Merge branch 'main' into MNTOR-3711-invalid-token-error

.env

@@ -164,3 +164,6 @@ NEXT_PUBLIC_GA4_DEBUG_MODE=true
 
 CURRENT_COUPON_CODE_ID=
 GA4_API_SECRET=unsafe-default-secret-for-dev
+
+# Data broker removal estimates data
+DATA_BROKER_REMOVAL_ESTIMATES_DATA=[]

.env.local.example

@@ -80,3 +80,6 @@ E2E_TEST_BASE_URL=http://localhost:6060
 # Used for `npm run create-location-data`
 AWS_REGION=us-east-1
 S3_BUCKET=firefoxmonitor-dev-monitor-cdn-dev-static-website
+
+# Data broker removal estimates data
+DATA_BROKER_REMOVAL_ESTIMATES_DATA=[]

.github/dependabot.yml

@@ -70,5 +70,9 @@ updates:
       interval: "weekly"
     ignore:
           - dependency-name: "node"
-            # Ignore latest version of Node, since we prefer LTS. This will need to be updated over time:
-            versions: ["22.x"]
+            # Node 22 will become an LTS version on 2024-10-29; see
+            # https://nodejs.org/en/next-data/release-data
+            # Hence, we'll want to adopt 22.x releases after the last one
+            # before that date.
+            # Odd-numbered versions are unstable releases, so skip those too.
+            versions: ["<=22.10.0", "23.x", "25.x", "27.x", "29.x"]

.github/workflows/build.yaml

@@ -18,3 +18,5 @@ jobs:
       # Verify that the build (incl. type-checking) succeeds
       # Upload sourcemaps to Sentry
       - run: npm run build
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}

.github/workflows/release_cron_daily.yml

@@ -11,7 +11,7 @@ jobs:
 
     steps:
     - name: Checkout main branch
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         ref: main # Ensure we are working with the main branch
 
@@ -30,13 +30,41 @@ jobs:
       run: |
         curl -X POST \
           -H "Authorization: token $GITHUB_TOKEN" \
-          -H "Accept: application/vnd.github.v3+json" \
-          https://api.github.com/repos/${{ github.repository }}/releases \
+          -H "Accept: application/vnd.github+json" \
+          -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/repos/${{ github.repository }}/releases \
           -d '{
             "tag_name": "${{ env.CURRENT_DATE }}",
             "target_commitish": "main",
             "name": "${{ env.CURRENT_DATE }}",
             "body": "Daily pre-release for ${{ env.CURRENT_DATE }}.",
             "prerelease": true,
+            "draft": false,
             "generate_release_notes": true
           }'
+
+    # We cannot rely on the release_retag.yaml workflow because of the 
+    # auth scope of the default github token. It's a good security practice
+    # to prevent a github action being triggered by another.
+    # So we will deliberately push to dockerhub below
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: mozilla/blurts-server
+        tags: type=sha,format=short,prefix=
+
+    - name: Pull Docker image with commit tag
+      run: docker pull ${{ steps.meta.outputs.tags }}
+
+    - name: Tag Docker image with release tag
+      run: docker tag ${{ steps.meta.outputs.tags }} mozilla/blurts-server:${{ env.CURRENT_DATE }}
+
+    - name: Push Docker image with release tag
+      run: docker push mozilla/blurts-server:${{ env.CURRENT_DATE }}

.github/workflows/unittests.yaml

@@ -29,6 +29,7 @@ jobs:
       - run: npm test -- --coverageThreshold='{"global":{"branches":80,"functions":80,"lines":80,"statements":80}}'
         if: github.event_name == 'schedule'
       - uses: actions/upload-artifact@v4
+        if: always()
         with:
           name: coverage-report
           path: coverage/

config/nimbus.yaml

@@ -87,6 +87,20 @@ features:
           "enabled": false,
           "variant": ctaWithEmail,
         }
+  data-broker-removal-time-estimates:
+    description: Show the data broker removal time estimates
+    variables:
+      enabled:
+        description: If the feature is enabled
+        type: Boolean
+        default: false
+    defaults:
+      - channel: local
+        value: { "enabled": true }
+      - channel: staging
+        value: { "enabled": false }
+      - channel: production
+        value: { "enabled": false }
 enums:
   OptionalBrokerScanInfoFields:
     description: An enum of optional broker scan info fields

docs/dependency-updates.md

@@ -180,13 +180,11 @@ probably successful.
 ### `react-cookie`
 
 Used to set and read various cookies. Perhaps the easiest way to verify this is
-to ensure the `RebrandAnnouncement` flag is enabled, and then open the landing
-page in a private browsing window. You should see a banner at the bottom saying
+to set a `justDeletedAccount` cookie (with a value of `justDeletedAccount`) in a
+Private Browsing window, and then open the landing page. You should see a
+notification at the top saying
 
-> Mozilla Monitor: New name, look and even more ways to reclaim your privacy.
-
-If you dismiss that banner, refresh the page, and it doesn't re-appear,
-everything is still working as expected.
+> Your ⁨Monitor⁩ account is now deleted.
 
 ### `@mozilla/glean` and `@next/third-parties`
 
@@ -207,6 +205,12 @@ This is used for the small confetti animation when completing the guided
 resolution flow. This can be seen in action in Storybook, in the story
 `Logged in / Guided resolution / 4. Security recommendations / 4d. Done`.
 
+### `react-toastify`
+
+Used to display toast notifications, e.g. the error message when you try to
+unsubscribe via the following page, which uses an invalid unsubscription
+token: http://localhost:6060/unsubscribe-email/monthly-report-free?token=wrong
+
 ### `husky` and `lint-staged`
 
 Used to run basic code formatting when committing. You can verify that these
@@ -239,7 +243,7 @@ Used to compile cronjob scripts. You can test this by running
 ### `tsx`
 
 Used to run cronjobs locally and compile them on the fly. You can verify this by
-running a cronjob like `npm run dev:cron:monthly-activity`; if the cronjobs run
+running a cronjob like `npm run dev:cron:monthly-activity-plus`; if the cronjobs run
 like in `main`, it's still working.
 
 ### `yaml`
@@ -302,7 +306,15 @@ for instructions on running the Pub/Sub emulator locally.
 
 Winston is a logging library that provides structured logging in GCP.
 
-Look for any `logger.*` statement in `./src` and ensure that log messages are being written as [structured logs](https://cloud.google.com/logging/docs/structured-logging).
+Look for any `logger.*` statement in `./src` and ensure that log messages are
+being written as [structured
+logs](https://cloud.google.com/logging/docs/structured-logging).
+
+For example, if you are logged in with a non-Plus user, then visit
+http://localhost:6060/user/dashboard/fix/data-broker-profiles/welcome-to-plus,
+you should see the following in the server-side logs:
+
+    {"level":"error","message":"user_not_subscribed","page":"welcome-to-premium"}
 
 ### `@sentry/*`
 

jest.config.cjs

@@ -113,7 +113,10 @@ const customJestConfig = {
   // ],
 
   // A map from regular expressions to module names or to arrays of module names that allow to stub out resources with a single module
-  // moduleNameMapper: {},
+  moduleNameMapper: {
+    // Force module uuid to resolve with the CJS entry point, because Jest does not support package.json.exports. See https://github.com/uuidjs/uuid/issues/451
+    uuid: require.resolve("uuid"),
+  },
 
   // An array of regexp pattern strings, matched against all module paths before considered 'visible' to the module loader
   modulePathIgnorePatterns: ["e2e/"],

locales-pending/dashboard-premium.ftl

@@ -38,6 +38,16 @@ modal-heres-what-we-fixed-description-part-three = <b>In Progress</b> includes a
 dashboard-exposures-filter-exposure-type = Exposure type
 dashboard-exposures-filter-exposure-type-info-for-sale = Your info for sale
 dashboard-exposures-filter-exposure-type-data-breach = Data breach
+dashboard-exposures-filter-exposure-removal-time-title = Removal time
+dashboard-exposures-filter-exposure-removal-time-label-7 = Up to 7 days
+dashboard-exposures-filter-exposure-removal-time-label-13 = 8–13 days
+dashboard-exposures-filter-exposure-removal-time-label-60 = 14–60 days
+dashboard-exposures-filter-exposure-removal-time-label-90 = 61–90 days
+dashboard-exposures-filter-exposure-removal-time-label-180 = 91-180 days
+dashboard-exposures-filter-exposure-removal-time-label-other = 181+ days
+dashboard-exposures-filter-exposure-removal-time-label-unknown = Unknown
+# “Not applicable” – abbreviated because there’s not much room for this string.
+dashboard-exposures-filter-exposure-removal-time-label-na = N/A
 
 # About Exposure Types Modal
 
@@ -101,6 +111,12 @@ dashboard-exposures-all-fixed-free-scan = {
      *[other] Next <a>start your free scan</a> of { $data_broker_total_num } sites that may be selling your personal info.
   }
 
+# About Removal Time Indicators Modal
+
+modal-exposure-removal-time-title = A note about removal times
+modal-exposure-removal-time-text = { -product-short-name } provides estimated time frames for how long data brokers usually take to remove your profile after we request it. We may periodically update these estimates for accuracy.
+modal-exposure-removal-time-button-label = Got it
+
 ## False door test
 
 # Strings used in a banner (false door test) to observe engagement with Monitor premium and gauge user interest.

locales/cs/app.ftl

@@ -345,8 +345,6 @@ mozilla = { -brand-mozilla }
 terms-of-service = Podmínky služby
 privacy-notice = Zásady ochrany osobních údajů
 github = { -brand-github }
-# Deprecated
-footer-nav-all-breaches = Všechny úniky
 footer-nav-recent-breaches = Nedávné úniky dat
 footer-external-link-faq-label = FAQ
 footer-external-link-faq-tooltip = Často kladené otázky
@@ -364,7 +362,7 @@ error-page-error-other-title = Něco se pokazilo. Chyba: { $errorCode }
 
 ## Breach overview page
 
-all-breaches-headline-2 = Všechny úniky zjištěné pomocí { -brand-fx-monitor(case: "gen") }
+all-breaches-headline-3 = Databáze úniků dat
 all-breaches-lead = Monitorujeme všechny známé úniky údajů, abysme zjistili, zda nedošlo k ohrožení vašich osobních údajů. Zde je úplný seznam všech úniků, které byly nahlášeny od roku 2007.
 search-breaches = Prohledat úniky dat
 # the kind of user data exposed to hackers in data breach.

locales/cs/breaches.ftl

@@ -2,21 +2,17 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-breach-all-meta-title = { -brand-fx-monitor } - Všechny úniky dat
+breach-all-meta-page-title = Databáze úniků dat - { -brand-fx-monitor }
 breach-all-meta-social-title = Všechny úniky dat detekované { -brand-fx-monitor(case: "ins") }
 breach-all-meta-social-description = Podívejte se na úplný seznam známých úniků údajů zjištěných službou { -brand-fx-monitor }. Následně zjistěte, zda nebyly vaše údaje odhaleny.
-
+# Variables:
+#   $company (String) - Name of the company that was breached, e.g. "PHP Freaks"
+breach-detail-meta-page-title = Únik dat z { $company } – { -brand-fx-monitor }
 # Variables:
 #   $company (String) - Name of the company that was breached, e.g. "PHP Freaks"
 breach-detail-meta-social-title = Dotýká se vás únik údajů společnosti { $company }?
 breach-detail-meta-social-description = Pomocí služby { -brand-fx-monitor } zjistíte, zda byly při tomto úniku odhaleny vaše osobní údaje a dozvíte se, co máte dělat dále.
 
-## Breaches header
-
-## Breaches resolved filter
-
-## Breaches table
-
 ## Links that we might refer to when prompting the user to make changes after a breach
 
 breach-checklist-link-firefox-relay = { -brand-relay }
@@ -26,7 +22,6 @@ breach-checklist-link-mozilla-vpn = { -brand-mozilla-vpn }
 ## Prompts the user for changes when there is a breach detected of password
 
 breach-checklist-pw-header-text = Aktualizujte svá hesla a povolte dvoufázové ověření (2FA).
-
 # The `breached-company-link` tags will be replaced with link tags or stripped if no link is available.
 # Variables:
 #   $passwordManagerLink (string) - a link to the password manager documentation, with { -breach-checklist-link-password-manager } as the label
@@ -95,7 +90,6 @@ breach-checklist-phone-header-2 = Chraňte své telefonní číslo pomocí masko
 ## Prompts the user for changes when there is a breach detected of security questions
 
 breach-checklist-sq-header-text = Aktualizujte své bezpečnostní otázky.
-
 # The `breached-company-link` tags will be replaced with link tags or stripped if no link is available.
 breach-checklist-sq-body-text = Ve většině případů doporučujeme aktualizovat bezpečnostní otázky na webu společnosti. Ale <b>jejich webové stránky mohou být nefunkční nebo mohou obsahovat škodlivý obsah</b>, takže pokud <breached-company-link>navštívíte stránky</breached-company-link>, buďte opatrní. Pro větší ochranu aktualizujte tyto bezpečnostní otázky u všech důležitých účtů, kde jste je používali, a pro všechny účty vytvořte jedinečná hesla.
 

locales/cy/app.ftl

@@ -198,8 +198,6 @@ mozilla = { -brand-mozilla }
 terms-of-service = Amodau Gwasanaeth
 privacy-notice = Hysbysiad Preifatrwydd
 github = { -brand-github }
-# Deprecated
-footer-nav-all-breaches = Pob Tor-data
 footer-nav-recent-breaches = Tor-data Diweddar
 footer-external-link-faq-label = Cwestiynau Cyffredin
 footer-external-link-faq-tooltip = Cwestiynau cyffredin
@@ -217,7 +215,7 @@ error-page-error-other-title = { $errorCode } Aeth rhywbeth o'i le
 
 ## Breach overview page
 
-all-breaches-headline-2 = Pob tor-data wedi'i ganfod gan { -brand-fx-monitor }
+all-breaches-headline-3 = Cronfa Ddata Tor-data
 all-breaches-lead = Rydym yn monitro'r holl achosion hysbys o dor-data i ganfod a gafodd eich manylion personol eu peryglu. Dyma restr lawn o’r holl dor-data sydd wedi’u hadrodd ers 2007.
 search-breaches = Chwilio am Dor-data
 # the kind of user data exposed to hackers in data breach.

locales/cy/breaches.ftl

@@ -2,21 +2,17 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-breach-all-meta-title = { -brand-fx-monitor } - Pob Tor-data
+breach-all-meta-page-title = Cronfa Ddata Tor-data — { -brand-fx-monitor }
 breach-all-meta-social-title = Pob Tor-data Wedi ei Ganfod gan { -brand-fx-monitor }
 breach-all-meta-social-description = Porwch y rhestr lawn o dor-data hysbys a ganfuwyd gan { -brand-fx-monitor }, yna gweld a ddatgelwyd eich manylion chi.
-
+# Variables:
+#   $company (String) - Name of the company that was breached, e.g. "PHP Freaks"
+breach-detail-meta-page-title = Tor-data { $company } - { -brand-fx-monitor }
 # Variables:
 #   $company (String) - Name of the company that was breached, e.g. "PHP Freaks"
 breach-detail-meta-social-title = A oedd y Tor-data { $company } wedi effeithio arnoch chi?
 breach-detail-meta-social-description = Defnyddiwch { -brand-fx-monitor } i ddarganfod a gafodd eich manylion personol chi eu datgelu yn y tor-data hwn, a chael gwybod beth i'w wneud nesaf.
 
-## Breaches header
-
-## Breaches resolved filter
-
-## Breaches table
-
 ## Links that we might refer to when prompting the user to make changes after a breach
 
 breach-checklist-link-firefox-relay = { -brand-relay }
@@ -26,7 +22,6 @@ breach-checklist-link-mozilla-vpn = { -brand-mozilla-vpn }
 ## Prompts the user for changes when there is a breach detected of password
 
 breach-checklist-pw-header-text = Diweddarwch eich cyfrineiriau a galluogi dilysu dau ffactor (2FA).
-
 # The `breached-company-link` tags will be replaced with link tags or stripped if no link is available.
 # Variables:
 #   $passwordManagerLink (string) - a link to the password manager documentation, with { -breach-checklist-link-password-manager } as the label
@@ -95,7 +90,6 @@ breach-checklist-phone-header-2 = Diogelwch eich rhif ffôn gyda gwasanaeth cudd
 ## Prompts the user for changes when there is a breach detected of security questions
 
 breach-checklist-sq-header-text = Diweddarwch eich cwestiynau diogelwch.
-
 # The `breached-company-link` tags will be replaced with link tags or stripped if no link is available.
 breach-checklist-sq-body-text = Yn y rhan fwyaf o achosion, byddem yn argymell eich bod yn diweddaru eich cwestiynau diogelwch ar wefan y cwmni. Ond <b>efallai bod eu gwefan wedi torri neu'n cynnwys cynnwys maleisus</b>, felly byddwch yn ofalus os byddwch <breached-company-link>yn ymweld â'r wefan</breached-company-link>. I gael diogelwch ychwanegol, diweddarwch y cwestiynau diogelwch hyn ar unrhyw gyfrifon pwysig lle rydych chi wedi'u defnyddio, a chreu cyfrineiriau unigryw ar gyfer pob cyfrif.
 

locales/de/app.ftl

@@ -184,8 +184,6 @@ mozilla = { -brand-mozilla }
 terms-of-service = Nutzungsbedingungen
 privacy-notice = Datenschutzhinweis
 github = { -brand-github }
-# Deprecated
-footer-nav-all-breaches = Alle Datenlecks
 footer-nav-recent-breaches = Neueste Datenlecks
 footer-external-link-faq-label = Häufig gestellte Fragen
 footer-external-link-faq-tooltip = Häufig gestellte Fragen
@@ -203,7 +201,7 @@ error-page-error-other-title = { $errorCode } Ein Fehler ist aufgetreten
 
 ## Breach overview page
 
-all-breaches-headline-2 = Alle von { -brand-fx-monitor } erkannten Datenlecks
+all-breaches-headline-3 = Datenbank für Datenlecks
 all-breaches-lead = Wir überwachen alle bekannten Datenlecks, um herauszufinden, ob Ihre persönlichen Daten kompromittiert wurden. Hier ist eine vollständige Liste aller Lecks, die seit 2007 gemeldet wurden.
 search-breaches = Datenlecks suchen
 # the kind of user data exposed to hackers in data breach.

locales/de/breaches.ftl

@@ -2,11 +2,14 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-breach-all-meta-title = { -brand-fx-monitor } – Alle Datenlecks
+breach-all-meta-page-title = Datenbank für Datenlecks – { -brand-fx-monitor }
 breach-all-meta-social-title = Alle von { -brand-fx-monitor } erkannten Datenlecks
 breach-all-meta-social-description = Durchsuchen Sie die vollständige Liste der bekannten und von { -brand-fx-monitor } erkannten Datenlecks und finden Sie heraus, ob Ihre Daten offengelegt wurden.
 # Variables:
 #   $company (String) - Name of the company that was breached, e.g. "PHP Freaks"
+breach-detail-meta-page-title = { $company }-Datenleck – { -brand-fx-monitor }
+# Variables:
+#   $company (String) - Name of the company that was breached, e.g. "PHP Freaks"
 breach-detail-meta-social-title = Waren Sie vom Datenleck bei { $company } betroffen?
 breach-detail-meta-social-description = Verwenden Sie { -brand-fx-monitor }, um herauszufinden, ob Ihre persönlichen Daten bei diesem Datenleck offengelegt wurden, und verstehen Sie, was als nächstes zu tun ist.
 

locales/el/app.ftl

@@ -233,8 +233,6 @@ mozilla = { -brand-mozilla }
 terms-of-service = Όροι υπηρεσίας
 privacy-notice = Σημείωση απορρήτου
 github = { -brand-github }
-# Deprecated
-footer-nav-all-breaches = Όλες οι παραβιάσεις
 footer-nav-recent-breaches = Πρόσφατες παραβιάσεις δεδομένων
 footer-external-link-faq-label = Συχνές ερωτήσεις
 footer-external-link-faq-tooltip = Συχνές ερωτήσεις
@@ -252,7 +250,7 @@ error-page-error-other-title = { $errorCode }: Κάτι πήγε στραβά
 
 ## Breach overview page
 
-all-breaches-headline-2 = Όλες οι παραβιάσεις που εντοπίστηκαν από το { -brand-fx-monitor }
+all-breaches-headline-3 = Βάση δεδομένων παραβιάσεων
 all-breaches-lead = Παρακολουθούμε όλες τις γνωστές παραβιάσεις δεδομένων για να διαπιστώσουμε εάν τα προσωπικά σας στοιχεία παραβιάστηκαν. Ακολουθεί μια πλήρης λίστα με όλες τις παραβιάσεις που έχουν αναφερθεί από το 2007.
 search-breaches = Αναζήτηση παραβιάσεων
 # the kind of user data exposed to hackers in data breach.