Skip to content

Open Food Network

v5.4.15 Maintenance

This release keeps dependencies and maintenance posture current for teams operating this tool.

Published 23d Productivity & Wikis
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

farmers food food-hubs nonprofit rails ruby
+1 more
sustainable-consumption

ReleasePort's take

Light signal
editorial:auto 13d

v5.4.15 delivers routine dependency patches across build and runtime stack. A major css_parser upgrade (1.21.1→2.1.0) requires verification before deployment.

Why it matters: css_parser major version introduces behavioral changes requiring test validation. Remaining patches (puma, bootsnap, postcss, webpack, terser, net-imap, hotkeys-js, rubocop-capybara) are incremental updates. Verify CSS parsing in dev before prod rollout.

Summary

AI summary

Minor fixes and improvements.

Changes in this release

Dependency Medium

css_parser upgraded from 1.21.1 to 2.1.0 (major version)

css_parser upgraded from 1.21.1 to 2.1.0 (major version)

Source: llm_adapter@2026-05-21

Confidence: low
Dependency Medium

puma upgraded from 8.0.0 to 8.0.1

puma upgraded from 8.0.0 to 8.0.1

Source: llm_adapter@2026-05-21

Confidence: low
Dependency Medium

bootsnap upgraded from 1.23.0 to 1.24.1

bootsnap upgraded from 1.23.0 to 1.24.1

Source: llm_adapter@2026-05-21

Confidence: low
Dependency Medium

postcss upgraded from 8.5.10 to 8.5.12

postcss upgraded from 8.5.10 to 8.5.12

Source: llm_adapter@2026-05-21

Confidence: low
Dependency Medium

@swc/core upgraded from 1.15.30 to 1.15.32

@swc/core upgraded from 1.15.30 to 1.15.32

Source: llm_adapter@2026-05-21

Confidence: low
Dependency Medium

webpack-sources upgraded from 3.3.4 to 3.4.1

webpack-sources upgraded from 3.3.4 to 3.4.1

Source: llm_adapter@2026-05-21

Confidence: low
Dependency Medium

terser-webpack-plugin upgraded from 5.4.0 to 5.5.0

terser-webpack-plugin upgraded from 5.4.0 to 5.5.0

Source: llm_adapter@2026-05-21

Confidence: low
Dependency Medium

net-imap upgraded from 0.6.3 to 0.6.4

net-imap upgraded from 0.6.3 to 0.6.4

Source: llm_adapter@2026-05-21

Confidence: low
Dependency Medium

hotkeys-js upgraded from 4.0.3 to 4.0.4

hotkeys-js upgraded from 4.0.3 to 4.0.4

Source: llm_adapter@2026-05-21

Confidence: low
Dependency Medium

rubocop-capybara upgraded from 2.22.1 to 2.23.0

rubocop-capybara upgraded from 2.22.1 to 2.23.0

Source: llm_adapter@2026-05-21

Confidence: low
Refactor Medium

Specification adjusted to not expect ordered results

Specification adjusted to not expect ordered results

Source: llm_adapter@2026-05-21

Confidence: high
Refactor Medium

DFC 2.0 upgrade preparation initiated for future compatibility

DFC 2.0 upgrade preparation initiated for future compatibility

Source: llm_adapter@2026-05-21

Confidence: low
Full changelog

What's Changed

Technical changes 🛠️

  • Adjust spec to not expect order of results by @mkllnk in https://github.com/openfoodfoundation/openfoodnetwork/pull/14231
  • DFC 2.0 upgrade preparation by @mkllnk in https://github.com/openfoodfoundation/openfoodnetwork/pull/14230
  • Improvements to CI logging by @dacook in https://github.com/openfoodfoundation/openfoodnetwork/pull/14162
  • Upgrade GitHub workflow actions by @rioug in https://github.com/openfoodfoundation/openfoodnetwork/pull/14257

Dependencies 📦

  • Bump webpack-sources from 3.3.4 to 3.4.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14238
  • Bump terser-webpack-plugin from 5.4.0 to 5.5.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14239
  • Bump @swc/core from 1.15.30 to 1.15.32 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14242
  • Bump postcss from 8.5.10 to 8.5.12 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14243
  • Bump bootsnap from 1.23.0 to 1.24.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14244
  • Bump puma from 8.0.0 to 8.0.1 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14245
  • Bump net-imap from 0.6.3 to 0.6.4 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14247
  • Bump bootsnap from 1.24.0 to 1.24.1 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14255
  • Bump css_parser from 1.21.1 to 2.1.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14258
  • Bump hotkeys-js from 4.0.3 to 4.0.4 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14259
  • Bump webpack-sources from 3.4.0 to 3.4.1 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14260
  • Bump rubocop-capybara from 2.22.1 to 2.23.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14261

Full Changelog: https://github.com/openfoodfoundation/openfoodnetwork/compare/v5.4.14...v5.4.15

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Open Food Network

Get notified when new releases ship.

Sign up free

About Open Food Network

Online marketplace for local food. It enables a network of independent online food stores that connect farmers and food hubs with individuals and local businesses.

All releases →

Related context

Related tools

Beta — feedback welcome: [email protected]