SmartPay Training Sprint 28 Release v3.4

This release contains the following:

• GSPC Date picker Issues
  #537
• GSPC | Duplicate Loginless Screens Used on the Current Training Website
  #449
• Update State Taxes Link within training
  #533
• Add button to the Send Invitations for GSA SmartPay Program Certification screen
  #509
• Bug: Update content in email sent to GSPC Attendees
  #510
• Dependabot Alert: Path traversal in webpack-dev-middleware
  #521
• Change 560 federal agencies/organizations and Native American tribal governments to 250
  #526

SmartPay Training Sprint 27 Release v3.3

This release includes the following:

• Update USWDS from 3.71 to 3.8 | Training Website #515
• Bug: Update content in the email sent to GSPC Attendees #510
• Add a button to the Send Invitations for GSA SmartPay Program Certification screen #509

SmartPay Training v3.2

This release contains the following Sprint 26 tickets:

• Dependabot Alert: NPM IP package vulnerable to Server-Side Request Forgery (SSRF) attacks
  #498
• Administrator | Edit User
  #181
• Footer Changes for SmartPay Training Site
  #508
• Update A/OPC Training Content Lesson 3
  #504

Emergency Release v3.1

Emergency Release to fix broken URL for the Admin Page - Search.

SmartPay Training 3.0

This release contains the following:

• GSPC | Email Title and Content Once User Initially Attempts to Begin GSPC Verification
  #456
• Administrator | Loading GSPC Eligible List into the Training System
  #19
• Create Training - Admin Landing Page
  #494
• Dependabot Alert: FastAPI Content-Type Header ReDoS
  #496
• Dependabot Alert: python-multipart vulnerable to Content-Type Header ReDoS
  #499

SmartPay Training Sprint 23 v2.2

This release includes the following:

• Dependabot Alert: crypto-js PBKDF2 is 1,000 times weaker than specified in 1993 and 1.3M times weaker than the current standard
• Dependabot Alert: Zod denial of service vulnerability
• Dependabot Alert: Undici's cookie header is not cleared on cross-origin redirect in the fetch
• Dependabot Alert: Follow Redirects improperly handles URLs in the url.parse() function
• Dependabot Alert: Axios Cross-Site Request Forgery Vulnerability
• Dependabot Alert: Babel is vulnerable to arbitrary code execution when compiling specifically crafted malicious code
• Dependabot Alert: Vite XSS vulnerability in server.transformIndexHtml via URL payload
• Dependabot Alert: Vite dev server option server.fs.deny can be bypassed when hosted on case-insensitive filesystem

What's Changed

• Production Release (sprint 23) by @felder101 in #495

Full Changelog: smartpay-training-v2.1...smartpay-training-v2.2

SmartPay Training 2.1

This release includes:

• USWDS Update from 3.6.1 to 3.7.1

What's Changed

• Gsa/release/staging by @felder101 in #479

Full Changelog: smartpay-training-v2.0...smartpay-training-v2.1

SmartPay Training 2.0

This release includes the following (Sprint 19, 20, and 21):

• Administrator | Search & Find Users by Email
• Certificate | Email Certificate
• Radio Buttons USWDS Latest Version 3.6.1
• Training Site Header USWDS
• Typo in Quiz Question for Travel Card/Account Holders
• BUG - Elements with visible text labels do not have matching accessible names.
• Update Language to Reflect that the System is Emailing the Certificate to the User

smartpay-training-v1.2

Approved hotfix release on production on 10/20/2023 12:30PM EST, it includes:

• Address the bug Duplicate Entries in Department of State Report#419

smartpay-training-v1.1

Approved minor production release on 10/11/2023, which includes:

• updated links for fleet and travel trainings