workarea 3.5.10 → 3.5.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1ffdace8e3e2244a812f18489f381c4f4ecde7bd7887ad7edee422d66b28e95b
-  data.tar.gz: 9f45fa88c1a3b287d55503bbbcdd9afec85fdf7229e22ffcfb2b279425911569
+  metadata.gz: 9c1de4a77ebc26c0f22c4612756cd74ead315753d4aadc9f3757b3088facb7da
+  data.tar.gz: e65ba51df0b5b6a027e3e4e251df060b2d1b145bee8a3813515183498717da0c
 SHA512:
-  metadata.gz: 274e9d0ebbe25cce5356280c4b54be061c256a5d1a89df103e182bbf9398d62ac52cb8da40e9bb6e06801298b1389c4fc1d310a6f8281f7e94ef3c90122dcf3d
-  data.tar.gz: 0525e0ca449686c53460891b244ac8a4b3f407141cfcd7338f3d09236f41a423e22f35b2a67fffb32a5c67d3e1108aecf76a6645c292e169a249dfc7ac23f073
+  metadata.gz: 12d89aacb5432dce53921ea244813da696403912c5982c66fe1eb7e21446981eda90df757a0c5a706e591131e55b30684ddb7cf9264fcbb33263207023ec5655
+  data.tar.gz: ca54ea778182b40a1831fa89232216e99785dea734bce28f5a8b8795544aa437e35ac16736152f65b89740ae0cf6c9d1c0d03de89a491321f614f37284f4b597

data/CHANGELOG.md

@@ -1,75 +1,346 @@
-Workarea 3.5.10 (2020-04-28)
+Workarea 3.5.15 (2020-07-07)
 --------------------------------------------------------------------------------
 
-*   Fix bugs with per_page used in page calculation for search queries
+*   Patch Jbuilder to Support Varying Cache
 
-    Even though this shouldn't come from the outside world, it's easy and
-    best to ensure per_page is always a valid number.
+    Previously, admins were not able to see up-to-date data in API requests
+    due to the `#cache!` method in Jbuilder not being patched to skip
+    caching when an admin is logged in. To resolve this, Workarea now
+    applies the same patch to Jbuilder as it does to ActionView. Reading
+    from the cache is now skipped if you're logged in as an admin, and cache
+    keys are appended with the configured `Cache::Varies` just the same as
+    in regular Haml views.
+
+    WORKAREA-243
+
+    Tom Scott
+
+*   Bump rack version
+
+    Fixes CVE-2020-8184
 
     Ben Crouse
 
-*   Stub S3 CORS for all integration tests
+*   Add Permissions Append Point to User Workflow
 
-    It's annoying and unnecessary to have to stub this for every test that
-    uses an asset picker.
+    This allows a plugin (such as API) to specify permissions categories when
+    admins are either editing or creating a user.
 
-    WORKAREA-209
+    WORKAREA-240
+
+    Tom Scott
+
+
+
+Workarea 3.5.14 (2020-06-25)
+--------------------------------------------------------------------------------
+
+*   Reset Geocoder between tests
+
+    This ensures individual tests monkeying around with Geocoder config will
+    get restored before the next test runs.
 
     Ben Crouse
 
-*   Skip localized activeness test when localized active fields are off
+*   Fix indexing categorization changesets for deleted releases
 
-    Fixes #421
+    A category can have orphan changesets (from deleted releases) that cause
+    an error when indexing the percolation document for that category.
 
     Ben Crouse
 
-*   Fix accepting per_page param from outside world
+*   Disable previewing for already published, unscheduled releases
 
-    Page size is the most important factor in performance for browse pages,
-    so we don't want these exposed to the outside world out-of-the-box.
+    Due to the previewing in the search index, previewing a published and
+    unscheduled release can cause issues that require it to go through
+    scheduling to get reindexed.
 
     Ben Crouse
 
-*   Update grammar for consistency
+*   Use Display Name For Applied Facet Values
+
+    When rendering the applied filters, wrap the given facet value in
+    the `facet_value_display_name` helper, ensuring that the value rendered
+    is always human readable. This addresses an issue where if the applied
+    filter value is that of a BSON ID, referencing a model somewhere, the
+    BSON ID was rendered in place of the model's name.
+
+    WORKAREA-122
+
+    Tom Scott
+
+*   Fix Segments Workflow Setup Duplication
+
+    The setup form for the new custom segment workflow did not include the
+    ID of an existing segment (if persisted) in the form when submitted,
+    causing multiple duplicate segment records to be created when users go
+    back to the setup step in the workflow. None of the other steps are
+    affected because the ID appears in the URL, but the setup step does a
+    direct POST to `/admin/create_segments`, thus causing this problem.
+
+    WORKAREA-219
+
+    Tom Scott
+
+*   Fix index duplicates after a release is removed
 
+    When a release is deleted, its changes must be reindexed to fix previews
+    for releases scheduled after it. This manifests as duplicate products
+    when previewing releases.
 
     Ben Crouse
 
-*   Corrected no_available_shipping_options translation typo (#418)
+*   Fix Promo Code Counts in Admin
 
+    Previously, promo codes could only be generated once through the admin,
+    so rendering the count of all promo codes as the count requested to be
+    generated was working out. However, as CSV imports and API updates became
+    more widespread, this began to break down as the `#count` field would
+    have to be updated each time a new set of promo codes were added.
+    Instead of reading from this pre-defined field on the code list, render
+    the actual count of promo codes from the database on the code list and
+    promo codes admin pages.
 
-    JurgenHahn
+    WORKAREA-199
 
-*   Fix fullfilment shipped mailer template
+    Tom Scott
 
-    Fullfilment shipped mailer template is using cancellation header.
+*   Fix indexing after a release publishes
 
-    heyqule
+    Due to potential changes in the index, publishing a release can result
+    in duplicate products when previewing.
 
-*   Improve visual design of most discounted products insight
+    Ben Crouse
+
+*   Update queue for release reschedule indexing
 
+    This should be in the releases queue, which has top priority. This will
+    help decrease the latency to accurate previews.
 
     Ben Crouse
 
-*   Change HashUpdate to use the setter instead of mutation
 
-    Simply mutating the value doesn't work when the field is localized.
-    Mongoid's localization behavior only kicks in when you use the setter.
+
+Workarea 3.5.13 (2020-06-11)
+--------------------------------------------------------------------------------
+
+*   Fix duplicate products in release previews for featured product changes
+
+    When featured product changes stack in a release, duplicates will show
+    when previewing. This is due to the product's Elasticsearch documents
+    missing changeset IDs for releases scheduled after the release that
+    document is for. This fixes by indexing those release IDs as well.
+
+    Note that this will require a reindex to see the fix immediately. But
+    there's no harm in letting it roll out as products gradually get
+    reindexed.
 
     Ben Crouse
 
-*   Allow setting locale fallbacks for a test
+*   Fix reindexing of featured product resorting within a release
 
-    This is useful if you want to test fallback behavior. Tests in base
-    should be agnostic to whether fallbacks are available or not.
+    Resorting featured products within a release causes an inaccurate set of
+    changes from Mongoid's perspective, since it is only looking at what's
+    live vs what's going to be released. The changes within the release
+    aren't represented. This can manifest as incorrect sorts when previewing
+    in the storefront.
 
     Ben Crouse
 
-*   Fix locale fallback getting unexpectedly autloaded
+*   Add additional append points to admin system.
+
+    Adds append points to product details, product content, variant and inventory sku.
+
+    Jeff Yucis
+
+*   Bump Geocoder
+
+    This fixes an irrelevant bundler-audit CVE warning, and adds/updates a bunch of Geocoder lookup options. See https://github.com/alexreisner/geocoder/blob/master/CHANGELOG.md for more info.
+
+    Ben Crouse
+
+*   Fix releases shifting day on the calendar when scrolling
+
+    This was caused by legacy timezone code that's irrelevant since we
+    shifted to a fix server-side timezone for the admin.
+
+    Ben Crouse
+
+*   Add QueuePauser to pause sidekiq queues, pause for search reindexing
+
+    WORKAREA-236
+
+    Matt Duffy
+
+*   Add index for releasable fields on changets, correct order fraud index
+
+    WORKAREA-235
+
+    Matt Duffy
+
+*   Handle error from attempting to fetch missing S3 CORS configuration
+
+    WORKAREA-234
+
+    Matt Duffy
+
+*   Fix storefront indexing when releases are rescheduled
+
+    When releases get rescheduled, the storefront index can end up with
+    duplicate and/or incorrect entries. This adds a worker which updates the
+    index with minimal querying/updating.
+
+    Ben Crouse
+
+*   Don't assume promo codes for indexing discounts
+
+    A custom discount may be implemented that doesn't use promo codes.
+
+    Ben Crouse
+
+*   Bump rack-attack to latest version
+
+    This fixes rack-attack keys without TTLs set piling up in Redis. This has caused hosting problems.
+
+    Ben Crouse
+
+*   Bump Kaminari dependency to fix security alert
+
+
+    Ben Crouse
+
+*   Fix query caching in Releasable
+
+    When reloading a model to get an instance for a release, if the model
+    had already been loaded, a cached version of the model was returned.
+    This causes incorrect values on the instance you thought you were getting
+    for a release.
+
+    This first manifested as a bug where adding a featured product that
+    had a release change to make it active caused reindexing to make it
+    active but it shouldn't have been.
+
+    Ben Crouse
+
+*   Fix incorrect shipping options error flash message
+
+    A flash error incorrectly showed when the order doesn't require shipping,
+    and addresses are updated.
+
+    Ben Crouse
+
+
+
+Workarea 3.5.12 (2020-05-26)
+--------------------------------------------------------------------------------
+
+*   Fix incorrect import errors
+
+    When an import fails due to a missing `DataFile::Import` document, the
+    `ProcessImport` worker will raise a nil error due to the ensure. This
+    fixes by ensuring the `DocumentNotFound` error gets raised.
+
+    Ben Crouse
+
+*   Remove caching from direct upload CORS requests
+
+    The caching continues to give us problems, and this isn't a high-traffic
+    part of the system so there isn't a practical need for it.
+
+    Ben Crouse
+
+*   Add paranoid fallback for segment metrics lookup
+
+    Although this should never happen, giving a user incorrect segments
+    could have important consequences. If the email cookie is removed or
+    missing for some other reason, it doesn't hurt to fallback to looking up
+    based on the user model (even though this is an additional query) when
+    we know they're logged in.
+
+    Ben Crouse
+
+*   Don't set a blank tracking email in checkout
+
+    Doing this has the potential to create an incorrect tracking email,
+    which could cause a visitor's segments to change in checkout.
+
+    Ben Crouse
+
+
+
+Workarea 3.5.11 (2020-05-13)
+--------------------------------------------------------------------------------
+
+*   Rename index to avoid conflicts in upgrade
+
+    We changed the abaondoned orders index so trying to create indexes after
+    upgrading will cause a conflict due to different indexes with the same
+    name. This renames the index to fix that.
+
+    Ben Crouse
+
+*   Fix comment subscription messaging
+
+    Also improves UI to move the secondary action of
+    subscribing/unsubscribing out of the main area.
+
+    Ben Crouse
+
+*   Correct/clarify Dragonfly configuration warning
+
+
+    Ben Crouse
+
+*   Remove extra order ID cookie
+
+    No need for the extra cookie if the order isn't persisted. Note this
+    doesn't actually affect functionality.
+
+    Ben Crouse
+
+
+
+Workarea 3.5.10 (2020-04-28)
+--------------------------------------------------------------------------------
+
+*   Fix bugs with per_page used in page calculation for search queries
+
+    Even though this shouldn't come from the outside world, it's easy and
+    best to ensure per_page is always a valid number.
+
+    Ben Crouse
+
+*   Skip localized activeness test when localized active fields are off
+
+    Fixes #421
+
+    Ben Crouse
+
+*   Fix accepting per_page param from outside world
+
+    Page size is the most important factor in performance for browse pages,
+    so we don't want these exposed to the outside world out-of-the-box.
+
+    Ben Crouse
+
+*   Update grammar for consistency
+
+
+    Ben Crouse
+
+*   Corrected no_available_shipping_options translation typo (#418)
+
+
+    JurgenHahn
+
+*   Fix fullfilment shipped mailer template
+
+    Fullfilment shipped mailer template is using cancellation header.
+
+    heyqule
+
+*   Improve visual design of most discounted products insight
 
-    This can happen in the middle of a test suite, causing apparently random
-    test failure. This freedom patch prevents fallbacks from autoloading.
-    We want to let the implementation make that decision.
 
     Ben Crouse
 
@@ -96,7 +367,6 @@ Workarea 3.5.10 (2020-04-28)
     Ben Crouse
 
 
-
 Workarea 3.5.9 (2020-04-15)
 --------------------------------------------------------------------------------
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: workarea
 version: !ruby/object:Gem::Version
-  version: 3.5.10
+  version: 3.5.15
 platform: ruby
 authors:
 - Ben Crouse
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-28 00:00:00.000000000 Z
+date: 2020-07-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: workarea-core
@@ -16,56 +16,56 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.5.10
+        version: 3.5.15
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.5.10
+        version: 3.5.15
 - !ruby/object:Gem::Dependency
   name: workarea-storefront
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.5.10
+        version: 3.5.15
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.5.10
+        version: 3.5.15
 - !ruby/object:Gem::Dependency
   name: workarea-admin
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.5.10
+        version: 3.5.15
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.5.10
+        version: 3.5.15
 - !ruby/object:Gem::Dependency
   name: workarea-testing
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.5.10
+        version: 3.5.15
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.5.10
+        version: 3.5.15
 description: Workarea is an enterprise-grade Ruby on Rails commerce platform.
 email:
 - bcrouse@workarea.com