Skip to content

ENG-1970: Update IAB TCF library to 1.5.16 #6953

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gilluminate merged 5 commits into from
Nov 12, 2025
Merged

ENG-1970: Update IAB TCF library to 1.5.16 #6953

gilluminate merged 5 commits into from
Nov 12, 2025

Conversation

@NevilleS
Copy link
Contributor

@NevilleS NevilleS commented Nov 12, 2025
edited by gilluminate
Loading

Ticket ENG-1970

Description Of Changes

This updates the @iabtechlabtcf libraries to 1.5.16 to fix an issue where the default policy version is set to 4 instead of 5. I've avoided going all the way up to 1.5.18 as I don't want to introduce everything in TCF v2.3 yet (disclosed vendors segment, in particular) as we need to carefully roll that out to clients.

Code Changes

  • Update @iabtechlabtcf/cmpapi to "1.5.16"
  • Update @iabtechlabtcf/core to "1.5.16"

See InteractiveAdvertisingBureau/iabtcf-es@v1.5.15...v1.5.16 to eval the library code changes

Steps to Confirm

  1. Load the Cookie House test app with a TCF experience configured
  2. Before taking any accept/reject actions, check __tcfapi("ping", 2, (tcData) => console.log("tcData.tcfPolicyVersion", tcData.tcfPolicyVersion)) outputs a policy version of 5

Pre-Merge Checklist

  • Issue requirements met
  • All CI pipelines succeeded
  • CHANGELOG.md updated
    • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
    • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
    • Updates unreleased work already in Changelog, no new entry necessary
  • UX feedback:
    • All UX related changes have been reviewed by a designer
    • No UX review needed
  • Followup issues:
    • Followup issues created
    • No followup issues
  • Database migrations:
    • Ensure that your downrev is up to date with the latest revision on main
    • Ensure that your downgrade() migration is correct and works
      • If a downgrade migration is not possible for this change, please call this out in the PR description!
    • No migrations
  • Documentation:
    • Documentation complete, PR opened in fidesdocs
    • Documentation issue created in fidesdocs
    • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
    • No documentation updates required

@NevilleS NevilleS requested a review from a team as a code owner November 12, 2025 13:52
@NevilleS NevilleS requested review from lucanovera and removed request for a team November 12, 2025 13:52
@vercel
Copy link

vercel bot commented Nov 12, 2025

Deployment failed with the following error:

You must set up Two-Factor Authentication before accessing this team.

View Documentation: https://vercel.com/docs/two-factor-authentication

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Nov 12, 2025
edited
Loading

Greptile Overview

Greptile Summary

This PR updates the IAB TCF libraries from 1.5.15 to 1.5.16 to fix an issue where the TCF CMP temporarily returns legacy policy version 4 instead of the current version 5. The update is conservative, stopping at 1.5.16 to avoid introducing TCF v2.3 features (like disclosed vendors segment) that require careful client rollout.

Key changes:

  • Updated @iabtechlabtcf/cmpapi and @iabtechlabtcf/core to 1.5.16 in fides-js
  • Moved @iabtechlabtcf/core from runtime dependency to devDependency in privacy-center and pinned to 1.5.16
  • Package-lock properly resolves versions in workspace-specific node_modules without conflicts
  • CHANGELOG updated with 2.74.1 release entry

Confidence Score: 5/5

  • This PR is safe to merge - it's a minimal, targeted library update with proper version pinning
  • The changes are straightforward dependency updates with clear intent. All TCF libraries are consistently pinned to 1.5.16 across workspaces, package-lock correctly resolves versions without conflicts, and the conservative version choice (stopping at 1.5.16) demonstrates good judgment to avoid unintended feature introduction.
  • No files require special attention

Important Files Changed

File Analysis

Filename Score Overview
clients/fides-js/package.json 5/5 Updated @iabtechlabtcf/cmpapi and @iabtechlabtcf/core from 1.5.15 to 1.5.16 to fix TCF policy version issue
clients/privacy-center/package.json 5/5 Moved @iabtechlabtcf/core from dependencies to devDependencies and pinned to 1.5.16
clients/package-lock.json 5/5 Updated lockfile with 1.5.16 versions in workspace-specific node_modules, removed root-level TCF entries
CHANGELOG.md 5/5 Added 2.74.1 release entry documenting the TCF policy version 4 to 5 fix

greptile-apps[bot]
greptile-apps bot reviewed Nov 12, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 file reviewed, 1 comment

Edit Code Review Agent Settings | Greptile

@gilluminate gilluminate requested review from gilluminate and removed request for lucanovera November 12, 2025 16:38
@vercel
Copy link

vercel bot commented Nov 12, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
fides-plus-nightly Ready Ready Preview Comment Nov 12, 2025 5:06pm
1 Skipped Deployment
Project Deployment Preview Comments Updated (UTC)
fides-privacy-center Ignored Ignored Nov 12, 2025 5:06pm

@gilluminate
Copy link
Contributor

gilluminate commented Nov 12, 2025

@greptile

greptile-apps[bot]
greptile-apps bot reviewed Nov 12, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3 files reviewed, no comments

Edit Code Review Agent Settings | Greptile

@gilluminate gilluminate added this pull request to the merge queue Nov 12, 2025
Merged via the queue into main with commit 8407b25 Nov 12, 2025
43 checks passed
@gilluminate gilluminate deleted the ns-update-tcf-library branch November 12, 2025 17:27
gilluminate added a commit that referenced this pull request Nov 12, 2025
@NevilleS @gilluminate
ENG-1970: Update IAB TCF library to 1.5.16 (#6953)
ae8cb8b 
Co-authored-by: Jason Gill <jason.gill@ethyca.com>
jjdaurora pushed a commit that referenced this pull request Dec 5, 2025
@NevilleS @gilluminate @jjdaurora
ENG-1970: Update IAB TCF library to 1.5.16 (#6953)
a271d56 
Co-authored-by: Jason Gill <jason.gill@ethyca.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gilluminate gilluminate gilluminate approved these changes

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@NevilleS @gilluminate