This release includes breaking changes for platform teams planning a safe upgrade.
✓ No known CVEs patched in this version
Topics
+1 more
Affected surfaces
Summary
AI summaryUpdates Dependencies 📦, Technical changes 🛠️, and API changes ⚠️ across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Low |
Shows tag suggestions when adding tags to product variants on the products page. Shows tag suggestions when adding tags to product variants on the products page. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high |
— |
| Dependency | Low |
Bumped fast-uri version from 3.1.0 to 3.1.2. Bumped fast-uri version from 3.1.0 to 3.1.2. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high |
— |
| Dependency | Low |
Bumped postcss version from 8.5.12 to 8.5.13. Bumped postcss version from 8.5.12 to 8.5.13. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high |
— |
| Dependency | Low |
Bumped devise gem from 5.0.3 to 5.0.4. Bumped devise gem from 5.0.3 to 5.0.4. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high |
— |
| Dependency | Low |
Bumped view_component version from 4.8.0 to 4.9.0. Bumped view_component version from 4.8.0 to 4.9.0. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high |
— |
| Dependency | Low |
Bumped json gem from 2.19.4 to 2.19.5. Bumped json gem from 2.19.4 to 2.19.5. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high |
— |
| Dependency | Low |
Bumped bootsnap from 1.24.1 to 1.24.3. Bumped bootsnap from 1.24.1 to 1.24.3. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high |
— |
| Dependency | Low |
Bumped private_address_check gem from 0.6.0 to 0.7.0. Bumped private_address_check gem from 0.6.0 to 0.7.0. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high |
— |
| Dependency | Low |
Bumped spring from 4.4.2 to 4.5.0. Bumped spring from 4.4.2 to 4.5.0. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high |
— |
| Dependency | Low |
Bumped knapsack_pro gem from 9.2.3 to 10.0.0. Bumped knapsack_pro gem from 9.2.3 to 10.0.0. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high |
— |
| Dependency | Low |
Bumped aws-sdk-s3 from 1.220.0 to 1.221.0. Bumped aws-sdk-s3 from 1.220.0 to 1.221.0. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high |
— |
| Bugfix | Medium |
Prevents dialogs from appearing twice when deleting users or inviting existing users. Prevents dialogs from appearing twice when deleting users or inviting existing users. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high |
— |
Full changelog
What's Changed
User-facing changes 👀
- Make sure dialogs don't appear twice when deleting users and inviting existing users by @cillian in https://github.com/openfoodfoundation/openfoodnetwork/pull/14082
API changes ⚠️
- DFC v2 organizations by @mkllnk in https://github.com/openfoodfoundation/openfoodnetwork/pull/14277
Experimental features for testing 🚧
- Show tag suggestions when adding tags to variants on products page by @emilythericky in https://github.com/openfoodfoundation/openfoodnetwork/pull/14235
Technical changes 🛠️
- Upgrade shakapacker peer dependencies by @rioug in https://github.com/openfoodfoundation/openfoodnetwork/pull/14263
- [Rails upgrade] Load framework default for version 7.0 by @rioug in https://github.com/openfoodfoundation/openfoodnetwork/pull/14214
- Add unsupported and unverified API v0 docs by @mkllnk in https://github.com/openfoodfoundation/openfoodnetwork/pull/14265
- Gracefully ignore missing target by @dacook in https://github.com/openfoodfoundation/openfoodnetwork/pull/14271
- Fix pr author auto assign github workflow by @rioug in https://github.com/openfoodfoundation/openfoodnetwork/pull/14264
- Remove unused Angular :ofn-track-product, :ofn-track-variant, :decimal directives and :rangeArray filter by @cillian in https://github.com/openfoodfoundation/openfoodnetwork/pull/14267
Dependencies 📦
- Bump fast-uri from 3.1.0 to 3.1.2 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14269
- Bump postcss from 8.5.12 to 8.5.13 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14266
- Bump devise from 5.0.3 to 5.0.4 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14268
- Bump view_component from 4.8.0 to 4.9.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14270
- Bump postcss from 8.5.13 to 8.5.14 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14278
- Bump json from 2.19.4 to 2.19.5 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14279
- Bump bootsnap from 1.24.1 to 1.24.3 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14280
- Bump private_address_check from 0.6.0 to 0.7.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14281
- Bump spring from 4.4.2 to 4.5.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14282
- Bump knapsack_pro from 9.2.3 to 10.0.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14283
- Bump aws-sdk-s3 from 1.220.0 to 1.221.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14284
Full Changelog: https://github.com/openfoodfoundation/openfoodnetwork/compare/v5.4.15...v5.4.16
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Open Food Network
Online marketplace for local food. It enables a network of independent online food stores that connect farmers and food hubs with individuals and local businesses.
Beta — feedback welcome: [email protected]