Merge pull request #35 from Mini-Sylar/bump-shopify-app-express

Bump shopify app express

LICENSE.md

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2018 Shopify
+Copyright (c) 2024 Mini-Sylar
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -4,7 +4,9 @@
 
 A template for building Shopify apps using Vue.js as the frontend. It is based on the [Shopify App Node](https://github.com/Shopify/shopify-app-template-node) template.
 
-Nothing modified on the backend, uses the same starter template from the one generated from shopify cli.🔥
+## Updating Older Versions 
+See [UPDATE GUIDE](#update-guide-v10x-to-v11x) for updating from older versions of the template.
+Prefer to use GraphQL API for interacting with Shopify. See [Migrating From REST to GraphQL](https://shopify.dev/docs/api/admin/migrate)
 
 ## Getting Started
 
@@ -30,6 +32,7 @@ Nothing modified on the backend, uses the same starter template from the one gen
 - `useAuthenticatedFetch` to make authenticated requests to the Shopify API and your backend.
 - `App embedding` - Template is setup to embed your app in the Shopify admin.
 
+
 <br>
 
 ### Storage 💽
@@ -47,13 +50,6 @@ To use one of these, you need to change your session storage configuration. To h
 <br>
 <hr>
 
-## What is not included?
-
-### Polaris Components
-
-You can always access certain polaris components using the `appBridge` but if you want to use the full suite of components, you can use [Shopify Polaris Vue](https://github.com/ownego/polaris-vue). Install this in the `frontend` directory and follow the instructions in the README.
-
-<br>
 
 ## What next?
 
@@ -72,3 +68,79 @@ Here are some useful links to get you started:
 
 ## App Submission
 Built an app using this template? Submit it here [App submission url](https://forms.gle/K8VGCqvcvfBRSug58)
+
+
+# UPDATE Guide (v.1.0.x to v.1.1.x)
+
+It seems Shopify has decided to fully deprecate the React Template. It's no longer available in the Shopify CLI. Meaning we no longer have to match the React template version.
+
+As at `April 2024` Shopify has also deprecated a lot of the old APIs, Sadly, ProductCreate was also affected
+
+It is now recommended to use `Shopify GraphQL API` for interacting with Shopify. See [Migrating From REST to GraphQL](https://shopify.dev/docs/api/admin/migrate)
+
+
+To update your app to the latest version of the template, follow the steps below:
+
+## 1. Update Dependencies
+
+HINT: You can you use [npm-check-updates
+](https://www.npmjs.com/package/npm-check-updates) to speed this up
+
+- Update the shopify app and cli to the latest version in [Root package.json](package.json)
+
+```JSON
+"dependencies": {
+    "@shopify/app": "^3.58.2",
+    "@shopify/cli": "^3.58.2"
+  }
+```
+
+- Update dependencies in web folder [web/package.json](web/package.json)
+
+```JSON
+ "dependencies": {
+    "@shopify/shopify-app-express": "^4.1.4",
+    "@shopify/shopify-app-session-storage-sqlite": "^3.0.3",
+    "compression": "^1.7.4",
+    "cross-env": "^7.0.3",
+    "serve-static": "^1.15.0"
+  },
+  "devDependencies": {
+    "nodemon": "^3.1.0",
+    "prettier": "^3.2.5",
+    "pretty-quick": "^4.0.0"
+  }
+```
+
+- Optional: Update dependencies in `web/frontend` folder [web/frontend/package.json](web/frontend/package.json)
+
+```JSON
+"dependencies": {
+    "@shopify/app-bridge": "^3.7.10",
+    "pinia": "^2.1.7",
+    "vue": "^3.4.21",
+    "vue-router": "^4.3.0"
+  },
+  "devDependencies": {
+    "@rushstack/eslint-patch": "^1.10.1",
+    "@vitejs/plugin-vue": "^5.0.4",
+    "@vue/eslint-config-prettier": "^9.0.0",
+    "eslint": "^9.0.0",
+    "eslint-plugin-vue": "^9.24.1",
+    "prettier": "^3.2.5",
+    "vite": "^5.2.8"
+  }
+```
+
+
+## 2. Update Imports
+- In [Shopify.js](./web/shopify.js) update the import to use the new `shopify` APis
+
+```JS
+// other imports
+import { SQLiteSessionStorage } from "@shopify/shopify-app-session-storage-sqlite";
+import { restResources } from "@shopify/shopify-api/rest/admin/2024-04";
+```
+
+### 3. Optional
+If using the `ProductCreate` mutation, See [Migrating From REST to GraphQL](https://shopify.dev/docs/api/admin/migrate) for the new way to create products, there's an example in [PRODUCTCREATE](./web/product-creator.js)

SECURITY.md

@@ -4,7 +4,7 @@
 
 ### New features
 
-New features will only be added to the master branch and will not be made available in point releases.
+New features will only be added to the `main` branch and will not be made available in point releases.
 
 ### Bug fixes
 
@@ -24,8 +24,7 @@ When a release series is no longer supported, it's your own responsibility to de
 
 ## Reporting a bug
 
-All security bugs in shopify repositories should be reported to [our hackerone program](https://hackerone.com/shopify)
-Shopify's whitehat program is our way to reward security researchers for finding serious security vulnerabilities in the In Scope properties listed at the bottom of this page, including our core application (all functionality associated with a Shopify store, particularly your-store.myshopify.com/admin) and certain ancillary applications.
+Open an issue on the GitHub repository.
 
 ## Disclosure Policy
 
@@ -36,24 +35,7 @@ We look forward to working with all security researchers and strive to be respec
 - Award bounties within a week of resolution (excluding extenuating circumstances)
 - Only close reports as N/A when the issue reported is included in Known Issues, Ineligible Vulnerabilities Types or lacks evidence of a vulnerability
 
-**The following rules must be followed in order for any rewards to be paid:**
-
-- You may only test against shops you have created which include your HackerOne YOURHANDLE @ wearehackerone.com registered email address.
-- You must not attempt to gain access to, or interact with, any shops other than those created by you.
-- The use of commercial scanners is prohibited (e.g., Nessus).
-- Rules for reporting must be followed.
-- Do not disclose any issues publicly before they have been resolved.
-- Shopify reserves the right to modify the rules for this program or deem any submissions invalid at any time. Shopify may cancel the whitehat program without notice at any time.
-- Contacting Shopify Support over chat, email or phone about your HackerOne report is not allowed. We may disqualify you from receiving a reward, or from participating in the program altogether.
-- You are not an employee of Shopify; employees should report bugs to the internal bug bounty program.
-- You hereby represent, warrant and covenant that any content you submit to Shopify is an original work of authorship and that you are legally entitled to grant the rights and privileges conveyed by these terms. You further represent, warrant and covenant that the consent of no other person or entity is or will be necessary for Shopify to use the submitted content.
-- By submitting content to Shopify, you irrevocably waive all moral rights which you may have in the content.
-- All content submitted by you to Shopify under this program is licensed under the MIT License.
-- You must report any discovered vulnerability to Shopify as soon as you have validated the vulnerability.
-- Failure to follow any of the foregoing rules will disqualify you from participating in this program.
-
-\*\* Please see our [Hackerone Profile](https://hackerone.com/shopify) for full details
 
 ## Receiving Security Updates
 
-To receive all general updates to vulnerabilities, please subscribe to our hackerone [Hacktivity](https://hackerone.com/shopify/hacktivity)
+To receive all general updates to vulnerabilities, please subscribe to shopify's hackerone [Hacktivity](https://hackerone.com/shopify/hacktivity)