Vue Storefront is now Alokai! Learn More
@vue-storefront/magento-api

@vue-storefront/magento-api

8.0.1ri:link

Patch Changesri:link

Security vulnerability fixes across multiple packages

This change addresses critical security vulnerabilities identified in the dependency audit across several packages. The fixes primarily target dependency updates and security patches to resolve high and critical severity issues.

Before fix:

  • 40 vulnerabilities found (Packages audited: 3081)
  • Severity breakdown: 23 Low | 8 Moderate | 2 High | 7 Critical

After fix:

  • 24 vulnerabilities found (Packages audited: 3115)
  • Severity breakdown: 22 Low | 2 Moderate | 0 High | 0 Critical

Key improvements:

  • Eliminated all 7 critical vulnerabilities
  • Resolved 2 high severity vulnerabilities
  • Reduced moderate vulnerabilities from 8 to 2
  • Overall 40% reduction in total vulnerabilities (40 → 24)

The remaining low and moderate vulnerabilities are either false positives or require major version updates that would introduce breaking changes.

  • FIX Improve Magento route types with proper union types
  • Replaced generic RoutableInterface with a new Route union type that properly represents different route variants
  • Added specific types for CategoryInterfaceRoute, CategoryTreeRoute, CmsPageRoute, and ProductRoute with their respective properties
  • Updated the route API function to use the new Route type for better type safety and IntelliSense support
  • Each route type now includes proper __typename discrimination for better runtime type checking
  • Updated dependencies:
    • @vsf-enterprise/magento-types@4.0.1

8.0.0ri:link

Major Changesri:link

FEATURE

  • placeOrder unified API method: Added placeOrder method to the unified API for Magento.

CHANGED

  • placeOrder response structure: The placeOrder method now returns detailed order information using the orderV2 field instead of the basic order field. Update your code to access order data from response.data.placeOrder.orderV2 instead of response.data.placeOrder.order
  • magento schema updated: Updated Magento GraphQL schema from 2.4.6 to 2.4.8, which may introduce new types and fields or modify existing ones.
  • magento-sdk: Is now using the middlewareModule from @alokai/connect/sdk and become a Proxy SDK module to align with recent architecture changes.

Patch Changesri:link

  • Updated dependencies:
    • @vsf-enterprise/magento-types@4.0.0

7.0.0ri:link

Major Changesri:link

  • CHANGED Guarantee compatibility with @alokai/connect package.
  • CHANGED Updated the package for compatibility with Node.js 22.

Key Updates:ri:link

  • Upgraded to the latest version of Node.js 22
  • Updated CI pipelines to use Node.js 22 for consistency.
  • Updated .nvmrc or .node-version files to specify Node.js version 22.14.
  • Upgraded @types/node to version ^22.13.17 for compatibility with the latest Node.js features.

Recommendations:ri:link

  • Use Node.js version 22.14.0 or higher for optimal performance, security, and compatibility.
  • While Node.js 20 is technically supported, it is not recommended as it may cause compatibility issues with certain packages and has not been thoroughly tested. CHANGED Replaced core dependencies with a new @alokai/connect package. @vue-storefront/middleware, @vue-storefront/sdk, vue-storefront/logger, vue-storefront/unified-data-model, @vue-storefront/multistore were replaced with @alokai/connect. The replacement preserves the same functionality and interface as the original packages. To read more about the @alokai/connect package, please refer to the documentation.

Patch Changesri:link

  • Updated dependencies:
    • @alokai/connect@1.0.0
    • @vsf-enterprise/magento-types@3.0.0

7.0.0-rc.5ri:link

Patch Changesri:link

  • Updated dependencies:
    • @alokai/connect@1.0.0-rc.4

7.0.0-rc.4ri:link

Major Changesri:link

  • CHANGED Updated the package for compatibility with Node.js 22.

Key Updates:ri:link

  • Upgraded to the latest version of Node.js 22
  • Updated CI pipelines to use Node.js 22 for consistency.
  • Updated .nvmrc or .node-version files to specify Node.js version 22.14.
  • Upgraded @types/node to version ^22.13.17 for compatibility with the latest Node.js features.

Recommendations:ri:link

  • Use Node.js version 22.14.0 or higher for optimal performance, security, and compatibility.
  • While Node.js 20 is technically supported, it is not recommended as it may cause compatibility issues with certain packages and has not been thoroughly tested.

Patch Changesri:link

  • Updated dependencies:
    • @vsf-enterprise/magento-types@3.0.0-rc.0
    • @alokai/connect@1.0.0-rc.3

7.0.0-rc.3ri:link

Patch Changesri:link

  • Updated dependencies:
    • @alokai/connect@1.0.0-rc.2

7.0.0-rc.2ri:link

Patch Changesri:link

  • Updated dependencies:
    • @alokai/connect@1.0.0-rc.1

7.0.0-rc.1ri:link

Major Changesri:link

Update packages to work with connect rc version

Patch Changesri:link

  • Updated dependencies:
    • @alokai/connect@1.0.0-rc.0

7.0.0-rc.0ri:link

Major Changesri:link

CHANGED Replaced core dependencies with a new @alokai/connect package. @vue-storefront/middleware, @vue-storefront/sdk, vue-storefront/logger, vue-storefront/unified-data-model were replaced with @alokai/connect. The replacement preserves the same functionality and interface as the original packages. To read more about the @alokai/connect package, please refer to the documentation. You will also find a migration guide in the documentation.

6.3.0ri:link

Minor Changesri:link

  • 9f61ba2b: CHANGED Replaced consola with Alokai Logger. To learn more about logger, visit Alokai Logger.

6.2.0ri:link

Minor Changesri:link

  • aa9e8a96: ADDED cookieOptions config. This option allows you to customize the cookie options which are set for a given cookie name.
    Example:
    {
  integrations: {
    magento: {
      location: "@vue-storefront/magento-api/server",
      configuration: {
        // ...
        cookieOptions: {
          "vsf-customer": {
            secure: process.env.NODE_ENV === 'production',
            sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'strict',
          }
        }
      },
    },
  },
}

6.1.0ri:link

Minor Changesri:link

  • a89d1e10: ** CHANGED ** - increase the HttpAgent socket timeout from 10s to 30s to prevent timeout errors on slow connections.

6.0.0ri:link

Major Changesri:link

  • 983eb70e: CHANGE - Update middleware to 5.1.0

5.0.1ri:link

Patch Changesri:link

  • 158a648f: Remove unused vulnerable dependency "@nuxtjs/composition-api"

5.0.0ri:link

Major Changesri:link

  • 018d73d3: - BREAKING Updated @vue-storefront/middleware version to 4.1.0. Make sure this version is used in your project.
    {
  ...
  "dependencies": {
-   "@vue-storefront/middleware": "3.x.x",
+   "@vue-storefront/middleware": "4.1.0"
  }
}

4.0.1 (deprecated)ri:link

This package version is deprecated. Please use the next major version.

Patch Changesri:link

  • d65bb6ee: CHANGED Updated @vue-storefront/middleware version to 4.x.x.

4.0.0ri:link

Major Changesri:link

  • e4709f9a: Changed minimum Node version from 16 to 18. The condition that was forcing the Node version to be lower than 19 is also removed.

Patch Changesri:link

  • Updated dependencies e4709f9a
    • @vue-storefront/magento-types@2.0.0

3.1.1ri:link

Patch Changesri:link

  • 3065ee76: ADDED CategoriesQuery type for categories endpoint.
  • 101d9905: FIXED: Added export of Endpoints type, because it was missing.

3.1.0ri:link

Minor Changesri:link

  • 6dc90582: CHANGED Enhanced default GQL productDetailsQuery with new fields: stock_status and only_x_left_in_stock. #1521

Patch Changesri:link

  • 6672edfb: CHANGED Update TSDocs of API methods. Now, they contain examples of usage.

3.0.0ri:link

Major Changesri:link

  • 8b8fdff0: - CHANGED Endpoints interface. Previously, each endpoint contained context param, which is internal and shouldn't be exposed in the final interface. Now, Endpoints interface properties don't contain context param. If you need to use context param, you should use ApiMethods type.
    - import { Endpoints } from '@vue-storefront/magento-api';
+ import { ApiMethods } from '@vue-storefront/magento-api';
    • CHANGED Removed ContextualizedEndpoints type. Use Endpoints instead.
    - import { ContextualizedEndpoints } from '@vue-storefront/magento-api';
+ import { Endpoints } from '@vue-storefront/magento-api';
    • REMOVED MagentoApiMethods interface. Use Endpoints instead.
    - import { MagentoApiMethods } from '@vue-storefront/magento-api';
+ import { Endpoints } from '@vue-storefront/magento-api';

2.7.0ri:link

Minor Changesri:link

  • 8b2a0c35: ADDED categories endpoint that allows fetching a list of categories that match the specified filter. CHANGED categoryList endpoint is now deprecated in favor of the new categories endpoint.

Patch Changesri:link

  • Updated dependencies 8b2a0c35
    • @vue-storefront/magento-types@1.2.0

2.6.0ri:link

Minor Changesri:link

  • 7ce4f9ed: CHANGED Enhanced default GQL queries
    • CategorySearchQuery new fields:
      • url_key - The url key assigned to the category.
      • children - Child categories tree.
        • include_in_menu
        • is_anchor
        • level
        • name
        • position
        • product_count
        • uid
        • url_key
        • url_path
        • url_suffix
    // get category `children` categories

const category = sdk.commerce.categorySearch();
const children = category.children;
    • CategoryListQuery new fields:
      • children.url_key - The url key assigned to the category.
    // get `url_key` of category children

const categoryList = sdk.commerce.categoryList();

for (let categoryChildren of categoryList.children) {
  const url_key = categoryChildren.url_key;
}

    // get ConfigurableProduct `variants` products

const products = sdk.commerce.products();

for (let product of products) {
  if (product.__typename === "ConfigurableProduct") {
    const variants = products.variants;
  }
}

Patch Changesri:link

2.5.0ri:link

Minor Changesri:link

  • eda02ee7: CHANGED Update addConfigurableProductsToCart and addBundleProductsToCart methods to align with the rest of the API methods. It is an internal change that does not affect the public API.

Patch Changesri:link

  • 06362368: CHANGED Context from type to interface to allow declaration merging.

2.4.3ri:link

Patch Changesri:link

  • adc748ef: * Updated @apollo/client dependency from version ^3.6.9 to version 3.8.7 in the api-client package.
  • adc748ef: * Fixed a bug in the GraphQL mutation in the generateCustomerToken API. Replaced the ${generateCustomerToken} template string with ${generateCustomerTokenGQL.query} in the mutation to address the bug.

2.4.2ri:link

Patch Changesri:link

  • Updated dependencies 045784a6
    • @vue-storefront/magento-types@1.0.2

2.4.1ri:link

Patch Changesri:link

  • 78edfd5c: * Fixed a bug in the GraphQL mutation in the generateCustomerToken API. Replaced the ${generateCustomerToken} template string with ${generateCustomerTokenGQL.query} in the mutation to address the bug.

2.4.0ri:link

Minor Changesri:link

  • d634cdbe: ## Changes
    This change adds support for custom queries in the route method of both the api-client and sdk modules. The route query has also been extended with a CategoryInterface fragment. These changes improve the flexibility and functionality of the route method, allowing for more customization and control over the data returned.

    api-clientri:link

    • Expanded the route query to include a CategoryInterface fragment.
    • Introduced support for customQueries within the route API method.

    sdkri:link

    • Now includes support for customQueries in the route SDK method.

Patch Changesri:link

  • 992734bf: ## Changes
    This change adds support for custom queries in the generateCustomerToken method of both the api-client and sdk modules.

    api-clientri:link

    • Introduced support for customQueries within the route API method.

    sdkri:link

    • Now includes support for customQueries in the route SDK method.

2.3.0ri:link

Minor Changesri:link

  • a9ea521f: Added Compatibility: Now supports domain-based store resolving with the Unified MultiStore module.

2.2.0ri:link

Minor Changesri:link

  • 07d2087a: Bumped @vue-storefront/middleware version to ^3.5.0 which introduces support for HTTP GET requests.

2.1.1ri:link

Patch Changesri:link

  • Turn off query deduplication to prevent any potential session leaks.

2.1.0ri:link

Minor Changesri:link

  • Add node 18 support

2.0.1ri:link

Patch Changesri:link

  • Fix products and productDetails endpoints to return 200 instead of 500 when no products found