Closes https://github.com/solidusio/solidus/issues/4749.

Add a deprecation warning for allow_promotions_any_match_policy = true

We are going to remove this preference in Solidus 4.0. The only accepted
value for who wants to ...

This constant won't be needed anymore in 4.0 when we will remove
the any matching policy for pro...

Improve Taxon validations and factory

Fix rake error testing the update generator

It looks like the `spree:install:migrations` task is not available when
running through `Rails::...

Allow splitting shipments when not tracking inventory

Ref: https://app.circleci.com/pipelines/github/solidusio/solidus/4122/workflows/e273818e-ef20-42...

When Spree::Config.track_inventory_levels is false we are
not supposed to change inventory level...

Update descend_by_popularity scope spec

so that it doesn't depend on the line item quantity.

The scope is not taking into account the l...

These preferences are only temporary, so stores can upgrade to a new
minor and can fix any now i...

Spree::ProductDuplicator bug on price

Update Spree::Product scopes.rb to fix issue with 'descend_by_popularity' scope

Until v3.2.3 duplicating a product duplicated the price.
Since v3.2.4 the product duplication do...

Copy new migrations as part of the update task

Fixes issue with 'disallow_raw_sql!': Query method called with non-attribute argument we need to...

Introduce allowed_ransackable_scopes

Right now, we are not copying the new migrations
introduced with the new version. This new insta...

Ensure target shipments are evaluated in order of creation (fix flakey)

Add back Variant#find_or_build_default_price

This method was renamed to `default_price_or_build` with 6420b10, but
this was a breaking change...

Remove order token authorization option from current order API documentation

Update the solidus stoplight api documentation to remove
order token as an authorization option....

The `orders/current` api endpoint should only be authorized
by providing the api key for a user....

By using allowed_ransackable_scopes which was introduced in the last
commit, stores will be able...

ransackable_scopes is currently declared on two models, although other
ransackable methods are d...

This solves a long standing flakey spec which was uncovering an actual
issue.

Raising an exception at this time could prevent a payment from being
properly processed. Any inc...

Allow a rescue to catch both in one go

Improve REST OpenAPI documentation for auth

This change will show the correct format of the api key token
in the generated documentation.

Keep all the LogEntry serialization logic in one place

This will prevent from saving values that are now allowed in the
serialized column.

Locally, it was not running flaky specs, because I forgot
to add the normal run when we are not ...

On a clean database, the spec was creating a Taxonomy and its root
Taxon with an id of 1. This m...

Spree::Taxonomy rightfully assumes there's only one root [1]. Before,
it was it easy to create a...

It doesn't make sense to Taxons with the same name under the same
parent.

A spec was also added...

In the next commit, a validation will be added to ensure their names
are unique if they belong t...

This spec didn't really test the regression issue well:
1. This spec should call first_or_create...

When creating a Taxon under a Taxonomy normally via admin it will
make set the taxonomy correctl...

Fix issue with available_on datepicker

Apply store credits before creating payments

Mark another spec as flaky

Limit usage of pull_request_target event is our workflows

Fix sandbox generation

Use the same format as GitHub's default for the release notes

Fixes https://github.com/solidusio/solidus/issues/4932.

Reduce size of sample images

Fix duplicate context name in spec

Remove Slack notifications for CI failures

Fix CI installation tests reflecting latest changes to starter frontend

We were storing the Slack secrets on a CircleCI context [1]. Although we
were also passing them ...

Fix AddPaymentSourcesToWallet changing default when reused

PR #2913 [1] changed how the new default WalletPaymentSource was set.
Before:
- using the last o...

We're changing the format for the auto-generated release notes from:

- This is the PR title #1 ...

New Rails versions do not come with webpacker anymore.
We can safely generate sandboxes with Jav...

The `pull_request_target` event has access to the target repository
secrets, implying a security...

Fix CI only testing with the paperclip adapter

Link to how to sign in the API with solidus_auth_devise

Since https://github.com/solidusio/solidus/pull/4666, all jobs have been
running with the paperc...

See https://github.com/solidusio/edgeguides/pull/91

Closes https://github.com/solidusio/solidus...

Risk analysis box update

Fix link to the contribution document

The link was broken since https://github.com/solidusio/solidus/pull/4713
was merged.

Closes #4896

AVS and CVV are a legacy coming from an age in which everything could
be done with ActiveMerchan...

Should not be false when a CVV message is present; that's just a
field to collect descriptions f...

Match the behavior of Payment.risky.

There's no point in providing the latest payment from outside when the
partial is accessing `@or...

Use AR and existing scopes to build the query instead of SQL.

Add a spec ensuring failed paymen...

`Order#is_risky?` is currently based on whether a payment is risky,
but over time the API could ...

ERB fixes for the backend (🐛+💅)

Add the `/admin/orders/:number` route

As reported by erb_lint it may confuse parsers and doesn't add any
value.

And add a final newline where it was missing.