Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@mashroom/mashroom-helmet

Package Overview
Dependencies
Maintainers
1
Versions
85
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@mashroom/mashroom-helmet - npm Package Versions

1
9

1.7.8

Diff

Changelog

Source

1.7.8 (May 31, 2021)

  • 3rd party libraries with know vulnerabilities upgraded
  • Angular Demo App: Remove zone.js because it pollutes the public space and possibly influences other Apps
  • Portal: Added the possibility to prefetch Portal App resources (MashroomPortalAppService.prefetchResources) which is useful if you know which apps you will have to load in the future and want to minimize the loading time.
  • Portal: Fixed loading shared CSS resources
  • Portal: Allow messages with empty data (null or undefined)
  • Portal: Take existing appConfig for Portal Apps from server config file even if the App itself has no appConfig defined
jkofler
published 1.7.7 •

Changelog

Source

1.7.7 (May 20, 2021)

  • Simple Security Provider, LDAP Security Provider: Fixed adding roles to storage (caused lock exceptions under some circumstances)
jkofler
published 1.7.6 •

Changelog

Source

1.7.6 (May 10, 2021)

  • Portal: Disable the browser caching for all pages if a CSRF token is present, otherwise stale tokens could be used
  • K8S Remote App Registry: Improved compatibility with Kubernetes 1.20
  • Added the possibility to delay the server shutdown after receiving SIGTERM via environment variable WAIT_BEFORE_SERVER_CLOSE, which contains the seconds to wait. This is required for a non-disruptive rolling deployment on Kubernetes where the kube-proxy takes some time to rewrite iptables. It also allows active request to finish properly. See: https://blog.laputa.io/graceful-shutdown-in-kubernetes-85f1c8d586da
  • Http Proxy: Allow it to disable connection keep-alive; mitigates #77
  • Prevented plugins with the same name to silently overwrite each other. If a plugin with the same name already exists it will not be loaded anymore, and an error in the Admin UI will be shown
  • Made the name property required for all plugins and disallowed some characters like '/' and '?' to prevent problems when the name is used in the path
  • LDAP Security Provider: Retry the login if the first attempt fails with ECONNRESET (happens sporadically with Active Directory)
  • Buffering WS messages when client connection is in state "closing". Otherwise, any attempt to send a message produces an error
jkofler
published 1.7.5 •

Changelog

Source

1.7.5 (April 20, 2021)

  • Portal: Cache busting improved:
    • A new property lastThemeReloadTs can now be used in themes for resource URLs
    • Added ?v=<lastRelaodTs> to all resources exposed via Page Enhancement Plugin
  • Error Pages: Fixed the problem that error pages were open to reflected XSS if the $REQUEST_URL was used in the template
jkofler
published 1.7.4 •

Changelog

Source

1.7.4 (March 17, 2021)

  • Fixed bug in the K8S registry
jkofler
published 1.7.3 •

Changelog

Source

1.7.3 (March 17, 2021)

  • K8S Remote App Registry: Just ignore services without a proper descriptor (instead of throwing an error)
  • Http Proxy: Removed double request path URI-decoding in forward method (request path already URI-decoded by Express was decoded again)
jkofler
published 1.7.2 •

Changelog

Source

1.7.2 (March 10, 2021)

  • Portal: Fixed loading of remote Apps with invalid proxy targetUri
jkofler
published 1.7.1 •

Changelog

Source

1.7.1 (March 10, 2021)

  • Fixed the broken mashroom-portal-remote-app-registry-k8s plugin (the K8S connector was not initialized properly)
jkofler
published 1.7.0 •

Changelog

Source

1.7.0 (March 9, 2021)

  • Build under windows fixed

  • Problems with Node 15.x fixed

  • Http Proxy: Fixed encoding of query parameters (already URL encoded parameters were encoded again)

  • Portal: Added the possibility to define a default proxy config for Portal Apps. This is useful if you want to enable the permissions header for all Apps

  • Moved out some example plugins to the new https://github.com/nonblocking/mashroom-plugin-demos repo

  • Renamed mashroom-portal-demo-remote-messaging to mashroom-portal-remote-messaging-app because it's more a test util than a demo, just like the sandbox app

  • Admin UI (under /mashroom) polished up

  • Added a new plugin type admin-ui-integration to register an arbitrary web-app or static plugin as panel in the Admin UI (will be integrated via iframe)

  • Remote App Registry Kubernetes: BREAKING CHANGE: Since it uses ow the new background job scheduler to scan the k8s cluster, you also need to add mashroom-background-jobs to your dependencies, and the configuration slightly changed. Checkout the README in mashroom-portal-remote-app-registry-k8s.

  • Remote App Registry: BREAKING CHANGE: Since it uses ow the new background job scheduler to scan for remote apps, you also need to add mashroom-background-jobs to your dependencies, and the configuration slightly changed. Checkout the README in mashroom-portal-remote-app-registry.

  • Added a background job plugin (mashroom-background-jobs) that allows it to schedule arbitrary jobs based on cron expressions

  • HTTP Proxy: Added a second proxy implementation based on node-http-proxy, since request is deprecated. It can be enabled like this in the config:

    {
      "Mashroom Http Proxy Services": {
        "proxyImpl": "nodeHttpProxy"
      }
    }
    

    Default is still the request based implementation.

  • Migration to TypeScript completed (but flow types are still available).

    The type aliases for express (ExpressRequest, ExpressResponse) are no longer required, so you can directly use the express types. E.g. in a middleware plugin:

     import type {Request, Response, NextFunction} from 'express';
     import type {MashroomMiddlewarePluginBootstrapFunction} from '@mashroom/mashroom/type-definitions';
    
     const myMiddleware = (req: Request, res: Response, next: NextFunction) => {
         const logger = req.pluginContext.loggerFactory('my.middleware');
         logger.info('woohoo');
         // TODO
         next();
     };
    
     const bootstrap: MashroomMiddlewarePluginBootstrapFunction = async (pluginName, pluginConfig) => {
         return myMiddleware;
     };
    
     export default bootstrap;
    
  • Error Pages: Added the possibility to add default messages if mashroom-i18n is not (yet) available

  • LDAP Security Provider: Under all circumstances prevent a login with an empty password since some LDAP servers accept it and allow a simple login

  • Portal: Load the JS resources for apps sequentially, because if there is more than one bundle they typically depend on each other

  • LDAP Security Provider: Add all roles from the groupToRoleMapping and userToRoleMapping to the known roles to improve the autocomplete in the Admin UI

  • Simple Security Provider: Add all roles from users.json to the known roles, to improve the autocomplete in the Admin UI

jkofler
published 1.6.4 •

Changelog

Source

1.6.4 (February 1, 2021)

  • HTTP Proxy: Added an optional order property to interceptor configs that allows it to determine the execution order
  • HTTP Proxy: Allow it to intercept/modify the response from the target service BREAKING CHANGE: The MashroomHttpProxyInterceptor interface changed and is not compatible with the previous one:
    • intercept() has been renamed to interceptRequest()
    • A new method interceptResponse() has been added
    • Instead of returning result.reject you can now call res.sendStatus() yourself and just return result.responseHandled as a hint that the proxy doesn't have to do anything.
  • HTTP Proxy: Fixed a problem with special characters in target URIs
  • LDAP Security Provider: Added an optional user to role mapping which is useful if you want to give just a specific user access to a Portal page and such.
  • Security: The MashroomSecurityService.login() method also returns now a reason if possible (e.g. Invalid credentials). This works at the moment for the Simple Provider and the LDAP Provider (only Active Directory and OpenLDAP).
  • Portal: Fixed the client log handler (didn't terminate correctly)
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc