Bump @globus/static-data-portal from 1.10.1 to 2.1.0

[dependabot]

Bumps @globus/static-data-portal from 1.10.1 to 2.1.0.

Release notes

Sourced from @​globus/static-data-portal's releases.

v2.1.0

2.1.0 (2024-11-15)

Features

• Adds "Clear Selected" button to the source file browser. (79058b6)
• Adds "Search All Collections" toggle in the search panel. (79058b6)
• Updates Destination search to hide collections the user does not have Transfer-related permissions on (by default) (#370) (79058b6)

Fixes

• Address issue causing the default header image not rendering on deep pages when portal was published. (#369) (ac3b7d2)

v2.0.0

2.0.0 (2024-10-29)

⚠ BREAKING CHANGES

The portal will now store authorization tokens in memory (previously localStorage) by default. This change underlines our commitment to providing a "secure by default" implementation.

How is In-Memory Storage More Secure?

When using our GitHub Template Repository to create a portal, your portal is automatically configured to deploy to GitHub Pages. Without a custom domain configuration, your application will be deployed to {username}.github.io/{repository-name}. Due to the same origin access policies of localStorage this means any application you[^1] deploy to GitHub pages would have access to items placed in localStorage by the portal. We believe this default behavior is the less secure option and can lead to unexpected behavior based on your GitHub account usage.

Explaining the Breaking Change

With this new default, the end-user experience around authorization will change to requiring users to authenticate when the portal's browser window is closed. Due to the nature of this change we have flagged this change as a "breaking change", resulting in a major version bump. While we do believe most users should update without making changes to their static.json file, we have included the ability to opt-in to the previous behavior of storing authorization information in localStorage. Before enabling this functionality, we recommend being aware of security best practices related to localStorage, using a custom domain for your portal to better lock down origin access, or having policies in place to avoid unintended access when using the default GitHub Pages domain.

To opt out of this change, a new property in the static.json has been added to enable localStorage storage of authorization data (data.attributes.features.useLocalStorage).

{
  "_static": {
    "generator": {
      "name": "@globus/static-data-portal"
    }
  },
  "data": {
    "version": "1.0.0",
    "attributes": {
      "features": {
        "useLocalStorage": true
      }
</tr></table> 

... (truncated)

Changelog

Sourced from @​globus/static-data-portal's changelog.

2.1.0 (2024-11-15)

Features

• Adds "Clear Selected" button to the source file browser. (79058b6)
• Adds "Search All Collections" toggle in the search panel. (79058b6)
• Updates Destination search to hide collections the user does not have Transfer-related permissions on (by default) (#370) (79058b6)

Fixes

• Address issue causing the default header image not rendering on deep pages when portal was published. (#369) (ac3b7d2)

2.0.0 (2024-10-29)

⚠ BREAKING CHANGES

• Use in-memory based storage for authorization tokens, by default. (#347)

Features

• Use in-memory based storage for authorization tokens, by default. (#347) (c6ac0f8)

1.12.0 (2024-10-25)

Features

• Adds button to open files in a new tab when collections support HTTPS. (#337) (d6cc729)

Fixes

• use zustand for state management and resolve various state issues in the File Browser (#335) (6b221e5)

1.11.0 (2024-10-09)

Features

• Theming: Use "primary" and "secondary" color palettes for theming instead of "brand". (#319) (2a9c5f6)

Fixes

• Addresses an issue preventing Transfers being initiated to the "server default" path on a destination collection. (#312) (e72ff70)

1.10.2 (2024-10-02)

... (truncated)

Commits

• 86ab075 chore(main): release 2.1.0 (#371)
• cb35ce8 deps: bump the react-query group with 2 updates (#372)
• e5f63c4 deps: bump typedoc from 0.26.10 to 0.26.11 (#373)
• daee7b7 deps: bump @​tanstack/eslint-plugin-query from 5.59.7 to 5.60.1 (#374)
• 79058b6 feat: Updates Destination search to hide collections the user does not have T...
• ac3b7d2 fix: Address issue causing the default header image not rendering on deep pag...
• 19d526e style: remove Navigation gradient
• a5fdebc deps: bump the typescript-eslint group with 2 updates (#364)
• 96fe00b deps: bump @​testing-library/jest-dom from 6.6.2 to 6.6.3 (#366)
• 6ede5eb deps: bump @​chakra-ui/next-js from 2.4.1 to 2.4.2 (#367)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)