0).
 * Support App Bridge version 2.x in the Embedded App layout. [#1241](https://github.com/Shopify/shopify_app/pull/1241)
@@ -38,7 +88,7 @@
 17.0.4 (January 25, 2021)
 ----------
-* Redirect user to login page if shopify domain is not found in the `EnsureAuthenticatedLinks` concern [#1158](https://github.com/Shopify/shopify_app/pull/1158)
+* Redirect user to login page if shopify domain is not found in the `EnsureAuthenticatedLinks` concern [#1158](https://github.com/Shopify/shopify_app/pull/1158)
 17.0.3 (January 22, 2021)
 ----------

data/CONTRIBUTING.md CHANGED Viewed

@@ -73,4 +73,9 @@ Please follow these steps to have your contribution considered by the maintainer
       <summary>What if the status checks are failing?</summary>
       While the prerequisites above must be satisfied prior to having your pull request reviewed, the reviewer(s) may ask you to complete additional design work, tests, or other changes before your pull request can be ultimately accepted.
-    </details>
+    </details>
+### App Bridge client
+This gem ships with a UMD version of the App Bridge client. It lives inside the assets folder: `app/assets/javascripts/shopify_app/`. To update the client, simply download the UMD build from [unpkg.com](https://unpkg.com/@shopify/app-bridge) and save it into the folder.
+Please follow the convention of including the client version number in the filename. Finally, change the reference to the new App Bridge client inside `app/assets/javascripts/shopify_app/app_bridge_redirect.js`.

data/Gemfile CHANGED Viewed

@@ -1,11 +1,12 @@
 # frozen_string_literal: true
 source "https://rubygems.org"
 # Specify your gem's dependencies in shopify_app.gemspec
 gemspec
-gem 'rails-controller-testing', group: :test
+gem "rails-controller-testing", group: :test
 group :rubocop do
-  gem 'rubocop-shopify', require: false
+  gem "rubocop-shopify", require: false
 end

data/Gemfile.lock CHANGED Viewed

@@ -1,188 +1,161 @@
 PATH
   remote: .
   specs:
-    shopify_app (18.0.2)
-      browser_sniffer (~> 1.2.2)
+    shopify_app (19.1.0)
+      activeresource
+      browser_sniffer (~> 2.0)
       jwt (>= 2.2.3)
-      omniauth-rails_csrf_protection
-      omniauth-shopify-oauth2 (~> 2.3)
-      rails (> 5.2.1, < 6.2)
+      rails (> 5.2.1)
       redirect_safely (~> 1.0)
-      shopify_api (~> 9.4)
+      shopify_api (~> 10.0)
+      sprockets-rails (>= 2.0.0)
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.1.3.1)
-      actionpack (= 6.1.3.1)
-      activesupport (= 6.1.3.1)
+    actioncable (6.1.5)
+      actionpack (= 6.1.5)
+      activesupport (= 6.1.5)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.3.1)
-      actionpack (= 6.1.3.1)
-      activejob (= 6.1.3.1)
-      activerecord (= 6.1.3.1)
-      activestorage (= 6.1.3.1)
-      activesupport (= 6.1.3.1)
+    actionmailbox (6.1.5)
+      actionpack (= 6.1.5)
+      activejob (= 6.1.5)
+      activerecord (= 6.1.5)
+      activestorage (= 6.1.5)
+      activesupport (= 6.1.5)
       mail (>= 2.7.1)
-    actionmailer (6.1.3.1)
-      actionpack (= 6.1.3.1)
-      actionview (= 6.1.3.1)
-      activejob (= 6.1.3.1)
-      activesupport (= 6.1.3.1)
+    actionmailer (6.1.5)
+      actionpack (= 6.1.5)
+      actionview (= 6.1.5)
+      activejob (= 6.1.5)
+      activesupport (= 6.1.5)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.3.1)
-      actionview (= 6.1.3.1)
-      activesupport (= 6.1.3.1)
+    actionpack (6.1.5)
+      actionview (= 6.1.5)
+      activesupport (= 6.1.5)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.3.1)
-      actionpack (= 6.1.3.1)
-      activerecord (= 6.1.3.1)
-      activestorage (= 6.1.3.1)
-      activesupport (= 6.1.3.1)
+    actiontext (6.1.5)
+      actionpack (= 6.1.5)
+      activerecord (= 6.1.5)
+      activestorage (= 6.1.5)
+      activesupport (= 6.1.5)
       nokogiri (>= 1.8.5)
-    actionview (6.1.3.1)
-      activesupport (= 6.1.3.1)
+    actionview (6.1.5)
+      activesupport (= 6.1.5)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.1.3.1)
-      activesupport (= 6.1.3.1)
+    activejob (6.1.5)
+      activesupport (= 6.1.5)
       globalid (>= 0.3.6)
-    activemodel (6.1.3.1)
-      activesupport (= 6.1.3.1)
+    activemodel (6.1.5)
+      activesupport (= 6.1.5)
     activemodel-serializers-xml (1.0.2)
       activemodel (> 5.x)
       activesupport (> 5.x)
       builder (~> 3.1)
-    activerecord (6.1.3.1)
-      activemodel (= 6.1.3.1)
-      activesupport (= 6.1.3.1)
-    activeresource (5.1.1)
-      activemodel (>= 5.0, < 7)
+    activerecord (6.1.5)
+      activemodel (= 6.1.5)
+      activesupport (= 6.1.5)
+    activeresource (6.0.0)
+      activemodel (>= 6.0)
       activemodel-serializers-xml (~> 1.0)
-      activesupport (>= 5.0, < 7)
-    activestorage (6.1.3.1)
-      actionpack (= 6.1.3.1)
-      activejob (= 6.1.3.1)
-      activerecord (= 6.1.3.1)
-      activesupport (= 6.1.3.1)
-      marcel (~> 1.0.0)
-      mini_mime (~> 1.0.2)
-    activesupport (6.1.3.1)
+      activesupport (>= 6.0)
+    activestorage (6.1.5)
+      actionpack (= 6.1.5)
+      activejob (= 6.1.5)
+      activerecord (= 6.1.5)
+      activesupport (= 6.1.5)
+      marcel (~> 1.0)
+      mini_mime (>= 1.1.0)
+    activesupport (6.1.5)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
       zeitwerk (~> 2.3)
-    addressable (2.7.0)
+    addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
-    ast (2.4.1)
-    binding_of_caller (0.8.0)
+    ast (2.4.2)
+    binding_of_caller (1.0.0)
       debug_inspector (>= 0.0.1)
-    browser_sniffer (1.2.2)
+    browser_sniffer (2.0.0)
     builder (3.2.4)
     byebug (11.1.3)
     coderay (1.1.3)
-    concurrent-ruby (1.1.8)
-    crack (0.4.4)
+    concurrent-ruby (1.1.10)
+    crack (0.4.5)
+      rexml
     crass (1.0.6)
-    debug_inspector (0.0.3)
+    debug_inspector (1.1.0)
     erubi (1.10.0)
-    faraday (1.4.1)
-      faraday-excon (~> 1.1)
-      faraday-net_http (~> 1.0)
-      faraday-net_http_persistent (~> 1.1)
-      multipart-post (>= 1.2, < 3)
-      ruby2_keywords (>= 0.0.4)
-    faraday-excon (1.1.0)
-    faraday-net_http (1.0.1)
-    faraday-net_http_persistent (1.1.0)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    graphql (1.12.8)
-    graphql-client (0.16.0)
-      activesupport (>= 3.0)
-      graphql (~> 1.8)
+    globalid (1.0.0)
+      activesupport (>= 5.0)
+    hash_diff (1.0.0)
     hashdiff (1.0.1)
-    hashie (4.1.0)
-    i18n (1.8.9)
+    httparty (0.20.0)
+      mime-types (~> 3.0)
+      multi_xml (>= 0.5.2)
+    i18n (1.10.0)
       concurrent-ruby (~> 1.0)
-    jwt (2.2.3)
-    loofah (2.9.0)
+    jwt (2.4.1)
+    loofah (2.15.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    marcel (1.0.1)
-    method_source (0.9.2)
-    mini_mime (1.0.3)
-    mini_portile2 (2.5.0)
-    minitest (5.14.4)
-    mocha (1.11.2)
-    multi_json (1.15.0)
+    marcel (1.0.2)
+    method_source (1.0.0)
+    mime-types (3.4.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2022.0105)
+    mini_mime (1.1.2)
+    mini_portile2 (2.8.0)
+    minitest (5.15.0)
+    mocha (1.13.0)
     multi_xml (0.6.0)
-    multipart-post (2.1.1)
-    nio4r (2.5.7)
-    nokogiri (1.11.2)
-      mini_portile2 (~> 2.5.0)
+    nio4r (2.5.8)
+    nokogiri (1.13.4)
+      mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
-    oauth2 (1.4.7)
-      faraday (>= 0.8, < 2.0)
-      jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
-    omniauth (2.0.4)
-      hashie (>= 3.4.6)
-      rack (>= 1.6.2, < 3)
-      rack-protection
-    omniauth-oauth2 (1.7.1)
-      oauth2 (~> 1.4)
-      omniauth (>= 1.9, < 3)
-    omniauth-rails_csrf_protection (1.0.0)
-      actionpack (>= 4.2)
-      omniauth (~> 2.0)
-    omniauth-shopify-oauth2 (2.3.2)
-      activesupport
-      omniauth-oauth2 (~> 1.5)
-    parallel (1.20.1)
-    parser (2.7.2.0)
+    oj (3.13.14)
+    openssl (3.0.0)
+    parallel (1.21.0)
+    parser (3.1.0.0)
       ast (~> 2.4.1)
-    pry (0.12.2)
-      coderay (~> 1.1.0)
-      method_source (~> 0.9.0)
-    pry-nav (0.3.0)
-      pry (>= 0.9.10, < 0.13.0)
-    pry-stack_explorer (0.4.9.3)
-      binding_of_caller (>= 0.7)
-      pry (>= 0.9.11)
+    pry (0.14.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-nav (1.0.0)
+      pry (>= 0.9.10, < 0.15)
+    pry-stack_explorer (0.6.1)
+      binding_of_caller (~> 1.0)
+      pry (~> 0.13)
     public_suffix (4.0.6)
-    racc (1.5.2)
+    racc (1.6.0)
     rack (2.2.3)
-    rack-protection (2.1.0)
-      rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (6.1.3.1)
-      actioncable (= 6.1.3.1)
-      actionmailbox (= 6.1.3.1)
-      actionmailer (= 6.1.3.1)
-      actionpack (= 6.1.3.1)
-      actiontext (= 6.1.3.1)
-      actionview (= 6.1.3.1)
-      activejob (= 6.1.3.1)
-      activemodel (= 6.1.3.1)
-      activerecord (= 6.1.3.1)
-      activestorage (= 6.1.3.1)
-      activesupport (= 6.1.3.1)
+    rails (6.1.5)
+      actioncable (= 6.1.5)
+      actionmailbox (= 6.1.5)
+      actionmailer (= 6.1.5)
+      actionpack (= 6.1.5)
+      actiontext (= 6.1.5)
+      actionview (= 6.1.5)
+      activejob (= 6.1.5)
+      activemodel (= 6.1.5)
+      activerecord (= 6.1.5)
+      activestorage (= 6.1.5)
+      activesupport (= 6.1.5)
       bundler (>= 1.15.0)
-      railties (= 6.1.3.1)
+      railties (= 6.1.5)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
@@ -191,60 +164,67 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.3.0)
+    rails-html-sanitizer (1.4.2)
       loofah (~> 2.3)
-    railties (6.1.3.1)
-      actionpack (= 6.1.3.1)
-      activesupport (= 6.1.3.1)
+    railties (6.1.5)
+      actionpack (= 6.1.5)
+      activesupport (= 6.1.5)
       method_source
-      rake (>= 0.8.7)
+      rake (>= 12.2)
       thor (~> 1.0)
-    rainbow (3.0.0)
-    rake (13.0.3)
+    rainbow (3.1.1)
+    rake (13.0.6)
     rb-readline (0.5.5)
     redirect_safely (1.0.0)
       activemodel
-    regexp_parser (2.0.0)
-    rexml (3.2.4)
-    rubocop (1.5.2)
+    regexp_parser (2.2.0)
+    rexml (3.2.5)
+    rubocop (1.25.1)
       parallel (~> 1.10)
-      parser (>= 2.7.1.5)
+      parser (>= 3.1.0.0)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml
-      rubocop-ast (>= 1.2.0, < 2.0)
+      rubocop-ast (>= 1.15.1, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-ast (1.3.0)
-      parser (>= 2.7.1.5)
-    rubocop-shopify (1.0.7)
-      rubocop (~> 1.4)
-    ruby-progressbar (1.10.1)
-    ruby2_keywords (0.0.4)
-    shopify_api (9.4.1)
-      activeresource (>= 4.1.0, < 6.0.0)
-      graphql-client
-      rack
-    sprockets (4.0.2)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.15.1)
+      parser (>= 3.0.1.1)
+    rubocop-shopify (2.4.0)
+      rubocop (~> 1.24)
+    ruby-progressbar (1.11.0)
+    securerandom (0.2.0)
+    shopify_api (10.1.0)
+      concurrent-ruby
+      hash_diff
+      httparty
+      jwt
+      oj
+      openssl
+      securerandom
+      sorbet-runtime
+      zeitwerk (~> 2.5)
+    sorbet-runtime (0.5.10101)
+    sprockets (4.0.3)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.2.2)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
+    sprockets-rails (3.4.2)
+      actionpack (>= 5.2)
+      activesupport (>= 5.2)
       sprockets (>= 3.0.0)
     sqlite3 (1.4.2)
-    thor (1.1.0)
+    thor (1.2.1)
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (1.7.0)
-    webmock (3.9.1)
-      addressable (>= 2.3.6)
+    unicode-display_width (2.1.0)
+    webmock (3.14.0)
+      addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    websocket-driver (0.7.3)
+    websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
-    zeitwerk (2.4.2)
+    zeitwerk (2.5.4)
 PLATFORMS
   ruby
@@ -265,4 +245,4 @@ DEPENDENCIES
   webmock
 BUNDLED WITH
-   2.1.4
+   2.3.5

data/README.md CHANGED Viewed

@@ -17,6 +17,7 @@ This gem builds Rails applications that can be embedded in the Shopify Admin.
 [Contributing](/CONTRIBUTING.md) |
 [License](/LICENSE)
 ## Introduction
 This gem includes a Rails engine, generators, modules, and mixins that help create Rails applications that work with Shopify APIs. The [Shopify App Rails engine](/docs/shopify_app/engine.md) provides all the code required to implement OAuth with Shopify. The [default Shopify App generator](/docs/shopify_app/generators.md#-environment-rails-generate-shopify_app) builds an app that can be embedded in the Shopify Admin and secures it with [session tokens](https://shopify.dev/concepts/apps/building-embedded-apps-using-session-tokens).

data/Rakefile CHANGED Viewed

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
-require 'bundler/gem_tasks'
-require 'rake/testtask'
-require File.expand_path('../test/dummy/config/application', __FILE__)
+require "bundler/gem_tasks"
+require "rake/testtask"
+require File.expand_path("../test/dummy/config/application", __FILE__)
 Rails.application.load_tasks