Juice Shop Versions Save

This release brings technical breaking changes or renamings (⚠️) which might require migrating to a newer Node.js version or updating existing customization files.

👟 Runtime

• Added support for Node.js 21.x
• Removed support for Node.js 16.x and no longer provide packaged distributions for this version (⚠️)
• Removed inofficial support for Node.js 17.x

🎨 UI

• 1946f2e: The new Score Board introduced with v15.1.0 is now the default
• Inverted banners and option to switch layouts to allow setting the legacy Score Board as default
• #2152: Enchanced scrolling behavior in Coding Challenge modal to keep buttons always visible (kudos to @bogminic)

🕵️ Cheat Detection

• #2150: Switched to median instead of average to calculate total cheat score
• Monitor and report on expected URL interactions to happen before related challenges are solved (no score impact yet)

🔙 Backward compatibility

• #2149: Links to /#/score-board?challenge=<name> will now be rewritten into /#/score-board?searchQuery= to keep existing OpenCRE links working

⚙️ DevOps Automation

• Update default Node.js version for non-matrix build jobs to 20.x
• Update Node.js version in base Docker images to 20.x

🎨 User Interface

• #2116: Introduced full responsiveness to Digital Wallet, Crypto Wallet, Token Sale, Juicy Chatbot SBT, Web3 Code Sandbox, and Bee Haven screens (kudos to @rishabhkeshan)

👮 Startup Validations

• 98c19412030791c852d5fbcce6b229c38614e473: Added warning-only startup check for domains (on Internet) being reachable from the server
  • https://www.alchemy.com/ is needed for the "Mint the Honeypot" and "Wallet Depletion" challenges

💾 Local Backup

• Added optional scoreBoard.scoreBoardVersion property to persist/restore score-board-version property from/to browser local storage

🐛 Bugfixes

• #2120: Replaced all references github.com/bkimminich/juice-shop with github.com/juice-shop/juice-shop

⚙️ DevOps Automation

• #2115: Unstuck Angular installation in configuration for GitHub Codespaces (kudos to @MatteoGheza)

🌐 I18N

• #2105: Add translation support for Crypto Wallet screen
• Add translation support for Web3 Code Sandbox screen
• Add translation support for Bee Haven and Juicy Chatbot SBT screen (kudos to @MatteoGheza)
• Extended 🇨🇳, 🇹🇷 and 🇩🇪 translations
• Added 🇧🇩 to language dropdown

🐛 Bugfixes

• Added pinned dependency on "zustand": "4.4.1" to avoid build error due to subdependency issue https://github.com/pmndrs/zustand/discussions/2095

🎯 Challenges

• #2091: Added accompanying coding challenge for "Web3 Sandbox" challenge
• Added related OWASP Cheat Sheets as mitigation links to several challenges
• #2100: Added tag "Internet Traffic" to mark challenges which require the Juice Shop server to call hosts on the Internet

🎨 User Interface

• Added tag description as tooltip on new Score Board

🐛 Bugfixes

• #2100: Failing to connect with Smart Contracts on infura.io will no longer crash the server on startup but trigger non-blocking retry loop
  • Challenges "Mint the Honeypot" and "Wallet Depletion" are unsolvable if connection to infura.io cannot be established
• Non-.ts codefix files are now protected via the RSN

⚙️ DevOps Automation

• Updated and pinned all GitHub Actions (except CodeQL) to latest compatible versions

🚨 This release accidentally introduced a technical breaking change in a minor release! 🚨 The application server now requires Internet access (📡) and must be able to reach https://sepolia.infura.io where Smart Contracts for some of the Web3 challenges are deployed!

🎨 UI

• #2043: Added fully re-designed Score Board with option pick preferred and switch between old and new version
• #2027: Reduced load time of old Score Board significantly by pre-fetching FontAwesome icons only once

🎯 Challenges

• Added Web3 challenge suite (kudos to our GSoC 2023 student @rishabhkeshan)
  • #2066: Added "Web3 Sandbox" ⭐-challenge
  • #2029: Added "NFT Takeover" ⭐⭐-challenge
  • #2050: Added "Mint the Honey Pot" ⭐⭐⭐-challenge (📡)
  • #2064: Added "Wallet Depletion" ⭐⭐⭐⭐⭐⭐-challenge (📡)
• Added new "Web3" tag for challenges
• Changed hint URLs for all challenges to match new site structure in companion guide

🛡️Security

• #2028: Added OWASP CycloneDX SBOMs for backend and frontend (kudos to @jkowalleck)

🧪 Testing

• #2077: Migrated end-to-end test suite from Cypress 9.x to 11.x
• Upgraded to v0.9.0 of ZAP Baseline Scan GitHub Action

🐛 Bugfixes

• #2081: Fixed issues with libxml4js in Docker images for ARM processors
• #2015: Fixed auto-scrolling issue in chatbot window to keep submit button visible (kudos to @parthn2)
• #2049: Fixed issue with newst release of flag-icons module by switching from SASS to CSS inclusion (kudos to @RobertoBorges)
• #2060: Fixed issue where "Local File Read" challenge was solved without actual success and success notifications could be spammed
• 1fb0f12: Treat "Mass Dispel" as a trivial challenge during cheat detection

🌐 I18N

• Extended and corrected 🇳🇱 translation (kudos to @eric-nieuwland)
• Extended 🇧🇷, 🇷🇴, 🇮🇹 and 🇹🇷 translations

This release brings technical breaking changes or renamings (⚠️) which might require migrating to a newer Node.js version or updating existing customization files.

👟 Runtime

• Added support for Node.js 20.x
• Removed support for Node.js 14.x (and 19.x) and no longer provide packaged distributions for these versions (⚠️)
• Removed inofficial support for Node.js 15.x

🎯 Challenges

• #1958: Added "Empty User Registration" challenge (⭐⭐) to Improper Input Validation category (kudos to @Freedisch)

🎮 Cheat Detection

• #1996: Coding challenges with overlapping code snippets are less likely to count as cheating when solved in quick succession (kudos to @sohamparate)

🏰 Security

• Updated juicy-chat-bot library to fix CVE-2023-29017 vulnerability

🐛 Bugfixes

• Confetti cannon no longer fires for solved hacking challenges when challenges.showSolvedNotifications: false is configured

🗺️ I18N

• Extend 🇧🇩, 🇷🇺, 🇹🇷 and 🇲🇲 translations

🐛 Bugfixes

• Disabled pagination for all finale-rest API endpoints to make challenges >100 show up on the Score Board
• Code diff component in Coding Challenge Fix it screen now remembers Side-by-Side vs. Line-by-Line UI settings (kudos to @Coder-Manan)

🗺️ I18N

• Added support for 🇮🇪 language
• Extended 🇨🇭 translation

This release brings technical breaking changes or renamings (⚠️) which might require migrating to a newer Node.js version or updating existing customization files.

🐳 Docker

• Removed dedicated Docker image for 32bit ARM processors due to compatibility issues and Node.js 14.x approaching end-of-life (⚠️)

👨‍💻 Coding Challenges

• #1913: Added coding challenge to Weak Password challenge

🐛 Bugfixes

• #1948: Fixed alignment of checkboxes with code lines in Find It tab of Coding Challenges

🗺️ I18N

• Extendend 🇯🇵 and 🇮🇱 translations

🎨 Angular

• #1925 Migrated frontend to Angular 15 (kudos to @Freedisch)

🐳 Docker

• ce7a3c5f9614f4823cb213c92450a7f8d7ca72a0: Build Docker images for linux/amd64 and linux/arm64 on Node.js 18.x instead of 16.x

💡 Features

• #1935: Continue codes for local backup are now retrieved from server using cookie value as fallback (kudos to @nitishdewan)
• Added customizable NFT URL to "About Us" page
• Added static NFT URL to "Merchandise" section of "My Payment Options" page

🎭 Customization

• Added application.social.nftUrl configuration property to define NFT URL (by default https://opensea.io/collection/juice-shop)

🐛 Bugfixes

• #1928: Now checking presence of JWT token before attempting verification
• #1927: Fixed issues with sizing and placement of icons on Deluxe Membership screen
• Loading spinner on Score Board screen is now showing its timer animation again

⚙️ DevOps Automation

• Switched default Node.js version for non-matrix jobs of CI/CD pipeline from 16.x to 18.x

🌐 I18N

• Extended 🇷🇴, 🇫🇷 and 🇨🇳 translations

🐛 Bugfixes

• #1918: Updated file upload library to fix vulnerability against CVE-2022-24434 (kudos to @JanStorm)
• #1909: Fixed occassional application server crash when working on Kill Chatbot challenge

🌐 I18N

• Extended 🇸🇪 translation