https://leapgraph.com/graphql-api-security

This article mentions several add-on packages that Reaction may want to use. This issue is simply to investigate whether these vulnerabilities are present and try adding the packages to solve them.

Preconditions (*)

1. Magento 2.3.3 CE & 2.4-

Prerequisites (mark completed items with an [x]):

• I have have carried out troubleshooting steps and I believe I have found a bug.
• I have searched for similar bugs in both open and closed issues and cannot find a duplicate.

Describe the bug

In the zip code/postcode documentation description, there's an extra ) in the zipcode help text.

Expected behavior

Remov

Sylius version affected: v1.4.4

Description

Sylius says the category is used and cannot be removed, when we try to remove an empty category.

We figured out that we had some products with the taxon as "Main Taxon".

Steps to reproduce

1. Add a taxon, keep it empty of products.
2. Update a product to use the newly created taxon as Main taxon.
3. Try to remove the taxo

Is your feature request related to a problem?

Improve the information displayed in the checkout when a product is without stock

From https://www.prestashop.com/forums/topic/1041442-nobody-can-figure-it-out-we-need-a-specialist/

Describe the solution you'd like

Display the combination from the product without stock.

Additional context

Which one is the product withou

select2_locale_en-GB.js is missing in the select2_locales folder, selecting English (UK) on the admin backend breaks the app.

Solidus Version:
2.11.3

To Reproduce

1. Open the admin backend
2. Select English (UK) in the language selection menu at the bottom right

Current behavior
It returns an error with the following message:
``
The asset "solidus_admin/select2_locales/s

Improve the tier prices feature - add info like "Buy 2 in x.xx$ and save x%"

Is your feature request related to a problem? Please describe.
Currently, if the developer wants to register a new admin account, it doesn't let it do that because sendgrid API keys are needed. Remove this dependency for local, and switch to using an identical emailService which uses Nodemailer (Gmail option preferred) since Nodemailer is free. Maybe feature flag this property

**Describe

In .htaccess file I would recommend inoffensive changes to bring the code to our days:

line 8: php5.ini => php7.ini

line 16: php5 settings => php7 settings

  
############################################
## GoDaddy specific options

#   Options -MultiViews

## you might also need to add this line to php.ini
##     cgi.fix_pathinfo = 1
## if it still doesn't work, rename php.i

Type: minor

Describe the bug
After adding a new account address, the screen goes blank you appear to be logged out, but when you refresh the page, the address is there and you are still logged in.

To Reproduce
Steps to reproduce the behavior:

1. Go to storefront
2. Log in
3. Click user name in upper right > Profile
4. Add a new address.
5. When you submit the form, see the

The dashboard on homepage fetches data like Orders, Products, Customers...
It works when user has all permissions required to these data. But it doesn't handle the situation when the user has only part of the required permissions - it shows a blank form.
I assume that the dashboard should show the data which user has access to
![image (3)](https://user-images.githubusercontent.com/