Bump @globus/static-data-portal from 1.10.1 to 2.0.0

[dependabot]

Bumps @globus/static-data-portal from 1.10.1 to 2.0.0.

Release notes

Sourced from @​globus/static-data-portal's releases.

v2.0.0

2.0.0 (2024-10-29)

⚠ BREAKING CHANGES

The portal will now store authorization tokens in memory (previously localStorage) by default. This change underlines our commitment to providing a "secure by default" implementation.

How is In-Memory Storage More Secure?

When using our GitHub Template Repository to create a portal, your portal is automatically configured to deploy to GitHub Pages. Without a custom domain configuration, your application will be deployed to {username}.github.io/{repository-name}. Due to the same origin access policies of localStorage this means any application you[^1] deploy to GitHub pages would have access to items placed in localStorage by the portal. We believe this default behavior is the less secure option and can lead to unexpected behavior based on your GitHub account usage.

Explaining the Breaking Change

With this new default, the end-user experience around authorization will change to requiring users to authenticate when the portal's browser window is closed. Due to the nature of this change we have flagged this change as a "breaking change", resulting in a major version bump. While we do believe most users should update without making changes to their static.json file, we have included the ability to opt-in to the previous behavior of storing authorization information in localStorage. Before enabling this functionality, we recommend being aware of security best practices related to localStorage, using a custom domain for your portal to better lock down origin access, or having policies in place to avoid unintended access when using the default GitHub Pages domain.

To opt out of this change, a new property in the static.json has been added to enable localStorage storage of authorization data (data.attributes.features.useLocalStorage).

{
  "_static": {
    "generator": {
      "name": "@globus/static-data-portal"
    }
  },
  "data": {
    "version": "1.0.0",
    "attributes": {
      "features": {
        "useLocalStorage": true
      }
    }
 }
}

[^1]: localStorage is only available to applications on the same origin, which includes subdomain; Access is only shared with GitHub Pages applications or sites on the same account, not other GitHub account's deployments.

Features

• Use in-memory based storage for authorization tokens, by default. (#347) (c6ac0f8)

v1.12.0

1.12.0 (2024-10-25)

Features

... (truncated)

Changelog

Sourced from @​globus/static-data-portal's changelog.

2.0.0 (2024-10-29)

⚠ BREAKING CHANGES

• Use in-memory based storage for authorization tokens, by default. (#347)

Features

• Use in-memory based storage for authorization tokens, by default. (#347) (c6ac0f8)

1.12.0 (2024-10-25)

Features

• Adds button to open files in a new tab when collections support HTTPS. (#337) (d6cc729)

Fixes

• use zustand for state management and resolve various state issues in the File Browser (#335) (6b221e5)

1.11.0 (2024-10-09)

Features

• Theming: Use "primary" and "secondary" color palettes for theming instead of "brand". (#319) (2a9c5f6)

Fixes

• Addresses an issue preventing Transfers being initiated to the "server default" path on a destination collection. (#312) (e72ff70)

1.10.2 (2024-10-02)

Fixes

• Addresses issue preventing HTTPS download button appearing on file entries. (#295) (27effc7)

Commits

• 558d2e1 chore(main): release 2.0.0 (#348)
• b26f28c test: Adds React Testing Library and Jest (#350)
• 78dc5ca docs: Update README.md
• 4a3cae1 deps: bump the typescript-eslint group with 2 updates (#343)
• c6ac0f8 feat!: Use in-memory based storage for authorization tokens, by default. (#347)
• 5145990 deps: bump eslint-plugin-react from 7.37.1 to 7.37.2 (#344)
• d0a3e3d deps: bump @​tanstack/eslint-plugin-query from 5.59.4 to 5.59.7 (#345)
• ca7237e deps: bump the react-query group with 2 updates (#340)
• 7b5b406 deps: bump the typescript-eslint group with 2 updates (#338)
• 12b4796 deps: bump the react group with 2 updates (#339)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #5.