Mailchimp Open Commerce is an API-first, headless commerce platform built using Node.js, React, GraphQL. Deployed via Docker and Kubernetes.
GPL-3.0 License
Bot releases are hidden (Show)
Published by spencern almost 6 years ago
On Sunday, 2018-10-28, we received a security vulnerability report from a member of the Reaction Commerce community. This report outlined an attack vector for an unauthenticated user to access secrets related to oAuth service providers and SMS messaging providers and to access certain routes intended for operators only.
Today, we are releasing a fix for these vulnerabilities. We are releasing this patch version independently for all minor versions of Reaction Commerce released since v1.10 so that you can upgrade with minimal friction. If you are using a version of Reaction Commerce prior to v1.10.0 for which we have not released a patch version, please contact [email protected] for patch files for your version.
We have prepared a patch release with a fix for every affected minor version since v1.10.0
Pull latest from release branch release-2.0.0-rc.6
Pull latest from release branch release-1.17.0
Install version v1.16.1
Install version v1.15.1
Install version v1.14.2
Install version v1.13.2
Install version v1.12.2
Install version v1.11.1
Install version v1.10.1
Please contact [email protected] for patch files for your version.
For any SMS or oAuth provider used by an affected version of Reaction Commerce, you should invalidate any existing secrets immediately.
To continue using SMS or oAuth providers through Reaction Commerce, generate and use new secrets to continue to provide login or notification services to your customers.
Published by spencern almost 6 years ago
On Sunday, 2018-10-28, we received a security vulnerability report from a member of the Reaction Commerce community. This report outlined an attack vector for an unauthenticated user to access secrets related to oAuth service providers and SMS messaging providers and to access certain routes intended for operators only.
Today, we are releasing a fix for these vulnerabilities. We are releasing this patch version independently for all minor versions of Reaction Commerce released since v1.10 so that you can upgrade with minimal friction. If you are using a version of Reaction Commerce prior to v1.10.0 for which we have not released a patch version, please contact [email protected] for patch files for your version.
We have prepared a patch release with a fix for every affected minor version since v1.10.0
Install version v1.10.1
Please contact [email protected] for patch files for your version.
For any SMS or oAuth provider used by an affected version of Reaction Commerce, you should invalidate any existing secrets immediately.
To continue using SMS or oAuth providers through Reaction Commerce, generate and use new secrets to continue to provide login or notification services to your customers.
Published by spencern about 6 years ago
This is our fifth release candidate for v2.0.0 of Reaction. Please check it out and let us know what works and what doesn't for you.
Many people were having issues with the Mongo replica-set image starting before the Mongo database was ready. This could cause the replica-set to fail and the application to hang during startup in a development environment. This is fixed in #4748 by waiting for mongo to be reachable within the reaction container before connecting to it, and creating the DB if needed, initiating the replica set if needed, and waiting for the replica set to be OK. This fix should solve the docker-compose startup race conditions we've been seeing. (#4748)
We've added two new GraphQL queries for payment methods. A query paymentMethods
which will list all registered payment methods and is restricted to operators and availablePaymentMethods
which will list all payment methods which have been enabled. These new queries were added in #4709. We've also added a GraphQL mutation that permits an operator to enable or disable a payment method for a shop in #4739
We've updated the CartItems and OrderItems GraphQL queries to include a productTags
resolver which will return the tags for the CartItem or OrderItem. The new resolvers and updated schemas were added in #4715 and #4732
There is a new GraphQL mutation for generating sitemaps generateSitemaps
this replaces the sitemaps/generate
meteor method. method. (#4708)
We've replaced the customer facing Product Grid in the Classic Storefront UI with our CatalogGrid component from the Reaction Design System. This was accomplished in #4649
There's a new "Include in sitemap?" checkbox in the Product Settings when using the operator interface to edit product information. This was added to make it possible to exclude published products from the sitemap. (#4708)
A plugin can now include a catalog
object in registerPackage
, with customPublishedProductFields
and customPublishedProductVariantFields
that are set to arrays of property names. These will be appended to the core list of fields for which published status should be tracked. This is used to build the hashes that are used to display an indicator when changes need to be published. (#4738)
A plugin can now use the functionsByType
pattern to register one or more functions of type "publishProductToCatalog", which are called with (catalogProduct, { context, product, shop, variants })
and expected to mutate catalogProduct
if necessary. (#4738)
Even though most of the development work happens in Docker, getting the right version of node available directly in the host OS is convenient for setting up eslint integration with your editor. We've added an .nvmrc
file for this as we've recommended nvm
for installing and managing NodeJS in our docs for some time now.
We've changed the GraphQL schema for PaymentMethod@name
from PaymentMethodName
to String
. PaymentMethodName
was a subset of string and this should not cause any issues.
We've replaced the generateSitemaps
Meteor method with a GraphQL mutation. See #4708 for details.
Because we've replaced the customer facing Product Grid UI in the Classic Storefront UI, if you had any plugins which relied on specific selectors or the structure of the existing UI, those may need to be updated.
Published by spencern about 6 years ago
This is our fourth release candidate for v2.0.0 of Reaction. Please check it out and let us know what works and what doesn't for you.
We started seeing unit tests timing out in CI in the morning on Friday October 5. It doesn't appear that this was caused by a change in our jest
version as we were able to reproduce the issues on older branches which were previously passing.
This is resolved in #4176 by changing our test:unit
script in package.json
to run jest with the --maxWorkers=4
flag. This resolved our issue with tests timing out, and improves test performance in CI overall. This is suggested in the troubleshooting jest here: https://jestjs.io/docs/en/troubleshooting.html#tests-are-extremely-slow-on-docker-and-or-continuous-integration-ci-server
There were some cases in the Classic Storefront UI where there would be a discrepancy between the total calculated on the server and the price calculated by the client.
This is not an issue in the Next.js Storefront as all price values are calculated on the server. This is resolved in #4701
fix: round total when verifying it on order create (#4701) .. Resolves #4684
fix: limit jest maxWorkers to 4 to improve CI perf (#4716)
Published by spencern about 6 years ago
This is our third release candidate for v2.0.0 of Reaction. Please check it out and let us know what works and what doesn't for you.
A few files snuck into our last release that had incorrect jsdoc syntax in the form of @return <Promise>Type
The jsdoc parser is unable to parse any return type starting with a <
and throws an error. This error is thrown during the Deploy Docs CI step and causes that step of the CI to fail. This is resolved in #4704 by fixing the jsdoc to use the correct Promise syntax @return Promise<Type>
Published by spencern about 6 years ago
This is our second release candidate for v2.0.0 of Reaction. Please check it out and let us know what works and what doesn't for you.
If item.tax did not exist the getTaxTotal was returning NaN which would show up in cart totals. This was introduced in #4664 and is resolved in #4670
On the PDP, when typing a tag name in the admin sidebar, a console error would appear: Uncaught (in promise) TypeError: Cannot read property 'getShopId' of undefined at getShopLang (helpers.js:118)
. This was because Reaction
was undefined when getShopLang()
would run. This is resolved in #4673
Published by spencern about 6 years ago
This is our first release candidate for v2.0.0 of Reaction. Please check it out and let us know what works and what doesn't for you.
In many ways this may better mark the beginning of a new way to develop for Reaction rather than the end of a big development cycle. Make no mistake, there are some pretty great things that v2.0.0 includes - for example, our GraphQL API now covers the basic commerce flow, from browsing a catalog all the way through checkout. However, this release is also bigger in many ways that just this repository. Much of our work over the past several months has gone into repositories other than this primary /reaction
one.
We've created a component library called the Reaction Design System which we're announcing the initial "alpha" for. While it's still subject to change, there are a lot of very useful commerce focused components that we've built that live there. We'll have a link to the styleguidist playground up soon where you can play with and read the docs for each component.
Our new GraphQL API has enabled us to build a new UI Client for Reaction that we're calling our NextJS Starter Kit. This new UI client provides a reference storefront implementation that communicates with the Reaction API exclusively via GraphQL, eliminating some of the sluggishness that was associated with our Classic UI built on Meteor. This new client is built with NextJS and provides Server Side Rendering (SSR) out of the box, as well as (Segment compatible analytics event tracking)[https://segment.com/docs/spec/ecommerce/v2/]. We'll recommend this as the best way to build a storefront UI for Reaction going forward.
We're also introducing a new OpenID Connect OAuth2 Service which uses Hydra to enable our new UI Client to leverage our existing Meteor based Identities and roles.
These services all run together to form the Reaction Platform (working title, subject to change) - and we've got a new project called Reaction Platform which will help you get everything connected and launched together.
This changelog may feel somewhat insignificant because in part, we've been releasing bits of what is becoming 2.0.0 over the last several releases and much of the new development is happening outside of the /reaction
repository.
When multiple shops match the searched domain, prioritize the Primary Shop. This is important when searching for "shop settings" which are only stored on the Primary Shop (e.g., smtp settings).
From #4622
Orders-related GraphQL schemas and significant changes to the Orders MongoDB schemas to better match GraphQL. See the diffs for the schema files. Two changes of note are that order.items and order.billing arrays no longer exist. Instead, each item in order.shipping has an items array and a single payment object on it. The payment object is also flattened and unused properties have been removed from it.
context.queries and context.mutations are no longer namespaced. This simplifies things and makes it possible for one plugin to overwrite another plugin's functions if necessary.
Some Meteor methods are removed:
shipping/updateParcelSize Meteor method is renamed to shop/updateDefaultParcelSize and moved to core/shop service
Meteor UI client checkout code now places orders using GraphQL
Add orderById GraphQL query
The "afterCartUpdate" hooks are now called with just (updatedCart) rather than the redundant (updatedCartId, updatedCart)
The way that orders are placed is now different. See "Order Changes" heading
Orders can no longer be created without an email address
The process by which plugins are asked to provide available fulfillment methods + quotes for them is changed. Rather than calling registered hooks, it calls all functions registered with the name "getFulfillmentMethodsWithQuotes" (See getFulfillmentMethodsWithQuotes.js)
The "example" payment method form is now an "IOU" form that collects only a full name. It previously had a fake credit card form, which might have been misleading. Now it is clear that it's for demo and trial purposes only. Also, this new form is in React.
Some unused (by core) functions have been removed from the cartOrder.js transforms that are available on Cart and Order documents in Meteor.
Previously client code would tell the server to "copy cart to order". Now, the orders plugin is mostly unaware of what a cart is. The client is responsible for converting a cart (which is a work-in-progress order) into the OrderInput schema and placing an order using that.
Related to this, payment information is now never stored on the cart. It is collected during checkout and sent with the placeOrder call. An order will only be placed if charges are successfully created using the provided payment details.
The orders service is largely unaware of how payment is done, and there is no generic placeOrder mutation. Instead, plugins that provide payment methods are expected to provide GraphQL mutations that allow you to place and pay for an order using that method. Most of the logic is shared, and is encapsulated in a createOrder mutation that the orders plugin provides. But each payment method plugin wraps the createOrder mutation to handle payment specifics.
All Meteor UI checkout code is updated to place orders using the new GraphQL mutations. The Meteor methods formerly involved in placing orders and payments are removed.
There are currently three included payment methods, each with their own place order mutation:
placeOrderWithExampleIOUPayment
placeOrderWithStripeCardPayment
placeMarketplaceOrderWithStripeCardPayment
For production, use placeOrderWithStripeCardPayment. placeOrderWithExampleIOUPayment is included for demo purposes and does not require any external services. placeMarketplaceOrderWithStripeCardPayment is part of the "marketplace" plugin, which is not fully implemented or supported. Each payment method has its own checkout UI component, which collects whatever information it needs securely.
We've updated the password reset flow to use a full page in #4637
In #4613 we've renamed the Docker network on which GraphQL enabled web services are attached to api.reaction.localhost
Networks in the Docker environment should be named as *.reaction.localhost. The localhost TLD is reserved and guaranteed to not conflict with a real TLD.
We've moved the SMS schema to the SMS package in contrib in #4566
Thanks to @pmn4 for contributing to this release! 🎉
Published by spencern about 6 years ago
Thanks to @pardyot for contributing to this release! 🎉
Published by spencern about 6 years ago
A sitemap generator plugin that creates and stores XML for a sitemap index, as well as sitemaps for tag pages, PDPs, and arbitrary URLs that can be added via an event hook.
There is a recurring job that runs every 24 hours (the specific interval can be changed) that generates the sitemaps. There is also a button to manually trigger a refresh, at Dashboard -> Shop -> Options - along with a notification that appears when it's completed.
As part of our push towards our GraphQL API, we've started to leverage the API inside of our existing Meteor app. This release converts our customer facing product grid from using Meteor Pub/Sub to consuming data from our GraphQL API instead. This is the first step in an ongoing initiative to start using the GraphQL API inside of our existing monolithic commerce application. See #4481 for a list of files changed.
This release includes the first set of GraphQL APIs designed for stepping through a checkout. While we've started to consume this API within our Storefront Starter Kit, these APIs should be treated as unstable and subject to change. We've added mutations for setting an anonymous email - setEmailOnAnonymousCart
and selecting fulfillment options - selectFulfillmentOptionForGroup
.
A note on fulfillment options
Fulfillment options are what we're calling what used to be shipment options. In order to prepare ourselves for several types of fulfillment that do not necessarily include shipping, we're updating the checkout through order models, methods, and now our GraphQL API to be capable of grouping items into "Fulfillment Groups". This opens the door for several new types of fulfillments down the line such as In Store Pickup, Digital Downloads, Digital Key Generation, and anything else you can think up. We're not actively building any of these different fulfillment types into core, but want to ensure that it's possible and there's a clear direction to do so.
Shipment
schema to remove the items
property. This will cause a breaking change for plugins expecting the items property to be there. Such plugins should be updated to use a combination of itemIds and the main items list. (#4531)requiresShipping
prop from products and catalog products. This has been replaced by an array supportedFulfillmentTypes
. Reaction's core admin interface did not provide a method for setting this prop, and we've left the supportedFulfillmentTypes
out of the exiting operator interface. This change will emable us to show a "Shipping"/"Pick Up" selector for other items down the road. Will also permit creation of digital fulfillment types, etc. (#4554)cart/setAnonymousUserEmail
Meteor method is removed. This does not break any core behavior, but it might require updates to any custom plugins.Published by spencern about 6 years ago
Resolves issues found after releasing 1.14.0
- one causing jsdoc to fail during CI builds for the master
branch, and another where method hooks were running incorrectly occasionally for catalog/publish/products
and accoutns/addressBookAdd
. See specific PRs for more details.
Thanks to @pmn4 for contributing to this release 🎉
There are no dependency changes in this release
Published by spencern about 6 years ago
As part of our focus simplifying the core Reaction application and improving performance, we've made the decision to remove optional plugins from the core application. From our blog post on this topic:
It’s about quality over quantity. As a part of our initiative to simplify Reaction, we’re focusing on providing one reference application per feature and moving all others over to community-sponsored packages. We’ll be migrating packages, APIs, and schemas over to npm. It’s a standard approach to package management, one that improves the developer experience overall.
Here’s how it will look:
Category | Reaction default(s) | Community package(s) |
---|---|---|
Payments | Stripe, example payment package | PayPal, Authorize.net, Braintree |
Taxes | Flat rate | Avalara, TaxCloud, TaxJar |
Shipping | Flat rate | Shippo |
Connectors | CSV connector | Shopify connector |
As the first step of this process we've moved a number of packages from the https://github.com/reactioncommerce/reaction repo to independent repositories in the new https://github.com/reaction-contrib organization. You can install these packages by following the instructions located inside of each new repository. Once installed they should work as they did in v1.13. Any issues you have with updating these packages should be filed in the repos created for these packages and not in the core Reaction repo going forward. If you're interested in contributing to or helping to maintain any of the packages that we've moved to reaction-contrib, please reach out to @zenweasel and he can get you setup.
The list of packages that have been removed in this release is as follows:
This work is listed as a breaking change. If your application relies on any of these packages, you will have to install them independently of Reaction going forward. This release will not destroy data associated with these plugins, so you should be able to safely update without losing information. However, please be sure to test this for your specific application before deploying to production and as always, backup your data before updating versions.
This release contains the Cart and Checkout GraphQL schemas along with several cart queries and mutations. We're starting to make some changes to the core cart schemas for Reaction and the process that we use to create and identify carts.
One of these changes is when we create a cart for a customer. To this point, we've created a cart document for each and every visitor to a Reaction storefront. Going forward we'll be creating carts on demand. This means that a customer will not have a cart associated with them until they first add a product to the cart. This is how we've architected the GraphQL API to work and we've made some changes to the legacy Reaction cart system to put it in sync.
We're signifincantly adjusting the Cart schema as well. The best way to understand all of this will be to read through the updated GraphQL Cart Schema in #4307 and #4390 but I'll try to note some things to be aware of going forward.
A cart will have either an account associated with it or may be anonymous.
A cart will have an array of items associated with them. As we will be lazy in creating carts, when the cart is created this array of items will have at least one item in it. We do not destory carts if a customer removes all items from a cart, so it is possible that there will be an empty array of items inside of a cart.
One of the major changes to carts is related to how we store information necessary to create an order from a cart. We're introducing a new field checkout
to the cart schema which you can dig into in #4309. This will be where fulfillment information, payment information, addresses and any other information necessary to process a checkout will be stored.
Recognizing the need to be able to handle orders which have items that require different types of fulfillment, we're organizing items into what we're calling "Fulfillment Groups." The most basic example is that a fulfillment group could be a group of items that is getting shipped to a specific address. For an order with n
items, there can exist up to n
fulfillment groups within that cart. This specific release doesn't introduce any new functionality for adding new types of fulfillment groups or splitting a single cart into multiple fulfillments, but it does lay the groundwork for splitting orders, creating new fulfillment types such as an in store pickup, ship to store, digital downloads, or generated license keys.
We're currently mapping this new GraphQL Schema to the existing Reaction Simple Schema, but will be transitioning all of our existing schemas to match (more or less) our new GraphQL schemas going forward.
A cart will still be associated with a single shop. This is consistent with current behavior.
There are two GraphQL Queries for fetching carts, one for getting anonymous carts anonymousCartByCartId
and one for getting account carts accountCartByAccountId
This release introduces GraphQL Mutations for creating carts, adding items to carts, removing items from carts, updating cart items, and reconciling carts when a customer with an anonymous cart logs into an account.
ReconcileCarts
is a new method which replaces and extends our previous mergeCarts
method with additional functionality. ReconcileCarts has 3 modes: merge
, keepAnonymousCart
, and keepAccountCart
. merge
is the default mode and works identically to how the existing mergeCarts
method works, where the anonymous cart is combined with the account cart, items are deduped, and quantities are incremented to match the combined qty of the items in the carts. keepAnonymousCart
will keep only the items and the checkout information in the anonymous cart, and keepAccountCart
will do the same but for the Account Cart.
/server
into plugins. All imports with paths that begin with /server will need to be changed for any custom code or community plugins. See the file changes in https://github.com/reactioncommerce/reaction/pull/4366/files to see examples of changing import paths from /server
to relevant plugin paths.cart/removeCart
Meteor method behavior is the same as before, but the return value is now { cart }
createCatalogProduct
has been moved into it's own file. This function was not being exported and should not create any issues, but be aware.Logging
which was used only by the Avalara plugin to this point. If you relied on this plugin, you'll need to reinstall it.We've added a deploy to Heroku button which should appear in the project readme now. You can now deploy Reaction to Heroku by clicking the "Deploy to Heroku" button and then filling out hte information required by Heroku.
We're now hashing products to determine when a product changes that have not been published to the Catalog. This shows up as an indicator on the publish button when viewing a product that has unpublished changes.
We now provide an option to serve the bundled javascript and css files from a CDN. See #4316 for more information.
We've added a permissive default robots.txt
file. This file permits all bots to crawl and disallows bots from crawling /resources
resolveAccountFromAccountId
resolver (#4495)Thanks to @pmn4 and @hrath2015 for contributing to this release 🎉
This is a list of all new, changed, and removed dependencies that exist in our dependency graph for a production build. This does not include dev dependencies.
@babel/[email protected]
@babel/[email protected]
@emotion/[email protected]
@emotion/[email protected]
@emotion/[email protected]
@emotion/[email protected]
@emotion/[email protected]
@emotion/[email protected]
@emotion/[email protected]
@reactioncommerce/[email protected]
@types/[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected] /Users/spencer/reaction/reaction
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
42-cent-base
42-cent-util
@braintree/wrap-promise
@sindresorhus/is
@types/node
UNMET PEER DEPENDENCY graphql@^0.10.0 || ^0.11.0 || ^0.12.0
aphrodite
array.prototype.flatten
authorize-net
base64url
braintree
buffer-crc32
cacheable-request
chain-function
clone-response
connect-query
dateformat
debuglog
deprecate
duplexer3
from2
got
has-symbol-support-x
has-to-string-tag-x
http-cache-semantics
into-stream
is-object
is-plain-obj
is-retry-allowed
isemail
isurl
joi
json-buffer
json-stable-stringify
jsonify
jsonwebtoken
keyv
lodash.isboolean
lodash.isinteger
lodash.isnumber
lodash.once
lowercase-keys
nexmo
normalize-url
p-cancelable
p-is-promise
p-timeout
paypal-rest-sdk
pop-iterate
prepend-http
q
react-addons-create-fragment
react-addons-pure-render-mixin
responselike
rootpath
scmp
shippo
shopify-api-node
sort-keys
stopcock
string-hash
timed-out
topo
twilio
url-parse-lax
url-to-options
weak-map
You don't improve what you don't measure. In efforts to improve the size of our bundles, the time to first paint, time to interactive, and overall performance of our applications, we're starting to report on bundle size and some performance metrics in every release. With effort and persistence, we'll see these numbers improve over time.
We measure bundle size by building the application using meteor build
and then measuring the js and css bundle size with the command wc -c /path/to/js-bundle-file.js
JS Modern Browsers: 4872kb
JS Legacy Browsers: 5104kb
CSS All Browsers: 392kb
Published by spencern over 6 years ago
This release exclusively includes a patch update to Meteor from 1.7.0.1
to 1.7.0.3
This release should be installed by anyone on Reaction 1.13.0 and includes an important security update to Node, updating to version 8.11.3 of Node, which is an important security release.
The underlying meteor-babel npm package has also been updated to version 7.0.0-beta.51.
Published by spencern over 6 years ago
The major change in this release is that we've removed the existing revision control system in favor of publishing Products to the Catalog. The existing revision control system contained some powerful ideas, but was complex and intertwined into many areas of the app that were not directly related to Product. By removing the old revision control system, we've paved the way to substantially improve product grid performance, especially for Operators and we've simplified the product publication logic.
This removes all code, hooks, collections, and packages related to revision control.
Breaking changes:
Any custom packages that depend on the Revision
control system.
Operators will no longer be able to "undo" changes to a product. Instead products are published through the catalog
Any unpublished changes to products will be lost when upgrading to 1.13.0
. In this release, it's possible that if you were to downgrade that you would see the unpublished changes again, but that may cause unexpected behavior. We recommend either publishing or discarding any changes to your products before upgrading to this release.
Similarly, any products that have been created but not published will demonstrate unexpected behavior. To avoid this undesirable behavior, publish any newly created, unpublished products prior to upgrading to this release.
All plugin authors will need to update your package.json
with a change to the babel config similar to what was done here
This update brings some enormous improvements to the amount of time it takes to rebuild the application in development after making a file change. In some (less than perfectly scientific) tests that I ran testing file changes between 1.7 and 1.6.1 I saw 50%-90% improvements in the reload time. Your experience may vary depending on how much you've customized Reaction, your computer specs, and your specific development setup, but I fully expect this to be a noticeable improvement for anyone working with Reaction.
There are some early reports that the included update to the MongoDB driver may have some kinks to work out, so I'd follow those issues on Meteor's repo if that's a cause for concern for you. These reports are all coming from a single person, and we haven't experienced any of these issues in particular yet, but we'll be keeping an eye on them.
We ran into a few issues with npm install
that we resolved in #4317. One product that came out of this investigation was some documentation for how to properly clean up and rebuild docker images in Reaction.
To stop and clean up your images
docker-compose down -v --rmi local --remove-orphans
To rebuild your Reaction images
docker-compose up --build --force-recreate --renew-anon-volumes
If you only want to run Reaction and not the GraphQL DevServer
docker-compose up --build --force-recreate --renew-anon-volumes reaction
If you only want to run the DevServer and not the Meteor app
docker-compose up --build --force-recreate --renew-anon-volumes devserver
Thanks to @mikeumus for contributing to this release. 🎉
Published by spencern over 6 years ago
This release is a hotfix for #4299 which was discovered shortly after v1.12.0 was released.
The issue was releated to a type error that was thrown during a migration:
If any documents in
Catalog
collection do not have apositions
property, migration fails on startup on first start after migration to v1.12.0. The migration is left locked. The error message is:
0|reaction | TypeError: Cannot convert undefined or null to object
0|reaction | at Function.keys (<anonymous>)
0|reaction | at items.forEach (imports/plugins/core/versions/server/migrations/25_update_catalog_schema.js:28:12)
Published by spencern over 6 years ago
We've made some significant changes to the structure of the data that we publish to the Catalog in #4218. We have created an automated migration for these changes in #4272. If you have made other changes to the catalog in your app or in a plugin, this migration may not work out of the box for you. We'd recommend migrating a test or staging instance of your application with similar data before applying this update to your production application.
From the PR notes to #4218, here's a list of the changes
"products/updateProductPosition" method now takes a tag ID rather than tag name as its third argument
The media
property on catalog items is still an array of objects, but the structure of those objects has changed.
BEFORE:
{
metadata: {}, // the full metadata object from the Media doc
thumbnail: "", // a URL
small: "", // a URL
medium: "", // a URL
large: "", // a URL
image: "", // a URL
}
AFTER:
{
priority, // copied from metadata
toGrid, // copied from metadata
productId, // copied from metadata
variantId, // copied from metadata
URLs: {
thumbnail: "", // a URL
small: "", // a URL
medium: "", // a URL
large: "", // a URL
original: "", // a URL
}
}
Also, the media array is now sorted in ascending priority
order.
When published to the catalog, the variants
array on the catalog item now includes only those variants where isDeleted
IS NOT true and isVisible
IS true.
Most product properties that were formerly on the catalog item itself are now moved to a product
object property.
Previously all product and variant props were blindly copied into the catalog item. Now, we explicitly copy only the props we want, sometimes changing their names.
variant.taxable -> variant.isTaxable
variant.variantId
added, currently the same as variant._id but might not always be. A reference back to the variant in the Products collection.product.taxable -> product.isTaxable
product.productId
added, currently the same as product._id but might not always be. A reference back to the product in the Products collection.product.handle -> product.slug
product.hashtags -> product.tagIds
product.twitterMsg
and product.facebookMsg
and product.googleplusMsg
and product.pinterestMsg
are converted to a product.socialMetadata
array like this:
socialMetadata: [
{ service: "twitter", message: product.twitterMsg },
{ service: "facebook", message: product.facebookMsg },
{ service: "googleplus", message: product.googleplusMsg },
{ service: "pinterest", message: product.pinterestMsg }
]
We've deprecated the price
property on catalog products, variants, and options. There is a new property called pricing
, which is a map keyed by currency code in MongoDB, and in GraphQL is converted to an array.
The GraphQL schema:
"The product price or price range for a specific currency"
type ProductPricingInfo {
"""
A comparison price value, usually MSRP. If `price` is null, this will also be null. That is,
only purchasable variants will have a `compareAtPrice`.
"""
compareAtPrice: Float
"The code for the currency these pricing details applies to"
currency: Currency!
"""
UI should display this price. If a product has multiple potential prices depending on selected
variants and options, then this is a price range string such as "$3.95 - $6.99". It includes the currency
symbols.
"""
displayPrice: String!
"The price of the most expensive possible variant+option combination"
maxPrice: Float!
"The price of the least expensive possible variant+option combination"
minPrice: Float!
"""
For variants with no options and for options, this will always be set to a price. For variants
with options and products, this will be `null`. There must be a price for a variant to be
added to a cart or purchased. Otherwise you would instead add one of its child options to a cart.
"""
price: Float
}
These are currently mapped as follows, but in the future you will be able to have different prices per currency that your shop supports.
pricing: {
[shopCurrencyCode]: {
compareAtPrice: variant.compareAtPrice || null,
displayPrice: variantPriceInfo.range,
maxPrice: variantPriceInfo.max,
minPrice: variantPriceInfo.min,
price: typeof variant.price === "number" ? variant.price : null
}
},
All product props other than positions
are now on the product
object, so there are a few new properties on the catalog item itself:
product
obj)The ReactionProduct.getTag
helper function is renamed to ReactionProduct.getTagIdForPosition
and returns the tag ID rather than name. If there's no tag in the route path, it returns "_default" rather than the lowercased shop name.
.00
cents for whole-dollar amounts in price range (#4222)Thanks to @pmn4 for contributing to this release! 🎉
Published by spencern over 6 years ago
The major focus of v1.11.0
has been on our GraphQL API. We've added most of the queries and mutations that are necessary for building a headless client to interact with Accounts
. We're actively doing experiments on how we'll recommend connecting to this GraphQL client and we'll start publishing some of our initial client apps to interact with this GraphQL API in the near future.
Thanks to @pmn4, @glmaljkovich, and @awles for contributing to this release
Published by spencern over 6 years ago
The biggest change in 1.10.0 is the removal of the meteor-collection-hooks package. If your app or plugin is dependent on collection hooks, we'd recommend refactoring to eliminate the need for those types of hooks. If you're not up for refactoring you can just add that package back into your app though you'll lose some of the benefits that Reaction will see by eliminating that dependency. The removal of this package is a breaking change for any plugin that depends on collection hooks or uses the direct
method to update a collection. For example, Products.before
, Products.after
, and Products.direct
will no longer work. These hooks have all been migrated to our event hook system. If you were using Collection hooks to perform an action that you cannot perform in 1.10.0 with the current set of event hooks, please file an issue and we can determine if we need to add additional event hooks. This change should lead to much simpler code that is easier to understand.
In addition to a few performance updates, refactors, and bug fixes, this release starts the rollout of our GraphQL API. Until further notice, this GraphQL API should be considered a prototype and should not be used for production. If you're interested in following along with our GraphQL work, tracking our GraphQL issues is probably the easiest way for now.
In short, this release adds a prototype GraphQL server running in the Reaction project with the following urls exposed:
/graphql - The GraphQL endpoint.
/graphiql - The GraphiQL user interface.
We'll be incrementally adding functionality to this GraphQL endpoint, but this release serves as the starting point for our GraphQL api.
Published by spencern over 6 years ago
This release contains a lot of fixes, some of them performance related and several enormous refactors.
The three biggest changes are:
There's a full list of changes and fixes below, as well as detailed explanations of potential breaking changes and what you might need to do to migrate
This is a breaking change for any plugin that implements or modifies a schema based on the Meteor simple-schema package.
This PR updates the aldeed:simple-schema
Meteor package dependency to instead depend on the simpl-schema
NPM package, which is the newest release of the same library. As part of this change, there are several breaking changes and other gotchas to be aware of.
IMPORTANT! The NPM package does not play nice with the previous Meteor package. After updating to this Reaction release, run the app one time, and then look at the .meteor/versions file. Make sure that aldeed:simple-schema is not listed. If it is there, that is because you depend on another Meteor package that depends on aldeed:simple-schema. You will have to update or remove any such packages (with meteor remove / meteor add) until aldeed:simple-schema disappears from your .meteor/versions file.
Search your app for any import { SimpleSchema } from "meteor/aldeed:simple-schema" lines that you have added in your custom code, and replace them with import SimpleSchema from "simpl-schema"
Be aware that the package name does not have the "e" on "simpl". (There is a different NPM package called simple-schema with the "e", and that is NOT the one you want.)
If you have your own custom schemas, refer to the SimpleSchema changelog to update them for the breaking changes: https://github.com/aldeed/meteor-simple-schema/blob/master/CHANGELOG.md#200
If you use attachSchema in your code, be aware that passing an array to attachSchema will no longer work. You should first merge all the schemas and then pass the combined schema to attachSchema
Please read the PR if you need more details Use NPM SimpleSchema rather than Meteor #3331
/assets/files/:collectionName/:fileId/:filename
becomes
/assets/files/:collectionName/:fileId/:primaryStoreName/:filename
and
/assets/files/:collectionName/:fileId/:filename?store=storeName
becomes
/assets/files/:collectionName/:fileId/:storeName/:filename
CartItemImage
publication is removedCartImages
now takes an IDProductGridMedia
to replace Media being included with the products publication for the gridProductMedia
OrderImages
, similar to CartImages
, used for order now rather than reusing CartImagesFull notes on the PR to replace CFS #3782
The old imports/plugins/included/product-variants/containers/productsContainer.js
has been renamed to productsContainerAdmin.js
and a new component named productsContainer.js
now handles which products container to load based on the user's permissions. Full notes on the PR #3876
reactioncommerce/base:v4.0.1 removed the following:
mongo
as a service in docker-compose, see example in README.reactioncommerce/base:v4.0.1
which has:
node:8.9.4
as base image (same Debian base as before, but with Node 8 preinstalled)node:8.9.4-slim
docker-compose.yml
to serve as the config for running a local development environment.docker-compose-demo.yml
for testing out production builds (this is the replacement for the previous docker-compose.yml
).We've updated our circle ci config to use v2 of Workflows. This permits us to run additional automated tests on circle instead of using other services. We now have 6 workflow steps that must pass before a PR can be merged.
Reaction.getShopId
missing ()
(#3891)Thanks to @pmn4 for contributing to this release!
Published by spencern over 6 years ago
Thanks to @pmn4 and @willmoss1000 for contributing to this release
Published by spencern over 6 years ago