v1.321.2

What's Changed

• fix(next): do not crash sub manage on canceled sub by @StaberindeZA in #19503
• fix(next): update form-action csp with paypal by @StaberindeZA in #19505
• fix(sessions): Add env var for unverified session state + bandaid FE fix by @LZoog in #19501
• fix(tests): update functional tests to wait for pairing page by @vbudhram in #19510
• chore(auth): Define default rate-limit policies for the MFA dialog and fix error banner. by @dschom in #19506
• feat(payments-next): Remove card display for digital wallets by @david1alvarez in #19511
• task(settings): Add MFA guard to remove 2FA SMS backup by @dschom in #19458
• bug(functional-tests): Clear JWT cache after session destroy by @nshirley in #19514
• chore(deps): bump actions/setup-node from 4 to 5 by @dependabot[bot] in #19396
• chore(deps): bump actions/stale from 9 to 10 by @dependabot[bot] in #19397
• chore(deps): bump axios from 1.8.4 to 1.12.0 in /packages/fxa-event-broker in the npm_and_yarn group across 1 directory by @dependabot[bot] in #19445
• chore(deps): bump google-github-actions/auth from 2 to 3 by @dependabot[bot] in #19370
• fix(email): Send signin code for sign in with password unverified session case by @LZoog in #19512
• fix(settings): General app error with invalid jwt on ARK delete by @vpomerleau in #19521
• chore(yarn): Update yarn.lock from dependabot axios 1.8.4 to 1.12.0 upgrade by @LZoog in #19525
• chore(functional-tests): Add test duration to ci reporter by @nshirley in #19523
• fix(mfa): fix can't dismiss mfa guard for ARK delete by @MagentaManifold in #19519
• fix(stories): Add Sync signin without password story by @LZoog in #19524
• chore(functional-tests): Speed up test account destroy by @nshirley in #19528
• feat(payments-next):Redirect old Subscription Management page to new page by @elizabeth-ilina in #19480
• bug(settings): Fix rate-limit rule on mfa verify code by @dschom in #19526
• fix(emails): Fix subscription management link in emails by @david1alvarez in #19515
• bug(settings): Add pre-check for JWT expiration by @dschom in #19527
• feat(pocket): Remove Pocket front-end code by @LZoog in #19520
• bug(settings): isInvalidJwtError not check when invoking confirmReplaceTotp by @dschom in #19529
• feat(mfa): add Glean metrics for MFA by @MagentaManifold in #19509
• cleanup(settings): Remove MonitorPlus promo by @vpomerleau in #19522
• feat(skip): Skip confirmation code for a seen device user agent by @vbudhram in #19517
• polish(fxa-react): Fix eslint in fxa-react by @dschom in #19534
• task(auth): Expose more detailed session status info by @dschom in #19488
• task(auth): Add verified session checks to mfa strategy by @dschom in #19535
• bug(settings): Make sure session is verified before starting key stretching upgrade by @dschom in #19538
• chore(skip): Add metrics for skip by seen device, security event by @vbudhram in #19541
• feat(functional-tests): Make password change more resilient by @nshirley in #19543
• feat(settings): Add MFA guard to 2FA setup from settings by @vpomerleau in #19432
• fix(admin-panel): fix incorrect bounce types by @MagentaManifold in #19516
• task(auth): Add metrics to session/reauth by @dschom in #19539
• polish(settings): Provide hint about what to do in invalid session state by @dschom in #19531
• chore(script): Add Pocket oauth access token pruning script by @LZoog in #19536
• feat(pocket): Remove Pocket back-end code by @LZoog in #19530
• Revert "feat(pocket): Remove Pocket back-end code" by @LZoog in #19549
• fix(payments-next): [Payments-Next Subscription] Error message not dismissed when selecting another card by @elizabeth-ilina in #19533
• fix(auth): Remove invoice line item if zero by @xlisachan in #19532
• Revert "feat(pocket): Remove Pocket front-end code" by @LZoog in #19550
• fix(settings): Redirect users from /settings if session is unverified by @LZoog in #19546
• feat(strapi): move statsd logging to strapi client by @StaberindeZA in #19537
• fix(auth): Account signup email used in change 2fa endpoint by @vpomerleau in #19552
• chore(mfa): Remove redudant checks for mfa by @vbudhram in #19518
• fix(payments-next): [Payments-Next Subscription] The Card section borders are cut off by @elizabeth-ilina in #19502

Full Changelog: v1.320.7...v1.321.2

v1.312.2

What's Changed

• bug(test-reports) Give accounts-rate-limit a unique jest output direc… by @nshirley in #18904
• task(settings): Optimize sentry bundle and add webpack analyzer by @dschom in #18906
• chore(perf): load LegalWithMarkdown lazily by @chenba in #18908
• fix(auth): Correctly store MetricsContext in third party auth component by @vbudhram in #18911
• feat(webchannel): Add support for SYNC_PREFERENCES command by @vpomerleau in #18915
• chore(l10n): Add group comment end by @bcolsson in #18916
• fix(payments): clear previous access token on signin by @StaberindeZA in #18907
• task(settings): Disable fetching of nimbus-experiments by @dschom in #18903
• test(function): add back skipped syncV3 test and fix flaky test by @nshirley in #18919
• bug(session): Ensure that the session matches account on destroy by @chenba in #18922
• fix(settings): make tooltip text start-aligned instead of centered by @MagentaManifold in #18923
• task(content-server): remove intern by @toufali in #18905
• task: audit yarn resolutions – tap/typescript by @toufali in #18926
• polish(payments-next): remove unused code, clean up linting rules by @david1alvarez in #18879
• fix(payments-next):Truncated price in upgrade page by @elizabeth-ilina in #18918
• feat(react): navigate to RPs without adding to browser history by @StaberindeZA in #18909
• fix(payments-next): Add localization to page metadata by @elizabeth-ilina in #18910
• fix(payments-ui): Remove coupon from URL params by @xlisachan in #18930
• feat(2fa): Update design of DataBlock and GetDataTrio components by @MagentaManifold in #18912
• task: audit yarn resolutions – moment by @toufali in #18927
• fix(payments): Update error message for customers with active IAP subscription by @xlisachan in #18928
• feat(settings): Enable changing recovery phone by @vpomerleau in #18913
• feat(payments-next): Improve payments-next logging by @david1alvarez in #18869
• task(auth,graphql): Configure separate redis instance for rate limiting by @dschom in #18938
• feat(oauth): redirect on prompt=none and return_on_error=false by @chenba in #18940
• feat(recovery): Add reset password recovery phone views and functionality by @vbudhram in #18929
• fix(payments-next): SP3 invalid coupon code not localized by @elizabeth-ilina in #18932
• feat(metrics): Add more glean metrics for signup code view by @vbudhram in #18944
• fix(perf): change css link tag's initial rel attr to preload by @chenba in #18933
• feat(payments-next): improve getCart response time by @david1alvarez in #18942
• feat(payments-next): Enable no-charge payments with stripe by @david1alvarez in #18874
• task(settings): Improve webpack chunking by @dschom in #18934
• task(settings): Lazy load pages by @dschom in #18936
• Revert "fix(perf): change css link tag's initial rel attr to preload" by @chenba in #18955
• task: audit yarn resolutions – browserid-crypto by @toufali in #18949
• task(settings): Target sentry tracing to capture metrics for index by @dschom in #18937
• task: audit yarn resolutions – http-proxy by @toufali in #18950
• task: audit yarn resolutions – terser by @toufali in #18951
• feat(settings): new FlowSetup2faBackupCodeDownload component by @MagentaManifold in #18941
• fix(payments-next): Component appears larger during loading state in Chrome by @xlisachan in #18939
• fix(payments): Customers with saved card and no active subs should see PayPal privacy policy link on Checkout by @xlisachan in #18948
• fix(payments-paypal): Customer cannot purchase another product with their saved PayPal account by @xlisachan in #18956
• fix(next): resolve CSP and console errors by @StaberindeZA in #18920
• feat(customs): Use checkAuthenticated in /session/verify_code route by @vbudhram in #18965
• task: Resolve vulnerability – multer by @toufali in #18958
• task: audit yarn resolutions – @svgr/webpack by @toufali in #18961
• task: audit yarn resolutions – node-forge by @toufali in #18962
• task: audit yarn resolutions – fbjs/isomorphic-fetch by @toufali in #18963
• fix(payments-next): resolve linting error by @david1alvarez in #18968
• chore: update nx to 21 by @julianpoy in #18946
• New FlowSetup2faApp component by @vpomerleau in #18921
• fix(next): undefined tax location results in error by @StaberindeZA in #18967
• task(auth,gql): Configure default limiting rules by @dschom in #18952
• bug(auth): The rule for verifySessionCode should have been on uid by @dschom in #18971
• polish(auth): Remove stray console.log by @dschom in #18974
• bug(auth): Fix broken functional tests due to rate-limiting by @dschom in #18975
• fix(metrics): Set flowId when user verifies totp session by @vbudhram in #18973
• feat(next): add auth statsd and error page by @StaberindeZA in #18966
• feat(settings): new FlowSetup2faBackupCodeConfirm component by @MagentaManifold in #18964
• fix(payments-next):Applied coupon code before sign-in does not remain on checkout page after signing in by @elizabeth-ilina in #18943
• bug(auth): unblockEmail rule was missing by @dschom in #18984
• fix(prompt): Support prompt=none with 2FA, don't send two authorization reqs by @vbudhram in #18985
• bug(auth, graphql): Localized retry message had incorrect time. by @dschom in #18979
• SVCSE-2374 Removing references to deprecated CDN by @steveprokopienko in #18914
• task(auth): Use customs.checkAuthenticated where possible by @dschom in #18977
• fix(auth): Send email when changing recovery phone by @vpomerleau in #18987
• Fix error on signin with multiple accounts by @dschom in #18988
• Train 312 uplift main by @vbudhram in #18990

New Contributors

• @steveprokopienko made their first contribution in #18914

Full Changelog: v1.311.0...v1.312.2

v1.305.0

Train release v1.305.0

v1.304.7

Train release v1.304.7

v1.304.6

Train release v1.304.6

v1.304.5

Train release v1.304.5

v1.304.4

Train release v1.304.4

v1.304.3

Full Changelog: v1.304.2...v1.304.3

v1.304.2

Full Changelog: v1.304.1...v1.304.2

v1.304.1

Full Changelog: v1.304.0...v1.304.1