This release includes breaking changes for platform teams planning a safe upgrade.
✓ No known CVEs patched in this version
Topics
+1 more
ReleasePort's take
Light signalThis release removes ignored columns from the database schema and adds an address field in DFC v2 format via the API.
Why it matters: Removing unused columns cleans up the data model, while exposing addresses in DFC v2 enables downstream integrations that require this standardized representation.
Summary
AI summaryUpdates Dependencies 📦, Technical changes 🛠️, and User-facing changes 👀 across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Medium |
Show an address in DFC v2 format via API. Show an address in DFC v2 format via API. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Dependency | Low |
Upgrade PostgreSQL to version 14 in CI environment. Upgrade PostgreSQL to version 14 in CI environment. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Dependency | Low |
Upgrade Shakapacker to version 10. Upgrade Shakapacker to version 10. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Dependency | Low |
Bump Bundler from 4.0.11 to 4.0.12. Bump Bundler from 4.0.11 to 4.0.12. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Dependency | Low |
Bump rubocop from 1.86.1 to 1.86.2. Bump rubocop from 1.86.1 to 1.86.2. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Dependency | Low |
Bump aws-sdk-s3 from 1.221.0 to 1.222.0. Bump aws-sdk-s3 from 1.221.0 to 1.222.0. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Dependency | Low |
Bump active_storage_validations from 3.0.4 to 3.0.5. Bump active_storage_validations from 3.0.4 to 3.0.5. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Dependency | Low |
Bump view_component from 4.10.0 to 4.11.0. Bump view_component from 4.10.0 to 4.11.0. Source: granite4.1:30b@2026-06-03-audit Confidence: low |
— |
| Dependency | Low |
Bump sass-loader from 16.0.8 to 17.0.0. Bump sass-loader from 16.0.8 to 17.0.0. Source: granite4.1:30b@2026-06-03-audit Confidence: low |
— |
| Dependency | Low |
Bump openid_connect from 2.3.1 to 2.4.0. Bump openid_connect from 2.3.1 to 2.4.0. Source: granite4.1:30b@2026-06-03-audit Confidence: low |
— |
| Deprecation | Medium |
Remove ignored columns from the database schema. Remove ignored columns from the database schema. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Bugfix | Medium |
Fix form label associations for screen reader accessibility. Fix form label associations for screen reader accessibility. Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Bugfix | Medium |
Fix error when payment_method is nil. Fix error when payment_method is nil. Source: llm_adapter@2026-06-03 Confidence: high |
— |
Full changelog
What's Changed
Significant changes 🚀
- Remove ignored columns by @dacook in https://github.com/openfoodfoundation/openfoodnetwork/pull/14248
User-facing changes 👀
- Fix form label associations for screen reader accessibility by @gbathree in https://github.com/openfoodfoundation/openfoodnetwork/pull/14172
- Fix error when payment_method is nil by @dacook in https://github.com/openfoodfoundation/openfoodnetwork/pull/14320
API changes ⚠️
- Show an address in DFC v2 format by @mkllnk in https://github.com/openfoodfoundation/openfoodnetwork/pull/14316
Technical changes 🛠️
- Upgrade to postgres 14 on CI by @dacook in https://github.com/openfoodfoundation/openfoodnetwork/pull/14241
- Upgrade to shakapacker v10 by @rioug in https://github.com/openfoodfoundation/openfoodnetwork/pull/14287
- Bump bundler from 4.0.11 to 4.0.12 by @mkllnk in https://github.com/openfoodfoundation/openfoodnetwork/pull/14331
Dependencies 📦
- Bump rubocop from 1.86.1 to 1.86.2 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14321
- Bump aws-sdk-s3 from 1.221.0 to 1.222.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14322
- Bump active_storage_validations from 3.0.4 to 3.0.5 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14327
- Bump rubocop-rails from 2.35.0 to 2.35.1 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14328
- Bump jwt from 2.10.2 to 2.10.3 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14329
- Bump postcss from 8.5.14 to 8.5.15 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14334
- Bump view_component from 4.10.0 to 4.11.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14335
- Bump rubocop-rails from 2.35.1 to 2.35.2 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14336
- Bump sass-loader from 16.0.8 to 17.0.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14338
- Bump webpack from 5.106.2 to 5.107.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14339
- Bump openid_connect from 2.3.1 to 2.4.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14340
- Bump aws-sdk-s3 from 1.222.0 to 1.223.0 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14341
- Bump tmp from 0.2.5 to 0.2.7 by @dependabot[bot] in https://github.com/openfoodfoundation/openfoodnetwork/pull/14343
Full Changelog: https://github.com/openfoodfoundation/openfoodnetwork/compare/v5.4.17...v5.5.0
A macaron or French macaroon is a sweet meringue-based confection made with egg white, icing sugar, granulated sugar, almond meal, and often food colouring.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Open Food Network
Online marketplace for local food. It enables a network of independent online food stores that connect farmers and food hubs with individuals and local businesses.
Beta — feedback welcome: [email protected]