From 755e2d5b9134e4f84f6e91924804bb8c860f6057 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 16:03:54 -0500 Subject: [PATCH] chore(deps): bump @globus/static-data-portal from 1.11.0 to 2.0.0 (#16) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [@globus/static-data-portal](https://github.com/globus/static-data-portal) from 1.11.0 to 2.0.0.
Release notes

Sourced from @​globus/static-data-portal's releases.

v2.0.0

2.0.0 (2024-10-29)

⚠ BREAKING CHANGES

The portal will now store authorization tokens in memory (previously localStorage) by default. This change underlines our commitment to providing a "secure by default" implementation.

How is In-Memory Storage More Secure?

When using our GitHub Template Repository to create a portal, your portal is automatically configured to deploy to GitHub Pages. Without a custom domain configuration, your application will be deployed to {username}.github.io/{repository-name}. Due to the same origin access policies of localStorage this means any application you[^1] deploy to GitHub pages would have access to items placed in localStorage by the portal. We believe this default behavior is the less secure option and can lead to unexpected behavior based on your GitHub account usage.

Explaining the Breaking Change

With this new default, the end-user experience around authorization will change to requiring users to authenticate when the portal's browser window is closed. Due to the nature of this change we have flagged this change as a "breaking change", resulting in a major version bump. While we do believe most users should update without making changes to their static.json file, we have included the ability to opt-in to the previous behavior of storing authorization information in localStorage. Before enabling this functionality, we recommend being aware of security best practices related to localStorage, using a custom domain for your portal to better lock down origin access, or having policies in place to avoid unintended access when using the default GitHub Pages domain.

To opt out of this change, a new property in the static.json has been added to enable localStorage storage of authorization data (data.attributes.features.useLocalStorage).

{
  "_static": {
    "generator": {
      "name": "@globus/static-data-portal"
    }
  },
  "data": {
    "version": "1.0.0",
    "attributes": {
      "features": {
        "useLocalStorage": true
      }
    }
 }
}

[^1]: localStorage is only available to applications on the same origin, which includes subdomain; Access is only shared with GitHub Pages applications or sites on the same account, not other GitHub account's deployments.

Features

v1.12.0

1.12.0 (2024-10-25)

Features

... (truncated)

Changelog

Sourced from @​globus/static-data-portal's changelog.

2.0.0 (2024-10-29)

⚠ BREAKING CHANGES

Features

1.12.0 (2024-10-25)

Features

Fixes

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@globus/static-data-portal&package-manager=npm_and_yarn&previous-version=1.11.0&new-version=2.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 83 ++++++++++++++++++++++++++++++++--------------- package.json | 2 +- 2 files changed, 57 insertions(+), 28 deletions(-) diff --git a/package-lock.json b/package-lock.json index fc5a9dc..9b7db7e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5,7 +5,7 @@ "packages": { "": { "dependencies": { - "@globus/static-data-portal": "^1.11.0" + "@globus/static-data-portal": "^2.0.0" } }, "node_modules/@babel/code-frame": { @@ -391,19 +391,19 @@ "integrity": "sha512-snKqtPW01tN0ui7yu9rGv69aJXr/a/Ywvl11sUjNtEcRc+ng/mQriFL0wLXMef74iHa/EkftbDzU9F8iFbH+zg==" }, "node_modules/@globus/react-auth-context": { - "version": "0.0.6", - "resolved": "https://registry.npmjs.org/@globus/react-auth-context/-/react-auth-context-0.0.6.tgz", - "integrity": "sha512-fL8tuae4suhF4wbA5sLgYIIklr3qjUxAoatMy/Dg7wc5qtDs1ejsyGfyc37o8lr4eYOqDpAYP7v4mm8R8zYIzA==", + "version": "0.0.9", + "resolved": "https://registry.npmjs.org/@globus/react-auth-context/-/react-auth-context-0.0.9.tgz", + "integrity": "sha512-Cu/Kfej6HAMKEkk2NvCHkcNT5X1MV78ew2pnFtM5L42u1HHh69X7XFpf0WKRCtlKE/55MHwhhmBW0MVRge6ziQ==", "peerDependencies": { - "@globus/sdk": "^4.2.0", + "@globus/sdk": "^4.2.0 || ^5.0.0", "react": ">=18", "react-dom": ">=18" } }, "node_modules/@globus/sdk": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/@globus/sdk/-/sdk-4.3.1.tgz", - "integrity": "sha512-VLPk7XgkixyIiSBpGOFDacMihzllqr+C55POzfg7dzw+t1jJgQegRKgk3OimgxRzPApb5RKh/zQPT18YjW0B/A==", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/@globus/sdk/-/sdk-5.0.0.tgz", + "integrity": "sha512-QT/Ky+IUScCtSI9TGMEbsMl+IkRaV9PgnRZF/kH9KuxKK5ELdKdtlXb+aQCnuyBLnrXgJBHlePwnklcVCB9zSQ==", "dependencies": { "cross-fetch": "^4.0.0", "jwt-decode": "^4.0.0" @@ -421,28 +421,29 @@ } }, "node_modules/@globus/static-data-portal": { - "version": "1.11.0", - "resolved": "https://registry.npmjs.org/@globus/static-data-portal/-/static-data-portal-1.11.0.tgz", - "integrity": "sha512-yqINfWnQeUSg2RCzPo2DmFr1XhMrxKDIB3TFxv04YNklizbAXpykvu0j3o6/2xCMpC9FFiwqu/G+rA5OepraZQ==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@globus/static-data-portal/-/static-data-portal-2.0.0.tgz", + "integrity": "sha512-qQEhzUXO9B/IZf9VJB/UngX0R+uK9A/kyrWuUF9pL8rUetSJndAZVeR7+1fXLuhSfFvRqAjxlUMDGgTs4xkzgg==", "dependencies": { "@chakra-ui/icons": "^2.2.4", "@chakra-ui/next-js": "^2.4.1", "@chakra-ui/react": "^2.8.2", "@emotion/react": "^11.13.3", "@emotion/styled": "^11.13.0", - "@globus/react-auth-context": "^0.0.6", - "@globus/sdk": "4.3.1", + "@globus/react-auth-context": "^0.0.9", + "@globus/sdk": "5.0.0", "@mdx-js/loader": "^3.0.1", "@mdx-js/react": "^3.0.1", "@next/mdx": "^14.2.14", - "@tanstack/react-query": "^5.59.6", - "@tanstack/react-query-devtools": "^5.59.6", + "@tanstack/react-query": "^5.59.16", + "@tanstack/react-query-devtools": "^5.59.16", "@types/mdx": "^2.0.13", "framer-motion": "^11.9.0", "lodash": "^4.17.21", "next": "^14.2.15", "react": "^18", - "react-dom": "^18" + "react-dom": "^18", + "zustand": "^5.0.0" } }, "node_modules/@jridgewell/gen-mapping": { @@ -772,9 +773,9 @@ } }, "node_modules/@tanstack/query-core": { - "version": "5.59.6", - "resolved": "https://registry.npmjs.org/@tanstack/query-core/-/query-core-5.59.6.tgz", - "integrity": "sha512-g58YTHe4ClRrjJ50GY9fas/0zARJVozY0Hs+hcSBOmwZaeKY+to0/LX8wKnnH/EJiLYcC1sHmE11CAS3ncfZBg==", + "version": "5.59.16", + "resolved": "https://registry.npmjs.org/@tanstack/query-core/-/query-core-5.59.16.tgz", + "integrity": "sha512-crHn+G3ltqb5JG0oUv6q+PMz1m1YkjpASrXTU+sYWW9pLk0t2GybUHNRqYPZWhxgjPaVGC4yp92gSFEJgYEsPw==", "funding": { "type": "github", "url": "https://github.com/sponsors/tannerlinsley" @@ -790,11 +791,11 @@ } }, "node_modules/@tanstack/react-query": { - "version": "5.59.8", - "resolved": "https://registry.npmjs.org/@tanstack/react-query/-/react-query-5.59.8.tgz", - "integrity": "sha512-jkvObpbjBL6P/PHFIjvNGG19XyhI8sjP6/Mw7CbmgT6SAps/5fZY5pxDicRwAt1YGCiEQvwrJQ6IdbZ8j5CVfw==", + "version": "5.59.16", + "resolved": "https://registry.npmjs.org/@tanstack/react-query/-/react-query-5.59.16.tgz", + "integrity": "sha512-MuyWheG47h6ERd4PKQ6V8gDyBu3ThNG22e1fRVwvq6ap3EqsFhyuxCAwhNP/03m/mLg+DAb0upgbPaX6VB+CkQ==", "dependencies": { - "@tanstack/query-core": "5.59.6" + "@tanstack/query-core": "5.59.16" }, "funding": { "type": "github", @@ -805,9 +806,9 @@ } }, "node_modules/@tanstack/react-query-devtools": { - "version": "5.59.8", - "resolved": "https://registry.npmjs.org/@tanstack/react-query-devtools/-/react-query-devtools-5.59.8.tgz", - "integrity": "sha512-zcuPadRnbGcOz5YIPDbX2Tbpf0cFsoSACYdQzhRv7R2tyJxFby3u9bn4y1TaYTWSEolH8PlCklznEkS7F2OqFQ==", + "version": "5.59.16", + "resolved": "https://registry.npmjs.org/@tanstack/react-query-devtools/-/react-query-devtools-5.59.16.tgz", + "integrity": "sha512-Dejo39QBXmDqXZ3vdrk7vHDvs7TvL573/AX2NveMBmRAufAPYuE3oWSKP/gGqkDfEqyr4CmldOj+v9cKskUchQ==", "dependencies": { "@tanstack/query-devtools": "5.58.0" }, @@ -816,7 +817,7 @@ "url": "https://github.com/sponsors/tannerlinsley" }, "peerDependencies": { - "@tanstack/react-query": "^5.59.8", + "@tanstack/react-query": "^5.59.16", "react": "^18 || ^19" } }, @@ -3927,6 +3928,34 @@ "node": ">= 6" } }, + "node_modules/zustand": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/zustand/-/zustand-5.0.0.tgz", + "integrity": "sha512-LE+VcmbartOPM+auOjCCLQOsQ05zUTp8RkgwRzefUk+2jISdMMFnxvyTjA4YNWr5ZGXYbVsEMZosttuxUBkojQ==", + "engines": { + "node": ">=12.20.0" + }, + "peerDependencies": { + "@types/react": ">=18.0.0", + "immer": ">=9.0.6", + "react": ">=18.0.0", + "use-sync-external-store": ">=1.2.0" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "immer": { + "optional": true + }, + "react": { + "optional": true + }, + "use-sync-external-store": { + "optional": true + } + } + }, "node_modules/zwitch": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/zwitch/-/zwitch-2.0.4.tgz", diff --git a/package.json b/package.json index 8065894..30253c7 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { "dependencies": { - "@globus/static-data-portal": "^1.11.0" + "@globus/static-data-portal": "^2.0.0" } }