Skip to content

Deploy RC 186 to Production#6189

Merged
zachmargolis merged 22 commits intostages/prodfrom
stages/rc-2022-04-14
Apr 14, 2022
Merged

Deploy RC 186 to Production#6189
zachmargolis merged 22 commits intostages/prodfrom
stages/rc-2022-04-14

Conversation

@zachmargolis
Copy link
Contributor

@zachmargolis zachmargolis commented Apr 12, 2022
edited
Loading 

stages/rc-2022-04-14> ./scripts/changelog_check.rb -b stages/prod -s HEAD

(plus some alpbabetizing)

Improvements

  • Accessibility: Add meaningful alternative text for failure error icon (#6140)
  • Accessibility: Add relational linking for password visibility toggle Fix tab order and add relational linking for password visibility toggle (#6081)
  • Feature: Add interstitial confirmation page (#6111)
  • Layout: Use design system tooling for page layouts (#6086)
  • Optimization: Reduce size of CSS stylesheets (#6151, #6154)
  • Remove redundant styling with style-guide: LG-5883 (#6120)

Bug Fixes

  • Account locked: Fix JavaScript error and countdown on account locked screen (#6129)
  • Account management: Fix error trying to view refreshed backup codes when they do not exist (#6145)
  • Authentication: Fix error when unable to validate WebAuthn signature (#6144)
  • Document capture: Show detailed alert message describing steps to resolve declined camera permission (#6131)
  • Identity verification: Fix uncommon errors during proofing at the resolution and SSN steps (#6143)
  • Logging: Fix bug in logging external SAML authentication requests (#6166)
  • Personal keys: Fixes downloading personal keys outside of identity verification (#6161)
  • Prevent ios from prompting for credit card on otp input: LG-6047 (#6178)

Internal

  • Automated testing: Improve speed of specific slow test specifications (#6137)
  • Components: Improve developer experience around status page troubleshooting options (#6142)
  • Continuous integration: Limit when GitLab CI runs to avoid queuing too many builds (#6116)
  • Dependencies: Update dependencies (#6127, #6185)
  • Dependencies: Update Login.gov Design System to v6.4.0 (#6130)
  • Developer experience: Add shortcut for common app startup command typo (#6156)
  • Documentation: Document additional analytics events (#6149, #6159, #6171)
  • Linting: Improve compatibility of ESLint configuration with Prettier and TypeScript (#6123)
  • Local development: Fix cross-origin React errors when developing locally (#6126)
  • Logging: Log external SAML authentication requests (#6155)
  • Logging: Log more information around SP handoff events (#6139)
  • Optimization: Only create service provider return logs for billable events (#6141, #6147)
  • Optimization: Remove functionality that supported backwards compatibility for billing functionality during deploy (#6150)
  • Optimization: Remove unnecessary JavaScript (#6175)
  • Optimization: Stop updating unused columns in database (#6148)
  • Optimize: Remove unused stylesheet styles (#6165)
  • Reporting: Add total IAL2 costs report for last 45 days (#6170)
  • Source code: Add lint config to help keep source code clean (#6128)
  • Source code: Remove unused download code (#6162)

zachmargolis and others added 19 commits April 5, 2022 13:08
@zachmargolis
Fix YARD syntax (#6157)
bd1e520 
[skip changelog]
@orenyk @zachmargolis
Log External SAML Auth Requests (#6155)
24657bc 
* log SAML auth requests as well

* Account for authpost

* check for nil

* fix specs

* add SAML Auth request spec

changelog: Internal, Logging, Log external SAML authentication requests

* add POST spec

* rename analytics attributes to be clearer

* simplify analytics call

Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>

* move POST spec to feature spec

* fix SAML post url

Co-authored-by: Oren Kanner <oren.kanner@gsa.gov>
Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
@zachmargolis
Fix downloading personal keys outside of IDV (LG-5882) (#6161)
14d6b9d 
* download personal key via data: URL or JS fallback for Internet Explorer
* add specs and removal notes

changelog: Bug Fixes, Personal keys, Fixes downloading personal keys outside of identity verification
@aduth
Replace custom color variables with design system tokens (#6086)
f5c7db3 
* Replace custom color variables with design system tokens

**Why**: So that we have a single source of truth for colors, to improve consistency and reduce confusion.

changelog: Improvements, Layout, Use design system tooling for page layouts

* Remove color list variations

**Why**: For consistency with design system

* Use StatusPageComponent for IDV forgot password

* Refactor IDV forgot password warning strings to array
@aduth
Reimplement password toggle as reusable component (#6081)
492369d 
* Reimplement password toggle as reusable component

**Why**:

- Consolidate common implementation between password and SSN toggle
- Reduce size and scope of application JavaScript pack
- Reduce attack surface area by avoiding injected interpolated string data (insertAdjacentHTML)
- Fix tab order mismatched with visual placement (WCAG 2.1 G59)
- Improve accessibility by establishing relationship between toggle and input, and announcing state changes via live region

changelog: Improvements, Accessibility, Fix tab order and add relational linking for password visibility toggle

* Add support for once with class function

* Replace all password-toggle inputs with PasswordToggleComponent

* Fix pw-strength ID-based password-field querying

* Remove unused required attr_reader

* Add PasswordToggleComponent specs

* Add PasswordToggleElement specs

* Make toggle class modifiers searchable

See: https://github.com/18F/identity-idp/pull/6081/files#r831495340

* Remove visible state announcements

* Add default component label translations

* Consolidate "Show password" label locale data

* Fix lint formatting issues

Hello Prettier 2.6

* Improve specs (avoid internal element references)

* Avoid conflicting validators for IDV password field

* Retain incoming aria-describedby for ValidatedField

**Why**: Because rendering view may have its own descriptor, in addition to the field's own error description. aria-describedby is an "ID reference list", meaning it can support multiple, space-separated IDs.

Ref: https://www.w3.org/TR/wai-aria-1.1/#aria-describedby
@zachmargolis
Remove idv/personal_key#download action (#6162)
b2615d2 
**Why**: Unused as of #6161

changelog: Internal, Source code, Remove unused download code
Fix SAML Auth 500 at IAL2 (#6166)
ebc2636 
* add failing spec

* Remove identity_needs_verification and profile_needs_verification from SAML logging

changelog: Bug Fix, Logging, Fix bug in logging external SAML authentication requests
@aduth
Remove unused full screen styles (#6165)
4b4a48f 
**Why**:

- Because they're unused, originally implemented for an early prototype of document capture (#3942)
- So that the remaining "full screen" styles used by document capture are only loaded as part of the document capture stylesheet, to reduce the size and scope of the common application stylesheet

changelog: Internal, Optimize, Remove unused stylesheet styles
@zachmargolis
Remove .about.yml (#6169)
fff95a3 
- It's stale and unused

[skip changelog]
@zachmargolis
Document additional analytics events (LG-5926) (#6171)
6a18be9 
* Migrate EVENT_DISAVOWAL_TOKEN_INVALID event

* Migrate EVENTS_VISIT event

* Migrate EXTERNAL_REDIRECT event

* Migrate FORGET_ALL_BROWSERS_SUBMITTED
Migrate
* FORGET_ALL_BROWSERS_VISITED

changelog: Internal, Documentation, Document additional analytics events
@theabrad @zachmargolis
LG-5947 Document Analytics Events 4 (#6159)
ad9e2cd 
* return to sp failure to proof

* rules of use visit

* Rules of Use Submitted

* security event received

* service provider revoke consent revoked

* service provider revoke consent visited

changelog: Internal, Documentation, Document additional analytics events

Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
@aduth
LG-5697: Remove accessible-forms pack (#6175)
056e97b 
**Why**:

- Per discovery in LG-5420, it's not necessary.
- Its behavior is especially conflicting with React-based submission handling, as it globally handles the submit event, so this helps with ongoing FlowStateMachine work.
- Reduce size and scope of common application bundle

changelog: Internal, Optimization, Remove unnecessary JavaScript
@aduth
Extract common React hooks to package (#6174)
4429c8f 
**Why:** Preparatory work ahead of upcoming FlowStateMachine v2 work, where it's expected a new form-steps package would need to share usage of these hooks with the existing document-capture package.

[skip changelog]
@zachmargolis
Add New Total IAL2 Costs Report (LG-5816) (#6170)
3e354f4 
* Add sp-costs-v2 report
* Update with feedback
  - Group by cost (not by SP)
  - Remove IAL 1 costs
  - Rename to match new usage (total IAL2 costs)

changelog: Internal, Reporting, Add total IAL2 costs report for last 45 days
@aduth
Convert FormSteps component to native TypeScript (#6172)
60f2da4 
**Why**: Preparatory work ahead of upcoming FlowStateMachine v2 work, where it's expected we will want to lift out this component to a shared package to reuse for other steps in the flow.

[skip changelog]
@aduth
Move button to components package (#6173)
dfb73de 
* Move button to components package

**Why**: Preparatory work ahead of upcoming FlowStateMachine v2 work, where it's expected we will want to use this component in packages outside document-capture.

[skip changelog]

* Convert Button to TypeScript
@aduth
Refactor FormSteps message handling to work with generic error (#6176)
f2408d9 
* Refactor FormSteps message handling to work with generic error

**Why**: Since we plan to use FormSteps outside the context of document capture for FlowStateMachine v2, it shouldn't be so strongly aware of specific error types (via FormErrorMessage). The previous implementation was also largely motivated by the inability to translate strings outside the context of a React context, which is no longer the case.

[skip changelog]

* Extract nonBreaking function for string manipulation

See: https://github.com/18F/identity-idp/pull/6176/files#r845348796
@SammySteiner
Lg 6047 cc scan (#6178)
23c067c 
* changelog: Bug, Prevent ios from prompting for credit card on otp input, LG-6047
* comments to warn folks in yaml files
Stop updating sp return logs for backwards compatibility (#6150)
88b992c 
* Stop updating existing sp_return_logs rows

changelog: Internal, Optimization, Remove functionality that supported backwards compatibility for billing functionality during deploy

* clean up comment
@aduth
Copy link
Contributor

aduth commented Apr 12, 2022

Looks like this is missing #6184 and #6185. Could we pull those in?

@zachmargolis
Copy link
Contributor Author

zachmargolis commented Apr 12, 2022

Looks like this is missing #6184 and #6185. Could we pull those in?

Yup, I pulled this from what's deployed to staging, so it likely missed those. Will add.

dependabot bot and others added 3 commits April 12, 2022 09:57
@dependabot @aduth @zachmargolis
Bump nokogiri from 1.13.3 to 1.13.4 (#6184)
855f1f8 
* Bump nokogiri from 1.13.3 to 1.13.4

Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.3 to 1.13.4.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/v1.13.4/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.3...v1.13.4)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

* Add changelog

changelog: Internal, Dependencies, Update dependencies to address security advisories

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
(cherry picked from commit 8b8ec06)
@aduth @zachmargolis
Revert tab placement change for password toggle checkbox (#6185)
249e8bb 
**Why**: Since it may have a negative impact on form usability, revert until we have a chance to think about this more holistically.

[skip changelog]

(cherry picked from commit 22c3d73)
@zachmargolis
Merge remote-tracking branch 'origin/stages/prod' into stages/rc-2022…
c3702f5 
…-04-14
aduth
aduth approved these changes Apr 12, 2022
View reviewed changes
Copy link
Contributor

@aduth aduth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@zachmargolis zachmargolis merged commit 02e2c0b into stages/prod Apr 14, 2022
@zachmargolis zachmargolis deleted the stages/rc-2022-04-14 branch April 14, 2022 17:14
@aduth aduth mentioned this pull request Sep 16, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@aduth aduth aduth approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

status - promotion

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@zachmargolis @aduth @theabrad @SammySteiner