ecommerce-platform

https://leapgraph.com/graphql-api-security

This article mentions several add-on packages that Reaction may want to use. This issue is simply to investigate whether these vulnerabilities are present and try adding the packages to solve them.

Context

I've create a custom action that redirect to cart page with a success flash, but page open no-product-available modal

Expected Behavior

Show modal only if applies

Actual Behavior

Cart page open a modal if there are a flash, no matter if is success or error

Possible Fix

Fix this view https://github.com/spree/spree/blob/a7f7114d3237ad214aacc9fe96d1676f1c115976/fron

As you might know, Google recently introduced a new ranking factor and that is CLS - Cumulative Layout Shift.
I have done few tests on default magento 2 stores and each of them fails the t

Currently, catch block is the same for both methods in useForgotPasswordFactory (https://github.com/vuestorefront/vue-storefront/pull/5971/files/0e001721be751b0b0130915023ea0867722e1065#diff-89077440c1264480ee6ffbbcfb08d6c64c9881bea61ebbd8e0e5d260085b66ad):

err.message = err?.graphQLErrors?.[0]?.message || err.message;

Let's create an external function that takes care of that a

Is your feature request related to a problem? Please describe.
The out of the box

Sylius version affected: v1.4.4

Description

Sylius says the category is used and cannot be removed, when we try to remove an empty category.

We figured out that we had some products with the taxon as "Main Taxon".

Steps to reproduce

1. Add a taxon, keep it empty of products.
2. Update a product to use the newly created taxon as Main taxon.
3. Try to remove the taxo

Is your feature request related to a problem?

To help the users better fill the stock labels and the delivery times fields, we should add a placeholder for each field of the product settings page

Describe the solution you'd like

Add the following placeholders:

• Label of in-stock products: "In stock" in Admin.Shopparameters.Help
• Label of out-of-stock products with allowed

A while ago, we converted API controller specs into requests specs, see #2052. But those specs still have references from their old "life" that we can clean a little bit with a small effort.

In fact, their filenames still have the _controller_ part, which makes no sense now. Eg. solidus/api/spec/requests/spree/api/addresses_controller_spec.rb

Also, they contain references to the previo

Improve the tier prices feature - add info like "Buy 2 in x.xx$ and save x%"

Is your feature request related to a problem? Please describe.
Currently, if the developer wants to register a new admin account, it doesn't let it do that because sendgrid API keys are needed. Remove this dependency for local, and switch to using an identical emailService which uses Nodemailer (Gmail option preferred) since Nodemailer is free. Maybe feature flag this property

**Describe

Description (*)

If OpenMage makes use of a composer dependency, which is noted as vulnerable via https://github.com/FriendsOfPHP/security-advisories, we should get a notice.

I dont think we need the check on every PullRequest, but at least a weekly check on our main branches would be good. and on Relea

Type: minor

Describe the bug
After adding a new account address, the screen goes blank you appear to be logged out, but when you refresh the page, the address is there and you are still logged in.

To Reproduce
Steps to reproduce the behavior:

1. Go to storefront
2. Log in
3. Click user name in upper right > Profile
4. Add a new address.
5. When you submit the form, see the