chore(deps): bump @globus/static-data-portal from 1.11.0 to 2.0.0 (#16)

Bumps
[@globus/static-data-portal](https://github.com/globus/static-data-portal)
from 1.11.0 to 2.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/globus/static-data-portal/releases"><code>@​globus/static-data-portal</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v2.0.0</h2>
<h2><a
href="https://github.com/globus/static-data-portal/compare/1.12.0...2.0.0">2.0.0</a>
(2024-10-29)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<p>The portal will now store authorization tokens in memory (previously
<code>localStorage</code>) by default. This change underlines our
commitment to providing a &quot;secure by default&quot;
implementation.</p>
<h3>How is In-Memory Storage More Secure?</h3>
<p>When using our <a
href="https://github.com/globus/template-data-portal">GitHub Template
Repository</a> to create a portal, your portal is automatically
configured to deploy to GitHub Pages. Without a custom domain
configuration, your application will be deployed to
<code>{username}.github.io/{repository-name}</code>. Due to the same
origin access policies of <a
href="https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage"><code>localStorage</code></a>
this means any application <strong>you</strong>[^1] deploy to GitHub
pages would have access to items placed in <code>localStorage</code> by
the portal. We believe this default behavior is the less secure option
and can lead to unexpected behavior based on your GitHub account
usage.</p>
<h3>Explaining the Breaking Change</h3>
<p>With this new default, the end-user experience around authorization
will change to requiring users to authenticate when the portal's browser
window is closed. Due to the nature of this change we have flagged this
change as a &quot;breaking change&quot;, resulting in a major version
bump. <strong>While we do believe most users should update without
making changes to their <code>static.json</code> file</strong>, we have
included the ability to opt-in to the previous behavior of storing
authorization information in <code>localStorage</code>. Before enabling
this functionality, we recommend being aware of <a
href="https://cheatsheetseries.owasp.org/cheatsheets/HTML5_Security_Cheat_Sheet.html#local-storage">security
best practices related to <code>localStorage</code></a>, using a <a
href="https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site">custom
domain for your portal</a> to better lock down origin access, or having
policies in place to avoid unintended access when using the default
GitHub Pages domain.</p>
<p>To opt out of this change, a new property in the
<code>static.json</code> has been added to enable
<code>localStorage</code> storage of authorization data
(<code>data.attributes.features.useLocalStorage</code>).</p>
<pre lang="json"><code>{
  &quot;_static&quot;: {
    &quot;generator&quot;: {
      &quot;name&quot;: &quot;@globus/static-data-portal&quot;
    }
  },
  &quot;data&quot;: {
    &quot;version&quot;: &quot;1.0.0&quot;,
    &quot;attributes&quot;: {
      &quot;features&quot;: {
        &quot;useLocalStorage&quot;: true
      }
    }
 }
}
</code></pre>
<p>[^1]: <code>localStorage</code> is only available to applications on
the same <em>origin</em>, which includes subdomain; <strong>Access is
only shared with GitHub Pages applications or sites on the same account,
not other GitHub account's deployments</strong>.</p>
<h3>Features</h3>
<ul>
<li>Use in-memory based storage for authorization tokens, by default.
(<a
href="https://redirect.github.com/globus/static-data-portal/issues/347">#347</a>)
(<a
href="https://github.com/globus/static-data-portal/commit/c6ac0f881531cd2dd7e5cfc234b6b6065d77b3b5">c6ac0f8</a>)</li>
</ul>
<h2>v1.12.0</h2>
<h2><a
href="https://github.com/globus/static-data-portal/compare/1.11.0...1.12.0">1.12.0</a>
(2024-10-25)</h2>
<h3>Features</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/globus/static-data-portal/blob/main/CHANGELOG.md"><code>@​globus/static-data-portal</code>'s
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/globus/static-data-portal/compare/1.12.0...2.0.0">2.0.0</a>
(2024-10-29)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>Use in-memory based storage for authorization tokens, by default.
(<a
href="https://redirect.github.com/globus/static-data-portal/issues/347">#347</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>Use in-memory based storage for authorization tokens, by default.
(<a
href="https://redirect.github.com/globus/static-data-portal/issues/347">#347</a>)
(<a
href="https://github.com/globus/static-data-portal/commit/c6ac0f881531cd2dd7e5cfc234b6b6065d77b3b5">c6ac0f8</a>)</li>
</ul>
<h2><a
href="https://github.com/globus/static-data-portal/compare/1.11.0...1.12.0">1.12.0</a>
(2024-10-25)</h2>
<h3>Features</h3>
<ul>
<li>Adds button to open files in a new tab when collections support
HTTPS. (<a
href="https://redirect.github.com/globus/static-data-portal/issues/337">#337</a>)
(<a
href="https://github.com/globus/static-data-portal/commit/d6cc729252243fd79c434f4dd8fdf2041803c7b0">d6cc729</a>)</li>
</ul>
<h3>Fixes</h3>
<ul>
<li>use zustand for state management and resolve various state issues in
the File Browser (<a
href="https://redirect.github.com/globus/static-data-portal/issues/335">#335</a>)
(<a
href="https://github.com/globus/static-data-portal/commit/6b221e598067c5a945582a50820618d4b3bef503">6b221e5</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/globus/static-data-portal/commit/558d2e17b858516ecd0bb736b91adc2e2ddc27e4"><code>558d2e1</code></a>
chore(main): release 2.0.0 (<a
href="https://redirect.github.com/globus/static-data-portal/issues/348">#348</a>)</li>
<li><a
href="https://github.com/globus/static-data-portal/commit/b26f28cca347ea6733cd4096f010ad16af8cae36"><code>b26f28c</code></a>
test: Adds React Testing Library and Jest (<a
href="https://redirect.github.com/globus/static-data-portal/issues/350">#350</a>)</li>
<li><a
href="https://github.com/globus/static-data-portal/commit/78dc5caa5091651f684a16a6803cf7a6399e01bd"><code>78dc5ca</code></a>
docs: Update README.md</li>
<li><a
href="https://github.com/globus/static-data-portal/commit/4a3cae18408554dbfd73121acf4ae2513b71f05e"><code>4a3cae1</code></a>
deps: bump the typescript-eslint group with 2 updates (<a
href="https://redirect.github.com/globus/static-data-portal/issues/343">#343</a>)</li>
<li><a
href="https://github.com/globus/static-data-portal/commit/c6ac0f881531cd2dd7e5cfc234b6b6065d77b3b5"><code>c6ac0f8</code></a>
feat!: Use in-memory based storage for authorization tokens, by default.
(<a
href="https://redirect.github.com/globus/static-data-portal/issues/347">#347</a>)</li>
<li><a
href="https://github.com/globus/static-data-portal/commit/51459904cc6ea085fb06a0341d839c7ae7e517c0"><code>5145990</code></a>
deps: bump eslint-plugin-react from 7.37.1 to 7.37.2 (<a
href="https://redirect.github.com/globus/static-data-portal/issues/344">#344</a>)</li>
<li><a
href="https://github.com/globus/static-data-portal/commit/d0a3e3df4da2d6ac7aed5554251cf1d9a98efd52"><code>d0a3e3d</code></a>
deps: bump <code>@​tanstack/eslint-plugin-query</code> from 5.59.4 to
5.59.7 (<a
href="https://redirect.github.com/globus/static-data-portal/issues/345">#345</a>)</li>
<li><a
href="https://github.com/globus/static-data-portal/commit/ca7237edb78f07bf03890f44bca36655667ecc5c"><code>ca7237e</code></a>
deps: bump the react-query group with 2 updates (<a
href="https://redirect.github.com/globus/static-data-portal/issues/340">#340</a>)</li>
<li><a
href="https://github.com/globus/static-data-portal/commit/7b5b406ec4bfd229703f8341d0c6b870668704d4"><code>7b5b406</code></a>
deps: bump the typescript-eslint group with 2 updates (<a
href="https://redirect.github.com/globus/static-data-portal/issues/338">#338</a>)</li>
<li><a
href="https://github.com/globus/static-data-portal/commit/12b4796f7930a792a928e47df28c2fbf226f83b8"><code>12b4796</code></a>
deps: bump the react group with 2 updates (<a
href="https://redirect.github.com/globus/static-data-portal/issues/339">#339</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/globus/static-data-portal/compare/1.11.0...2.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@globus/static-data-portal&package-manager=npm_and_yarn&previous-version=1.11.0&new-version=2.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

package.json

@@ -1,5 +1,5 @@
 {
   "dependencies": {
-    "@globus/static-data-portal": "^1.11.0"
+    "@globus/static-data-portal": "^2.0.0"
   }
 }