All Versions
87
Latest Version
Avg Release Cycle
14 days
Latest Release
756 days ago

Changelog History
Page 7

  • v2.0.0-rc.6 Changes

    πŸš€ This is our sixth release candidate for v2.0.0 of Reaction. Please check it out and let us know what works and what doesn't for you.

    Meteor 1.8 Final

    πŸš€ We've been using a release candidate of Meteor 1.8 in all of our 2.0 release candidates to this point - this has also included release candidate versions of Babel 7. In this release we're updating to the final version of Meteor 1.8 and Babel 7.

    🐎 There are a lot of great updates that are included in Meteor 1.8 and you can read all about them in the Meteor blog. I think the one that we'll notice the most is significant improvement to build performance that. We've been focused on improving the performance and developer experience with Reaction for a while now and this update makes significant progress towards improving the developer experience and build times. Anyone who's been using Reaction for a while should notice big improvements to the amount of time it takes for the app to rebuild after making changes.

    πŸš€ We're still working with Node.js 8.11.4 as the upgrade to Node 8.12.0 got postponed to the Meteor 1.8.1 release. If you're itching to play with it, you can run meteor update --release 1.8.1-beta.n from the directory that you've got the core reaction project installed. There may be some additional speed improvements related to Meteor's use of Fibers that come along in this version.

    ⚑️ We've also updated the our base docker image to use Meteor 1.8 (#4760)

    Email Sending

    πŸ”§ We've extracted the core email sending functionality into a new reaction-email-smtp plugin which is included and created a new sendEmail event which is emitted for each email job. The core smtp email plugin now listens for these events and sends an email if an SMTP provider is configured. By doing this we've made it possible to create plugins which send emails via an API rather than via SMTP.

    πŸ”Œ The email provider config form found at Dashboard -> Emails -> Mail Provider is now also able to be overridden. Plugins can use register.js to provide a React component to use here.

    GraphQL API

    βž• Added a primaryShop GraphQL query & resolver, eliminating the need to first query for the primary shop ID, followed by another query for shop by ID.

    πŸ’₯ Breaking Changes

    ⚑️ In #4749 we changed the names of our included payment method plugins. We've included a migration to automatically update any existing installation, but if you have custom code that relies on these payment method names you may need make some changes.

    πŸ›  Fixes

    • πŸ›  fix: keep toggles shown, width 100% in action view (#4772)
    • πŸ›  fix: Use babel.config.js to fix Jest tests in custom plugins with package.json (#4782)

    πŸ”‹ Features

    • πŸ”Œ feat: decouple SMTP email sending logic from core to allow plugins to override (#4740)
    • πŸ”Œ feat: Add a CORS-enabled endpoint for token refresh in Hydra plugin (#4743)
    • feat: GraphQL query & resolver for loading the primary shop (#4747)
    • ⚑️ feat: update to Meteor 1.8 final (#4753)
    • ⚑️ feat: update to base image 1.8 (#4760)
    • πŸ’» feat: client ui payment methods (#4749) .. Resolves #4719
    • feat: added migration for adding available payment methods to shops. (#4729)
    • πŸ’» feat: use GraphQL for payment methods operator ui (#4749) .. Resolves #4719

    Migrations

    • chore: added migration for adding available payment methods to shops. (#4729)

    Chores

    βœ… We've been ignoring some of our integration tests as the in-memory MongoDB they rely on has not been working effectively. Previously we did this by skipping our entire test:integration tests in CI, we're now just skipping the tests that are failing due to this db incompatibility and have plans to address this soon.

    • βœ… chore: Skip failing integration tests (#4751)
    • πŸš€ chore: Deploy release branches to staging ECS environment (#4758)

  • v2.0.0-rc.5 Changes

    πŸš€ This is our fifth release candidate for v2.0.0 of Reaction. Please check it out and let us know what works and what doesn't for you.

    Mongo replica set issue

    πŸ‘€ Many people were having issues with the Mongo replica-set image starting before the Mongo database was ready. This could cause the replica-set to fail and the application to hang during startup in a development environment. This is fixed in #4748 by waiting for mongo to be reachable within the reaction container before connecting to it, and creating the DB if needed, initiating the replica set if needed, and waiting for the replica set to be OK. This fix should solve the docker-compose startup race conditions we've been seeing. (#4748)

    GraphQL

    We've added two new GraphQL queries for payment methods. A query paymentMethods which will list all registered payment methods and is restricted to operators and availablePaymentMethods which will list all payment methods which have been enabled. These new queries were added in #4709. We've also added a GraphQL mutation that permits an operator to enable or disable a payment method for a shop in #4739

    ⚑️ We've updated the CartItems and OrderItems GraphQL queries to include a productTags resolver which will return the tags for the CartItem or OrderItem. The new resolvers and updated schemas were added in #4715 and #4732

    There is a new GraphQL mutation for generating sitemaps generateSitemaps this replaces the sitemaps/generate meteor method. method. (#4708)

    ⚑️ Classic Storefront UI Updates

    πŸ’» We've replaced the customer facing Product Grid in the Classic Storefront UI with our CatalogGrid component from the Reaction Design System. This was accomplished in #4649

    There's a new "Include in sitemap?" checkbox in the Product Settings when using the operator interface to edit product information. This was added to make it possible to exclude published products from the sitemap. (#4708)

    βž• Additional Plugin Capabilities

    πŸ— A plugin can now include a catalog object in registerPackage, with customPublishedProductFields and customPublishedProductVariantFields that are set to arrays of property names. These will be appended to the core list of fields for which published status should be tracked. This is used to build the hashes that are used to display an indicator when changes need to be published. (#4738)

    πŸ”Œ A plugin can now use the functionsByType pattern to register one or more functions of type "publishProductToCatalog", which are called with (catalogProduct, { context, product, shop, variants }) and expected to mutate catalogProduct if necessary. (#4738)

    nvmrc

    πŸ‘• Even though most of the development work happens in Docker, getting the right version of node available directly in the host OS is convenient for setting up eslint integration with your editor. We've added an .nvmrc file for this as we've recommended nvm for installing and managing NodeJS in our docs for some time now.

    Public API Changes

    We've changed the GraphQL schema for PaymentMethod@name from PaymentMethodName to String. PaymentMethodName was a subset of string and this should not cause any issues.

    πŸ’₯ Breaking Changes

    πŸ‘€ WE've replaced the generateSitemaps Meteor method with a GraphQL mutation. See #4708 for details.

    ⚑️ Because we've replaced the customer facing Product Grid UI in the Classic Storefront UI, if you had any plugins which relied on specific selectors or the structure of the existing UI, those may need to be updated.

    πŸ”‹ Features

    • feat: payment methods (#4709) .. Resolves #4574
    • feat: enable payment method for shop (#4739) .. Resolves #4718
    • feat: use component library's CatalogGrid - 2.0 (#4649)
    • feat: add product tags to cart items (#4715)
    • feat: Add product tags to order item (#4732)
    • feat: option to choose whether a product should appear in the sitemap (#4708)
    • feat: add a way to extend catalog product publication (#4738)

    πŸ›  Fixes

    • πŸ›  fix: Auth Consent scopes issue (#4733)
    • πŸ›  fix: 4722 compareAtPrice - convert from Float to Money (#4731)
    • πŸ›  fix(startup): init mongo replica set after waiting for connection (#4748)

    Chores

    • πŸ”§ chore: add .nvmrc configuration file (#4744)

    πŸ“„ Docs

    • πŸ“„ docs: Link readers to Reaction Platform install instructions (#4724)
    • πŸ“„ docs: fix jsdoc copypasta on waitForReplica checkWaitRetry (#4723)

  • v2.0.0-rc.4 Changes

    πŸš€ This is our fourth release candidate for v2.0.0 of Reaction. Please check it out and let us know what works and what doesn't for you.

    🐎 Improving Jest test performance in CI

    πŸ‘€ We started seeing unit tests timing out in CI in the morning on Friday October 5. It doesn't appear that this was caused by a change in our jest version as we were able to reproduce the issues on older branches which were previously passing. 🐎 This is resolved in #4176 by changing our test:unit script in package.json to run jest with the --maxWorkers=4 flag. This resolved our issue with tests timing out, and improves test performance in CI overall. This is suggested in the troubleshooting jest here: https://jestjs.io/docs/en/troubleshooting.html#tests-are-extremely-slow-on-docker-and-or-continuous-integration-ci-server

    Checkout Totals

    πŸ’» There were some cases in the Classic Storefront UI where there would be a discrepancy between the total calculated on the server and the price calculated by the client. This is not an issue in the Next.js Storefront as all price values are calculated on the server. This is resolved in #4701

    πŸ›  Bugfixes

    πŸ›  fix: round total when verifying it on order create (#4701) .. Resolves #4684

    Chores

    πŸ›  fix: limit jest maxWorkers to 4 to improve CI perf (#4716)

  • v2.0.0-rc.3 Changes

    πŸš€ This is our third release candidate for v2.0.0 of Reaction. Please check it out and let us know what works and what doesn't for you.

    πŸš€ A few files snuck into our last release that had incorrect jsdoc syntax in the form of @return <Promise>Type πŸš€ The jsdoc parser is unable to parse any return type starting with a < and throws an error. This error is thrown during the Deploy Docs CI step and causes that step of the CI to fail. This is resolved in #4704 by fixing the jsdoc to use the correct Promise syntax @return Promise<Type>

    πŸ›  Bugfixes

    • πŸ›  fix: resolve errors in jsdoc Promise returns (#4704)

  • v2.0.0-rc.2 Changes

    πŸš€ This is our second release candidate for v2.0.0 of Reaction. Please check it out and let us know what works and what doesn't for you.

    OAuth Flow

    • πŸ’» Get the auth URL connected to the Login request from Hydra. Get the loginAction field and pass it in the UI route query param (?action={loginAction}) to serve as state info to the Login component.(#4651)
    • ⚑️ Update the Auth components to show appropriate form fields based on route query param (e.g ?action=signin)(#4651)
    • ⚑️ Update the SignIn and SignUp core components to have a new hasSwitchLinks prop. This will determine if link to toggle between SignIn and SignUp views should be displayed. It defaults to true (so previous behaviour is kept - no breaking change)(#4651)
    • ⚑️ Update Auth container for OAuth IDP flow with hasSwitchLinks=false. This makes the state of the form depend on ONLY the route query (#4651)
    • Fix the Hydra session feature. Now, when a user who already signed in (and is sill within the set HYDRA_SESSION_LIFESPAN), tries to login again, we won't show the login form again.(#4651)
    • βž• Add /logout endpoint for Consumer apps (like Starterkit) to call to delete user sessions from Hydra. The delete session endpoint in Hydra lives on the Administrative port (4445), so we are not exposing it to Consumer apps to consume directly.(#4651)

    Taxes

    If item.tax did not exist the getTaxTotal was returning NaN which would show up in cart totals. This was introduced in #4664 and is resolved in #4670

    πŸ’» Operator UI for editing product information

    On the PDP, when typing a tag name in the admin sidebar, a console error would appear: Uncaught (in promise) TypeError: Cannot read property 'getShopId' of undefined at getShopLang (helpers.js:118). This was because Reaction was undefined when getShopLang() would run. This is resolved in #4673

    πŸ›  Fixes

    • (fix) Properly return 0 when no tax items are present (#4670)
    • πŸ›  fix: Show correct form state during create account oauth flow (#4651)
    • πŸ›  Fix: console error when typing a tag name on PDP (#4673)
    • πŸ›  fix: discounts and profile orders in 2.0 (#4674)
    • πŸ›  fix: orders dashboard layout issue (#4688) Updated a few panel styles to fit within the viewport better and not end up behind the "modal overlay"

    Chores

    • ⚑️ chore: updating get in touch link (#4676)
    • πŸ“„ chore: fix broken link in README to schema docs (#4672)

  • v2.0.0-rc.12 Changes

    July 02, 2019

    v2.0.0-rc.12

    πŸš€ This is our twelfth release candidate for v2.0.0 of Reaction.
    Please check it out and let us know what works and what doesn't for you.

    πŸš€ This release is being coordinated with reaction-platform and is designed to work with the same versions of example-storefront and reaction-hydra.

    πŸ‘Œ Improvements

    πŸ”‹ Feature

    • πŸ‘ feat: better cart and order item attributes, with labels (#5253)
    • feat: add shopLogoUrls to shop settings to allow logo to be rendered from url (#5227)
    • feat: add resolver to get displayStatus from database (#5236)
    • feat: Add DetailDrawer component for supplementary views (#5239)
    • feat: add regex filter to tags GQL query (#5232)
    • feat: add landing page for catalyst (#5226)
    • ⚑️ feat: update sidebar, fix mobile responsiveness (#5209)
    • feat: hard code cache keys prefix (#5222)
    • feat: add read-only version of orders 2.0 to break up PR’s (#5202)
    • feat: add approveOrderPayments graphql mutation (#5201)
    • feat: dangerButton and ConfirmButton components (#5200)
    • πŸ”Œ feat: define collections using registerPlugin (#5196)
    • ⚑️ feat: update default navigation item visibility options when added to the navigation tree (#5190)
    • feat: storefront login url (#5187)
    • feat: add a setting for whether options without inventory enabled are sellable (#5186)
    • πŸ’» feat: UI for adding Storefront Urls inside Catalyst (#5174)
    • feat: additional navigation visibility options (#5153)
    • feat: add ENV to disable inventory auto-publish (#5149)
    • feat: migrations & related checks can be disabled (#5140)
    • feat: allow 10 levels of navigation tree (#5129)
    • feat: add Catalog query filters (#5126)
    • feat: ShopId can be any string (#5119)
    • feat: use shop logo for login pages (#5109)
    • feat: drop unnecessary MongoDB indexes (#5106)
    • feat: adds optional flag to filter out sold-out products (#5105)
    • feat: allow viewing of orders by reference id (#5092)
    • πŸ”Œ feat: plugin: Prometheus Metrics (#5088)
    • feat: feature/system info (#5087)
    • feat: add name related data to viewer Account query (#5079)
    • πŸ”Œ feat: replace reaction plugins usage (#5070)
    • feat: Add cart referenceId in graphql schema (#5065)
    • feat: registerBlock API for registering blocks and rendering components for regions (#5064)
    • feat: allow extend generate orderId and cartId (#5054)
    • feat: de-Meteorize emailing code in the API (#4998)

    πŸ›  Fix

    • πŸ›  fix: socket issues (#5255)
    • πŸ›  fix: Make new order email links correct for storefront (#5251)
    • πŸ›  fix: ensure translations from all packages load (#5252)
    • πŸ›  fix: Fix page title from not found (#5245)
    • πŸ›  fix: alphabetical currencies (#5230)
    • πŸ›  fix: app will not start (#5216)
    • πŸ›  fix: shop with data error (#5207)
    • πŸ›  fix: change calibre ci step to use npx (#5197)
    • πŸ›  fix: NaN for prices with commas (#5193)
    • πŸ›  fix: add subtotal display amount to dataForOrderEmail (#5183)
    • πŸ›  fix: remove product-admin dead import (#5180)
    • πŸ›  fix: Can't re-send shop manager invite to existing non-activated user (#5178)
    • πŸ›  fix: set shop manager password on invitation (#5173)
    • πŸ›  fix: replaceBlock function (#5161)
    • πŸ›  fix: detect and add a newline in .env file if its missing (#5156)
    • πŸ›  fix: race condition by awaiting each publish catalog function by type… (#5151)
    • πŸ›  fix: inventory quantity resets to 0 when any variant or option quantity is undefined (#5134)
    • πŸ›  fix: remove transform for billingAddress in gql resolver for Payment (#5125)
    • πŸ›  fix: add correct item images to order email data (#5121)
    • πŸ›  fix: password reset form (#5120)
    • πŸ›  fix: include submodule bare repos in docker build context (#5118)
    • πŸ›  fix: extendCommonOrder items data was over-written by itself (#5104)
    • πŸ›  fix: orders performance (#5096)
    • πŸ›  fix: revert metrics prometheus (#5099)
    • πŸ›  fix: catalog items performance (#5095)
    • πŸ›  fix: rounding Issue in Cart/Orders (#5091)
    • πŸ›  fix: remove aldeed:schema-index Meteor package, use collectionIndex (#5090)
    • πŸ›  fix: make tax code field available for new rate (#5076)
    • πŸ›  fix: duped cart referenceId (#5074)
    • πŸ›  fix: shipping restrictions not correctly denying methods (#5071)
    • πŸ›  fix: navigation editor WSOD when navigation tree is empty (#5067)
    • πŸ›  fix: set variant media correctly when added to cart (#5063)
    • πŸ›  fix: marketplace invitation validation (#5057)

    Chore

    • ⚑️ chore: Remove unused npm deps and update to latest Babel (#5250)
    • ⚑️ chore: update @reactioncommerce/file-collections version (#5244)
    • 🌲 chore: Omit email credentials from log data (#5241)
    • πŸ’… chore: update styles for MUI Typography to match designs (#5235)
    • 🚚 chore: Move some core files to new shop plugin (#5233)
    • ⚑️ chore: Update NPM packages (#5231)
    • ⚑️ chore: Update React 16.8.6 (#5204)
    • chore: add language to shop query (#5203)
    • 🚚 chore: remove Profile (#5198)
    • πŸ”Œ chore: finish simple-pricing plugin (#5143)
    • πŸ‘• chore: add a GraphQL schema linter, fix found issues (#5112)
    • chore: ignore js-yaml vuln for 30 days (#5108)
    • ⚑️ chore: security update for js-yaml (#5093)
    • chore: ensure an error message is logged for apollo errors (#5061)
    • chore: more consistent Usage of ES6+ Code (#5056)

    πŸ”¨ Refactor

    • πŸ”¨ refactor: Demeteorize registration for remaining API server plugins (#5234)
    • πŸ”¨ refactor: Rename graphql endpoint (#5249)
    • πŸ”¨ refactor: update styling of orderCard header section, move details to sidebar (#5240)
    • πŸ”¨ refactor: enhancements to tag ui in Catalyst (#5223)
    • πŸ”¨ refactor: inventory Rewrite - new simple-inventory plugin (#5164)
    • πŸ”¨ refactor: add home, order, orders, and account profile urls to shop object (#5145)
    • πŸ”¨ refactor: use getVariantPrice to determine price in xformCartGroupToCommonOrder (#5142)
    • πŸ”¨ refactor: add env. vars. for graphql playground and introspection (#5055)

    🐎 Performance

    • 🐎 perf: minor inventory performance improvments (#5220)
    • perf: demeteorize and reorg some core startup code (#5212)
    • perf: avoid unnecessary database queries for common GraphQL requests (#5154)
    • ⚑️ perf: faster inventory updates (#5138)
    • πŸ‘· perf: create index for Jobs queries (#5137)
    • 🐎 perf: improved performance for products and catalog items queries with featured sort (#5136)
    • perf: tag subscription (#5130)
    • perf: speed up the products table publication (#5128)
    • 🚚 perf: remove unused Meteor methods and client cart code (#5059)

    πŸ’₯ Breaking Changes

    • uiState.isLeftSidebarOpen renamed to uiState.isPrimarySidebarOpen (#5209)
    • πŸ’₯ Breaking workflow, every item added to the nav tree will need to be explicitly made visible on the storefront (#5190)
    • 0️⃣ There is a new shop-specific app setting, canSellVariantWithoutInventory, which is true by default. If this is changed to false, then variants/options without inventory tracking enabled will appear sold out and with back-ordering disabled. (#5186)
    • navigationTreeById now accepts an object containing params { language, navigationTreeId, shouldInlcudeSecondary } instead of individual params. (#5153)
    • draftItems is admin only now so to not expose work-in-progress changes to the public
    • Potential for http routing conflicts on /metrics. (#5088)
    • 🚚 Product components have been broken into smaller peices and the old files removed. This should be an internal breaking change as prior to this PR, those components couldn't be modified without touching core. (#5064)
    • ⚑️ The new order confirmation email template has been updated (#5251)
    • Multi-shop orders will no longer work (#5096)
    • ⚑️ If you have custom plugins that use index or unique options in their schemas, add back the aldeed:schema-index dependency or update the plugins to use collectionIndex function. (#5090)
    • ⚑️ Custom plugins importing any of the removed packages or using the removed component will need to be updated. (#5250)
    • 🚚 The deprecated price field has been removed from CatalogProduct and CatalogProductVariant. (#5143)
    • πŸ”Œ Custom plugins that manage or use inventory are likely to need a rewrite. (#5164)
    • πŸ”Œ Older shops must confirm they are using our simple-pricing plugin, and that pricing is available on Catalog items. (#5142)
    • βœ‚ Removed support for undocumented feature Meteor.settings.cdnPrefix
    • βœ‚ Removed support for undocumented feature Reaction.Endpoints
    • βœ‚ Removed support for prerender by prerender-node NPM package (#5212)
    • 🏷 Tags are no longer subscribed to at a global level. Subscribe to tags when you need them using Meteor.subscribe("Tags", [tagIds]); (#5130)
    • ⚑️ Any custom plugins relying on the removed Meteor methods will need to be updated. (#5059)

  • v2.0.0-rc.11 Changes

    March 21, 2019

    v2.0.0-rc.11

    πŸš€ This is our eleventh release candidate for v2.0.0 of Reaction.
    Please check it out and let us know what works and what doesn't for you.

    πŸš€ This release is being coordinated with reaction-platform and is designed to work with the same versions of reaction-next-starterkit and reaction-hydra.

    πŸ‘Œ Improvements

    App

    Reaction is no-longer a customer-facing app, it's an administration tool and offers a GraphQL API.

    πŸ‘€ All customer-facing views are the responsibility of a separate storefront app that makes use of the GaphQL API. See our example storefront as an example of how to achieve this.

    • All routes require admin authentication
    • All non-admin authentication requests will be met with a logout screen if attempting to sign into the operator experience.
    • πŸ‘€ All customer related authentication requests should be done with the IDP workflow. See our example storefront as an example of how to achieve this.

    ⚑️ Product grid and Product detail pages moved into the new operator experience and updated for that experience.

    Product grid

    Product grid is now represented as a table in the new experience with the same bulk actions it had previously

    • Product grid is now a table
    • πŸ‘ Product table supports multi-selection
    • πŸ‘ Product table supported bulk actions are "Make Hidden", "Make Visible", Archive, Duplicate and Publish
    • Product table adds simple pagination controls with and items per page selector

    Product Detail Page

    Is no longer a WYSIWYG editor.

    🚚 All product forms have been moved on from the sidebar and into the main view and have been expanded.

    • Product WYSIWYG editor has been replaced with standard forms
      • Product detail, Variant and Option forms have been moved out of the sidebar and into the primary view
    • Template field has been converted to text field from a dropdown. Templates no longer apply to the PDP page in Reaction
    • 🏷 Tags can no longer be drag n' dropped to reorder. Drag handle has been removed to represent this.
    • Media can be added to the Product, Variants, and Options
    • 🚚 Drag n' Drop of media and variants has been removed
      • Variants and Options can now be manually sorted by priority
      • Media can be sorted by priority manually
    • Variant and Options forms now share the same fields

    πŸ‘‰ User Profile

    • 🚚 The profile page has been moved to the new operator experience for admins
    • βž• Address form has been removed
    • 🚚 Order history has been removed
    • Admins will be able to change their email and password

    πŸ’₯ Breaking Changes

    Reaction is no-longer a customer-facing app, it's an administration tool and offers a GraphQL API.

    🚚 We have removed the search-mongo and ui-search plugins from the imports/plugins/included directory of reaction. Which in turn removes order search bar from operator order UI. (#5053)

    πŸ”‹ Feature

    • 🚚 feat: remove search plugins (#5053)
    • πŸ”Œ feat: allow users to disable plugins via config (#5031)
    • feat: add addOrderFulfillmentGroup mutation (#5027)
    • feat: add splitOrderItem mutation (#5024)
    • ⚑️ feat: add updateOrderFulfillmentGroup mutation (#5020)
    • ⚑️ feat: add updateOrder mutation (#5019)
    • 🚚 feat: add moveOrderItems mutation (#5018)
    • feat: add cancelOrderItem mutation (#5010)
    • feat: Operator 2.0 products admin (#5005)
    • 🐎 feat: performance metrics integration with calibre (#5012)
    • πŸ”Œ feat: simple-pricing plugin (#5014)
    • πŸ”Œ feat: use .env.example files from custom plugins (#5003)

    πŸ›  Fix

    • πŸ›  fix: bin/setup handling bad env.example (#5048)
    • πŸ›  fix: naming issue caused taxes to not be calculated (#5043)
    • πŸ›  fix: startup asset provisioning (#5033)
    • πŸ›  fix: make bin/setup more robust to missing directories (#5026)
    • πŸ›  fix: item subtotal is incorrect when additional quantities of the same item are added to cart (#5021)

    Chore

    • πŸ“¦ chore: add better logging of package loading (#5051)
    • chore: add optional first and last name fields to schemas (#5050)

  • v2.0.0-rc.10 Changes

    March 08, 2019

    v2.0.0-rc.10

    πŸš€ This is our tenth release candidate for v2.0.0 of Reaction.
    Please check it out and let us know what works and what doesn't for you.

    πŸš€ This release is being coordinated with reaction-platform and is designed to work with the same versions of reaction-next-starterkit and reaction-hydra.

    πŸ‘Œ Improvements

    πŸ’» UI Removal

    🚚 We have removed several UI components to transition and solidify that in 2.0 the application will only be used as an API and a UI for shop operators.

    βž• Additional PRs will be coming to remove other pieces of the storefront UI bit by bit until only an operator UI is left. (#4947 , #4948)

    🐎 Performance Tweaks

    • 🐎 We have done a bunch of performance tweaks to increase performance and initial boot time! We removed the reaction-cli with this update. (#4992)

    General

    • We have added the ability for shops to apply surcharges depending on criteria for an order. (#4829)
    • πŸ’» We have added a new Navigation Manager UI for Operator 2.0. (#4936)
    • πŸ“¦ We have added envalid as a dependency for validating environment variables. (#4983)
    • We changed the GraphIQL url from localhost:3000/graphiql to localhost:3000/graphql-alpha

    GraphQL

    • πŸ”Œ We have streamlined the way plugins register functions that can transform media objects for a product. (#4987)
    • πŸ‘ We have implemented GraphQL subscriptions support. (#4938)

    Custom Data

    • We have added the capability to add a custom data object when placing an order. (#4962)
    • We have added the capability for calculateOrderTaxes to return a custom data object. (#4955)

    πŸ”Œ Custom Plugins

    • πŸ”Œ We have coalesced the separate env.example files from custom Reaction plugins into one file to reduce tedious integration steps. (#5003)

    πŸ’₯ Breaking Changes

    AppEvents

    • πŸ”Œ We have replaced all Hooks usage with the newer appEvents. This does not break anything within the core and included plugins, however:
      ⚑️ If you use community or custom plugins that depend on the @reactioncommerce/hooks package, you will need to update or obtain updated versions that use context.appEvents instead.
      ⚑️ If you have a plugin that uses MethodHooks, update it to implement those hooks a different way.
      ⚑️ review all appEvents consumed and emitted by custom plugins. Update expected and emitted arguments. See the table. (#4915)

    πŸ‘ Multiple Payment Support

    • 🚚 All of the individual placeOrder* GraphQL mutations provided by the built-in payment plugins are removed and replaced with a single placeOrder mutation which supports multiple payments. Any custom payment method plugins will break due to the removal of createOrder internal mutation. Look at all changes. (#4908)

    Surcharges

    • ⚑️ When applying surcharges to certain methods, there is a delay in the update. (#4984)

    ⚑️ Updates

    • πŸ”¨ RefactorinventoryQuantity to inventoryInStock in Products collection, update if used in your codebase. (#4930)

    Removals

    • There is no longer a storefront catalog grid (#4973)
    • πŸ’» There is no longer a Checkout UI (#4948)
    • πŸ’» There is no longer a Cart UI (#4948)

    πŸ†• New Commands

    🐎 In relation to improving performance, we have added new debugging statements (#4992) so you can use the Node debugger while developing Reaction!:

    "inspect": "node --experimental-modules --inspect ./.reaction/run/index.mjs",
"inspect-brk": "node --experimental-modules --inspect-brk ./.reaction/run/index.mjs",
"inspect-docker": "node --experimental-modules --inspect=0.0.0.0:9229 ./.reaction/run/index.mjs",
"inspect-brk-docker": "node --experimental-modules --inspect-brk=0.0.0.0:9229 ./.reaction/run/index.mjs",

    Example Usage :

    docker-compose run --rm --service-ports reaction yarn run inspect-brk --service-ports
docker-compose run --rm --service-ports reaction yarn run inspect --service-ports

    πŸ†• New Documents

    πŸ“š We have added new documentation! :

    πŸ”‹ Feature

    • πŸ”Œ feat: use .env.example files from custom plugins (#5003)
    • feat: add ordersByAccountId query (#4981)
    • πŸ”Œ feat: allow plugins to register functions to handle GraphQL transformation of catalog product media items (#4988)
    • πŸ‘ feat: support storing custom fields on orders when placing (#4962)
    • feat: shipping Operator into 2.0 (#4967)
    • feat: custom tax data part 2 (#4965)
    • feat: allow tax services to add custom data to taxes (#4955)
    • feat: shipping surcharges (#4829)
    • πŸ’» feat: navigation manager UI (#4936)
    • feat: make Sitemap data available via GraphQL query (#4927)
    • πŸ’» feat: tag management operator UI (#4914)
    • feat: add custom fields to order schema (#4979)
    • ⚑️ feat: update collectionIndex util function to take options (#4950)
    • πŸ“¦ feat: add envalid package (#4943)
    • feat: GraphQL subscriptions (#4938)
    • feat: create fulfillment surcharges (#4801)

    πŸ›  Fixes

    • πŸ›  fix: add tagId check to guard against undefined (#5015)
    • πŸ›  fix: do not emit afterCartUpdate unless surcharges are updated (#5001)
    • πŸ›  fix: properly save all customFields from tax service result (#4986)
    • πŸ›  fix: don't crash when mediaItem.URLs is null (#4982)
    • πŸ›  fix: addAccountAddressBookEntry mutation - set account updatedAt (#4971)
    • πŸ›  fix: taxes not updating reactively in starterkit (#4949)
    • πŸ›  fix: inventory is set to NaN in rare circumstances based on Migrations (#4946)
    • πŸ›  fix: use stripe.setAppInfo to identify ReactionCommerce to Stripe (#4942)
    • πŸ›  fix: tag bulk actions copy (#4941)
    • πŸ›  fix: ENOSPC error with jest --watch (#4939)
    • πŸ›  fix: tag ui bugs (#4933)
    • πŸ›  fix: migration 56 throwing an error (#4934)
    • πŸ›  fix: 404 from invite email link (#4919)

    πŸ”¨ Refactor

    • πŸ”¨ refactor: update inventoryQuantity field to be inventoryInStock (#4930)
    • πŸ”¨ refactor: replace all Hooks with appEvents (#4915)
    • πŸ”¨ refactor: rewrite placeOrder and support multiple payments for an order (#4908)

    Chores

    • chore: delete unused files (#4990)
    • chore: wrong version in migration 54 & 55 file (#4940)
    • ⚑️ chore: updated dependencies and snyk policies (#4974)
    • 🐎 chore: meteor and docker performance tweaks (#4992)
    • chore: storefront catalog grid (#4973)
    • 🚚 chore: remove the cart UI (#4948)
    • 🚚 chore: remove the checkout UI (#4947)
    • ⚑️ chore: update to base image 1.8.0.2 to include Kafka binary libs (#4937)

    Contributors

    πŸš€ Thanks, @rattrayalex-stripe for contributing to this release!

  • v2.0.0-rc.1 Changes

    πŸš€ This is our first release candidate for v2.0.0 of Reaction. Please check it out and let us know what works and what doesn't for you.

    πŸš€ In many ways this may better mark the beginning of a new way to develop for Reaction rather than the end of a big development cycle. Make no mistake, there are some pretty great things that v2.0.0 includes - for example, our GraphQL API now covers the basic commerce flow, from browsing a catalog all the way through checkout. However, this release is also bigger in many ways that just this repository. Much of our work over the past several months has gone into repositories other than this primary /reaction one.

    πŸ’… We've created a component library called the Reaction Design System which we're announcing the initial "alpha" for. While it's still subject to change, there are a lot of very useful commerce focused components that we've built that live there. We'll have a link to the styleguidist playground up soon where you can play with and read the docs for each component.

    πŸ“ˆ Our new GraphQL API has enabled us to build a new UI Client for Reaction that we're calling our NextJS Starter Kit. This new UI client provides a reference storefront implementation that communicates with the Reaction API exclusively via GraphQL, eliminating some of the sluggishness that was associated with our Classic UI built on Meteor. This new client is built with NextJS and provides Server Side Rendering (SSR) out of the box, as well as (Segment compatible analytics event tracking)[https://segment.com/docs/spec/ecommerce/v2/]. We'll recommend this as the best way to build a storefront UI for Reaction going forward.

    πŸ’» We're also introducing a new OpenID Connect OAuth2 Service which uses Hydra to enable our new UI Client to leverage our existing Meteor based Identities and roles.

    These services all run together to form the Reaction Platform (working title, subject to change) - and we've got a new project called Reaction Platform which will help you get everything connected and launched together.

    πŸš€ This changelog may feel somewhat insignificant because in part, we've been releasing bits of what is becoming 2.0.0 over the last several releases and much of the new development is happening outside of the /reaction repository.

    ⚑️ Marketplace Updates

    When multiple shops match the searched domain, prioritize the Primary Shop. This is important when searching for "shop settings" which are only stored on the Primary Shop (e.g., smtp settings).

    πŸ’₯ Breaking Changes

    From #4622

    • πŸ‘€ Orders-related GraphQL schemas and significant changes to the Orders MongoDB schemas to better match GraphQL. See the diffs for the schema files. Two changes of note are that order.items and order.billing arrays no longer exist. Instead, each item in order.shipping has an items array and a single payment object on it. The payment object is also flattened and unused properties have been removed from it.

    • πŸ”Œ context.queries and context.mutations are no longer namespaced. This simplifies things and makes it possible for one plugin to overwrite another plugin's functions if necessary.

    • 🚚 Some Meteor methods are removed:

      • cart/copyCartToOrder (replaced by createOrder mutation)
      • cart/submitPayment (replaced by createOrder mutation)
      • discounts/transaction
      • discounts/calculate
      • discounts/codes/credit (replaced by a function registered with the same name using functionsByType)
      • discounts/codes/discount (replaced by a function registered with the same name using functionsByType)
      • discounts/codes/sale (replaced by a function registered with the same name using functionsByType)
      • discounts/codes/shipping (replaced by a function registered with the same name using functionsByType)
      • shipping/updateShipmentQuotes
      • shipping/provider/toggle
      • shipping/rates/add (replaced with createFlatRateFulfillmentMethod GraphQL mutation)
      • shipping/rates/update (replaced with updateFlatRateFulfillmentMethod GraphQL mutation)
      • shipping/rates/delete (replaced with deleteFlatRateFulfillmentMethod GraphQL mutation)
      • taxes/calculate (replaced by non-Meteor getFulfillmentGroupItemsWithTaxAdded)
      • taxes/setRateByShopAndItem (replaced by non-Meteor getFulfillmentGroupItemsWithTaxAdded)
      • notification/send (replaced by non-Meteor createNotification function)
      • notification/delete (was unused)
      • stripe/payment/createCharges (replaced by placeOrderWithStripeCardPayment and placeMarketplaceOrderWithStripeCardPayment GraphQL mutations)

    • ⚑️ shipping/updateParcelSize Meteor method is renamed to shop/updateDefaultParcelSize and moved to core/shop service

    • πŸ’» Meteor UI client checkout code now places orders using GraphQL

    • βž• Add orderById GraphQL query

    • ⚑️ The "afterCartUpdate" hooks are now called with just (updatedCart) rather than the redundant (updatedCartId, updatedCart)

    • πŸ‘€ The way that orders are placed is now different. See "Order Changes" heading

    • Orders can no longer be created without an email address

    • πŸ‘€ The process by which plugins are asked to provide available fulfillment methods + quotes for them is changed. Rather than calling registered hooks, it calls all functions registered with the name "getFulfillmentMethodsWithQuotes" (See getFulfillmentMethodsWithQuotes.js)

    • The "example" payment method form is now an "IOU" form that collects only a full name. It previously had a fake credit card form, which might have been misleading. Now it is clear that it's for demo and trial purposes only. Also, this new form is in React.

    • 🚚 Some unused (by core) functions have been removed from the cartOrder.js transforms that are available on Cart and Order documents in Meteor.

    πŸ”Œ Previously client code would tell the server to "copy cart to order". Now, the orders plugin is mostly unaware of what a cart is. The client is responsible for converting a cart (which is a work-in-progress order) into the OrderInput schema and placing an order using that.

    Related to this, payment information is now never stored on the cart. It is collected during checkout and sent with the placeOrder call. An order will only be placed if charges are successfully created using the provided payment details.

    πŸ”Œ The orders service is largely unaware of how payment is done, and there is no generic placeOrder mutation. Instead, plugins that provide payment methods are expected to provide GraphQL mutations that allow you to place and pay for an order using that method. Most of the logic is shared, and is encapsulated in a createOrder mutation that the orders plugin provides. But each payment method plugin wraps the createOrder mutation to handle payment specifics.

    ⚑️ All Meteor UI checkout code is updated to place orders using the new GraphQL mutations. The Meteor methods formerly involved in placing orders and payments are removed.

    There are currently three included payment methods, each with their own place order mutation:

    placeOrderWithExampleIOUPayment
placeOrderWithStripeCardPayment
placeMarketplaceOrderWithStripeCardPayment

    πŸ”Œ For production, use placeOrderWithStripeCardPayment. placeOrderWithExampleIOUPayment is included for demo purposes and does not require any external services. placeMarketplaceOrderWithStripeCardPayment is part of the "marketplace" plugin, which is not fully implemented or supported. Each payment method has its own checkout UI component, which collects whatever information it needs securely.

    ⚑️ We've updated the password reset flow to use a full page in #4637

    • 🚚 Move previous Password Reset modal to a dedicated page on /reset-password/:token
    • πŸ›  Rename the affect components to not have modal suffixes
    • πŸ‘‰ Show a message on successful reset of the password (previously, the modal closes)

    🐳 In #4613 we've renamed the Docker network on which GraphQL enabled web services are attached to api.reaction.localhost Networks in the Docker environment should be named as *.reaction.localhost. The localhost TLD is reserved and guaranteed to not conflict with a real TLD.

    • 🐳 To enable network communication, projects communicating with Reaction's GraphQL server must be on the api.reaction.localhost Docker network.
    • PRs related to reactioncommerce/reaction#4447 should be coordinated.

    πŸ“¦ We've moved the SMS schema to the SMS package in contrib in #4566

    πŸ”‹ Features

    • feat: Prioritize Primary when multiple Shops match domain (#3528)
    • feat: Setup IDP flows for Hydra auth (#4627)
    • ⚑️ feat: Update GQL server to use Hydra Auth token (#4626)
    • πŸš€ feat: Use new CLI tool "propel" to deploy services to ECS (#4623)
    • feat(GraphQL): Place orders using GraphQL (#4622)
    • πŸ”Œ feat(GraphQL): Add GraphQL via plugin, reorg files into final 2.0 plugin patterns (#4622)
    • feat: 2.0 migrations (#4648)
    • feat(GraphQL): add Account.primaryEmailAddress resolver (#4647)
    • ⚑️ feat: Update Reset Password modal to a full page route (#4637)

    πŸ›  Fixes

    • πŸ›  fix: apply requested sort to Cart.items in GraphQL resolver (#4624)
    • πŸ›  fix: cart item attributes (#4607)
    • πŸ›  fix: startup error before primary shop is created on initial startup (#4602)
    • πŸ›  fix: Update detailView when its data changes (#4659)
    • πŸ›  fix: fix README broken links, update copy (#4632)
    • πŸ›  fix: sidebar actions not opening on product grid (#4641)

    - πŸ›  fix: Ensure MongoDB replica set is ready before start (#4636)

    Chores

    • 🐳 chore: Rename the reaction-api Docker network (#4613)

    πŸ”¨ Refactors

    • πŸ”¨ refactor: Remove unused schemas (#4566)
    • πŸ”¨ refactor: remove all grid positions code and UI (#4628)

  • v1.17.1 Changes

    November 26, 2018

    v1.17.1

    πŸš€ Security Release

    πŸš€ This security release addresses to potential vulnerabilities

    πŸ”§ We discovered a vulnerability that affects shops built on Reaction Commerce that use the Reaction-Social plugin with Facebook and the Facebook App Secret configured. More details on this issue below.

    βœ‚ Remove dependency on event-stream

    Event Stream Dependency Removal

    🚚 This fix removes a dependency on event-stream introduced by nodemon via pstree by bumping nodemon and pstree.remy through nodemon to a version that does not include pstree.

    🚚 event-stream had a malicious bit of code added to version 3.3.6 which has since been removed from github and appears to have specifically targeted copay.

    From the original post in the event-stream repo:

    Am I affected?:
    πŸ‘€ > If you are using anything crypto-currency related, then maybe. As discovered by @maths22, the target seems to have been identified as copay related libraries. It only executes successfully when a matching package is in use (assumed to by copay at this point). If you are using a crypto-currency related library and if you see [email protected] after running npm ls event-stream flatmap-stream, you are most likely affected. For example:

    $ npm ls event-stream flatmap-stream ... [email protected] ...

    What does it do :
    πŸ›° > Other users have done some good analysis of what these payloads actually do.
    dominictarr/event-stream#116 (comment)
    dominictarr/event-stream#116 (comment)
    dominictarr/event-stream#116 (comment)

    What can I do:
    πŸš€ > By this time fixes are being deployed and npm has yanked the malicious version. Ensure that the developer(s) of the package you are using are aware of this post. If you are a developer update your event-stream dependency to [email protected]. This protects people with cached versions of event-stream.

    πŸ‘€ See the issue on the event-stream repo for more information: dominictarr/event-stream#116

    Reaction Social Issue Overview

    πŸš€ This vulnerability has been present in every release that included the Reaction Social plugin. The App Secret is not used by Reaction Social and it’s unclear why the form for it was added to the application originally. It was introduced by a community contribution when the Reaction Social plugin was originally created. The App Secret should be removed from the Reaction Social panel. This will not have impact on the use of Facebook oAuth login which is set separately in the login services dashboard. If the same secret was used, it should be reset and a new token should be used for oAuth login via Facebook.

    Vulnerability

    πŸ”§ | oAuth Service Configuration Publication Vulnerability | | Severity | High | | Description | oAuth social plugin secrets could be shared with unauthenticated users via a publication. | | Affected Installations | Any shops with a configured Facebook appSecret in the Reaction Social dashboard. | | Affected Versions | All versions greater or equal to v0.5.3 | | Remediation | Apply patch or upgrade to patched version of Reaction Commerce. |

    Patches

    πŸš€ Patches are attached to this release.

    πŸ”’ Patches will download as a .zip file named: reaction-security-patches-2018-11-19-security-social-plugin.zip which contains the following patch files once uncompressed. These files have the versions they are applicable for in the name of the file.

    πŸ’» Two patch files for removing the UI dependent on software version
    πŸ’» fb-app-secret-ui-v0.14.0-v1.13.2-2018-11-19.patch
    πŸ’» fb-app-secret-ui-v1.14.0-v2.0.0-rc.6-2018-11-19.patch
    πŸ”– Version specific migration patch file for removing the appSecret from the database
    fb-app-secret-migration-v2.0.0-rc.6-2018-11-19.patch
    fb-app-secret-migration-v1.17.0-2018-11-19.patch
    fb-app-secret-migration-v1.16.0-2018-11-19.patch
    fb-app-secret-migration-v1.15.0-2018-11-19.patch
    fb-app-secret-migration-v1.14.0-2018-11-19.patch
    fb-app-secret-migration-v1.13.0-2018-11-19.patch
    fb-app-secret-migration-v1.12.0-2018-11-19.patch
    fb-app-secret-migration-v1.11.0-2018-11-19.patch
    fb-app-secret-migration-v1.10.0-2018-11-19.patch

    Recommendations

    Option 1: Install patched version of Reaction Commerce

    βœ… If you're using a version of Reaction Commerce >= v1.10.0, please install the latest patch version and run the migration included.

    Option 2: Patch it yourself

    βœ‚ Remove Facebook App Secret from social plugin settings

    Check the social settings operator panel. It can be accessed by clicking an icon (the "share-alt" icon) towards the bottom of the operator sidebar on the right of the screen

    πŸ‘€ Inside of the social settings panel, you will see the settings page for Facebook - if you have an β€œApp Secret” configured in this section, remove it.

    πŸ”’ If you prefer to do this with a migration, you can use the fb-app-secret-migration-v1.{your-version}.x-2018-11-19.patch migration patch that is appropriate for your version of Reaction. If you’re using an older version of Reaction and want to use a migration to unset the app secret, please contact [email protected] if you need assistance patching your version.

    Patch Reaction Commerce

    🚚 Apply patches to your version of Reaction Commerce. There are different patches for different versions of Reaction Commerce. These patches will remove the UI that permitted shop operators to add the Facebook App Secret to the social plugin panel.

    βœ… v1.14.0 - latest
    πŸ’» fb-app-secret-ui-v1.14.0-v2.0.0-rc.6-2018-11-19.patch

    v0.14.0 - v1.13.2
    πŸ’» fb-app-secret-ui-v0.14.0-v1.13.2-2018-11-19.patch

    πŸ”’ If you’re running a production shop on a version older than v0.14.0, please contact [email protected] for assistance in determining if patching the operator panel is necessary for your version.

    Invalidate Existing Secrets

    If you found a Facebook App Secret listed in your operator panel, you should invalidate it immediately from the Facebook App settings page.

    Generate New Secrets

    If you used this App Secret in any other applications or for Facebook oAuth login, you should generate and use a new secrets to continue to provide services to your customers. Do not add these secrets back into the social panel of Reaction Commerce.