should we update the payments demo with main/minor other fixes #15618

fix(fxa-settings): Fix l10n and a11y of confirm password input

Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.1335.0 to 2.1397.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Commits](aws/aws-sdk-js@v2.1335.0...v2.1397.0) --- updated-dependencies: - dependency-name: aws-sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

…k-2.1397.0 chore(deps): bump aws-sdk from 2.1335.0 to 2.1397.0

Because: * We need a way to bulk cancel subscriptions to a given plan This commit: * Creates a script that can cancel subscriptions to a given plan * with a few configuration options Closes FXA-7124

feat(auth): cancel subscriptions to plan script

fix(third-party-auth): Don't show Google/Apple login buttons in the Sync flow

fix(ipad): Reduce avatar size on mobileLandscape for iPad web view modal

Because: * Credit card names are brands and have to follow proper capitalization and formatting as per their individual guidelines. This commit: * Corrects credit card capitalization and formatting in paymentProvider mjml partial. * Corrects all references to "Mastercard" from "MasterCard" as that is the official branding. * Adds additional translations for card name instead of type and unknown card. * Updates applicable stories and tests. Closes FXA-7134

Because: * the invoice/preview endpoint is failing more often causing issues for users This commit: * adds some logging around the handler * removes some env checks so that response validation errors are logged in production Closes #FXA-7664

Because: * We are aiming to launch VPN in 16 new countries in Europe. This commit: * Adds additional currencies to supportedPayPalCurrencies. Closes FXA-7606

fix(l10n): Clarify recovery key hint explanation for l10n

feat(payments): update supported PayPal currencies list

fix(auth): add Logging To Invoice Previw Endpoint

Bumps [chalk](https://github.com/chalk/chalk) from 5.1.2 to 5.2.0. - [Release notes](https://github.com/chalk/chalk/releases) - [Commits](chalk/chalk@v5.1.2...v5.2.0) --- updated-dependencies: - dependency-name: chalk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

…password

test(functional): Convert Robots test, oauth webchannel tests

fix(ip): Set x-forwarded-for header from gql to auth-server

fix(text): Don't display `Step 1 of 2` when deleting account with no password set

Because: * Localized plain text file is not rendering as expected on Android and Windows. * Hidden directionality characters get copied with key, resulting in the key being marked as invalid during password reset. * Reversal is temporary to prevent this issue from blocking deployment while next steps are determined. This commit: * Serve key only in the file download. * Add an optional query param to test downloading a detailed file 1) with BOM (byte-order-mark), 2) with charset defined, or 3) with TextEncoder * Add stories to download the 3 test options Closes #FXA-7688

Because: * Controlled components that used useWatch to obtain the current input value would reset to default (empty string) on submit or rerender * We want to ensure that if the submit aborts due to an error or if the page rerenders, controlled components will display the current input value and not an string. This commit: * Use getValues to set the default input value for useWatch in both places where it is used in the codebase (FlowRecoveryKeyHint and ResetPassword) Closes #FXA-7547

Because: * The lightbulb image in account recovery key creation step 4 was mispositioned on mobile * The focus outline was misplaced on the back button This commit: * Update sizing, rename and minify lightbulb svg * Adjust styling for back button * Remove background fill for security shield graphic Closes #FXA-7542, #FXA-7553

task(fxa-settings): Revert localized content in key download file

fix(fxa-settings): Ensure useWatch uses current input value as default

fix(fxa-settings): Various UI tweaks related to recovery key

test(functional): rewrite sync v3 settings test

Because: * we do not want to be inundated with request validation errors that are outside of our control This commit: * updates the reporting logic to only report response validation errors for all environments Closes #FXA-7664

…ors-only fix(auth): only Report Response Validation Errors

Bumps [type-fest](https://github.com/sindresorhus/type-fest) from 3.7.1 to 3.12.0. - [Release notes](https://github.com/sindresorhus/type-fest/releases) - [Commits](sindresorhus/type-fest@v3.7.1...v3.12.0) --- updated-dependencies: - dependency-name: type-fest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

…5.2.0 chore(deps): bump chalk from 5.1.2 to 5.2.0

fix(emails): correct credit card brand capitalization in invoice emails

Because: * Subscription management date is localized to `en` locale, regardless of browser language. * SecurityEvent created date is not being localized. This commit: * Pass FluentDate to Fluent localization libraries to correctly localize dates. * Add localization string for SecurityEvent created date. Closes FXA-7795

Bumps [mkdirp](https://github.com/isaacs/node-mkdirp) from 2.1.5 to 3.0.1. - [Changelog](https://github.com/isaacs/node-mkdirp/blob/main/CHANGELOG.md) - [Commits](isaacs/node-mkdirp@v2.1.5...v3.0.1) --- updated-dependencies: - dependency-name: mkdirp dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

chore(docs) Latest legal PDFs

Because: * stripe started returning an empty string for tax display name which causes our response validation to fail This commit: * ORs an empty string with undefined so that undefined is returned when display name is an empty string Closes #

fix(auth): handle Empty String Tax Display Name

fix(l10n): fix date localization in sub management

fix(release): Fetch all git tags

…-3.0.1 chore(deps): bump mkdirp from 2.1.5 to 3.0.1

…sword reset Because: * The browser should be be notified when a PW reset occurs on a verified account through the Sync flow, as this logs the user in This commit: * Conditionally runs the fxaLogin command with required account data after a password reset with or without recovery key, when the flow is sync * Receives other values off the account reset call needed for webchannel account data * Temporarily checks for SyncBasic and SyncDesktop flows to run the check because we don't need to port over context in local storage logic (which would account for SyncDesktop only), since we are switching to codes soon * Sends up `service` with the email request so we can append the param and check when link is received (causing the SyncBasic integration) * Removes resendResetPassword and calls resetPassword where needed since the code was duplicated Fixes FXA-7172

feat(react): Send fxaLogin webchannel message conditionally after password reset

fix(apple): Fix few bugs with migration script and add ability to mock

…very key flow Because: * We want to prevent users from clicking on submit buttons multiple times while account updates are in progress, and also provide users with feedback that the form has been submitted. * Clicking on the confirm password button multiple times would result in an error banner "Account recovery key already exists" * Clicking multiple times on the "remove" button from the "delete account recovery key" modal would send multiple key deleted emails This commit: * Disable submit button while password confirmation and key creation are in progress * Disable modal confirmation button while submit function is in progress Closes #FXA-7551

Because: * we want to use feature flags to enable/disable work This commit: * adds an env var for the stripe invoice immediately epic Closes #FXA-7847

…nv-var feat(invoice): add Env Vars for Stripe Invoice Immediately

Bumps [p-event](https://github.com/sindresorhus/p-event) from 4.2.0 to 6.0.0. - [Release notes](https://github.com/sindresorhus/p-event/releases) - [Commits](sindresorhus/p-event@v4.2.0...v6.0.0) --- updated-dependencies: - dependency-name: p-event dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

test(functional): rewrite signin and oauth reset password test

Because: - We want to send fxaccounts:oauth_login events This Commit: - Adds new FirefoxCommand, OAuthLogin. - Adds new type for OAuthLogins - Adds ability to send command

…t-6.0.0 chore(deps-dev): bump p-event from 4.2.0 to 6.0.0

Because: * There are no plans configured to support RSD and, currently, PayPal does not support it. This commit: * Removes RSD from approved currencies list. Closes FXA-7815

Because: * The subscription confirmation page shows the current date instead of the latest invoice date. This commit: * Shows the latest invoice date * Does not show the Order details section if invoice number and date could not be found Closes FXA-5805

fix(payments): on sub confirm show invoice date

task(settings): Support OAuth Login Event

Because: * Users that have an account via third-party auth and have not yet set a password should be shown a login screen that shows the login button(s) relevant to them instead of the 'enter a password' view This commit: * Adds necessary conditional logic to sign_in_password * Updates the accoun/status endpoint to return third party auth status data when requested closes FXA-4776

feat(third-party-auth): Conditionally render login buttons on signin

Emit account event for Pocket Apple user migration

…ter checkbox w/two slugs Because: * We want to update the label text for two existing newsletters and add a new option to subscribe users to two new newsletter from one new checkbox This commit: * Updates labels per ticket * Adds new checkbox with array of slugs for new newsletter option, does not HTML escape label due to ampersand * Updates server validity check, tests Closes FXA-7527

fix(fxa-settings): Disable double-clicking on buttons in account recovery key flow

chore(payments): remove RSD from approved currencies

Bumps [semver](https://github.com/npm/node-semver) from 7.3.5 to 7.5.3. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.3.5...v7.5.3) --- updated-dependencies: - dependency-name: semver dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Because: * objectToNVP converts object properties with undefined values to a string with value undefined. PayPal expects undefined values to be an empty string param. This commit: * Converts object properties with an undefined value to empty string.

fix(payments/paypal): convert undefined before request

Because: * We want to make sure the password check is successful before deleting the key and creating a new one This commit: * Update the server-side "createRecoveryKey" method to handle new key creation when account already had a key enabled * Use the client-side createRecoveryKey with reauth for both key creation and key change * Send only "new key created" email when a key is changed (not "key deleted" email) * Fix error with throttled error localization when localizedRetryAfter value is not available by adding a generic string * Update tests and add more stories Closes #FXA-7548

…-7.5.3 chore(deps): bump semver from 7.3.5 to 7.5.3

fix(fxa-settings): Do not allow key change if password incorrect

Because: * We want to enable all reset password functional tests for both react and content-server This commit: * Add playwright test for content-server reset password "happy path" * Add additional tests for react reset password route * Add react reset password test for sync * Move some react reset password tests to unit tests Closes #FXA-7248

Bumps [@babel/preset-typescript](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-typescript) from 7.21.0 to 7.22.5. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.22.5/packages/babel-preset-typescript) --- updated-dependencies: - dependency-name: "@babel/preset-typescript" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

…-tests task(functional-tests): Add missing reset password tests in Playwright

feat(newsletters): Update newsletter checkbox labels, add new newsletter checkbox w/two slugs

Because: * we want to invoice immediately when subscriptions are upgraded This commit: * passes in the parameter to stripe (conditionally on env var) to invoice immediately on sub upgrades Closes #FXA-7438

Co-authored-by: Peter deHaan <[email protected]>

…grade feat(auth): pass In 'always_invoice' On Subscription Upgrade

test(functional) : rewrite sync sign up with CWTS tests

Because: * Changes introduced in #15478 removed the return value from method resetPasswordHeader This commit: * Updates tests to no longer expect a return value from method resetPasswordHeader

fix(functional-tests): update forceAuth test

…est-3.12.0 chore(deps-dev): bump type-fest from 3.7.1 to 3.12.0

…preset-typescript-7.22.5 chore(deps): bump @babel/preset-typescript from 7.21.0 to 7.22.5

Because: * Now that we are immediately invoicing on upgrades regardless of billing cycle, we want to revise copy throughout the checkout and email process to improve UX and be clear on payment dates and amounts. This commit: * Revises the acknowledgement copy on upgrades. * Uses the stripeImmediatelyInvoice flag to show updated copy. * Updates tests and stories when aforementioned flag is set to true, where applicable. Closes FXA-7399

feat(payments): revise acknowledgement copy on upgrades

test(functional): rewrite fx desktop handshake tests

Because: * Need to add Google Analytics to payments server. This commit: * Performs the necessary setup to run GA events on payments for specific products. Closes #FXA-7670

feat(payments): Add GA to payments

Because: * We want a user to be able to resume where they left off in the checkout process. This commit: * Creates a carts table to store subscription checkout state per [SubPlat 3.0 Cart DB Structure](https://docs.google.com/document/d/1hUx-lbymI8It_Cn5AeUkVmwdc2_pqCJDqs8G9X6ia8c/edit?usp=sharing). Closes #FXA-7506

fix(logs): Fix issues with bigquery logs

feat(db): create carts table to store subscription checkout state

chore(emails): update Mozilla's mailing address

Because: * Objection was outdated. This commit: * Updates the objection/knex dependencies and the root package.json in order to use the latest versions of objection and knex across the integrated configuration.

chore: update objection/knex dependencies

Because: * The incorrect amounts are showing in the upgrade email template for same and different billing cycles. This commit: * Corrects amounts listed in same billing cycle upgrade email. * Corrects amounts listed in different billing cycle upgrade email. * Updates applicable stories and tests. Closes FXA-7349

Because: - a cloud provider requires MySQL tables to have primary keys This commit: - add auto incrementing PK columns to three tables in the fxa schema

fix(emails): correct amounts in upgrade email

Bumps [stylelint](https://github.com/stylelint/stylelint) from 15.6.2 to 15.10.1. - [Release notes](https://github.com/stylelint/stylelint/releases) - [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md) - [Commits](stylelint/stylelint@15.6.2...15.10.1) --- updated-dependencies: - dependency-name: stylelint dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>

…needed

fix(logs): Update password reset react pages to use auth client when neede

Because: * We are linking out to the English version for some Pocket links, and we want the site to handle language negotiation instead * We want to display ToS and Privacy notice for Pocket and other users that have passwordless accounts This commit: * Removes the hard-coded 'en' from these links * Moves links out of signin <form>, always displays ToS and Privacy link and includes Pocket ToS and Privacy link when the client is Pocket Closes FXA-7920, FXA-7865 Changes to be committed:

…int-15.10.1 chore(deps-dev): bump stylelint from 15.6.2 to 15.10.1

chore(db): add PK col to recoveryCodes, securityEvents, and totp

Because: * Depending on the product, a different newsletter slug should be sent to the newsletter API, and different copy should be shown next to the newsletter checkbox on the Checkout page. This commit: * Adds support for a new parameter, newsletterSlug, in Stripe metadata to allow a configurable newsletter slug. * Adds support for a new parameter, newsletterLabelTextCode, in Stripe metadata to allow for custom copy on the newsletter checkbox on the Checkout page. Closes #FXA-7611

Because: * Auth strict mode type "object" was missing from some properties in pushpayloads.schema.json file. This commit: * Adds strict mode type object to aforementioned json file.

feat(payments): config newsletter slug and copy

chore(docs) Latest legal PDFs

fix(third-party-auth): ToS + Privacy link tweaks

Because: - we want to upgrade our React/CRA packages to react-scripts and webpack v5 This commit: - upgrades react-scripts and webpack to v5 for Settings, Payments, and Admin Panel - upgrades other dependencies in order to make the react-scripts and webpack upgrades work - hybridizes fxa-auth-client and fxa-shared into dual module format packages

chore(deps): upgrade react-scripts and webpack to v5

Because: * The checkboxes are not aligned. This commit: * Aligns the checkboxes and shield. Closes FXA-6545

Bumps [sqs-consumer](https://github.com/bbc/sqs-consumer) from 5.7.0 to 7.2.1. - [Release notes](https://github.com/bbc/sqs-consumer/releases) - [Commits](bbc/sqs-consumer@v5.7.0...v7.2.1) --- updated-dependencies: - dependency-name: sqs-consumer dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

Because: * We'd like faster builds to avoid repeat work. This commit: * Uses nx-cloud as a cache for build/test/lint operations.

chore: use nx-cloud

Because: * Dependabot's PR failed due to two TS errors due to changes in how different commands are called in v3 aws-sdk (now called ATaws-sdk with the @ symbol instead) relative to v2 aws-sdk. This commit: * Fixes all the TS errors by removing the v2 aws-sdk and using the v3 ATaws.sdk library to create an SQSClient. Closes #FXA-7948

…nsumer-7.2.1 chore(deps): bump sqs-consumer from 5.7.0 to 7.2.1

…bject fix(auth): adds missing strict mode type "object" in json file

refactor(payments): align checkboxes on new user checkout

fix(scripts): Update scripts to handle apple private emails

chore(metrics): add Glean event for signin view

chore(metrics): add Glean event for login success

chore(webpack): opt out of runtime error overlay in dev

chore(metrics): add Glean login submit event

Because: * we want proration information (one_time_charge and prorated_amount) to be returned with the invoice preview This commit: * changes the return type of invoice preview to be a named tuple, one with and one without the proration information, and formats the API response accordingly Closes #FXA-6690

…tion feat(auth): update Invoice Preview to Handle Prorations

Because: * We are moving to immediately invoicing and combining same and different billing cycle email templates. This commit: * Removes condition for same billing in mjml template. * Updates stripe to remove references for same billing behaviour. * Updates applicable tests. * Updates applicable stories. Closes FXA-6691

Because: * Many of our emails did not send with a correctly localized date This commit: * Sends the acceptLanguage header through our determineLocale helper before using it in Moment, which requires a single locale fixes FXA-7930

Because: * This directory is not always present. When we try to just 'rm' when it doesn't exist, a hidden error is thrown This commit: * Simply adds "-rf" to the rm command for ./locale/templates/LC_MESSAGES/* Fixes 7862

Because: - We want to sanitize validation errors which are held in sentry event 'context' This Commit: - Scrubs event.context - Increase default depth to 6 because it's condusive to validation errors. - Updates pii test with semi realistic validation error data.

feat(payments): remove same billing copy from subscription upgrade

fix(ci): Add -rf to dir removal to fix string extraction test

task(sentry): Scrub PII on validation errors

fix(emails): Pass single locale to Moment for unlocalized dates

Because: - We want to show the react version now that simple routes are complete This Commit: - Let's backbone router handle decision making for: - ':lang/legal/privacy' requests - ':lang/legal/terms' requests

Bumps [@nx/workspace](https://github.com/nrwl/nx/tree/HEAD/packages/workspace) from 16.3.1 to 16.5.2. - [Release notes](https://github.com/nrwl/nx/releases) - [Commits](https://github.com/nrwl/nx/commits/16.5.2/packages/workspace) --- updated-dependencies: - dependency-name: "@nx/workspace" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Because: - We want to lock down our gql queries as part of good security practices. This Commit: - Creates task that extracts existing gql queries from our code - Applies middleware that checks a allowlist of extracted queries. - Creates a 403 if the query is not in the allowlist - Makes all gql parsable by extraction utility. The extraction utility doesn't support string placeholders. e.g. gql` Account { ${ACCOUNT_FIELDS} }` - Moves all the gql in the admin server into .ts files. Again for consistency and extraction utility support. - Cleans up some config references at startup - Adds nx config for extraction & copy tasks

Because: - some components used in the Admin Panel uses fluent/react even though the app itself is not localized This commit: - wrap the app in LocalizationProvider to fix a runtime error from fluent/react

Because: * A recent change added shared branding to the payments.ftl file resulting in duplicate IDs during l10n string extraction. This commit: * Removes the change that adds branding to payments.ftl * Switches fxa-payments-server to use main.ftl instead of payments.ftl and react.ftl. Closes #FXA-7980

task(gql-api): Allowlist graphql queries

feat(payments): remove branding from payments.ftl

fix(admin panel): wrap App in LocalizationProvider

task(content): Fix legal doc links

…kspace-16.5.2 chore(deps-dev): bump @nx/workspace from 16.3.1 to 16.5.2

Because: * We need to show the customer what is owed and when (i.e. proration) on checkout. This commit: * Updates PlanUpgradeDetails component and invoice preview to include proration amount. * Adds a helper function to formats for only plan intervals. * Shows updated content when useStripeImmediatelyInvoice flag is set to true. * Updates tests and stories when aforementioned flag is set to true, where applicable. Closes FXA-6878

feat(payments): update PlanUpgradeDetails component content

Because: * The Account class model has become too large and due to its mandatory use for all API calls, combined with concerns about over fetching, the excessive use of Context, more diverse data requirements, and a preference for Apollo Client hooks, we need an improved pattern moving forward This commit: * Provides an ADR to summarize problems and the proposed solution closes FXA-7627

Because: - We want to enable password reset using our react app. This commit: - Ports over oauth reset password for react - Updates Playwright tests accordingly - Ports over playwright tests covering typical reset password flows - Adds playwright test for PKCE reset password case - Adds playwright test for TOTP reset password case - Adds playwright test for account recovery code reset password case - Adds playwright test for account recovery code & TOTP reset password case - Enables oauth redirect logic, and removed short circuit operation in router.js -> showReactApp that would prevent oauth routes from rendering. - Applied oauth redirect logic to: - CompleteResetPassword page - AccountRecoveryResetPassword - Fixes issues with displaying service name in: - ResetPasswordWithRecoveryKeyVerified - ResetPasswordVerified, - Fixes issues with rendering story book state - Fixed issues found in hooks: - Switched CreateReliers and CreateIntegration to useReliers and useIntegration. These accessed context so it turns out they really should be hooks. - Made these hooks return singletons, which fixed a bunch of ‘ghost’ rerenders. - Fixed an intermittent race condition in url-query-data.ts and added an option to ‘synchronize’ a data store. - Updated logic in RelierFactory.initOuathReliers to ensure all the relying party information needed for password reset could be resolved. - Fixed call to account.resetPassword on ResetPassword page, so proper options were sent to auth so state would be reflected in email link. - Added support for handling resume tokens. Resume tokens on base64 encoded in the resume field in the query string. The logic for parsing these tokens wasn’t present yet. - Updated the integration factory to pass in a relier authClient. These were needed to handle the integration logic. - Ported scoped keys logic. - Clean up in tests: - Moved commonly used function, getReactFeatureFlagUrl to a util file. - Removes incorrect usages of act blocks in favor of 'findBy' calls - Wraps events in 'act' block that require it thereby fixing 'act' warnings - Mocks console.warn to silence data provider output - Test fxa-settings:test-integration output is now 100% percent clean, with no more warnings!

task(settings): Port oauth redirect logic to reset password flows

Because: * We need to upgrade to react 18 This commit: * Upgrades all frontend packages to react 18 Closes: FXA-7932 Closes: FXA-3587 Closes: FXA-4353 Closes: FXA-5081 Closes: FXA-5136 Closes: FXA-5140 Closes: FXA-5142 Closes: FXA-5143

feat(all): react 18

Because: * The update method only updates existing fields and doesn't remove optional fields while the set method replaces the entire document. * Firestore document IDs for our local dev helper were auto-assigned rather than being the originalTransactionId (for Apple) or purchaseToken (for Google), as we have in stage/prod, which was causing errors for existence checks on Firestore docs. This commit: * Uses the set method instead of update, so we don't have stale optional properties left on the subscription in Firestore while preserving the userId field if present. * Use the originalTransactionId else the purchaseToken as the Firestore document ID for mock IAP subscriptions in local dev. Closes #FXA-7118

fix(auth): use Firestore set method to update Apple IAP subscriptions

chore(adr): Use React container component abstraction (fxa-settings)

Because: - Our CI image build was failing This Commit: - Makes an exception for the configs/gql/allowlist folder in the dockerignore file

Test cleanup

remove all the content-server tests from the config file

Because: - Some devices may report performance.timeOrigin as a float instead of an int This Commit: - Converts performance.timeOrigin value to to an int

…etric fix(content): Make sure startTime is an integer

fix(ci): Fix broken ci images due to missing allowlist folder

chore(next): Add Next.js to fxa and initial setup

Because: * Resubscription tests were failing/flaking This commit: * Increase the playwright functional test resource class from large to xlarge. Closes #

fix tests

fix(CircleCI): Increase playwright resource class to xlarge

Because: * We want to rollout the new account recovery key creation flow to 15% of users before rolling out to 100% on prod. This commit: * Add NewRecoveryKeyUI experiment with 15% rollout * Passes experiment group to Settings App, allows forceExperiment * Conditionally render new UI if user is in treatment group AND feature flag is turned on * Update related tests Closes #FXA-8030 Co-authored-by: Lauren Zugai <[email protected]>

Because: * Some real security events were showing as "unknown" in the user-facing "Recent account activity" list in account settings This commit: * Update the list of security events in Settings to include user-facing names for all existing events and add corresponding FTL strings * Update FTL messages and fallback text to standardize copy style * Update styling of the "recent account activity" link in the security section * Styling updates for RTL layout Closes #FXA-7974, FXA-7102

feat(settings): Rollout new account recovery flow at 15%

…ute" This reverts commit c2c4ea0. Closes: #FXA-5848

Bumps [react-redux](https://github.com/reduxjs/react-redux) from 8.0.2 to 8.1.1. - [Release notes](https://github.com/reduxjs/react-redux/releases) - [Changelog](https://github.com/reduxjs/react-redux/blob/master/CHANGELOG.md) - [Commits](reduxjs/react-redux@v8.0.2...v8.1.1) --- updated-dependencies: - dependency-name: react-redux dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Revert "chore(auth): allow profile scope on App Store registration route"

…redux-8.1.1 chore(deps): bump react-redux from 8.0.2 to 8.1.1

Because: * On stack startup, services start before mysql patches have completed, causing profile-server to fail on startup. This commit: * Adds script to check if patcher script has started and is still running. Closes #

feat(infra): wait for db patches on startup

Because: - Allowlists weren't getting copied to build directory This Commit: - Includes allowlists as assets

bug(admin-server,graphql): Fix missing allowlists

Because: - fxa-auth-client is used directly in Playwright tests, and Playwright has its own require or import logic This commit: - adds "type" in package.json for Playwright to figure it out

fix(esm-cjs-hell): add module type hints for Playwright

Bumps [ws](https://github.com/websockets/ws) from 8.11.0 to 8.13.0. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.11.0...8.13.0) --- updated-dependencies: - dependency-name: ws dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

chore(deps-dev): bump ws from 8.11.0 to 8.13.0

fix(settings): Show event names in recent account activity

Because: * Duplicate FTL ids were spotted in recent account activity strings This commit: * Replace duplicate ID with new unique ID * Fix unrelated unit tests that were failing, possibly linked to React 18 update Closes #

Because: - Playwright still cannot resolve the auth-client module This commit: - adds a package.json with exports mapping

fix(l10n): Provide unique id for all Recent account activity strings

fix(playwright): add exports in auth-client cjs dist

Bumps [jose](https://github.com/panva/jose) from 4.13.1 to 4.14.4. - [Release notes](https://github.com/panva/jose/releases) - [Changelog](https://github.com/panva/jose/blob/main/CHANGELOG.md) - [Commits](panva/jose@v4.13.1...v4.14.4) --- updated-dependencies: - dependency-name: jose dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [@storybook/preset-create-react-app](https://github.com/storybookjs/storybook/tree/HEAD/code/presets/create-react-app) from 7.0.26 to 7.1.0. - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v7.1.0/code/presets/create-react-app) --- updated-dependencies: - dependency-name: "@storybook/preset-create-react-app" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.21.5 to 7.22.9. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.22.9/packages/babel-preset-env) --- updated-dependencies: - dependency-name: "@babel/preset-env" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [@google-cloud/opentelemetry-cloud-trace-exporter](https://github.com/GoogleCloudPlatform/opentelemetry-operations-js) from 2.0.0 to 2.1.0. - [Release notes](https://github.com/GoogleCloudPlatform/opentelemetry-operations-js/releases) - [Commits](https://github.com/GoogleCloudPlatform/opentelemetry-operations-js/commits) --- updated-dependencies: - dependency-name: "@google-cloud/opentelemetry-cloud-trace-exporter" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

…ook/preset-create-react-app-7.1.0 chore(deps-dev): bump @storybook/preset-create-react-app from 7.0.26 to 7.1.0

…preset-env-7.22.9 chore(deps): bump @babel/preset-env from 7.21.5 to 7.22.9

…-cloud/opentelemetry-cloud-trace-exporter-2.1.0 chore(deps): bump @google-cloud/opentelemetry-cloud-trace-exporter from 2.0.0 to 2.1.0

….14.4 chore(deps): bump jose from 4.13.1 to 4.14.4

Because: * The old URL would send desktop users to Apple's store This commit: * Updates the URL Closes FXA-7444

…ttings-on-desktop feat: update adjust.com URL

Bumps [cldr-localenames-full](https://github.com/unicode-cldr/cldr-json) from 42.0.0 to 43.1.0. - [Release notes](https://github.com/unicode-cldr/cldr-json/releases) - [Commits](unicode-org/cldr-json@42.0.0...43.1.0) --- updated-dependencies: - dependency-name: cldr-localenames-full dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [nx](https://github.com/nrwl/nx/tree/HEAD/packages/nx) from 16.3.1 to 16.5.5. - [Release notes](https://github.com/nrwl/nx/releases) - [Commits](https://github.com/nrwl/nx/commits/16.5.5/packages/nx) --- updated-dependencies: - dependency-name: nx dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [@opentelemetry/instrumentation-fetch](https://github.com/open-telemetry/opentelemetry-js) from 0.36.1 to 0.41.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-js/commits/experimental/v0.41.0) --- updated-dependencies: - dependency-name: "@opentelemetry/instrumentation-fetch" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

…lemetry/instrumentation-fetch-0.41.0 chore(deps): bump @opentelemetry/instrumentation-fetch from 0.36.1 to 0.41.0

chore(deps-dev): bump nx from 16.3.1 to 16.5.5

…ocalenames-full-43.1.0 chore(deps): bump cldr-localenames-full from 42.0.0 to 43.1.0

Because: * We are incorrectly redirecting users to legal/terms This commit: * Updates content-server router to direct to the correct path fixes FXA-8050

Because: * We want to use clean and well tested code for our new integrated account database layer. * We don't want to use stored procedures for new code. This commit: * Adds a new library that contains core mysql connection functionality. * Duplicates core objection classes and setup from fxa-shared without stored procedure functionality. Closes FXA-6622

fix(content-server): Update ':locale/legal/privacy' route

Because: * Input label should be narrated only once by screen readers, but it was duplicated due to the label text being applied to the input title. * Title should only be used if it provides information in addition to the lable. This commit: * Remove the title from InputText component * Update reset password selector to getByLabel instead of getByTitle Closes #FXA-7565

Because: - it is 'postinstall' that builds fxa-auth-client when npm/yarn install is called - the cjs build call was missing in 'postinstall' This commit: - adds cjs build to 'postinstall'

…nt-cjs fix(build): add auth-client cjs build to 'postinstall'

Bumps [htmlparser2](https://github.com/fb55/htmlparser2) from 8.0.1 to 9.0.0. - [Release notes](https://github.com/fb55/htmlparser2/releases) - [Commits](fb55/htmlparser2@v8.0.1...v9.0.0) --- updated-dependencies: - dependency-name: htmlparser2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [@storybook/addon-actions](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/actions) from 7.0.26 to 7.1.1. - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v7.1.1/code/addons/actions) --- updated-dependencies: - dependency-name: "@storybook/addon-actions" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [@nx/jest](https://github.com/nrwl/nx/tree/HEAD/packages/jest) from 16.3.1 to 16.5.5. - [Release notes](https://github.com/nrwl/nx/releases) - [Commits](https://github.com/nrwl/nx/commits/16.5.5/packages/jest) --- updated-dependencies: - dependency-name: "@nx/jest" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [@babel/preset-react](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-react) from 7.18.6 to 7.22.5. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.22.5/packages/babel-preset-react) --- updated-dependencies: - dependency-name: "@babel/preset-react" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [hapi-swagger](https://github.com/hapi-swagger/hapi-swagger) from 14.5.5 to 17.1.0. - [Release notes](https://github.com/hapi-swagger/hapi-swagger/releases) - [Commits](hapi-swagger/hapi-swagger@v14.5.5...v17.1.0) --- updated-dependencies: - dependency-name: hapi-swagger dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

…wagger-17.1.0 chore(deps): bump hapi-swagger from 14.5.5 to 17.1.0

…preset-react-7.22.5 chore(deps): bump @babel/preset-react from 7.18.6 to 7.22.5

…t-16.5.5 chore(deps-dev): bump @nx/jest from 16.3.1 to 16.5.5

…ook/addon-actions-7.1.1 chore(deps-dev): bump @storybook/addon-actions from 7.0.26 to 7.1.1

…rser2-9.0.0 chore(deps-dev): bump htmlparser2 from 8.0.1 to 9.0.0

…-object-for-account-in-fxa-ac feat: add foundational db classes

…othing when clicked

fix(payments): Manage button from Subscription management page does nothing when clicked

Bumps [@storybook/addon-essentials](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/essentials) from 7.0.26 to 7.1.1. - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v7.1.1/code/addons/essentials) --- updated-dependencies: - dependency-name: "@storybook/addon-essentials" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [@opentelemetry/exporter-jaeger](https://github.com/open-telemetry/opentelemetry-js) from 1.13.0 to 1.15.1. - [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-js@v1.13.0...v1.15.1) --- updated-dependencies: - dependency-name: "@opentelemetry/exporter-jaeger" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [@storybook/react](https://github.com/storybookjs/storybook/tree/HEAD/code/renderers/react) from 7.0.26 to 7.1.1. - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v7.1.1/code/renderers/react) --- updated-dependencies: - dependency-name: "@storybook/react" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [tsconfig-paths](https://github.com/dividab/tsconfig-paths) from 4.1.0 to 4.2.0. - [Changelog](https://github.com/dividab/tsconfig-paths/blob/master/CHANGELOG.md) - [Commits](dividab/tsconfig-paths@v4.1.0...v4.2.0) --- updated-dependencies: - dependency-name: tsconfig-paths dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

…ook/react-7.1.1 chore(deps-dev): bump @storybook/react from 7.0.26 to 7.1.1

…ook/addon-essentials-7.1.1 chore(deps-dev): bump @storybook/addon-essentials from 7.0.26 to 7.1.1

…ig-paths-4.2.0 chore(deps-dev): bump tsconfig-paths from 4.1.0 to 4.2.0

…lemetry/exporter-jaeger-1.15.1 chore(deps): bump @opentelemetry/exporter-jaeger from 1.13.0 to 1.15.1

Bumps [@opentelemetry/instrumentation-document-load](https://github.com/open-telemetry/opentelemetry-js-contrib) from 0.31.1 to 0.33.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-js-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-js-contrib@instrumentation-pg-v0.31.1...host-metrics-v0.33.0) --- updated-dependencies: - dependency-name: "@opentelemetry/instrumentation-document-load" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

…lemetry/instrumentation-document-load-0.33.0 chore(deps): bump @opentelemetry/instrumentation-document-load from 0.31.1 to 0.33.0

fix(settings): Remove label duplicated in InputText title attribute

feat(metrics): add view event for login confirmation code view

…bmit-event feat(metrics): add Glean event for login confirmation submit attempt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

should we update the payments demo with main/minor other fixes #15618

should we update the payments demo with main/minor other fixes #15618

Commits on Jun 13, 2023

Commits on Jun 14, 2023

Commits on Jun 15, 2023

Commits on Jun 16, 2023

Commits on Jun 19, 2023

Commits on Jun 20, 2023

Commits on Jun 21, 2023

Commits on Jun 22, 2023

Commits on Jun 23, 2023

Commits on Jun 24, 2023

Commits on Jun 26, 2023

Commits on Jun 27, 2023

Commits on Jun 28, 2023

Commits on Jun 29, 2023

Commits on Jun 30, 2023

Commits on Jul 3, 2023

Commits on Jul 4, 2023

Commits on Jul 5, 2023

Commits on Jul 7, 2023

Commits on Jul 10, 2023

Commits on Jul 11, 2023

Commits on Jul 12, 2023

Commits on Jul 13, 2023

Commits on Jul 14, 2023

Commits on Jul 15, 2023

Commits on Jul 17, 2023

Commits on Jul 18, 2023

Commits on Jul 19, 2023

Commits on Jul 20, 2023

Commits on Jul 21, 2023

Commits on Jul 24, 2023

Commits on Jul 25, 2023

Commits on Jul 26, 2023