Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@mashroom/mashroom-helmet

Package Overview
Dependencies
Maintainers
0
Versions
85
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@mashroom/mashroom-helmet - npm Package Versions

1
9

2.2.1

Diff

Changelog

Source

2.2.1 (November 4, 2022)

  • Portal: Fixed the MashroomPortalMessageBusInterceptor signature and behaviour: It should be possible to change the event data by just returning a different value; but if the interceptor function returns nothing the data should stay untouched (was set to undefined before)
  • Admin Toolbar: Minor style fixes
jkofler
published 2.2.0 •

Changelog

Source

2.2.0 (November 4, 2022)

  • Portal: Fixed the problem that users were kicked out of the Portal when requests to /api/users/authenticated/authExpiration failed (see issue #99)

  • Portal: Added support for server-side rendering of Composite Apps, which use other Portal Apps as their building blocks. It is now possible to define embedded Portal Apps in the SSR bootstrap like so:

     const bootstrap: MashroomPortalAppPluginSSRBootstrapFunction = async (portalAppSetup, req) => {
       // Generate server-side HTML that contains a <div id="unique-host-element-id"></div>
       const html = renderToString(<App/>);
    
       return {
          html,
          embeddedApps: [
             {
                 pluginName: 'The other App',
                 appConfig: {},
                 appAreaId: 'unique-host-element-id',
             }
          ]
       };
     };
    

    In the Composite App make sure you don't call portalAppService.loadApp() for that already integrated App, instead you can get the appId of the server-side embedded App like this to unload/reload it later:

      const ssrPreloadedApp = portalAppService.loadedPortalApps.find(({ pluginName, portalAppAreaId }) => pluginName === 'The other App' && portalAppAreaId === 'unique-host-element-id');
      let appId;
      if (!ssrPreloadedApp) {
       // SSR failed, load client-side
       const result = await portalAppService.loadApp('host-element-id', 'The other App', null, null, {});
       if (!result.error) {
         appId = result.id;
       }
      } else {
         appId = ssrPreloadedApp.id;
      }
    

    Checkout the mashroom-portal-demo-composite-app package for a working example.

    NOTE: You have to make sure the embedded Apps aren't removed by the render framework during hydration, in React you have to add dangerouslySetInnerHTML={{ __html: '' }} to nodes whose children shall be ignored during hydration

  • Kubernetes Remote App Registry:

    • Support for multiple Namespace and Service label selectors
    • For duplicate Portal Apps the active one is now more deterministic and depends on the namespace lookup (check the README in the mashroom-portal-remote-app-registry-k8s package)
    • For multiple Portal Apps per service: if one definition is invalid the other ones will be activated nevertheless
    • Support for duplicate service names in different namespaces
    • If a service gets removed all Portal Apps are unregistered immediately (without delay)
  • Remote App Registry: For multiple Portal Apps per endpoint, if one definition is invalid the other ones will be activated nevertheless

  • Core: Removed the forcefully stopping of the server after 5sec because this may interrupt pending requests. It also makes in impossible to increase the shutdown period via terminationGracePeriodSeconds on Kubernetes

  • Prometheus Exporter: Added support for Node.js clusters. It is now possible to use prom-client's AggregatorRegistry to gather the metrics in the master process and also to get the worker metrics within a PM2 cluster. Check out the README in the mashroom-monitoring-prometheus-exporter module for details

  • BREAKING CHANGE: Renamed the plugin mashroom-http-proxy-add-id-token to mashroom-http-proxy-add-access-token because access tokens should be used to make API requests on behalf of a user

  • Core: Failing ready and health probes log now the causes. This is helpful on Kubernetes when the Admin UI is not available if the ready probe fails

  • Added a SolidJS demo Portal App (Microfrontend)

  • Portal: BREAKING CHANGE: Themes must set now a CSS variable with the (fontawsome compatible) icon font, like so:

      :root {
         --mashroom-portal-font-icon: 'Font Awesome 6 Free';
      }
    
  • Portal: Dropped support for IE11 (and all legacy browsers which don't support ES6)

  • Admin Toolbar: Upgrade to CodeMirror 6 with autocomplete support in the CSS editor

  • Admin Toolbar: Cleanup the DOM properly after a drag ends

jkofler
published 2.1.3 •

Changelog

Source

2.1.3 (July 2, 2022)

  • Simple Security Provider, LDAP Security Provider: Prevent a redirect loop if the user has no permission to access the login page
jkofler
published 2.1.2 •

Changelog

Source

2.1.2 (June 14, 2022)

  • Sandbox App, Admin Toolbar: Make sure the chunks get new names when the content changes to avoid problems with browser caching
  • Error Pages: Don't show an error page if the response has content type application/json
  • Core: The health and readiness probes return now a JSON with the actual errors
jkofler
published 2.1.1 •

Changelog

Source

2.1.1 (June 13, 2022)

  • Admin Toolbar: Fixed validation of route '/'
jkofler
published 2.1.0 •

Changelog

Source

2.1.0 (June 13, 2022)

  • Portal: Re-check authentication expiration at least every 60sec, so, if the session for some reason expires (or gets revoked) the user will get notified faster.

  • Core: Dropped Node.js 12.x support

  • Portal: Prevent a loop if error messages can not be sent to the server

  • MongoDB Session Provider: BREAKING CHANGE: Changed config structure to be able to pass parameters to connect-mongo, such as ttl and autoRemove.

    Before:

    {
      "uri": "mongodb://username:password@localhost:27017/mashroom_session_db?connectTimeoutMS=1000&socketTimeoutMS=2500",
      "collection": "sessions",
      "connectionOptions": {
        "poolSize": 5
      }
    }
    

    After:

    {
      "client": {
        "uri": "mongodb://username:password@localhost:27017/mashroom_session_db?connectTimeoutMS=1000&socketTimeoutMS=2500",
        "connectionOptions": {
           "poolSize": 5
        }
      },
      "collectionName": "sessions",
      "ttl": 86400
    }
    
  • Redis Session Provider: BREAKING CHANGE: Changed config structure to be able to pass parameters to connect-redis, such as prefix and ttl. Setting prefix on this level instead of the Redis client level fixed the session count metric, which was broken.

    Before:

    {
      "redisOptions": {
        "host": "localhost",
        "port": "6379",
        "keyPrefix": "mashroom:sess:"
      },
      "cluster": false
    }
    

    After:

    {
      "client": {
        "redisOptions": {
          "host": "localhost",
          "port": "6379",
        },
        "cluster": false
      },
      "prefix": "mashroom:sess:",
      "ttl": 86400
    }
    
  • Admin Toolbar: Only allow valid characters (according to RFC 3986) in Routes

  • Admin Toolbar: Added checkbox for client-side routing and renamed friendlyUrl to Route because that's more what it is.

  • Portal: Added support for client-side routing. If you enable it everything appended to the page URL is ignored.

  • Portal: Added new property portalAppHost to the log context of Remote Portal Apps

jkofler
published 2.0.7 •

Changelog

Source

2.0.7 (June 2, 2022)

  • Portal: Switched to cache-control public for App resources, even for authenticated users
  • Portal: Fixed cache busting. The v=xxx query parameter is now constant for a plugin version (if the Portal ist not in dev mode). You should now replace lastThemeReloadTs with themeVersionHash in your themes.
  • Security Service: Don't log an error for AJAX requests to restricted resources (just return 403)
jkofler
published 2.0.6 •

Changelog

Source

2.0.6 (June 1, 2022)

  • Remote App Registry and K8S Remote App Registry: Fixed registering Apps of type portal-app2 without SSR capability
  • HTTP Proxy: Added a retry if the target resets or drops the connection (ECONNRESET) which can happen when:
    • keepAlive is activated and a reused connection is broken already (see https://nodejs.org/api/http.html#requestreusedsocket)
    • a Pod/instance is no longer/not yet available
  • HTTP Proxy: Fixed handling of client connection termination. Among others the misleading error message 'Target endpoint did not send a response within xxxxx' will no longer be logged in the case the client dropped the connection.
  • Portal: State encoded in URL via MashroomPortalStateService is encoded/decoded now
jkofler
published 2.0.5 •

Changelog

Source

2.0.5 (Mai 20, 2022)

  • Portal: The resource and the proxy target URLs of Remote Apps can now overlap as long as requested resources have an extension. E.g.: If your plugin definition looks like this:
     {
       "name": "My Remote App",
       "type": "portal-app2",
       "remote": {
         "resourcesRoot": "/"
       },
       "defaultConfig": {
         "proxies": {
           "bff": {
             "targetUri": "http://localhost:6089"
           }
         }
       }
     }
    
    the Portal will calculate a resource base URL http://yourhost.com/ and a base URL for the bff proxy of http://yourhost.com/, so they overlap. Now you can request a resource /index.js with this setup, previously you couldn't, because the Portal has treated it as an attempt to fetch API data via (potentially less protected) resource request.
  • Security Service: Start authentication flow (e.g. redirect to the login page) only for GET and non-Ajax requests
jkofler
published 2.0.4 •

Changelog

Source

2.0.4 (Mai 9, 2022)

  • Remote App Registry and K8S Remote App Registry: Show Apps with errors on top of the list in the Admin UI
  • K8S Remote App Registry: The Admin UI shows now all successfully registered Apps even if scanning some namespaces fails due to missing permissions
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc