@fat-zebra/sdk 2.0.6-beta.2 → 2.0.7-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,63 @@
|
|
|
1
|
-
#
|
|
1
|
+
# Changelog
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
All notable changes to the Fat Zebra JS SDK will be documented in this file.
|
|
4
|
+
|
|
5
|
+
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
|
+
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
|
+
|
|
8
|
+
## [2.0.6] - 2026-05-27
|
|
9
|
+
|
|
10
|
+
### Added
|
|
11
|
+
- Improved reliability of the ThreeDSecure flow to prevent duplicate processing when a payment is retried or initiated more than once
|
|
12
|
+
|
|
13
|
+
### Changed
|
|
14
|
+
- React SDK ThreeDSecure flow brought to parity with the core SDK
|
|
15
|
+
|
|
16
|
+
## [2.0.5] - 2026-05-21
|
|
17
|
+
|
|
18
|
+
### Fixed
|
|
19
|
+
- Fixed an issue where the device profiling step in the ThreeDSecure flow could trigger card enrollment multiple times if the device profile event fired more than once
|
|
20
|
+
|
|
21
|
+
## [2.0.4] - 2026-05-20
|
|
22
|
+
|
|
23
|
+
### Fixed
|
|
24
|
+
- Fixed an issue where triggering the ThreeDSecure flow multiple times (e.g. in a single-page application) could register duplicate event listeners, leading to multiple enrollment attempts
|
|
25
|
+
|
|
26
|
+
## [2.0.3] - 2026-05-19
|
|
27
|
+
|
|
28
|
+
### Fixed
|
|
29
|
+
- Fixed an issue in SPA environments where the Cardinal SCA `payments.validated` handler could accumulate across payment flows, causing stale callbacks to fire on subsequent transactions
|
|
30
|
+
|
|
31
|
+
## [2.0.2] - 2026-05-14
|
|
32
|
+
|
|
33
|
+
### Changed
|
|
34
|
+
- Default ThreeDSecure challenge window size changed from full-page to 500×600px
|
|
35
|
+
|
|
36
|
+
### Fixed
|
|
37
|
+
- ThreeDSecure challenge window iframe errors are now correctly reported rather than silently ignored
|
|
38
|
+
|
|
39
|
+
## [2.0.1] - 2026-05-11
|
|
40
|
+
|
|
41
|
+
### Fixed
|
|
42
|
+
- Resolved an issue causing delayed rendering of the payment form in `renderPaymentsPage`
|
|
43
|
+
- Payment source is now correctly included in SDK tokenisation request events
|
|
44
|
+
|
|
45
|
+
### Security
|
|
46
|
+
- Bumped axios from 1.13.5 to 1.16.0 to address known vulnerabilities
|
|
47
|
+
|
|
48
|
+
## [2.0.0] - 2026-04-02
|
|
49
|
+
|
|
50
|
+
### Changed
|
|
51
|
+
- **Upgraded 3DS2 authentication flow** — replaced the previous CyberSource Cardinal/Songbird library with a new SDK-native implementation backed directly by Fat Zebra's infrastructure. The new flow supports a configurable challenge window (250×400, 390×400, 500×600, 600×400, or full-page) and handles device fingerprinting internally. No changes are required to existing integrations; the correct flow is selected automatically.
|
|
52
|
+
|
|
53
|
+
### Security
|
|
54
|
+
- Bumped handlebars from 4.7.8 to 4.7.9 to address known vulnerabilities
|
|
55
|
+
- Bumped axios to 1.15.0
|
|
56
|
+
|
|
57
|
+
## [1.5.14] - 2026-03-10
|
|
58
|
+
|
|
59
|
+
### Security
|
|
60
|
+
- Addressed known vulnerabilities in transitive dependencies (axios, minimatch, glob)
|
|
4
61
|
|
|
5
62
|
## [1.5.12] - 2025-10-14
|
|
6
63
|
## Updated
|
|
@@ -48,4 +105,3 @@ Support for 3-D Secure 2.x PARes Status: CHALLENGED
|
|
|
48
105
|
|
|
49
106
|
### Security
|
|
50
107
|
- Patched routine package updates
|
|
51
|
-
|
|
@@ -72,7 +72,7 @@ class DeviceDataCollection {
|
|
|
72
72
|
const screen = window.screen;
|
|
73
73
|
const nav = navigator;
|
|
74
74
|
const language = (_b = (_a = nav.language) !== null && _a !== void 0 ? _a : nav.userLanguage) !== null && _b !== void 0 ? _b : "";
|
|
75
|
-
|
|
75
|
+
const deviceData = {
|
|
76
76
|
browser_accept_content: (_d = (_c = nav.languages) === null || _c === void 0 ? void 0 : _c.join(",")) !== null && _d !== void 0 ? _d : "",
|
|
77
77
|
browser_language: language,
|
|
78
78
|
browser_java_enabled: nav.javaEnabled(),
|
|
@@ -82,6 +82,8 @@ class DeviceDataCollection {
|
|
|
82
82
|
browser_time_difference: new Date().getTimezoneOffset(),
|
|
83
83
|
browser_user_agent: nav.userAgent,
|
|
84
84
|
};
|
|
85
|
+
this.reportDeviceData(deviceData);
|
|
86
|
+
return deviceData;
|
|
85
87
|
}
|
|
86
88
|
static setIframeUrl(url, jwt) {
|
|
87
89
|
// Ensure elements exist, then set values
|
|
@@ -110,6 +112,9 @@ class DeviceDataCollection {
|
|
|
110
112
|
DeviceDataCollection.ensureCreated();
|
|
111
113
|
DeviceDataCollection.getForm().submit();
|
|
112
114
|
}
|
|
115
|
+
static reportDeviceData(deviceData) {
|
|
116
|
+
console.log('device data', deviceData);
|
|
117
|
+
}
|
|
113
118
|
// ---- helpers (no instance state) ----
|
|
114
119
|
static ensureCreated() {
|
|
115
120
|
if (!this.getIframe() || !this.getForm() || !this.getInput()) {
|
|
@@ -138,3 +143,6 @@ __decorate([
|
|
|
138
143
|
},
|
|
139
144
|
})
|
|
140
145
|
], DeviceDataCollection, "handleCollectionResponse", null);
|
|
146
|
+
__decorate([
|
|
147
|
+
logMethod()
|
|
148
|
+
], DeviceDataCollection, "reportDeviceData", null);
|