github shopperlabs/shopper v2.7.0
on GitHub

latest release: v2.7.1
8 hours ago

What's New in Shopper v2.7.0

292 files changed across security hardening, a brand new Starter Kit system, a complete money storage overhaul, and Filament 4.9 readiness.

Starter Kit System

A new system for scaffolding Laravel storefronts, inspired by Statamic's approach. Starter kits are installed once. The code becomes yours to customize.

  • feat: add starter kit install and init commands (#486)
  • feat: add starter kit export command and simplify kit:init (#487)

Three new Artisan commands:

  • shopper:kit:install vendor/package to install a starter kit from Packagist or GitHub
  • shopper:kit:init to scaffold a new starter kit structure
  • shopper:kit:export to export your project as a reusable starter kit

Upgrade Package

A new shopper/upgrade package providing automated migration assistance for breaking changes between versions.

  • feat: add shopper/upgrade package with upgrade command (#474)
  • refactor: replace MCP server with Boost skills for upgrade prompts (#475)

Money Storage Overhaul

All monetary values are now stored in the smallest currency unit (cents for USD, raw integer for JPY/XAF). This aligns with Stripe, Shopify, and Medusa conventions. All accessor/mutator pairs on Price, Order, OrderItem have been removed.

  • fix: store monetary amounts in smallest currency unit (#471)

Security

  • fix(security): prevent 2FA bypass via password reset flow (#488)
  • fix(security): add rate limiting on forgot password, 3 requests per 5 minutes (#488)
  • fix(security): lock Livewire properties against client tampering with #[Locked] (#488)
  • fix(security): enforce edit_orders authorization on shipment event creation (#488)
  • fix(security): enforce edit_reviews authorization on review approval action (#488)
  • fix: server-side authorization enforcement and branded 403 page (#450)
  • fix: validate starter kit package name format before HTTP calls (#488)

Improvements

  • refactor: migrate from HasForms to HasSchemas (Filament 4.9) (#465)
  • refactor: replace internal slide-over system with laravelcm/livewire-slide-overs package (#469)
  • refactor: split TwoFactorAuthenticatable into SOLID interfaces and traits (#467)
  • refactor: allow attributes on virtual products (#482)
  • refactor: make gender field optional across the application (#479)
  • refactor: remove inventory limit and clean up admin config (#481)
  • refactor: move shipment event to slide-over with InteractsWithSlideOverForm trait (#472)
  • feat: nested sortable categories with SortableJS (#455)
  • feat(design): update initialization step form (#478)
  • perf(admin): migrate DiscountForm selects to server-side search (#488)
  • perf(admin): reduce DiscountForm mount queries from 4 to 1 (#488)
  • perf(admin): wrap category reordering in DB::transaction (#488)

Bug Fixes

  • fix: shipping drivers (UPS/FedEx) zero-decimal currency overcharge, amounts were multiplied by 100 for currencies like JPY/XAF (#488)
  • fix: upgrade command idempotency guard, prevents double-run from destroying monetary data (#488)
  • fix: use ROUND instead of FLOOR with cross-database float division in zero-decimal currency migration (#488)
  • fix: strict int signature on shopper_money_format() (#488)
  • fix(types): sync TypeScript type definitions with database schema (#483)
  • fix(ui): consistency and accessibility improvements (#485)
  • fix: add close button to review detail slide-over (#477)
  • fix: prevent sidebar width flash on page load (#451)
  • fix: make 2FA migrations safe for fresh installs and Fortify compatibility
  • fix: pre-release audit fixes for v2.7 (#484)

Dependencies

  • Filament bumped to ^4.9 (HasSchemas support)
  • Spatie Laravel Permission now supports ^6.24|^7.0
  • New dependency: laravelcm/livewire-slide-overs: ^2.0

Breaking Changes

This release contains breaking changes. Please read the upgrade guide carefully.

Money Storage Convention

All monetary accessors/mutators have been removed from Price, Order, OrderItem, and CarrierOption models. Values are now stored and read as raw integers in the smallest currency unit.

Before: $price->amount = 25 stored 2500 in DB, reading returned 25.0
After: $price->amount = 2500 stores 2500 in DB, reading returns 2500

Use the new MoneyInput Filament component for admin forms. Use shopper_money_format() for display.

Run php artisan shopper:fix-zero-decimal-currencies --force if you use zero-decimal currencies (XAF, JPY, KRW).

Two-Factor Authentication

The TwoFactorAuthenticatable trait has been replaced by two separate interfaces and traits: 

// Add to your User model:
use Shopper\Traits\InteractsWithStoreAuthentication;
use Shopper\Traits\InteractsWithStoreAuthenticationRecovery;

// Implement:
implements HasStoreAuthentication, HasStoreAuthenticationRecovery

Database columns renamed: two_factor_secret to store_two_factor_secret, two_factor_recovery_codes to store_two_factor_recovery_codes. Run php artisan migrate.

Slide-Over System

The internal slide-over system (SlideOverComponent, SlideOverPanel, PanelContract) has been replaced by laravelcm/livewire-slide-overs. Update custom slide-over components to extend Laravelcm\LivewireSlideOvers\SlideOverComponent.

Filament HasSchemas

All Livewire components migrated from HasForms/InteractsWithForms to HasSchemas/InteractsWithSchemas. Requires Filament ^4.9.

Configuration

  • filament_color renamed to primary_color in config/shopper/admin.php
  • resources.stylesheets, resources.scripts, and inventory_limit removed

Contributors

Full Changelog: v2.6.4...v2.7.0

Check out latest releases or
releases around shopperlabs/shopper v2.7.0

Don't miss a new shopper release

NewReleases is sending notifications on new releases.

Get notifications