Pull Request Explorer

Summary

Add recursive Sentry scrubber and customer field

Improves data privacy by ensuring nested fields and customer emails are scrubbed in Sentry logs.

Health Assessment

• • Quick fix with minimal changes, fast review and merge.

Summary

Fix KeyError in channel-agnostic account events

This bug fix prevents errors when processing account events that are not tied to a specific channel, ensuring reliable event handling and preventing potential service disruptions.

Health Assessment

• • The PR had a quick turnaround with minimal rework, indicating a straightforward bug fix.

Summary

Fix KeyError in channel-agnostic account events

This fix prevents runtime errors when processing account events that are not tied to a specific channel, ensuring reliable webhook delivery and avoiding service disruptions.

Health Assessment

• • The PR addressed a specific runtime error with minimal code changes and was merged quickly after a single review, indicating a straightforward fix with low risk.

Summary

Fix KeyError in channel-agnostic account events

Resolves a KeyError that occurred when resolving channel for channel-agnostic account events, improving webhook reliability.

Health Assessment

• • Quick review and merge within 24h, minimal rework.

Summary

Fix KeyError in channel-agnostic account events

This bugfix resolves a KeyError that occurred when resolving channels for channel-agnostic account events, ensuring webhook processing works correctly across all channels.

Health Assessment

• • The PR was reviewed and merged within a day, indicating a straightforward bugfix with minimal friction.

Summary

Bump orjson from 3.11.7 to 3.11.9

Updates the orjson dependency to the latest patch, ensuring compatibility with Rust 1.95 and fixing build issues, thereby maintaining build stability and security for the project.

Health Assessment

• • Dependency update took 26 hours from creation to merge, with a single review after 26 hours, indicating a straightforward but slightly delayed process.

Summary

Fix KeyError when resolving channel for channel-agnostic account events

Prevents subscription queries from failing when account events lack a channel_slug, improving system reliability.

Health Assessment

• • The PR had a long review time (~70h) despite being a small bugfix, suggesting low priority or blocker; overall risk remains low.

Summary

Add bulk delete limit to prevent timeouts

Adds a limit on bulk delete operations to avoid database timeouts and improve stability.

Health Assessment

• • The PR introduced a bulk delete limit to prevent database timeouts, with a quick review and minimal rework, indicating a well-scoped change.

Summary

Fix saving language code in customerUpdate mutation

Corrects language code handling in customer update mutation, ensuring accurate language persistence for customers.

Health Assessment

• • Rapid review and merge with minimal changes indicates a straightforward bug fix.

Summary

Fix language code saving in customerUpdate mutation

Corrects the customerUpdate mutation to properly persist language codes, ensuring accurate customer data handling.

Health Assessment

• • Rapid review and merge indicate a straightforward bug fix with minimal impact.

Summary

Fix saving language code in customerUpdate mutation

Corrects a bug where the language code was not persisted during customer updates, ensuring accurate localization data for customers.

Health Assessment

• • Quick review and single commit indicate a straightforward bug fix with minimal risk.

Summary

Clarify security policy for AI-generated reports

Clarifies that AI-generated reports are allowed if manually verified, reducing risk of hallucinations and ensuring real security issues are reported.

Health Assessment

• • Quick review and merge, minimal changes, low risk.

Summary

Health Assessment

Summary

Bump dependencies

Updates library versions to keep the project secure and compatible, ensuring stability for production deployments.

Health Assessment

• • Fast review and merge with minimal changes; no blockers or significant rework detected.

Summary

Release version 3.23.7

This release updates dependencies and bumps the package version, ensuring compatibility and security.

Health Assessment

• • Rapid release with minimal changes and swift review, indicating low complexity and risk.

Summary

Release 3.22.51

Bumps dependencies and updates package configuration for the 3.22.51 release, ensuring compatibility and security updates.

Health Assessment

• • Fast turnaround, minimal changes, quick review, low risk.

Summary

Release 3.21.59

This release updates security dependencies and bumps the package version, ensuring the platform remains up‑to‑date and secure for customers.

Health Assessment

• • Quick release with minimal changes and no significant review friction.

Summary

Upgrade pyjwt and idna dependencies

Updates JWT and IDNA libraries to newer, more secure versions, ensuring compatibility with the platform.

Health Assessment

• • Quick dependency upgrade with minimal code changes, fast review and merge.

Summary

Upgrade pyjwt and idna dependencies

This PR updates the PyJWT library to v2.13.0 and bumps the IDNA dependency, ensuring compatibility and security for authentication token handling.

Health Assessment

• • Quick dependency bump with minimal changes and fast review, indicating low risk.

Summary

Upgrade pyjwt and idna dependencies

This PR updates the PyJWT library to v2.13.0 and bumps the IDNA dependency, ensuring compatibility and security fixes for authentication handling.

Health Assessment

• • Quick dependency upgrade with minimal changes and fast review, indicating low risk and efficient process.

Summary

Upgrade pyjwt and idna dependencies

This PR updates the pyjwt library to v2.13.0 and bumps the idna dependency to address security and compatibility issues, ensuring the authentication system remains robust.

Health Assessment

• • Quick dependency bump with minimal review, indicating low complexity and high confidence.

Summary

Bump boto3 from 1.42.96 to 1.43.1

Updates the boto3 library to the latest patch, incorporating bug fixes and security updates for the application.

Health Assessment

• • The PR was a simple dependency bump with minimal code changes, but the long cycle time indicates a slow review process for automated updates.

Summary

Bump botocore from 1.40.35 to 1.42.96

Updates the botocore dependency to a newer version, ensuring compatibility and security fixes.

Health Assessment

• • Long cycle time due to automated dependency update; minimal code changes; low risk.

Summary

Release 3.23.6

This release includes bug fixes for checkout deliveries, telemetry handling, channel deletion, and JSON parsing, improving stability and reliability.

Health Assessment

• • Quick release with minimal changes, no review friction.

Summary

Upgrade uv to v0.11.8

Updates the uv dependency to the latest stable version, ensuring compatibility and security.

Health Assessment

• • Quick, single-commit PR with minimal changes, merged within 40 minutes.

Summary

Fix checkout delivery invalidation crash

Prevents checkout failures caused by duplicate delivery records, improving checkout reliability and reducing cart abandonment.

Health Assessment

• • Fast turnaround with minimal rework; quick fix to a critical checkout issue.

Summary

Fix checkout delivery invalidation crash

Prevents crashes caused by duplicate checkout delivery rows, ensuring reliable checkout flow.

Health Assessment

• • Quick fix with minimal changes, fast review and merge, indicating low complexity and high confidence in stability.

Summary

Fix crash when telemetry disabled and lifespan enabled

Prevents startup crashes when telemetry is disabled, improving reliability for deployments that disable telemetry.

Health Assessment

• • Quick fix with minimal changes, merged within minutes, indicating low complexity and high confidence.

Summary

Fix crash when telemetry disabled and lifespan enabled

Ensures the application starts correctly when telemetry is turned off, preventing unexpected downtime for users.

Health Assessment

• • The PR had a long cycle time but involved only a single line change with no rework, indicating low complexity but a delayed merge due to scheduling or review backlog.

Summary

Reject empty-string channel ID in channelDelete mutation

Prevents accidental deletion of channels with empty IDs, ensuring data integrity and reducing error reports.

Health Assessment

• • Quick turnaround with minimal changes and no rework indicates a straightforward bug fix.

Summary

Reject empty channel ID in channelDelete mutation

Prevents invalid channel deletion requests, improving API robustness.

Health Assessment

• • Quick review and merge with minimal changes indicates low complexity and high confidence in correctness.

Summary

Gracefully handle invalid JSON strings

This change improves robustness by preventing crashes when invalid JSON is received, enhancing user experience and system stability.

Health Assessment

• • The PR was reviewed quickly with minimal iterations, indicating a straightforward bug fix.

Summary

Gracefully handle invalid JSON strings

Prevents crashes when invalid JSON is passed to the API, improving stability and user experience.

Health Assessment

• • Merged within 20 hours with minimal rework; review cycle was quick and straightforward.

Summary

Release version 3.23.5

Deploys version 3.23.5, adding app lifecycle webhook support, improved GraphQL validation, checkout deletion mutation, and customer deletion subscription.

Health Assessment

• • Rapid release with minimal changes, quick review, low risk.

Summary

Allow apps to receive their own lifecycle webhooks

Adds support for apps to receive their own lifecycle webhooks, enabling better event handling and management.

Health Assessment

• • Long cycle time and delayed first review indicate significant review friction; extensive changes across many files suggest high complexity and potential risk.

Summary

Change graphql-inspector to run against proper branch

Updates the GraphQL inspector workflow to target the correct branch, ensuring schema validation runs on the intended codebase and preventing potential merge conflicts.

Health Assessment

• • Quick merge with no review needed, minimal changes to CI pipeline.

Summary

Change graphql-inspector to run against proper branch

Fixes GraphQL inspector workflow to compare against the correct branch and trigger only on pull request events, eliminating false positives and duplicate runs.

Health Assessment

• • Rapid, single-file change with minimal review time and immediate merge.

Summary

Add checkoutDelete mutation

Adds a staff/app‑only checkoutDelete mutation to the GraphQL API, enabling privileged users to delete checkouts.

Health Assessment

• • Merged within 1.8 hours with a single review, indicating a straightforward change with minimal friction.

Summary

Enable subscription for CUSTOMER_DELETED webhook

Adds subscription support for CUSTOMER_DELETED event, allowing SMTP apps to use modern subscription queries, fixes dashboard validation, and paves way to retire legacy static payload webhooks.

Health Assessment

• • The PR had a long cycle time (~8.8 days) but the first review was quick, suggesting that the delay was likely due to scheduling or other dependencies rather than code complexity.

Summary

Added subscription to CUSTOMER_DELETED

Adds subscription support for the CUSTOMER_DELETED webhook, enabling modern SMTP app integration and allowing deprecation of legacy static payloads.

Health Assessment

• • Fast review but long cycle time indicates possible backlog or extended discussion; minimal rework and low risk.

Summary

Prevent granting MANAGE_APPS permission to apps

This change removes the ability for apps to receive the MANAGE_APPS permission, reducing security risk and preventing potential permission scope leaks. It also introduces a migration to clean existing apps and enforces error handling when attempting to issue tokens for such apps.

Health Assessment

• • The PR required multiple iterations after the initial review, indicating complex changes and potential oversight.
• • The long cycle time and large code churn suggest significant impact on the codebase and potential for regression.

Summary

Fix missing libxslt in container images

Adds libxslt to Docker images to prevent import errors when using lxml, ensuring product export functionality works.

Health Assessment

• • Quick fix with minimal changes, resolved in a single commit after review, indicating low complexity and risk.

Summary

Use Celery eager mode by default in devcontainer

Enables Celery eager mode in the devcontainer to simplify local development for contributors.

Health Assessment

• • Quick merge with minimal changes, indicating a straightforward update to the dev environment.

Summary

Release 3.21.58

Bumps dependencies and updates package configuration for the 3.21.58 release, ensuring compatibility and security updates.

Health Assessment

• • Fast release with minimal changes, no review needed, low risk.

Summary

Release 3.22.50

This release updates the Saleor platform to version 3.22.50, bumping Django to 5.2.14 and upgrading critical dependencies, ensuring improved security and stability for our e-commerce storefronts.

Health Assessment

• • Fast turnaround with minimal changes, indicating a routine release update.

Summary

Release 3.23.4

This PR bumps dependencies and updates the platform to version 3.23.4, ensuring security patches and new features are applied.

Health Assessment

• • Quick release with minimal changes, fast review and merge, indicating a routine maintenance update.

Summary

Bump Django to v5.2.14

Update Django dependency to the latest patch, ensuring the platform remains secure and compatible with new Django features.

Health Assessment

• • Quick dependency bump with minimal review and fast merge, indicating low risk and high confidence in the change.

Summary

Bump Django to v5.2.14

Updates Django dependency to latest patch, ensuring security and bug fixes.

Health Assessment

• • Quick dependency bump with minimal changes, fast review and merge.

Summary

bump: Django v5.2.14

Updates Django to the latest patch release, applying security and bug fixes without adding new features.

Health Assessment

• • Quick merge indicates minimal risk and straightforward dependency bump.

Summary

Bump Django to v5.2.14

Updates Django dependency to version 5.2.14 for the Saleor project.

Health Assessment

• • Quick review and merge process, indicating a straightforward dependency update.