Merge pull request #13 from Arizon-Digital/dev

Dev

.changeset/empty-ties-rhyme.md

@@ -0,0 +1,5 @@
+---
+"@bigcommerce/catalyst-core": minor
+---
+
+Add orders for customer account. Now customer can open orders history or move to specific order details.

.changeset/stupid-drinks-report.md → .changeset/forty-actors-notice.md

@@ -2,4 +2,4 @@
 "@bigcommerce/catalyst-core": patch
 ---
 
-Add additional IP address header
+Remove webpack chunk plugin

.changeset/orange-cheetahs-explode.md

@@ -0,0 +1,5 @@
+---
+"@bigcommerce/catalyst-core": patch
+---
+
+Added aria label for compare button

.changeset/quick-owls-relate.md

@@ -0,0 +1,5 @@
+---
+"@bigcommerce/catalyst-core": minor
+---
+
+Uses the API responses to show better errors when adding a product to the cart.

.changeset/slimy-months-hunt.md

@@ -0,0 +1,5 @@
+---
+"@bigcommerce/catalyst-core": patch
+---
+
+UX improvements for account pages

.changeset/slow-houses-smell.md

@@ -0,0 +1,5 @@
+---
+"@bigcommerce/create-catalyst": patch
+---
+
+Adds a platform check to check if a command is installed.

.changeset/strange-beers-sin.md

@@ -0,0 +1,5 @@
+---
+"@bigcommerce/catalyst-core": patch
+---
+
+Added localization to hardcoded strings

.changeset/wicked-papayas-smoke.md

@@ -0,0 +1,5 @@
+---
+"@bigcommerce/catalyst-core": minor
+---
+
+If a string is not provided in the selected locale, the translation system will fallback to "en" for that specific entry.

.env.example

@@ -2,13 +2,9 @@
 # The control panel URL is of the form `https://store-{hash}.mybigcommerce.com`. 
 BIGCOMMERCE_STORE_HASH=
 
-# The access token from a store-level API account. The only scope required to run Catalyst is Carts `manage`.
-# See https://developer.bigcommerce.com/docs/start/authentication/api-accounts#store-level-api-accounts
-BIGCOMMERCE_ACCESS_TOKEN=
-
-# A bearer token that authorizes server-to-server requests to the GraphQL Storefront API
-# See https://developer.bigcommerce.com/docs/rest-authentication/tokens/customer-impersonation-token
-BIGCOMMERCE_CUSTOMER_IMPERSONATION_TOKEN=
+# A JWT Token for accessing the Storefront API. Enables server-to-server requests if allowed_cors_origins is omitted.
+# See https://developer.bigcommerce.com/docs/rest-authentication/tokens#storefront-tokens
+BIGCOMMERCE_STOREFRONT_TOKEN=
 
 # The Channel ID for the selling channel being serviced by this Catalyst storefront.
 # Channel ID 1 will allow you to load the same data being used on the default Stencil storefront on your store,

.github/dependabot.yml

@@ -17,3 +17,6 @@ updates:
         update-types: ['version-update:semver-major']
       - dependency-name: 'react-day-picker'
         update-types: ['version-update:semver-major']
+      # We are using the latest pre-releases for react and react-dom.
+      - dependency-name: 'react'
+      - dependency-name: 'react-dom'

.github/workflows/basic.yml

@@ -13,7 +13,8 @@ env:
   TURBO_TEAM: ${{ vars.TURBO_TEAM }}
   TURBO_REMOTE_CACHE_SIGNATURE_KEY: ${{ secrets.TURBO_REMOTE_CACHE_SIGNATURE_KEY }}
   BIGCOMMERCE_STORE_HASH: ${{ secrets.BIGCOMMERCE_STORE_HASH }}
-  BIGCOMMERCE_CUSTOMER_IMPERSONATION_TOKEN: ${{ secrets.BIGCOMMERCE_CUSTOMER_IMPERSONATION_TOKEN }}
+  BIGCOMMERCE_STOREFRONT_TOKEN: ${{ secrets.BIGCOMMERCE_STOREFRONT_TOKEN }}
+  BIGCOMMERCE_CHANNEL_ID: ${{ secrets.BIGCOMMERCE_CHANNEL_ID }}
 
 jobs:
   lint-typecheck:

.github/workflows/changesets-release.yml

@@ -29,6 +29,8 @@ jobs:
 
       - name: Build Packages
         run: pnpm --filter "./packages/**" build
+        env:
+          CLI_SEGMENT_WRITE_KEY: ${{ secrets.CLI_SEGMENT_WRITE_KEY }}
 
       - name: Create Release Pull Request or Publish to npm
         id: changesets

.github/workflows/regression-tests.yml

@@ -140,7 +140,7 @@ jobs:
       - name: Run Playwright tests
         run: |
           cd core
-          npx playwright test tests/ui/ --project=tests-chromium 
+          npx playwright test tests/ui/ --project=tests-chromium
 
       - uses: actions/upload-artifact@v4
         if: failure()
@@ -151,7 +151,7 @@ jobs:
 
       - name: Send slack notification
         uses: slackapi/[email protected]
-        if: ${{ steps.pr_details.outputs.draft != 'true' && failure() }}
+        if: ${{ steps.pr_details.outputs.draft != 'true' && steps.pr_details.outputs.pr && failure() }}
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
         with:
@@ -213,7 +213,7 @@ jobs:
 
       - name: Send slack notification
         uses: slackapi/[email protected]
-        if: ${{ steps.pr_details.outputs.draft != 'true' && failure() }}
+        if: ${{ steps.pr_details.outputs.draft != 'true' && steps.pr_details.outputs.pr && failure() }}
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
         with:

SECURITY.md

@@ -1,8 +1,11 @@
 # Reporting security issues
-If you have found a security vulnerability in an active open-source repository created and owned by BigCommerce, please report it to our [public bug bounty program](https://bugcrowd.com/bigcommerce). If you would prefer to submit via email, please send your report to [[email protected]](mailto:[email protected])
+BigCommerce is dedicated to the responsible disclosure of security vulnerabilities.
+If you have found a security vulnerability in an active open-source repository created and owned by BigCommerce, please report it to our [public bug bounty program](https://bugcrowd.com/bigcommerce). If you would prefer to submit via email, please send your report to [[email protected]](mailto:[email protected]).
 
-*Note: Only submissions to our bounty program on BugCrowd will be eligible for bounties. Bounty eligibility and amounts are determined according to the program guidelines.*
+We ask that you **do not** open a public GitHub issue to report security concerns.
 
-Please ***do not*** use public issues to report security vulnerabilities.
+_Note: Only submissions to our bounty program on BugCrowd will be eligible for bounties. Bounty eligibility and amounts are determined according to the program guidelines._
 
-Bugs in 3rd-party modules should be reported to those modules’ maintainers.
+_Note: Bugs in 3rd-party modules and/or dependencies should be reported to the owners/maintainers or those modules and/or dependencies, BigCommerce has no control or authority over third party content._
+
+Thank you in advance for collaborating with us to help protect us and our customers.

core/.env.example

@@ -6,13 +6,9 @@ MAKESWIFT_SITE_API_KEY=
 # The control panel URL is of the form `https://store-{hash}.mybigcommerce.com`. 
 BIGCOMMERCE_STORE_HASH=
 
-# The access token from a store-level API account. The only scope required to run Catalyst is Carts `manage`.
-# See https://developer.bigcommerce.com/docs/start/authentication/api-accounts#store-level-api-accounts
-BIGCOMMERCE_ACCESS_TOKEN=
-
-# A bearer token that authorizes server-to-server requests to the GraphQL Storefront API
-# See https://developer.bigcommerce.com/docs/rest-authentication/tokens/customer-impersonation-token
-BIGCOMMERCE_CUSTOMER_IMPERSONATION_TOKEN=
+# A JWT Token for accessing the Storefront API. Enables server-to-server requests if allowed_cors_origins is omitted.
+# See https://developer.bigcommerce.com/docs/rest-authentication/tokens#storefront-tokens
+BIGCOMMERCE_STOREFRONT_TOKEN=
 
 # The Channel ID for the selling channel being serviced by this Catalyst storefront.
 # Channel ID 1 will allow you to load the same data being used on the default Stencil storefront on your store,

core/.gitignore

@@ -43,3 +43,6 @@ client/generated
 
 # secrets
 .catalyst
+
+# Build config
+build-config.json