Add basic support for user management to navigator:
log in as a user, act/read as its primary party.
When user management is supported & enabled, you can
only log in as a user (and that user must have a
primary party, which is what you'll actually be
acting/reading as).
The above is the default behavior. It can be disabled
using a feature flag (`--feature-user-management`),
and you can also still specify parties explicitly
in the config file.
CHANGELOG_BEGIN
Navigator supports user management by default. To disable,
use `--feature-user-management false` or specify parties
explicitly in `daml.yaml`.
CHANGELOG_END
Co-authored-by: Robert Autenrieth <31539813+rautenrieth-da@users.noreply.github.com>
Co-authored-by: Stefano Baghino <43749967+stefanobaghino-da@users.noreply.github.com>
Co-authored-by: Victor Peter Rouven Müller <mueller.vpr@gmail.com>
changelog_begin
changelog_end
Fixes the transitive vulnerable dependency on `nanoid`.
Verified via `yarn audit`. Ran a quick manual test to check that
this did not break `navigator`.
changelog_begin
changelog_end
Bump resolved markdown-it version to 12.3.2 for modernizr
Bump webpack-dev-server to 4.3.7 to fix transitive issue reported on selfsigned 1.x
Bump marked to 4.0.10 to address reported vulnerability
Somewhat error-prone, so please review carefully.
Reasons we need this:
- Some file types are not properly handled by the script.
- The only exclusion mechanism we currently have (`NO_AUTO_COPYRIGHT`)
is overly coarse.
CHANGELOG_BEGIN
CHANGELOG_END
New year, new copyright, new expected unknown issues with various files
that won't be covered by the script and/or will be but shouldn't change.
I'll do the details on Jan 1, but would appreciate this being
preapproved so I can actually get it merged by then.
CHANGELOG_BEGIN
CHANGELOG_END
I used a selective override for strip-ansi because html-webpack-plugin
cannot handle 7.0.0 and I don’t want to downgrade it in other places
where we are already using 7.0.0.
changelog_begin
changelog_end
Tested manually that it worked. It didn’t work before actually since
the `webpack serve` switch was needed even for the old version but now
it does.
Unfortunately this still doesn’t get rid of the dependency on setvalue.
changelog_begin
changelog_end
This addresses a dependabot alert.
No nice way to do this unfortunately, it’s pulled in via transitive
deps which don’t have a version with less restrictive bounds.
I did test manually that Navigator still works (it’s a dev-time only
dependency).
changelog_begin
changelog_end
I tried fixing it properly without a resolution but that requires an
upgrade to webpack 5 which runs into issues since the modernizr loader
we use does not support webpack 5 and at that point I gave up. I did
test navigator manually with this change.
changelog_begin
changelog_end
* Upgrade elliptic dependency to address vulnerabilities
This PR bumps our already existing resolution on elliptic to address a
security issue.
I don’t believe in keeping deps at arbitrarily outdated versions so
this PR fully regenerates the yarn.lock files.
changelog_begin
changelog_end
* Apparently upgrading Navigator is bad
changelog_begin
changelog_end
* Replace many occurrences of DAML with Daml
* Update docs logo
* A few more CLI occurrences
CHANGELOG_BEGIN
- Change DAML capitalization and docs logo
CHANGELOG_END
* Fix some over-eager replacements
* A few mor occurrences in md files
* Address comments in *.proto files
* Change case in comments and strings in .ts files
* Revert changes to frozen proto files
* Also revert LF 1.11
* Update get-daml.sh
* Update windows installer
* Include .py files
* Include comments in .daml files
* More instances in the assistant CLI
* some more help texts
This commit fixes a few copyright headers that have been missed in the
automatic update on Jan 1, as well as the generation code in the compat
workspace so it generates the right headers.
CHANGELOG_BEGIN
CHANGELOG_END
We really don’t need 5 different favicons here so just inline the same
one we use in create-daml-app and on our docs (32x32). This allows us
to get rid of tons of dependencies including a native dep on sharp.
changelog_begin
changelog_end
This finally gets up to the point where almost all deps are on the
latest version (according to `yarn outdated`). The one exception is
webpack since at least some of our webpack loaders don’t work with
webpack 5 yet.
Another issue is that tslint is deprecated and should be replaced by
eslint. I’ll tackle that as a separate PR.
changelog_begin
changelog_end
This was leftover from ancient times. You couldn’t actually use this
in any way since we always defaulted to the select method and provided
no way to change this. We still support it in the config but emit a
warning now if you use it.
changelog_begin
- [Navigator] The `password` option in the Navigator config file is
now deprecated. Note that it was already unused before.
changelog_end
This turned out to be a bit more messy than I thought it would be
unfortunately but it doesn’t seem too bad. If anyone has a better
suggestion for how to approach this, I’m all ears.
I added an integration test that checks that newly allocated parties
are picked up.
changelog_begin
- [Navigator] If no parties are in the Navigator config or daml.yaml,
Navigator will now pick up parties from the party management
service. Those parties are periodically refreshed.
changelog_end
Update navigator/backend/src/main/scala/com/digitalasset/navigator/Session.scala
Co-authored-by: Stephen Compall <stephen.compall@daml.com>
Co-authored-by: Stephen Compall <stephen.compall@daml.com>
node-forge 0.9 has an issue so this PR bumps selfsigned which in turn
bumps the bound on node-forge and allows us to upgrade to 0.10
changelog_begin
changelog_end
Before it was generated using `jar c0Mf` which is not reproducible as it
includes current time-stamps and the order of entries in the archive is
non-deterministic. The generated JAR is just a ZIP file and in this case
`jar` is explicitly instructed to not generated a `MANIFEST` file (`M`
flag). So, it is easy to replace the `jar` invocation by `zipper` which
is designed to generate reproducible ZIP archives.
changelog_begin
changelog_end
Co-authored-by: Andreas Herrmann <andreas.herrmann@tweag.io>
* Factor out tar/gzip reproducibility flags
* use mktgz in package-app
* Bazel managed tar/gzip
* Remove quiet = True
As stated in the comment this is no longer required with Bazel >= 3.0.
* Build package-app as a sh_binary
This way Bazel will manage the runtime dependencies tar, gzip, mktgz,
and patchelf.
package-app.sh changes directory so it needs to make sure that all paths
are absolute and that the runfiles tree/manifest location is forwarded
to programs called by package-app.sh.
* Avoid file path too long errors
* Fix readlink -f on MacOS
* Document abspath
changelog_begin
changelog_end
Co-authored-by: Andreas Herrmann <andreas.herrmann@tweag.io>
Buildifier now comes with a handy attachment to catch single `\`
characters inside strings and replace them with `\\` if the escape
sequence is invalid. Skylark/Python will do this at runtime anyway; this
just makes it clearer what the actual behavior is.
I needed to change `\` characters at the end of lines to `\\` manually
in order to stop Buildifier from simply concatenating the lines
together. Everything else was automatic.
CHANGELOG_BEGIN
CHANGELOG_END
This upgrades styled-components to the latest version and adds peer
dependencies as yarn told me to. I did test this a bit side-by-side
with Navigator from 1.2.0 to see if I could notice any changes both in
Firefox and Chrome and it looks exactly the same.
The changes are all fairly mechanical following type errors.
changelog_begin
changelog_end
Following some discussions on Slack, I’ve decided to spend a bit of
time trying to see which deps can be bumped fairly easily. This PR
bumps react and react-dom to the latest versions. The upgrade doesn’t
seem to require any code changes.
I did test Navigator locally in quickstart-java (looking around,
creating contracrs, exercising a few choices) and everything looks as
expected.
changelog_begin
changelog_end
This addresses a security vulnerability. Unfortunately, we need to
force a newer version of resize-img ignoring our
dependencies. However, that seems to work fine based on my
testing (running navigator on quickstart-java and looking at
favicons).
changelog_begin
changelog_end