Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.12.8] - 2025-12-23

Changed

  • Updated antispam measures

Fixed

  • Fixed automated tests that broke in 0.12.7

[0.12.7] - 2025-12-22

Fixed

  • Fix render issue on logout
  • Fix hydration errors on sign up step 1

[0.12.6] - 2025-12-19

Fixed

  • Performance improvements for global header/footer scripts

[0.12.5] - 2025-12-16

Security

  • Security updates

[0.12.4] - 2025-11-05

Changed

  • Chore: change dependency injection service

[0.12.3] - 2025-11-05

Removed

  • Intro message on login pages

[0.12.2] - 2025-10-31

Added

  • Fellows property to whoAmI response

Fixed

  • Button link visited colour

[0.12.1] - 2025-10-30

Added

  • Support for Fellows user group

Changed

  • Reworked implementation of user group mapping

[0.12.0] - 2025-10-30

Added

  • UI tests for global header component

Changed

  • Refine Ask A Librarian, Feedback layouts
  • Refine Dashboard navigation

Fixed

  • Close global header dropdowns on link click

[0.11.0] - 2025-10-24

Changed

  • Refined layout for Feedback page
  • Updated antispam measures

Fixed

  • Fixed iframe scroller behaviour

[0.10.0] - 2025-10-23

Fixed

  • Fixed sitemap generation

[0.9.8] - 2025-10-22

Added

  • Script to facilitate cross-domain scrolling for Power Pages

Changed

  • Power Pages URL passes parent origin

[0.9.7] - 2025-10-21

Added

  • New layout for Feedback page

[0.9.6] - 2025-10-08

Added

  • Minor custom styling for chat widget

Changed

  • Moved Feedback to own menu item
  • Style for bullets on Ask a Librarian
  • Relocated and adjusted chat widget
  • Switch address fields for user input

Fixed

  • Prevent revisiting Sign Up step 4 if address already set
  • Sitemap build errors

[0.9.5] - 2025-10-01

Changed

  • Display Chat widget throughout Dashboard with toggle in bottom right corner

Fixed

  • Fixed build issues

[0.9.4] - 2025-09-24

Added

  • Cross-domain messaging to allow for scrolling parent page from iframed power page

[0.9.3] - 2025-09-22

Fixed

  • Fixed users registering with names containing apostrophes

[0.9.2] - 2025-09-22

Fixed

  • Improve state management within chat widget

[0.9.1] - 2025-09-17

Changed

  • Disable chat widget if misconfiguration detected

Fixed

  • Fixed chat configuration on deployment envs

[0.9.0] - 2025-09-12

Added

  • In-page chat on Ask A Librarian page

[0.8.28] - 2025-09-01

Changed

  • Updated My Library Dashboard member description

[0.8.27] - 2025-08-28

Fixed

  • Integration between CI/CD platform and issue tracking

[0.8.26] - 2025-08-25

Changed

  • Hide Newsletter Subscriptions if CRM ID not set

Fixed

  • Sitemap generation

[0.8.24] - 2025-08-20

Fixed

  • Fixed colour of input focus indicator
  • Fixed performance issues observed when going through Sign Up process

[0.8.23] - 2025-08-18

Changed

  • Disable standalone build mode (to revisit later)

[0.8.21] - 2025-08-15

Changed

  • Lock down access to Power Pages using CRM ID on Okta profile
  • Enforce import restrictions in code style

Fixed

  • Fixed UX issues with password strength meter

[0.8.20] - 2025-08-14

Changed

  • Use standalone build mode to lower container size

[0.8.18] - 2025-08-08

Changed

  • Changed URLs of Power Pages for View History pages

Fixed

  • Fixed bug with country code on Sign Up step 1

[0.8.16] - 2025-08-04

Changed

  • Point STAGING environment to UAT Power Pages

[0.8.14] - 2025-08-01

Changed

  • Changed order of buttons on Ask, Using collection items pages for mobiles

Fixed

  • Fixing embedded Power Pages scroll issues

[0.8.13] - 2025-07-30

Added

  • Added notice to Feedback form

Changed

  • Buttons can now behave as links, refactored existing buttons accordingly
  • Changed icon for Using collection items header

[0.8.12] - 2025-07-24

Added

  • Ask a Librarian, Using the collection pages (dependent on Power Pages)
  • Mitigation for Power Pages UAT issues (to be removed later)

Changed

  • Dashboard menu links reordered

Fixed

  • Adjusted "Not logged in." message for public display
  • Fixed automated component testing issues

[0.8.10] - 2025-07-18

Fixed

  • Fixed "Not logged in." message when logging in with temporary password

[0.8.9] - 2025-07-18

Changed

  • Update container to Node 22
  • General library updates

[0.8.8] - 2025-07-16

Fixed

  • Fixed deployment issues

[0.8.7] - 2025-07-15

Changed

  • Updated data source for country dropdown
  • Change phone number messaging methods

Fixed

  • Prevent long iframes on power pages routes

[0.8.6] - 2025-07-03

Changed

  • Ensure power pages don't appear at all if configured not to

[0.8.5] - 2025-06-30

Fixed

  • Fixed issues with redirects to external pages on login

[0.8.4] - 2025-06-26

Changed

  • Updated antispam measures

Fixed

  • Fixed iframe resizer on power pages

[0.8.3] - 2025-06-24

Changed

  • Adjust iframe behaviour; add support for built-in resizer
  • All iframes require IDs

Fixed

  • Implemented iframe resizer for power pages

[0.8.2] - 2025-06-20

Added

  • Trialling My Cases page
  • Trialling My Subscriptions page

Fixed

  • Bootstrap power page URLs properly
  • Fix new config deploy

[0.8.1] - 2025-06-19

Added

  • Trialling My Events page

[0.8.0] - 2025-06-18

Changed

  • Readers are now redirected through Okta on login to initialise a session

Fixed

  • Corrected colour of logout progress bar
  • Fixed issues with component tests
  • Fix other tests

[0.7.19] - 2025-06-12

Changed

  • Improved user-facing error messages during sign up

[0.7.18] - 2025-06-04

Changed

  • Adjust dashboard address warning

[0.7.17] - 2025-05-30

Added

  • Further antispam measures on sign up step 1

Changed

  • Restrict signup phone number to mobile numbers only
  • Added extra feedback to country indicator on sign up step 1

[0.7.16] - 2025-05-23

Added

  • Antispam measures on sign up step 1

[0.7.15] - 2025-05-16

Added

  • Country indicator on sign up step 1
  • Feature flag for enabling/disabling country indicator and validation

Changed

  • Adjusted country indicator on sign up step 1 to not require explicit selection: uses country code instead

Fixed

  • Fixed various bugs in set address form

[0.7.14] - 2025-05-15

Removed

[0.7.13] - 2025-05-13

Added

  • Added country selection on sign up step 1
  • Use country selection to validate mobile number and provide visual hints

Changed

  • Pass country selected in sign up step 1 to step 4

Fixed

  • Fixed invalid aria-describedby references
  • Fixed some automated tests

[0.7.12] - 2025-05-12

Changed

  • Code refactoring around registration form submit steps

Fixed

  • Fixed login issues for other major institutional library accounts
  • Allow for retry while authenticating after setting password

[0.7.11] - 2025-05-09

Fixed

  • Fixed login issues for public library accounts

[0.7.8] - 2025-05-02

Fixed

  • Bugfixes around login and address autocomplete fields

[0.7.7] - 2025-04-29

Fixed

  • Bugfixes and refinements to password strength checker
  • Update development deployment Catalogue endpoint
  • Further refinements to account fetching logic

[0.7.6] - 2025-04-11

Changed

  • whoami API endpoint now indicates whether logged-in user is staff member

Fixed

  • Fix bug in internal profile contact info fetch

[0.7.5] - 2025-04-09

Changed

  • Temporarily disable address editing under dashboard profile

[0.7.4] - 2025-04-07

Fixed

  • Target of global header/footer links takes current site into account

[0.7.3] - 2025-04-04

Fixed

  • Style and layout bugs

[0.7.2] - 2025-04-03

Fixed

  • Group mapping for staff accounts

[0.7.1] - 2025-04-03

Changed

  • Adjust join button size

[0.7.0] - 2025-04-02

Added

  • Rationalising existing layouts into components
  • Additional Storybook components and documentation

Changed

  • Rebranding including logo, fonts and colours

Fixed

  • Display bugs

[0.6.32] - 2025-04-01

Changed

  • Updated logo

Fixed

  • Fixed group names
  • Fixed test issues
  • Fix minor visual bugs

[0.6.29] - 2025-03-26

Fixed

  • Fixed issue with linking group names

[0.6.28] - 2025-03-24

Security

  • Update framework software

[0.6.27] - 2025-03-20

Fixed

  • Fixed issues with automated tests

[0.6.26] - 2025-03-19

Added

  • New styles for global header & footer
  • First pass at Storybook stories for global header & footer
  • Configurable dark-on-light header

Changed

  • Refactored component structure for global header & footer

[0.6.24] - 2025-03-10

Fixed

  • Fixed bug where email addresses containing apostrophes could not register
  • Fix display issues with global header sites dropdown

[0.6.22] - 2025-03-23

Changed

  • Keep less data in authentication cookies

Deprecated

  • Applications will no longer be able to obtain data directly from authentication cookies aside from the tokens and expiry timestamp

Fixed

  • X-Frame-Options header should now report correct ALLOW-FROM origin on /embed paths, fixing iframe embeds on older browsers
  • GTM custom variables should now work properly due to CSP change
  • Authentication cookies should now be separated properly between instances

[0.6.21] - 2025-02-20

Changed

  • Allow for flexibility around presence of groups claim when checking identity
  • Add more security config options
  • Further adjustments around issue tracking integration

[0.6.19] - 2025-02-19

Added

  • Integration between CI/CD platform and issue tracking
  • no-console requirement for linting

Deprecated

  • Use of console.log in favour of logger module

Fixed

  • Ensures global header site-list dropdown appears on top of nav elements on other sites

[0.6.17] - 2025-02-14

Added

  • Basic refresh token support

Fixed

  • Refreshing tokens during registration ensures immediate eresources access once address is set
  • More helpful message displayed if eresources access is denied

[0.6.16] - 2025-02-12

Fixed

  • Fix access to eresources for newly-registered NSW users

[0.6.15] - 2025-02-07

Added

  • Finalised destination parameter support on IDP-initiated login flow

Changed

  • Filter out specific errors from email notifications that don't require intervention by staff

Fixed

  • Improved end-user feedback for specific errors on IDP-redirected login flow

[0.6.14] - 2025-02-04

Added

  • Support for destination parameter on IDP-initiated login flow

Changed

  • Keep track of destination parameter during IDP-redirected login flow

Fixed

  • Fix bug in IDP-redirected login flow

[0.6.12] - 2025-01-29

Changed

  • Customise "Cannot use old password as new password" error message

Fixed

  • Provide proper feedback if error thrown during setting new password

[0.6.11] - 2025-01-28

Added

  • ezProxy login support for accounts that use callback auth flow

[0.6.10] - 2025-01-24

Added

  • IDP-initiated login support, first pass
  • enroll-poll response handling

Changed

  • Improved login error formatting

Fixed

  • Partly improved ToggleButtons single option behaviour
  • Re-add CI/CD test scripts

[0.6.8] - 2025-01-24

Fixed

  • Get eresource login working for staff login

[0.6.7] - 2025-01-23

Changed

  • Repoint initial account unlock response to authenticator
  • Add fallback error message when authenticators fail
  • Groundwork for adding new security settings to My Details
  • Groundwork for IDP-initiated login

Fixed

  • Allow automatic authenticator challenges to work

[0.6.5] - 2025-01-21

Fixed

  • Fixed cookies for staff login
  • Get Okta Verify and Email authentication working
  • Start implementing authenticator enrolment

[0.6.2] - 2025-01-16

Fixed

  • RSSOS-389 Get staff login SAML routing working

[0.6.1] - 2025-01-16

Added

  • RSSOS-389 Get staff login SAML routing working

[0.5.11] - 2025-01-03

Fixed

RSSOS-412 Fix bad URL for FB.Thumbnail

[0.5.9] - 2024-12-30

Added

  • Disable sign up test on PROD deploy
  • Set up canonical URLs in metatags

Fixed

  • Fix error emails for SQL Injection and Honeypot rejections

[0.5.8] - 2024-12-13

Added

  • Purge Cloudfront after deploy

Changed

  • Allow embedded global header/footer to conditionally control display of header or footer or both

Fixed

  • Fixed click to close behaviour on embedded global header/footer
  • Disambiguate global header/footer colours

[0.5.7] - 2024-12-12

Added

  • cspell checks

Changed

  • Started refactor of server actions
  • Add notice about expired password/new password time limit

Fixed

  • Improved stability of expired password/new password workflow
  • Colour of global header/footer when included on other sites

[0.5.6] - 2024-12-06

Change

  • Adjust behaviour for IdP login flows (further adjustments coming)

Fixed

  • Fixed incorrect sitemap display

[0.5.5] - 2024-12-05

Change

  • Handle JSON parsing errors in cookie parsing behaviour
  • Add tests for cookie parsing logic

[0.5.4] - 2024-12-05

Fixed

  • Corrected broken link on Dashboard

[0.5.3] - 2024-12-03

Changed

  • Updated groups with eresources access

[0.5.2] - 2024-12-02

Fixed

  • Fixed images for featured eresources on Dashboard

[0.5.1] - 2024-12-02

Security

  • Adjust security headers for older browsers

[0.5.0] - 2024-11-28

Changed

  • Updates to My Library dashboard
  • Refined error message notifications and frontend messaging

[0.4.28] - 2024-11-26

Added

  • Redirect for /join

Changed

  • Adjusted error reporting

Fixed

  • Links to join page
  • Cachebusting for global header/footer widget

[0.4.25] - 2024-11-25

Added

  • OKTA is Down - Error screens

  • Sitemap, robots, search engine indexing

  • Disable testing/debugging pages before launch

  • Email critical errors to web.development

  • Fix help link text on login screen

  • Remove scroll to top functionality on mobile / tablet devices on all form pages

  • The heading style on 'Do you live in NSW?' style is incorrect

  • Dashboard modal isses

  • Dashboard: Please fix padding on eresources cards

  • Update link to new Login Help page

  • Update error text on Sign up form

[0.4.25] - 2024-11-22

Added

  • Added error message indicating API rate limiting hit
  • Add internal error notifications
  • Add account unlock flow to iframe embedded pages
  • Add loading indicator for AddressAutocomplete component

Changed

  • Change link to login pages on iframe embedded pages & forms
  • Change password validation constraints
  • Change iframe embedded current user indicator to show barcode instead of email where required

Fixed

  • Fixed display of logout button in global header
  • Fix error display on reset password forms
  • Fix text alignment on ToggleButtons component

[0.4.24] - 2024-11-21

Changed

  • Updated text and links in confirmation & help pages

Fixed

  • Fixed display bugs
  • Fixed embed login redirect bug

[0.4.21] - 2024-11-20

Added

  • Additional messaging on New Password and Reset Password forms

Fixed

  • Accessibility issues with ToggleButtons component

[0.4.20] - 2024-11-20

Added

  • Ability to pass form success/failure info through to page title
  • Added link hover class
  • Added input field focus-within class
  • Added responsive header classes

Changed

  • Updated metatags across site
  • Updated font sizes
  • Enabled logging while load testing endpoints

Fixed

  • Visual quality assurance pass
  • Add space in code of conduct label
  • Fix double tab focus on linked button

[0.4.18] - 2024-11-19

Added

  • Styling on Set new password page

  • Styling on Account locked page

  • Update the copy on the 'Your passord has been updated' screen

Updated

  • T&Cs: Change text and link

Fixed

  • Fix cache test

  • Non-NSW address field display bug

[0.4.17] - 2024-11-18

Fixed

  • Fixed bug on login page

  • Fixed broken tests

[0.4.16] - 2024-11-18

Added

  • Additional validation properties on form input fields

  • Extended form validation to more forms

  • Accessibility: ARIA attributes on more elements providing screen-reader labels, hiding irrelevant icons, etc.

Changed

  • Set Okta auth server based on domain

  • Hide progress indicator on embedded pages

  • Adjust spacing on embedded forms

Fixed

  • Incorrect display of utility links

[0.4.14] - 2024-11-15

Added

  • CATALOGUE: Re-implement progress/saved indicators when logging in, etc.

  • Static error pages

  • Redirect homepage to /login

Fixed

  • Improve /login/new-password page so it doesn't lose track of transactions

  • EZproxy is not redirecting to the eresource (for a logged in NSW Resident)

  • Loader component displays as single dot on mobile

  • Sign up error message

  • Address form validates too early

  • Reset password link should be inline with show/hide password button

[0.4.13] - 2024-11-13

Changed

  • Applied form validation to more forms
  • Changed error messages around setting new password after logging in with expired password

Fixed

  • Styling and icons within global header

[0.4.12] - 2024-11-13

Fixed

Remove password confirmation field on SetPasswordForm

[0.4.11] - 2024-11-12

Added

Page scroll to top on Signup and Login form.

Fixed

Sign up step 4: Cannot complete due to validation errors

[0.4.10] - 2024-11-11

Added

  • Global Nav: Consider how they'd work as embeds on other sites

  • Form validation during signup

  • Add a 'Restart the sign up process' link to email confirmation screen

  • Page scroll to top on Signup and Login form.

Fixed

  • CYPRESS: Reduce number of test attempts

[0.4.9] - 2024-11-08

Added

  • Additional tooling for automated tests

Fixed

  • Fixes for automated tests
  • Global header styles

[0.4.8] - 2024-11-07

Added

  • Get barcode from Catalogue Profile API

Fixed

  • EZproxy: after logging in as a registered NSW Resident, user isn't redirected back to eresources homepage
  • Dashboard sidebar menu fixes
  • Address update refresh

[0.4.7] - 2024-11-06

Added

  • Scroll to top button
  • Pending library card info in My Details
  • Link to Ask A Librarian
  • Image in left-hand panel during Sign Up process

Changed

  • Updated contextual error messages

Fixed

  • Fixed Google Tag Manager debug config
  • Align submit button icon & loading indicator
  • Fixed name change form in My Details

[0.4.6] - 2024-11-06

Added

  • Global Nav: Consider how they'd work as embeds on other sites
  • Add self-service unlock route at /login/unlock-account/:recoveryToken

Fixed

  • Expired account flow

[0.4.5] - 2024-11-05

Added

  • Reuse loader component from CEP for form buttons in progress

Changed

  • Update message for embed login page

Fixed

  • Menu overlap on mobile, opening one menu should close any other open menu.
  • QA Dashboard

[0.4.4] - 2024-11-04

Added

  • Investigating using two-row addresses for create & update

Fixed

  • Setting complex passwords
  • Force address on Registration
  • Mydashboard show/hide password toggle behaviour incorrect
  • Expired account flow

Changed

  • Updated message for embed login page

[0.4.3] - 2024-10-31

Added

  • MyLibrary content update
  • Show dismissable message about requesting on Member SSO Dashboard when logging in for 1st time
  • Ezproxy is allowing non NSW residents to authenticate
  • Registration doesn't force address if you close the tab before entering it. It never asks you again

[0.4.2] - 2024-10-30

Added

  • Add dismissable alerts on Dashboard
  • Add alert about requesting status visible to users without Library cards

Changed

  • Improved password strength indicator
  • Updated links to Catalogue in Dashboard tiles
  • Updated help text on Login form

Removed

  • Disabled auto-refresh on Sign Up step 2

Fixed

  • Fixed issues with some automated form tests

[0.4.1] - 2024-10-29

Changed

  • Updated email activation endpoint

[0.4.0] - 2024-10-29

Added

  • Passwords for new users can now be set during sign-up flow
  • Account passwords can now be updated while logged in
  • Initial pass at account unlock flow
  • Privacy statement

Changed

  • Make login flow optionally check address status of users
    • At a future date we might require an address to be set to log in

Fixed

  • Improved styling for form elements

[0.3.2] - 2024-10-23

Added

  • Make CSRF enforcement configurable -- defaults to enabled

Removed

  • Login form now only shows Email Address label

Fixed

  • Design QA fixes for forms and page displays

[0.3.1] - 2024-10-18

Added

  • Label for email address on login form will now adjust to barcode in special cases
  • Notice indicating that email address cannot yet be changed through My Details
  • Better label formatting for info panes in My Details

Changed

  • Clear session when registration flow is cancelled
  • Set redirect destination when accessing a page that requires authentication when user is logged out

Fixed

  • Phone number can now be updated in My Details

Security

  • Update dependencies

[0.3.0] - 2024-10-17

Added

  • Added confirmation pages for password resets
  • Added improved error message when login fails
  • Added modal popups for editing user profile details

Changed

  • Updated links to Catalogue from dashboard/global menu user dropdown
  • Updated account details form
  • Updated password reset form

Fixed

  • Fixed CDN cache test

[0.2.1] - 2024-10-11

Added

  • Initial pass at global header/footer widget for use on other SLNSW sites
  • Tests for homepage caching
  • Hosting domain redirects

Changed

  • Adjust CORS behaviour for global header/footer widget
  • Accessibility improvements
  • Defer webfont loading and GTM invocation
  • Tweak caching rules for API paths and homepage

Security

  • Updated OWASP ZAP tests

[0.2.0] - 2024-10-10

Changes

  • Implement changelogs and semantic versioning

[0.1.0] - 2024-07-11

Added

  • Initial phase of development