Release v5.24.1

Hotfix release

This PR fixes a bug where sending of verified SMSes would be blocked if the form admin's free SMS quota has been hit. This prevents the vicious cycle where

1. Automatically disabling verified sms fields only happen after a verification sms is sent, and the admin has exceeded their quota.
2. sms is blocked from being sent, resulting in (1) not happening, resulting in the verified sms field not being disabled, resulting in sms being blocked... and the cycle continues.

By only checking whether the current field to send SMS is verifiable, it solves the above cycle.

• If user has hit the free quota but still has a verifiable sms field in their form, then
  • when public user invokes sms verification, the sms will be sent and server will disable mobile verification on all their free forms
  • when the next user (on the old verifiable form) invokes the sms verification, the same field will now not be verifiable and correctly return an error

More context:

Release v5.24.0 (#2626) added a check to prevent verification SMSes from being sent out if the user’s free sms limit has exceeded.
This revealed a bug. If a form's admin has exceeded the free sms verification limit prior to the automation of the disabling of the verifiability of the mobile field (in release v5.23.0 (#2566)), then their verified mobile field (that was not automatically disabled) would stop working due to the check.

Currently, If a user’s free sms limit is hit, all verified mobile fields of forms that have not been onboarded (still using the free tier) will automatically have its verifiable status removed (which reverts the field to a normal phone number field). Works as intended when the user hits their limit.

However, this toggling of verifiable state is only done when the admin account exceeds the free limit tier (10k smses).
This means that users who have already exceeded the free tier prior to the sms limiting feature release will not have their verified sms fields toggled off, and since the limit has exceeded, any SMS sending will be rejected by the server. The public respondent will then see an error message that prompts them to refresh (but that would not fix the issue).

Release v5.24.0

Improvements

• feat(sms-limiting): changes for mail/modal #2565

Fixes

• fix: disable eserviceid check modal for sgid forms #2593
• fix(verification): prevents otp request when limit exceeded #2586
• fix: prevents otp request when limit exceeded #2630
• fix(MailService): correct type, pass in original form admin as param #2629

Dependency Updates

• chore: freeze test-cafe package version to 1.15.1 #2592
• chore(deps-dev): bump @types/jest from 26.0.24 to 27.0.0 #2573
• chore(deps-dev): bump @types/jest from 27.0.0 to 27.0.1 #2589
• chore(deps-dev): bump @typescript-eslint/eslint-plugin #2597
• chore(deps-dev): bump @typescript-eslint/parser from 4.29.1 to 4.29.2 #2595
• chore(deps-dev): bump axios-mock-adapter from 1.19.0 to 1.20.0 #2591
• chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 #2625
• chore(deps-dev): bump jest-localstorage-mock from 2.4.14 to 2.4.16 #2581
• chore(deps-dev): bump supertest from 6.1.4 to 6.1.5 #2571
• chore(deps-dev): bump testcafe from 1.15.1 to 1.15.2 #2572
• chore(deps-dev): bump ts-essentials from 7.0.3 to 8.0.0 #2598
• fix: upgrade date-fns from 2.22.1 to 2.23.0 #2587
• fix(configure-mobile.client): updated counts to not be shown when form onboarded #2585
• fix(deps): bump @babel/runtime from 7.14.8 to 7.15.3 #2569
• fix(deps): bump aws-sdk from 2.964.0 to 2.965.0 #2570
• fix(deps): bump aws-sdk from 2.965.0 to 2.966.0 #2580
• fix(deps): bump aws-sdk from 2.966.0 to 2.968.0 #2590
• fix(deps): bump aws-sdk from 2.968.0 to 2.969.0 #2624
• fix(deps): bump twilio from 3.66.1 to 3.67.0 #2582
• fix(deps): bump zod from 3.7.1 to 3.7.2 #2588

v5.22.0

New

• feat(sms-limiting): db dependencies #2503
• feat: add MYINFO_BANNER_CONTENT env var for bannering myinfo forms #2457

Fixes

• fix(login): show Joi validation error correctly #2499
• fix(SGID): disallow SGID authentication in storage mode #2468
• feat: remove validation when logging esrvcId to login collection 90a0fb0

Improved

• feat(client): add EncryptionService to validate encrypt submission responses #2436
• fix(snyk): Fix vulnerability in Twilio #2469

Internal

• chore: add postinstall script to install /shared modules #2438
• chore: remove express-device #2498
• feat(shared-types): move billing related types to shared folder #2400
• feat(shared-types): relocate (admin-related) Submission types to new shared folder #2399
• fix(types): Fix express session types based on latest definitions #2463
• feat(shared-types): move core, FormFeedback related types to root shared folder #2394
• ref: remove backend package dependencies from Form (sub-)types and move to shared dir #2385

Dependency upgrades

App dependencies

• fix(deps): bump zod from 3.6.1 to 3.7.1 #2506
• fix(deps): bump libphonenumber-js from 1.9.22 to 1.9.23 #2505
• fix(deps): bump aws-sdk from 2.956.0 to 2.958.0 #2497
• fix(deps): bump zod from 3.5.1 to 3.6.1 #2490
• fix: upgrade zod from 3.3.4 to 3.5.1 #2476
• fix(deps): bump aws-sdk from 2.955.0 to 2.956.0 #2474
• fix(deps): bump fp-ts from 2.11.0 to 2.11.1 #2458
• fix: upgrade sortablejs from 1.13.0 to 1.14.0 #2456
• fix(deps): bump aws-sdk from 2.954.0 to 2.955.0 #2461
• fix(deps): bump aws-sdk from 2.953.0 to 2.954.0 #2451

Dev dependencies

• chore(deps-dev): bump @typescript-eslint/eslint-plugin #2508
• chore(deps-dev): bump @opengovsg/mockpass from 2.7.6 to 2.7.7 #2507
• chore(deps-dev): bump core-js from 3.15.2 to 3.16.0 #2493
• chore(deps-dev): bump type-fest from 1.2.3 to 1.3.0 #2496
• chore(deps-dev): bump ts-essentials from 7.0.2 to 7.0.3 #2495
• chore(deps-dev): bump eslint from 7.31.0 to 7.32.0 #2494
• chore(deps-dev): bump @types/node from 14.17.6 to 14.17.7 #2492
• chore(deps-dev): bump @babel/preset-env from 7.14.8 to 7.14.9 #2491
• chore(deps-dev): bump type-fest from 1.2.2 to 1.2.3 #2473
• chore(deps-dev): bump @opengovsg/mockpass from 2.7.4 to 2.7.6 #2460
• chore(deps-dev): bump testcafe from 1.15.0 to 1.15.1 #2459

v5.21.2

Hotfix release v5.21.2

This release fixes the bug where users would be unable to log into Singpass/Corppass forms if the form's esrvcId contains an underscore, due to esrvcId validation on the login model not being updated in tandem with the new esrvcId format.

This release removes the validation for a form's esrvcId when logging public form logins to the login collection. This hotfix builds on the previous hotfix, release v5.21.1

v5.20.0

Fixes

• fix: read email validation error message from Joi response #2321
• fix: visiting archived form URL to show correct error message #2320
• fix(admin-form.service): fixed logical error in duplicate form field #2301

Internal

• build: move end-to-end tests to GitHub Actions #2353

Dependency upgrades

App dependencies

• fix(deps): bump aws-sdk from 2.943.0 to 2.944.0 #2386
• feat(deps): upgrade to latest TypeScript #2383
• fix(deps): bump @sentry/browser from 6.8.0 to 6.9.0 #2376
• fix(deps): bump libphonenumber-js from 1.9.21 to 1.9.22 #2377
• fix(deps): bump @sentry/integrations from 6.8.0 to 6.9.0 #2375
• fix(deps): bump celebrate from 14.0.0 to 15.0.0 #2365
• fix(deps): bump aws-sdk from 2.941.0 to 2.943.0 #2366
• fix(deps): bump aws-sdk from 2.940.0 to 2.941.0 #2352
• fix(deps): bump opossum from 6.1.0 to 6.2.0 #2347
• fix(deps): bump zod from 3.4.2 to 3.5.1 #2339
• fix(deps): bump aws-sdk from 2.939.0 to 2.940.0 #2338
• fix(deps): bump zod from 3.3.4 to 3.4.2 #2319

Dev dependencies

• chore(deps-dev): bump lint-staged from 11.0.0 to 11.0.1 #2387
• chore(deps-dev): bump @typescript-eslint/eslint-plugin #2378
• chore(deps-dev): bump @typescript-eslint/parser from 4.28.2 to 4.28.3 #2374
• chore(deps-dev): bump @types/nodemailer from 6.4.3 to 6.4.4 #2367
• chore(deps-dev): bump ts-node from 10.0.0 to 10.1.0 #2368
• chore(deps-dev): bump @types/opossum from 4.1.1 to 4.1.2 #2363
• chore(deps-dev): bump @types/mongodb-uri from 0.9.0 to 0.9.1 #2364
• chore(deps-dev): bump @types/ejs from 3.0.6 to 3.0.7 #2344
• chore(deps-dev): bump @types/express-request-id from 1.4.1 to 1.4.2 #2358
• chore(deps-dev): bump type-fest from 1.2.1 to 1.2.2 #2357
• chore(deps-dev): bump testcafe from 1.14.2 to 1.15.0 #2356
• chore(deps-dev): bump @types/jest from 26.0.23 to 26.0.24 #2345
• chore(deps-dev): bump @types/busboy from 0.2.3 to 0.2.4 #2348
• chore(deps-dev): bump @types/express-rate-limit from 5.1.2 to 5.1.3 #2333
• chore(deps-dev): bump @types/nodemailer from 6.4.2 to 6.4.3 #2343
• chore(deps-dev): bump @types/convict from 6.1.0 to 6.1.1 #2337
• chore(deps-dev): bump @types/express from 4.17.12 to 4.17.13 #2340
• chore(deps-dev): bump @types/mongodb from 3.6.19 to 3.6.20 #2335
• chore(deps-dev): bump @types/validator from 13.6.2 to 13.6.3 #2336
• chore(deps-dev): bump @types/compression from 1.7.0 to 1.7.1 #2334
• chore(deps-dev): bump @types/node from 14.17.4 to 14.17.5 #2332
• chore(deps-dev): bump @types/bluebird from 3.5.35 to 3.5.36 #2331
• chore(deps-dev): bump husky from 7.0.0 to 7.0.1 #2318
• chore(deps-dev): bump husky from 6.0.0 to 7.0.0 #2289

v5.19.2

Fixes

• fix: allow myinfo authtype for logout #2362
• fix(BetaService): make SGID form-level beta feature #2369
• fix(SGID): add sgid to User schema beta flags #2371

v5.19.1

Deploy notes

• new env var of OLD_SPCP_COOKIE_DOMAIN should be set to .form.gov.sg for prod at the time of deployment (done)
• existing env var of SPCP_COOKIE_DOMAIN should be changed to blank for prod at time of deployment (done)

New Env Vars

• Added new env var OLD_SPCP_COOKIE_DOMAIN for client to delete old cookie.

Release Summary

New

• feat(auth): support sgID for form submissions #1986

Improvements

• feat: Set SP/CP JWT cookie to HttpOnly #2193
• feat: client to delete spcp cookie #2328
• refactor: revert the revert of encapsulate parsedResponses #2278

Fixes

• feat: Remove self from collaborator list #2212
• fix: allow duplicating email field with PDF to storage mode #2303

Dependency Changes

• fix(deps): bump aws-sdk from 2.936.0 to 2.937.0 #2287
• fix(deps): bump aws-sdk from 2.937.0 to 2.939.0 #2293
• fix(deps): bump express-rate-limit from 5.2.6 to 5.3.0 #2288
• fix(deps): bump libphonenumber-js from 1.9.20 to 1.9.21 #2291
• fix(deps): bump neverthrow from 4.2.1 to 4.2.2 #2297
• fix(deps): bump twilio from 3.64.0 to 3.65.0 #2284
• fix(deps): bump zod from 3.2.0 to 3.3.3 #2296
• fix(deps): bump zod from 3.3.3 to 3.3.4 #2299
• fix(deps): unpin typescript #2305
• chore(deps-dev): bump @types/mongodb from 3.6.18 to 3.6.19 #2286
• chore(deps-dev): bump @types/uuid from 8.3.0 to 8.3.1 #2294
• chore(deps-dev): bump @types/validator from 13.1.4 to 13.6.2 #2298
• chore(deps-dev): bump @typescript-eslint/eslint-plugin #2307
• chore(deps-dev): bump @typescript-eslint/parser from 4.28.1 to 4.28.2 #2306
• chore(deps-dev): bump eslint from 7.29.0 to 7.30.0 #2295
• chore(deps-dev): bump ts-node-dev from 1.1.7 to 1.1.8 #2285

v5.18.0

New

• feat: rename "Reference Number" to "Response ID" #2277
• feat: Admin form UI changes to "Edit Welcome" fields #2258

Fixes

• fix: allow creation of storage form when emails are invalid #2263
• fix: correctly retrieve targetFormId for redirect state #2261

Improvements

• refactor: ensure consistent filesize const #2079

Dependency changes

• fix: upgrade mongoose from 5.12.12 to 5.12.13 #2257
• fix(deps): bump @sentry/browser from 6.7.2 to 6.8.0 #2269
• fix(deps): bump @sentry/integrations from 6.7.2 to 6.8.0 #2268
• fix(deps): bump aws-sdk from 2.932.0 to 2.933.0 #2252
• fix(deps): bump aws-sdk from 2.933.0 to 2.935.0 #2259
• fix(deps): bump aws-sdk from 2.935.0 to 2.936.0 #2273

Dev dependencies

• chore(deps-dev): bump @typescript-eslint/eslint-plugin #2271
• chore(deps-dev): bump @typescript-eslint/parser from 4.28.0 to 4.28.1 #2270
• chore(deps-dev): bump core-js from 3.15.1 to 3.15.2 #2272
• chore(deps-dev): bump coveralls from 3.1.0 to 3.1.1 #2274
• chore(deps-dev): bump optimize-css-assets-webpack-plugin #2251
• chore(deps-dev): bump prettier from 2.3.1 to 2.3.2 #2260
• chore(deps-dev): bump ts-node-dev from 1.1.6 to 1.1.7 #2275

v5.17.0

Features

• build(ci): create .env files in EB with Param Store ac27242
• feat(config): support config via dotenv, use EB to create file #2194
• feat(config): support env var config via dotenv 9fc8c9e
• feat(feature-manager): remove sms from feature manager #2218
• feat(feature-manager): remove spcp-myinfo from feature manager #2222

Improvements

• docs(deploy): add information concerning SSM params ef7d79f
• refactor: convert CsvMergedHeadersGenerator to typescript #2080
• refactor(feature-manager): delete remaining unused code #2223
• test: fix flaky form feedback test #2241

Dependency changes

• chore(deps-dev): bump @babel/preset-env from 7.14.5 to 7.14.7 #2238
• chore(deps-dev): bump @types/node from 14.17.3 to 14.17.4 #2245
• chore(deps-dev): bump @typescript-eslint/eslint-plugin #2239
• chore(deps-dev): bump @typescript-eslint/parser from 4.27.0 to 4.28.0 #2226
• chore(deps-dev): bump core-js from 3.14.0 to 3.15.0 #2225
• chore(deps-dev): bump core-js from 3.15.0 to 3.15.1 #2243
• fix(deps): bump aws-sdk from 2.931.0 to 2.932.0 #2237
• fix(deps): bump nocache from 3.0.0 to 3.0.1 #2236

Release v5.16.0

NEW

• feat: add and call v3 API for retrieving individual admin form (#2113) #2201
• feat: restore UEN field #2199
• chore: improve logging for webhook retries #2186

IMPROVED 

• chore: remove redundant ValidationOption object properties for short text, long text and number fields (#2040) #2200
• docs(script): add script to remove permissionList.read key from the db #2190
• fix: Clean-up and right-align home page statistics #2219
• feat: update landing spcp image, minify app images #2173
• feat(AdminFormCtl): remove read permissionList.read key from Joi #2197
• feat(feature-manager): remove Captcha from feature manager #2157
• feat(feature-manager): remove verified fields from feature manager #2158
• feat(feature-manager): remove webhooks, verified content #2159
• feat(incoming-encrypt-submission): add more tests #2211

FIXES

• test: fix flaky form feedback test #2217

DEPENDENCY UPDATES

• chore(deps-dev): bump @babel/core from 7.14.5 to 7.14.6 #2185
• chore(deps-dev): bump @opengovsg/mockpass from 2.7.3 to 2.7.4 #2192
• chore(deps-dev): bump eslint from 7.28.0 to 7.29.0 #2216
• chore(deps-dev): bump type-fest from 1.2.0 to 1.2.1 #2202
• fix(deps): bump @babel/runtime from 7.14.5 to 7.14.6 #2183
• fix(deps): bump @opengovsg/formsg-sdk from 0.8.4-beta.0 to 0.9.0 #2204
• fix(deps): bump @sentry/browser from 6.7.0 to 6.7.1 #2184
• fix(deps): bump @sentry/browser from 6.7.1 to 6.7.2 #2228
• fix(deps): bump @sentry/integrations from 6.7.0 to 6.7.1 #2181
• fix(deps): bump @sentry/integrations from 6.7.1 to 6.7.2 #2227
• fix(deps): bump aws-sdk from 2.927.0 to 2.928.0 #2182
• fix(deps): bump aws-sdk from 2.928.0 to 2.929.0 #2191
• fix(deps): bump aws-sdk from 2.929.0 to 2.930.0 #2203
• fix(deps): bump aws-sdk from 2.930.0 to 2.931.0 #2214
• fix(deps): bump libphonenumber-js from 1.9.19 to 1.9.20 #2224
• fix(deps): bump nodemailer from 6.6.1 to 6.6.2 #2215
• fix(deps): bump twilio from 3.63.1 to 3.64.0 #2205