Merged
Conversation
**Why**: Because it is preventing me from running this scripts correctly
**Why:** As a user, I want login.gov to not have unused or out of date apps, so that I can use the fastest and most secure app possible.
**Why**: As a user, I want login.gov to not have unused or out of date apps, so that I can use the fastest and most secure app possible - Remove unnecessary dependencies (LG-3756) - Reduce bundle size - Avoid conflicts between disparate versions
* implement headless USPS in person proofing * Update app/services/usps_in_person_proofer.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * invert token_expired and ensure token is present * remove blank headers * return objects for facilities request Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
#4524) * LG-3964: Prevent page submission when clicking TOTP code "Copy" button **Why**: It's not expected that clicking "Copy" should validate the form or attempt to submit the form. Only "Submit" button should do this. * Add test coverage for copy button
**Why**: These steps are not in use anymore Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
…n and DocAuth (#4517) * Refactor SpinnerButton to display as button pulse animation * Display spinner button at doc auth verify step * Normalize doc auth locale file string order * Add spinner button to CAC verify step * Render spinner button as inline block **Why**: Act more like real button, allow natural grow (or overridden width) on container * Handle FormStepsWait response consistently from initial to poll **Why**: Initial response could redirect immediately. Also consolidates error handling consistently. * Send verify poll request as HEAD request **Why**: Not concerned with the response body * Add spec for spinner-button shared partial * Add spec for FormStepsWait * Wait for page navigation in complete_all_doc_auth_steps * Use consistent selector from spinner-button.js * Rename form-steps-wait.js as form-steps-wait-spec.js **Why**: `npm test` won't capture files unless suffixed with "spec" * Revise FormStepsWait constructor to not be side-effecty See: #4517 (comment) * Fix fake timer test lifecycle leakage * Refactor SpinnerButton to use consistent bind call implementation See: a4721ee * Reinstate ESLint no-new rule **Why**: Kinda the motivation behind the discussion here: #4517 (comment)
…ync document upload (#4528) * store whole flow session in analytics if unable to find DCS * log when document capture session key is deleted * do not send pii_from_doc and only send in dev
* Update identity-validations to use main branch * update identity_validations
**Why**: - It is currently broken, displaying as non-visible except by cursor hover or keyboard focus. - It's the only instance of a tooltip in the entire application. - Tooltips are not ideal for longer-form content like the informational text we show in this tooltip - See: https://designsystem.digital.gov/components/tooltip/ - We are not space-constrained on this page and could show informational text as part of the primary content - Fewer dependencies for us to manage - If we were to want tooltips, we should ideally be using USWDS tooltips (see #4529) to consolidate dependencies - Less styles for the user to download (faster load time)
…4538) * Don't allow identity proofing in prod without SP context (LG-3942) * review suggestions
**Why**: Disambiguate from DocAuthBaseStep#document_capture_session
**Why**: As a user, I expect that login.gov has a consistent visual style, and that my page load times are not prolonged by loading redundant CSS. As a developer, I expect that existing references to BassCSS module classes are replaced with equivalent USWDS or ad hoc alternatives, so that we can successfully migrate away from and eliminate our dependency on BassCSS. --- Approach: Replace "align-" classes with USWDS equivalent, based on technical discovery document.
* LG-3756: Upgrade intl-tel-input from 16.0.7 to 17.0 **Why**: As a user, I want login.gov to not have unused or out of date apps, so that I can use the fastest and most secure app possible. See changelog: https://github.com/jackocnr/intl-tel-input/blob/master/CHANGELOG.md Specific upgrade conflicts: - Reliance on specific element IDs, now assigned uniquely by intl-tel-input - Reliance on duplicate list item element IDs, now assigned uniquely by intl-tel-input * Update test spec
**Why**: As a user, I want login.gov to not have unused or out of date apps, so that I can use the fastest and most secure app possible. Lower-risk than bumping major packages, which may warrant updates in individualized pull requests. Excludes `hint.css` as this will be addressed separately, either by using USWDS (#4529) or removing tooltips altogether. Specifics: cleave.js - Changelog: https://github.com/nosir/cleave.js/releases - Testing: Check that auto-formatted fields (SSN, TOTP, etc) continue to work as expected focus-trap - Changelog: https://github.com/focus-trap/focus-trap/blob/master/CHANGELOG.md - Testing: Check that session timeout modal and IAL2 Acuant mobile capture continue to trap focus and work as expected libphonenumber-js - Changelog: https://gitlab.com/catamphetamine/libphonenumber-js/-/blob/master/CHANGELOG.md - Testing: Check that phone number validation when adding a phone number continues to validate numbers correctly
**Why**: As a user, I want login.gov to not have unused or out of date apps, so that I can use the fastest and most secure app possible Upgrades last of dependencies targeted for upgrade: Those which involve major version upgrades, or have been updated since previous pass at version updates. Specifics: clipboard - Changelog: https://github.com/zenorocha/clipboard.js/releases - Of note: Constructor changed. Likely not necessary revision in our code, though reduces likelihood of conflict or confusion. - Testing: Verify "Copy" button on "Add an authentication app" works Not included: - basscss-scss: Planned for removal - source-map-loader: Breaking change involves minimum peer dependency on webpack@5, blocked by yet-unreleased webpacker@6 ("2021-TBD") - See: https://github.com/rails/webpacker/blob/master/CHANGELOG.md
…2) (#4544) * rails 6.1 * fix specs * remove phone configuration decorator to fix N+1 query * fix cache-control spec * fix 400 spec
* Restore pointer cursor to selfie capture overlay "button" **Why**: Upgrading from `identity-style-guide` 2.2.3 to 3.0.0 involves upgrading from `uswds` 2.0.3 to 2.9.0 which involves upgrading from `normalize.css` 3.0.3 to 8.0.1. In `normalize.css` 4.1.0, opinionated button cursor styles were removed, and must be manually applied where desired. See: - necolas/normalize.css#563 - https://github.com/necolas/normalize.css/blob/master/CHANGELOG.md#410-april-11-2016 - uswds/uswds#3215 * Order CSS properties * Order CSS properties, for real
* add failing spec * ensure decrypted_pii is set when rendering verify password
* update nokogiri * add nokogiri to gemfile
* Fix distance_of_time_in_words "and" connector **Why**: Before: "4 minutesand59 seconds" After: "4 minutes and 59 seconds" * Remove padded connector workaround * Revert "Remove padded connector workaround" This reverts commit d48c8ea. * Revert "Fix distance_of_time_in_words "and" connector" This reverts commit 291fb04. * Pass two_words_connector option to each dotiw call **Why**: Not ideal, but since YAML normalization currently cannot tolerate string whitespace padding (even when quoted), we cannot include the spaces in the original YAML localization and instead must provide the option in usage. In the future, consider refactoring our YAML normalization to be more tolerant of intentional whitespace. See: https://github.com/18F/identity-idp/pull/4562/files#r552217136 * Pass default positional argument value for distance_of_time_in_words **Why**: Options must be third argument See: - https://github.com/radar/distance_of_time_in_words/blob/0b4b373/lib/dotiw/action_view/helpers/date_helper.rb#L11 - https://apidock.com/rails/ActionView/Helpers/DateHelper/distance_of_time_in_words
aduth
approved these changes
Jan 7, 2021
Contributor
aduth
left a comment
aduth
left a comment
There was a problem hiding this comment.
👍
Re: Build failures:
- Smoke tests are same failures plaguing dev reports. Might clear up with a restart?
- Not sure why Snyk would be reporting issues, though it may be related to the Rails 6.1 upgrade. Probably a false-positive all the same, since it's fine in
master.
Contributor
|
@solipet can confirm, but I'd want to double-check where we stand with |
mitchellhenke
approved these changes
Jan 7, 2021
Contributor
mitchellhenke
left a comment
mitchellhenke
left a comment
There was a problem hiding this comment.
Snyk is unhappy about webpacker: https://app.snyk.io/org/18f-wyj/project/2d5e4e66-d464-4eec-8c64-0ac3972bcfdc/pr-check/4234eabe-cf97-400a-a28c-74d9dc6996ec
Contributor
I've already disabled it in prod via the prod app secrets config (and I just confirmed that) but we should manually test this first thing post-deployment. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.