Skip to content

Open Food Network

v5.4.18 Breaking

This release includes 2 breaking changes for platform teams planning a safe upgrade.

Published 10d Productivity & Wikis
βœ“ No known CVEs patched
Read the diff β†’ Tool health β†’ What is this tool? β†’

✓ No known CVEs patched in this version

Topics

farmers food food-hubs nonprofit rails ruby
+1 more
sustainable-consumption

Affected surfaces

auth breaking_upgrade deps

ReleasePort's take

Light signal
editorial:auto 10d

The release fixes a nil‑payment_method error and updates several dependencies (Bundler upgrade, Rails defaults for v7.1, oauth2 gem removal).

Why it matters: Fixes crash when payment_method is nil; upgrades Bundler and loads Railsβ€―7.1 defaults.

Summary

AI summary

Updates Dependencies πŸ“¦, Technical changes πŸ› οΈ, and User-facing changes πŸ‘€ across a mixed release.

Changes in this release

Feature Medium

Include product from coordinator's inventory stays active after inventory is turned off.

Include product from coordinator's inventory stays active after inventory is turned off.

Source: llm_adapter@2026-05-25

Confidence: low

 β€”
Feature Medium

Publish SOLID WebID on DFC API.

Publish SOLID WebID on DFC API.

Source: llm_adapter@2026-05-25

Confidence: low

 β€”
Feature Medium

Allow unsafe redirect for PayPal payment.

Allow unsafe redirect for PayPal payment.

Source: llm_adapter@2026-05-25

Confidence: low

 β€”
Feature Medium

Add owner field to variants.

Add owner field to variants.

Source: llm_adapter@2026-05-25

Confidence: low

 β€”
Dependency Medium

Upgrade Bundler to latest version.

Upgrade Bundler to latest version.

Source: llm_adapter@2026-05-25

Confidence: low

 β€”
Dependency Medium

Load Rails framework defaults for versionβ€―7.1.

Load Rails framework defaults for versionβ€―7.1.

Source: llm_adapter@2026-05-25

Confidence: low

 β€”
Dependency Low

Bump multiple dependencies (db2fog, jest, sass-loader, faraday, webpack-dev-server, terser-webpack-plugin, tom-select, flipper, trix, rubocop-rails, flipper-active_record, view_component, flipper-ui, bootsnap).

Bump multiple dependencies (db2fog, jest, sass-loader, faraday, webpack-dev-server, terser-webpack-plugin, tom-select, flipper, trix, rubocop-rails, flipper-active_record, view_component, flipper-ui, bootsnap).

Source: granite4.1:30b@2026-05-25-audit

Confidence: low

 β€”
Deprecation Medium

Remove oauth2 gem from dependencies.

Remove oauth2 gem from dependencies.

Source: llm_adapter@2026-05-25

Confidence: high

 β€”
Bugfix Medium

Fix error when payment_method is nil.

Fix error when payment_method is nil.

Source: llm_adapter@2026-05-25

Confidence: high

 β€”
Bugfix Medium

Fix reports to use variant supplier.

Fix reports to use variant supplier.

Source: llm_adapter@2026-05-25

Confidence: high

 β€”
Refactor Medium

Replace wicked_pdf with ferrum_pdf for PDF generation.

Replace wicked_pdf with ferrum_pdf for PDF generation.

Source: llm_adapter@2026-05-25

Confidence: low

 β€”
Full changelog

What's Changed

User-facing changes πŸ‘€

  • Include product from the coordinator's inventory stays active after inventory is turned off by @rioug in https://github.com/openfoodfoundation/openfoodnetwork/pull/14212
  • Fix error when payment_method is nil by @dacook in https://github.com/openfoodfoundation/openfoodnetwork/pull/14320

API changes ⚠️

  • Publish SOLID WebID on DFC API by @mkllnk in https://github.com/openfoodfoundation/openfoodnetwork/pull/14306

Technical changes πŸ› οΈ

  • Add hint to avoid Docker for AI agents by @maikels-agent in https://github.com/openfoodfoundation/openfoodnetwork/pull/14286
  • Upgrade Bundler by @mkllnk in https://github.com/openfoodfoundation/openfoodnetwork/pull/14295
  • [Rails upgrade] Load framework default for version 7.1 by @rioug in https://github.com/openfoodfoundation/openfoodnetwork/pull/14273
  • Allow unsafe redirect for paypal payment by @rioug in https://github.com/openfoodfoundation/openfoodnetwork/pull/14311
  • Add owner field to variants by @dacook in https://github.com/openfoodfoundation/openfoodnetwork/pull/14249
  • Remove oauth2 gem by @rioug in https://github.com/openfoodfoundation/openfoodnetwork/pull/14308
  • Replace wicked_pdf with ferrum_pdf for PDF generation by @chahmedejaz in https://github.com/openfoodfoundation/openfoodnetwork/pull/14221
  • Fix reports to use variant supplier by @dacook in https://github.com/openfoodfoundation/openfoodnetwork/pull/14272

Dependencies πŸ“¦

  • Bump db2fog from 6e88c0a to d3f27a1 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14291
  • Bump jest-environment-jsdom from 30.3.0 to 30.4.1 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14290
  • Bump sass-loader from 16.0.7 to 16.0.8 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14289
  • Bump jest from 30.3.0 to 30.4.2 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14288
  • Bump faraday from 2.14.1 to 2.14.2 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14296
  • Bump webpack-dev-server from 5.2.3 to 5.2.4 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14297
  • Bump terser-webpack-plugin from 5.5.0 to 5.6.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14298
  • Bump tom-select from 2.6.0 to 2.6.1 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14299
  • Bump flipper from 1.4.1 to 1.4.2 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14302
  • Bump trix from 2.1.18 to 2.1.19 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14300
  • Bump rubocop-rails from 2.34.3 to 2.35.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14301
  • Bump flipper-active_record from 1.4.1 to 1.4.2 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14313
  • Bump view_component from 4.9.0 to 4.10.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14312
  • Bump flipper-ui from 1.4.1 to 1.4.2 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14314
  • Bump bootsnap from 1.24.3 to 1.24.4 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14317

New Contributors

  • @maikels-agent made their first contribution in https://github.com/openfoodfoundation/openfoodnetwork/pull/14286

Full Changelog: https://github.com/openfoodfoundation/openfoodnetwork/compare/v5.4.16.1...v5.4.18

Breaking Changes

  • Remove oauth2 gem
  • Replace wicked_pdf with ferrum_pdf for PDF generation
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Open Food Network

Get notified when new releases ship.

Sign up free

About Open Food Network

Online marketplace for local food. It enables a network of independent online food stores that connect farmers and food hubs with individuals and local businesses.

All releases β†’

Related context

Related tools

Beta — feedback welcome: [email protected]