squareone#

0.36.0#

Minor Changes#

  • #535 3619e18 Thanks @jonathansick! - Org, repo, and directory rows in the Times Square sidebar now show a kebab (⋯) button on hover and keyboard focus that opens a menu with a “Focus on this organization/repository/directory” action. The action links to the current page with ts_nav_focus set to that node’s path, switching the sidebar to the rooted-subtree focus view; container rows inside a focused view offer the same menu to focus deeper. The menu is fully keyboard operable (the kebab stays in the tab order while visually hidden, and Escape closes the menu and restores focus). The PR-preview tree shows no kebab or focus UI.

  • #535 aecae20 Thanks @jonathansick! - The Times Square sidebar navigation tree is now collapsible: every org, repo, and directory row’s chevron is a rotating disclosure button (WAI-ARIA disclosure pattern with aria-expanded/aria-controls), and a “Tree actions” kebab (⋯) menu in the tree header offers “Expand all” and “Collapse all” actions, each disabled when it would have no effect on the visible tree. Expansion state is owned by a new useTreeExpansion hook, keyed by node path and persisted in sessionStorage for the browser session, defaulting to all-expanded; the ancestor chain of the currently viewed notebook is always forced open (auto-reveal), even after collapse-all. Also fixes the current-page highlighting to use path-segment-aware matching so sibling paths sharing a string prefix (e.g. weather and weather-archive) are no longer both highlighted, and current page links now carry aria-current="page".

  • #535 9bfcffb Thanks @jonathansick! - The Times Square sidebar now supports a linkable focus mode driven by a ts_nav_focus=<node path> query parameter. When set, the focused org, repo, or directory renders as the root of the tree beneath a breadcrumb of its ancestors: each ancestor crumb refocuses up to that node (the focused node’s own tree row serves as the final crumb) and a clear (✕) control removes focus and restores the full tree. Sidebar page links propagate the parameter so focus survives navigating between notebooks, making focused URLs shareable and reproducible. A stale or invalid focus path resolves to the nearest existing ancestor in the tree (full tree if nothing matches). ts_nav_focus joins the reserved ts_ namespace — it (and any other ts_-prefixed parameter) is excluded from notebook parameters. Focus mode applies to the main tree only; the PR-preview tree ignores the parameter.

Patch Changes#

  • #535 1ae3d25 Thanks @jonathansick! - The Times Square sidebar navigation tree now shows a distinct Lucide icon for each node type: GitHub organizations (Building2), repositories (Book), directories (Folder), and notebook pages (FileText). Previously owner, repo, and directory rows rendered identically with only a chevron, and pages used a generic file icon.

  • #535 0ebcf3b Thanks @jonathansick! - Add normalizeGitHubContents(), a client-side normalization pass that recursively merges duplicate sibling directory nodes (concatenating their contents in order) in the GitHub contents tree. The pass is applied when parsing both the /github and /github-pr/... responses, keeping the sidebar correct against Times Square deployments that predate the server-side fix (lsst-sqre/times-square#140); it is idempotent against fixed servers. New mock fixtures (mockGitHubContentsNested, mockGitHubContentsDuplicateDirectories) cover multi-segment nested directories and the duplicate-directory bug shape, and the squareone dev API route for /times-square/api/v1/github now serves the buggy shape so the normalizer is exercised in development.

  • Updated dependencies [0ebcf3b]:

    • @lsst-sqre/times-square-client@2.1.0

0.35.1#

Patch Changes#

  • #543 0fdb6db Thanks @jonathansick! - Add three adaptive --rsd-component-* semantic theme tokens that re-map under dark mode (via tokens.dark.css), and repair three pre-existing dangling --sqo-* references.

    New tokens (authored as themed: {light, dark} YAML in rubin-style-dictionary, so they regenerate into both tokens.css and tokens.dark.css):

    • --rsd-component-text-secondary-color — muted/secondary text (light gray-600, dark gray-300).

    • --rsd-component-divider-color — borders and dividers (light gray-200, dark gray-700).

    • --rsd-component-surface-secondary-background-color — subtle surfaces such as hover/selected rows and the inline code chip (light gray-100, dark gray-700).

    Repoint the three dangling refs at the new secondary-text token so muted text renders adaptively in both themes instead of silently falling back to inherited body color: --sqo-color-text-secondary in AdminRequired.module.css and AuthRequired.module.css, and --sqo-text-muted in app/error.tsx. Dark-gray weights are the starting values; exact tuning is deferred to the dark-mode visual-QA step.

    Migrate the user-facing notification CSS modules (UserNotifications/UserNotificationsTableView.module.css and UserNotifications/UserNotificationDetailView.module.css) off fixed --rsd-color-gray-* scale tokens onto these adaptive tokens, so the /notifications list, expanded body, detail page, and empty/loading states are legible in dark mode.

    Migrate the admin notification CSS modules (AdminNotifications/NotificationFilters.module.css, AdminNotifications/NotificationsTableView.module.css, NotificationDetailView/NotificationDetailView.module.css, and NotificationForm/NotificationForm.module.css) off fixed --rsd-color-gray-* scale tokens (and remove the hardcoded hex fallbacks in NotificationForm.module.css) onto these adaptive tokens, so the /admin/notifications list, filter bar, detail page, and /admin/notifications/new compose form are legible in dark mode.

    Move the bespoke notification callouts onto the shared squared components so they self-theme in dark mode: the boxed error/not-found states in NotificationDetailView and UserNotificationDetailView now render via squared Note (type="note"); the inline load-failure states in both table views and the across-pages bulk-mark-read failure render via squared ErrorMessage; and the select-all-across-pages info banner renders via squared Note (type="info"). This removes the last fixed --rsd-color-red-*/--rsd-color-blue-* callout tokens (and their now-dead CSS) from the notification modules.

    Add a validate-theme-tokens guardrail (packages/repo-scripts/src/validate-theme-tokens.js, wired into the root localci script and CI) that fails when a fixed color-scale token (color: var(--rsd-color-gray-*|red-*|…)) or a hardcoded hex is used for text in the notification CSS modules, so the dark-mode migration can’t silently rot. The Rubin brand-accent alias --rsd-color-primary-* and non-text background-color uses are intentionally not flagged; scope is limited to the notification modules.

    Add dark-mode Storybook story variants (a Dark story pinning globals: { theme: 'dark' } via the existing withThemeByDataAttribute toolbar) for the key notification components — the user and admin table views, both detail views, the compose form, and a new NotificationFilters story for the filter bar — so the migration is visually verifiable in both themes and can’t silently rot.

  • #543 e4806d0 Thanks @jonathansick! - Extend the validate-theme-tokens dark-mode guardrail to also scan the squareone App Router pages, and fix the one component it surfaces.

    The scanner now recursively scans apps/squareone/src/app/**/*.module.css in addition to the two existing **/components/** roots (apps/squareone/src/components and packages/squared/src/components), applying the exact same principled detection rule and exemptions: a text color: set to a fixed dark neutral gray-scale token (--rsd-color-gray-400gray-900) or a dark hardcoded hex is a violation, while inverted text on a colored/dark background, text a [data-theme="dark"] override re-declares, semantic status hues, light gray weights, and the Rubin brand-accent --rsd-color-primary-* alias are exempt (DM-55433).

    Broadening the scan surfaces exactly one un-migrated module, apps/squareone/src/app/dev/DevAuthPanel.module.css (the dev-only auth panel), which is migrated off the fixed --rsd-color-gray-* scale onto the adaptive --rsd-component-* semantic tokens that re-map under data-theme="dark", matching the mapping convention this branch established across the notification modules and the shared DataTable/KeyValueList:

    • muted/secondary text (.muted, .scopeDescription, from gray-600) → --rsd-component-text-secondary-color

    • the “Custom” chip (.customChip): its dark-on-light-gray foreground AND fixed light background are migrated together (gray-600--rsd-component-text-secondary-color, gray-100--rsd-component-surface-secondary-background-color) so the chip surface also adapts

    • borders (.personaButton, .input, from gray-300) → --rsd-component-divider-color

    • the semantic “Applied ✓” green (.applied) keeps its --rsd-color-green-600 hue but drops its fixed dark-hex fallback so it no longer trips the hardcoded-hex check

    The guardrail baseline remains empty ({}) — DevAuthPanel is fixed so it is genuinely clean, not baselined — so the broadened scan passes with 0 known / 0 new violations. Remains wired into the root localci script and the CI workflow.

  • #543 099b388 Thanks @jonathansick! - Use the warning variant of the shared squared Note for the notification error/not-found callouts. The admin NotificationDetailView and user UserNotificationDetailView error/not-found states previously rendered with type="note", which printed the literal badge “Note” above genuine error messages like “Notification not found” / “Error loading notification”. They now use type="warning", so the badge reads “Warning” (orange) — an appropriate label and color for a recoverable error/not-found state.

  • #549 ac50113 Thanks @jonathansick! - Surface “Mark as unread” in the /notifications inbox, mirroring the existing mark-read affordances (DM-55450). Read rows now offer a per-row “Mark as unread” menu item (the mirror of “Mark as read” on unread rows), and the selection “Actions” dropdown gains a “Mark as unread” item that marks the read members of the loaded selection unread. Both route through the new useMarkNotificationsUnread mutation so the list and the header unread badge update without a manual refresh.

  • #543 1fadc3d Thanks @jonathansick! - Fix the dark-mode appearance of the app-local SentryConfigInfo component (the /admin/sentry config list) by migrating the .label (<dt>) text color in SentryConfigInfo.module.css off the fixed --rsd-color-gray-500 scale token (identical in both themes) onto the adaptive --rsd-component-text-secondary-color semantic token that re-maps under data-theme="dark".

    The “Status”, “Environment”, sample-rate, and “Base URL” labels previously rendered near-invisible --rsd-color-gray-500 on the dark background. They now use --rsd-component-text-secondary-color (muted but legible in both themes), matching the mapping convention this branch established across the notification modules and the shared DataTable/KeyValueList. Adds a Dark Storybook story variant so the fix is visually verifiable in both themes and can’t silently rot.

  • #543 c0050fc Thanks @jonathansick! - Fix the dark-mode appearance of the squareone token-management and sidebar views by migrating their fixed --rsd-color-gray-* scale colors (and two hardcoded hex grays), which are identical in both themes, onto the adaptive --rsd-component-* semantic tokens that re-map under data-theme="dark" (DM-55433).

    The muted/label/secondary text in these ten CSS modules previously rendered near-invisible fixed dark grays on the (adaptive) dark background. Each flagged text color: now uses --rsd-component-text-secondary-color — muted but legible in both themes — matching the mapping convention this branch established across the notification modules, the shared DataTable/KeyValueList, and the squared form primitives and DateTimePicker:

    • AccessTokensView .loading, SessionTokensView .loading, ApiEndpoints .notice, ServiceTokenForm .advancedHint (a hardcoded #4b5563), and SidebarNavSection .label (a hardcoded #6b7280).

    • TokenDetailsView .metadataLabel; and the dark-text-on-fixed-light .tokenKey chip is migrated foreground and background together (--rsd-component-text-color on --rsd-component-surface-secondary-background-color) so the code chip adapts instead of staying a fixed light pill.

    • TokenHistoryDetails .label, .oldValue, and .changesHeading; TokenHistoryFilters .filterLabel; TokenHistorySummary .time, .actor, and the neutral .summary.expire .icon (the create/edit/revoke status hues stay semantic); and TokenHistoryView .loadingState/.errorState/.emptyState, .errorMessage, and .totalCount.

    The semantic status hues (--rsd-color-red-* errors, the create/edit/revoke action-icon colors) and the Rubin brand-accent --rsd-color-primary-* borders are left untouched.

    This is the final batch of the migration: it empties the validate-theme-tokens baseline (packages/repo-scripts/src/validate-theme-tokens.baseline.json is now {}), so the guardrail is fully enforcing — every scanned squared + squareone CSS module is on adaptive tokens, and any new fixed dark-color text declaration fails CI. Adds Dark Storybook story variants (pinning globals: { theme: 'dark' } via the existing withThemeByDataAttribute toolbar) to TokenHistoryDetails, TokenHistoryView (list and error states), TokenHistoryFilters, and TokenDetailsView so the migrated muted label/timestamp text is visually verifiable in dark mode and can’t silently rot.

  • Updated dependencies [0fdb6db, 8d095b5, b90d533, d7054ab, c3d2bbe, 1fadc3d, 13ffc56]:

    • @lsst-sqre/rubin-style-dictionary@0.8.0

    • @lsst-sqre/squared@0.15.1

    • @lsst-sqre/semaphore-client@0.5.0

    • @lsst-sqre/global-css@0.2.6

0.35.0#

Minor Changes#

  • #510 66a4ab2 Thanks @jonathansick! - Add two feature-flag config keys for the upcoming user notifications UI: enableUserNotifications (boolean, default false) and userNotificationsPollIntervalSeconds (number, default 300). Both flow through the existing config pipeline — declared in squareone.config.schema.json with titles/descriptions/defaults, added to the AppConfig type, and defaulted in squareone.config.yaml — so they resolve via getStaticConfig() / useStaticConfig(). They ship false/300 everywhere and no UI consumes them yet; the flag keeps the in-progress notifications feature hidden until it is released.

  • #514 3d03f5c Thanks @jonathansick! - Add the deep-linkable user notification detail page at /notifications/[id] behind the enableUserNotifications flag. When the flag is off the route returns 404; when on, logged-in users (gated by AuthRequired) see the full message — the rendered-Markdown (gfm) summary as the page heading, the created date rendered in the reader’s local time with a timezone abbreviation (e.g. Jun 12, 2026, 10:10 AM PDT, via a new formatLocalTimestamp helper), and a read-status badge, followed by the rendered-Markdown body — with a “Back to notifications” link, plus loading, terminal-unavailable, error, and 404/not-found states. Previous/Next links navigate to the adjacent inbox notifications (Previous = newer, Next = older), each showing the neighbor’s summary snippet; neighbors are derived client-side from the (unfiltered) inbox list via useUserNotifications, since the Semaphore API exposes no neighbor endpoint (known limitation: neighbors come only from the first loaded page, limit: 100, so a notification beyond that window shows no prev/next). The new props-driven UserNotificationDetailView presentational component carries those states (with a Storybook story per state). Adds the dev mock GET /api/dev/semaphore/v1/notifications/[id] returning a single UserNotificationFormatted from the persistent user-notifications store (404 for an unknown id); it does not auto-mark the notification read. Display only — auto-mark-read on view is a later slice.

  • #514 c094d12 Thanks @jonathansick! - Add the /notifications inbox page behind the enableUserNotifications flag. When the flag is off the route returns 404; when on, logged-in users (gated by AuthRequired) see their notifications listed newest-first with date, read status, and a rendered-Markdown (gfm) summary, plus a “Show unread only” toggle, “Load more” cursor paging with a total count, and loading/error/empty states. Adds the dev mock GET /api/dev/semaphore/v1/notifications honoring unread/cursor/limit with RFC 5988 Link + X-Total-Count, served from a persistent in-memory user-notifications store. That store replaces the temporary unread-count shim that previously drove the header badge: the badge now reflects the seeded notifications and any later marked read. Read-only in this slice — row selection, mark-read, and the per-message detail view land in later tasks.

  • #514 8b5ed79 Thanks @jonathansick! - Add explicit mark-read actions to the /notifications inbox (behind the enableUserNotifications flag). UserNotificationsTableView gains controlled row selection (a leading checkbox column with select-all, keyed by notification id), a bulk-actions DropdownMenu whose “Mark read” action is enabled only when at least one row is selected and marks the selection read (clearing it afterwards), and a “Mark all as read” button. The inbox container enumerates the unread ids on demand (the ?unread=true list) for “Mark all as read” and routes both actions through useMarkNotificationsRead, whose shared cache invalidation updates the list, the unread count, and each affected detail without a manual refresh. The bulk dropdown is built to be extensible for future bulk actions.

Patch Changes#

0.34.0#

Minor Changes#

  • #506 b0c1328 Thanks @jonathansick! - Add a “Learn more about quotas” documentation link to the /settings/quotas Lede. The link is composed from the existing docsBaseUrl config value via the getDocsUrl helper, so it resolves to the environment-appropriate variant of the RSP docs (default https://rsp.lsst.io/guides/life/quotas.html, e.g. https://rsp.lsst.io/v/usdfprod/guides/life/quotas.html on USDF). It opens in the same tab, matching the homepage notebooks docs link, and needs no new config key or Phalanx change.

  • #487 acdfcce Thanks @jonathansick! - Add the shared app plumbing the admin notifications UI builds on. A useSemaphoreUrl hook resolves the Semaphore base URL via Repertoire service discovery (mirroring BroadcastBannerStack and the RSC layout). A RenderedMarkdown client component (plus a useRenderedMarkdown hook / renderMarkdownToHtml helper) renders raw Markdown — including GFM — to HTML synchronously via the existing remark/remark-gfm/remark-html toolchain, for the table summary, detail body, and compose preview. Dev mock Semaphore admin endpoints back local development: GET /semaphore/v1/admin/notifications (filtered, cursor-paginated via the shared mock-notifications helper, with a Link header and X-Total-Count), POST (appends to an in-memory dev store), and GET /semaphore/v1/admin/notifications/{id}. The dev Repertoire discovery mock advertises the local Semaphore mock origin, and admin:notifications is included in the dev session scopes.

  • #491 b02f601 Thanks @jonathansick! - Add the /admin/notifications/new compose page for sending admin user notifications. A presentational NotificationForm (props: initialValues, onSubmit, isSubmitting, disabled, onCancel) collects a required recipient and summary plus an optional body, authored in Markdown with a live RenderedMarkdown preview and a note that the summary is inline-only while the body supports full Markdown. Submit-time validation shows inline errors without losing input, and a “draft another” checkbox keeps the operator on the page after a successful send. The server page.tsx renders the client component inside a <Suspense> boundary, which reads recipient/summary/body query parameters via useSearchParams() to pre-fill the form (e.g. when drafting from an operational run book). On submit via useCreateAdminNotification, a checked “draft another” clears the form and shows an inline success confirmation; otherwise the page redirects to /admin/notifications. A failed send surfaces a clear inline error, and Cancel returns to the listing. The page inherits the admin section’s exec:admin gate and additionally checks loginInfo.scopes for admin:notifications, showing an explanatory Note and disabling the form when it is absent rather than failing with a silent 403.

  • #490 13eecf5 Thanks @jonathansick! - Add the /admin/notifications/[id] detail page for admin user notifications. Reached by opening a single notification (under the inherited exec:admin gate), it renders the notification’s summary and body as rendered Markdown — not raw — alongside its full metadata (id, recipient, sender, created time, and read status, shown as an Unread/Read badge plus the read timestamp). The page is addressable by URL via the server page.tsx (which derives its metadata from the route id), and an unknown id resolves to a graceful not-found state with a link back to the listing rather than a blank page. The presentational NotificationDetailView is driven entirely by props and ships with a Storybook story (loaded / read / no-body / loading / not-found / error) that runs as an interaction test. The listing’s per-notification summaries now link to the matching detail page, so a notification can be opened directly from the table.

  • #489 f80ec8d Thanks @jonathansick! - Add the /admin/notifications listing page for admin user notifications. Reachable from the new “User notifications” admin sidebar entry (under the inherited exec:admin gate), it lists the most recent notifications in a DataTable — recipient, sender, created time, and a rendered-Markdown summary — with loading, empty, and error-with-retry states. Recipient, sender, and since/until date-range filters narrow and combine, a “clear all” resets them, and the active filters are captured in the URL query string (via the new useAdminNotificationFilters hook) so a filtered view can be bookmarked and reproduced. A caller-owned “Load more” control pages through older notifications with a shown-of-total count, and a “Compose” button links to the compose route. The presentational NotificationFilters and NotificationsTableView components are driven entirely by props and ship with Storybook stories (loading / loaded / empty / error) that run as interaction tests.

Patch Changes#

  • #486 2ed71ac Thanks @jonathansick! - Resolve Dependabot security advisories by updating vulnerable dependencies. @sentry/nextjs is bumped to ^10.58.0 (which drops the vulnerable transitive uuid@9) and @turbo/gen to ^2.9.18 (which drops the vulnerable @turbo/workspaces). The remaining advisories are addressed with pnpm.overrides in pnpm-workspace.yaml that pin vulnerable transitive packages up to their patched versions — including vite (7.3.5), webpack (5.107.2), rollup, esbuild, postcss, ws, handlebars, lodash/lodash-es, minimatch, picomatch, glob, immutable, flatted, fast-uri, @babel/core, @opentelemetry/core, and js-yaml (4.x). vite and webpack are also declared as root dev dependencies so pnpm applies the pinned versions to these otherwise auto-installed peer dependencies.

    This clears all 46 distinct advisories. The last holdout was js-yaml@3.14.2, pulled in only by the Changesets CLI (@manypkg/get-packagesread-yaml-file@1.1.0). Overriding its carrier read-yaml-file to 2.1.0 removes the js-yaml 3.x dependency: 2.1.0 keeps the same CommonJS default/.sync API that @manypkg/get-packages relies on but parses with js-yaml@^4.0.0, which the existing js-yaml@>=4.0.0 <4.2.0 4.2.0 override lands on the patched 4.2.0. (read-yaml-file@3 is ESM-only with renamed named exports and would break @manypkg/get-packages, so 2.1.0 is the highest compatible version.)

  • #492 2644a9d Thanks @dependabot! - Bump js-yaml from 4.2.0 to 5.0.0

  • #487 b9ee15e Thanks @jonathansick! - Resolve the Semaphore service URL from Repertoire service discovery instead of the static semaphoreUrl config field. The useSemaphoreUrl hook now derives the URL via useRepertoireUrluseServiceDiscovery(...).getSemaphoreUrl() (mirroring the broadcast banner and the RSC layout), returning undefined while discovery is pending or when Repertoire/Semaphore is undiscovered so dependent queries stay gracefully disabled. BroadcastBannerStack is simplified to consume this consolidated hook rather than wiring up discovery inline.

    The semaphoreUrl config field is deprecated (marked @deprecated in AppConfig and "deprecated": true in the config schema) but intentionally retained: the schema is additionalProperties: false, so removing it would make existing Phalanx configurations that still set semaphoreUrl fail validation on deploy. No app code reads it any longer; it is slated for removal in a later change once Phalanx stops delivering it. The redundant dev semaphoreUrl entry is dropped from squareone.config.yaml since the dev Repertoire discovery mock already advertises the local Semaphore mock origin.

  • #489 8747f33 Thanks @jonathansick! - Add an optional renderDetailRow prop to DataTable. When provided, each data item renders as a two-row unit: the primary row of column cells, plus a full-width secondary row beneath it whose single cell spans every column. The detail colSpan tracks the leaf column count, leaving a clean path to a future expand-to-detail interaction with a dedicated expander column.

    The squareone admin notifications listing (/admin/notifications) uses this for a two-row layout: the sortable recipient, sender, and created columns now get the full table width (no more truncated headers), and the rendered-Markdown summary spans full-width beneath each row instead of competing for a column.

  • Updated dependencies [8e195f6, 2933281, 8747f33, 9caa7b3]:

    • @lsst-sqre/semaphore-client@0.3.0

    • @lsst-sqre/squared@0.14.0

0.33.0#

Minor Changes#

  • #472 9a8fa33 Thanks @jonathansick! - Drive the /api-aspect endpoint listing from Repertoire service discovery.

    The page resolves discovery server-side and renders one section per dataset (dp1/dp02/dp03), so the endpoints are present in the server-rendered HTML with no client-side discovery fetch. The listing is embedded via an <ApiEndpoints/> MDX component (with a headingLevel prop, default 3) so per-environment prose keeps control of the surrounding content. It degrades gracefully, mirroring the App Router layout’s server-side discovery pattern: the listing is omitted when repertoireUrl is unset, and a brief “temporarily unavailable” notice (plus a server-side log) is shown when the discovery fetch fails.

    A curated presentation map layers human-readable content onto the raw discovery data:

    • Each dataset section header shows the display name (e.g. “Data Preview 1”) linked to its documentation site, followed by the dataset description and a visible “Read the documentation” link sourced from the discovery docs_url field (with a dataset-named accessible label; omitted when docs_url is absent).

    • Each service name renders as plain, non-clickable text. When a service maps to an IVOA standard, a book-icon link beside the name points to the standard’s documentation with a spec-specific accessible label and tooltip (e.g. “IVOA TAP docs”, “IVOA SIA docs”). Mapped services use curated labels and the correct per-standard URLs (e.g. SIA v2 → the sia-query-2.0 /query URL, HiPS → the /list URL); unmapped services fall back to their raw name and base URL.

    • Endpoint base URLs render as copyable monospace code text rather than anchors, since they are hit programmatically (TAP clients, notebooks) rather than clicked. An icon-only copy-to-clipboard button sits beside each URL with a per-endpoint accessible name.

    • Each dataset’s endpoints render in an aligned two-column layout (label | URL) via a CSS grid + subgrid chain, so the URL column starts at the same x-position across every dataset, sized by the widest label on the page. On mobile (≤768px) each row collapses to a single column with the label stacked above its URL.

Patch Changes#

  • #458 fee09f9 Thanks @jonathansick! - Attribute client-side Sentry events to the build’s git commit SHA as the release, matching server/edge events.

    Browser events previously reported release: null because Turborepo’s strict env mode stripped SENTRY_RELEASE from the next build environment, so the Sentry bundler plugin never injected a release into the client bundle (the server/edge SDKs were unaffected — they read SENTRY_RELEASE at runtime). Two complementary fixes:

    • Declare SENTRY_RELEASE in the build task’s env in turbo.json so it reaches withSentryConfig at build time; the plugin now bakes the release into the client bundle and associates uploaded source maps with it. Using env (not passThroughEnv) also keys the build cache on the SHA, so a cached bundle baked with an older commit’s release is never reused.

    • Thread the SHA (getAppVersion().revision) through window.__SENTRY_CONFIG__ as release, alongside the existing runtime DSN/version injection, and use it in the client Sentry.init. This keeps the client release identical to the server’s runtime value by construction.

    In local dev (no SENTRY_RELEASE), both paths degrade gracefully to an unset release as before.

  • #482 7a2fcb3 Thanks @dependabot! - Bump js-yaml from 4.1.1 to 4.2.0 in the security-patch group across 1 directory

  • #458 c9fcda7 Thanks @jonathansick! - Add standard OCI image labels to the squareone Docker image.

    The runner stage now sets org.opencontainers.image.source, url, title, description, vendor, licenses, revision, and version. The source label links the GHCR package to its repository (inheriting the repo’s visibility/access), and the static fields surface a title, description, and license on the package page. version comes from a new VERSION build arg and mirrors the image’s primary tag: the release version for releases, and the branch-derived tag for PR/branch builds (e.g. tickets-DM-55226).

  • #458 6eba665 Thanks @jonathansick! - Make the app’s runtime version reflect the container image tag.

    The Dockerfile exposes the VERSION build arg as a SQUAREONE_VERSION runtime env in the runner stage, and getAppVersion() now reports it as version — the branch-derived tag for PR/branch builds (e.g. tickets-DM-55226), the release version for releases — falling back to the package.json version when unset (local pnpm dev/pnpm build). This flows to the <head> squareone:version meta tag and the version field bound on every server log record, and is reported to Sentry as a build context (server, edge, and client). Previously these all showed the stale package.json version on branch builds.

  • #460 043894c Thanks @jonathansick! - Classify React hydration errors in the client-side Sentry pipeline so browser-extension DOM noise stops drowning out genuine mismatches.

    A new pure hydrationClassifier module recognises React’s recoverable hydration errors (codes 418/419/421/422/423/425 and the “Hydration failed” / “didn’t match” message patterns) and, given a snapshot of the <body>/<html> attribute names, conservatively labels each event extension, in-app, or unknown — only calling it extension when a known extension marker (Grammarly, Dark Reader, password managers, etc.) is present alongside a hydration error. A beforeSend wrapper wired into instrumentation-client.js tags every event with hydration.classification, attaches the matched markers plus a body-attribute fingerprint as context, and regroups extension noise under a single mutable Sentry issue via a custom fingerprint. The event is always kept (never dropped), and the wrapper is defensive — it returns the event unchanged if document is unavailable or any internal error occurs.

  • #458 67eee1f Thanks @jonathansick! - Stamp the git commit SHA into the Docker image as the Sentry release.

    The Dockerfile takes a SOURCE_COMMIT build arg and exposes it as SENTRY_RELEASE in both the installer stage (so the Sentry bundler plugin marks client/server bundles and uploads source maps under the SHA) and the runner stage (so server/edge Sentry.init reports it at runtime); it also records the SHA in the org.opencontainers.image.revision OCI label. next.config.js, sentry.server.config.js, and sentry.edge.config.js now read process.env.SENTRY_RELEASE. Server/edge/client events carry the build’s SHA instead of null, and the value degrades gracefully to no release when SENTRY_RELEASE is unset (e.g. local pnpm dev/pnpm build).

  • #462 9d8069f Thanks @jonathansick! - Harden the App Router shell against browser-extension hydration noise and guard it against future SSR/CSR non-determinism.

    <body> now carries suppressHydrationWarning so attributes injected by browser extensions (Grammarly, password managers, Dark Reader, etc.) onto the <body> element no longer trip React’s hydration warning — complementing the existing <html suppressHydrationWarning>. The suppression covers one level only (the <body> element’s own attributes), not extension-injected child nodes. A deterministic-render audit of the shared shell chain (layoutHeader / PreHeader / HeaderNav / Login / UserMenuBroadcastBannerStackFooterRscPrimaryNavigation) found it free of genuine SSR/CSR non-determinism — the auth path is guarded by a hasMounted two-pass, there is no theme-conditional rendering, and no time/random/locale-dependent output — so no production fixes were required. New shell render-determinism tests render each shell component twice with identical props and assert byte-identical server markup, guarding against future non-deterministic regressions.

  • Updated dependencies [4a7c56a]:

    • @lsst-sqre/repertoire-client@0.3.0

    • @lsst-sqre/gafaelfawr-client@2.0.0

    • @lsst-sqre/times-square-client@2.0.0

0.32.0#

Minor Changes#

  • #443 e02d0df Thanks @jonathansick! - Add /admin/service-tokens admin pages for creating and managing Gafaelfawr service tokens. The pages live in the admin section, so they inherit its exec:admin gate.

    • Landing (/admin/service-tokens) explains service tokens — machine access not tied to a user account — links to the Gafaelfawr docs, and offers entry points to create or look up tokens.

    • Create (/admin/service-tokens/new) provides a form for the bot username, scopes, expiration, and optional identity metadata (name/email/uid/gid/groups) under collapsible Advanced settings. The form is pre-fillable from query parameters (e.g. ?username=, ?scopes=, ?expiration=). Creating a token also requires the admin:token scope; an admin without it sees a warning and a disabled form rather than a silent failure.

    • Look up (/admin/service-tokens/search) is URL-driven via ?q=<bot-username>, listing that bot user’s service tokens (each revocable) so a lookup can be bookmarked and shared.

Patch Changes#

  • #405 1fe8816 Thanks @dependabot! - Bump @biomejs/biome from 2.3.12 to 2.3.14

  • #402 538614a Thanks @dependabot! - Bump @storybook/addon-a11y from 10.2.7 to 10.4.1

  • #402 538614a Thanks @dependabot! - Bump @storybook/addon-docs from 10.2.7 to 10.4.1

  • #402 538614a Thanks @dependabot! - Bump @storybook/addon-links from 10.2.7 to 10.4.1

  • #402 538614a Thanks @dependabot! - Bump @storybook/addon-onboarding from 10.2.7 to 10.4.1

  • #402 538614a Thanks @dependabot! - Bump @storybook/addon-themes from 10.2.7 to 10.2.8

  • #402 538614a Thanks @dependabot! - Bump @storybook/addon-vitest from 10.2.7 to 10.2.8

  • #402 538614a Thanks @dependabot! - Bump @storybook/nextjs-vite from 10.2.7 to 10.2.8

  • #402 538614a Thanks @dependabot! - Bump @storybook/react-vite from 10.2.7 to 10.2.8

  • #405 1fe8816 Thanks @dependabot! - Bump @types/node from 22.19.7 to 22.19.11

  • #400 f935c90 Thanks @dependabot! - Bump @types/react from 19.2.13 to 19.2.14 in the react group

  • #405 1fe8816 Thanks @dependabot! - Bump @vitejs/plugin-react from 5.1.2 to 5.1.4

  • #443 0d60843 Thanks @jonathansick! - Make the token-key details link optional in AccessTokenItem / AccessTokensView.

    AccessTokenItem gains a showDetailsLink?: boolean prop (default true). When true it keeps rendering the existing /settings/tokens/<key> details link on the token key; when false it renders the key as plain text (same styling, no anchor) for listings where that route does not resolve — such as service tokens. AccessTokensView gains the matching showDetailsLink?: boolean prop (default true) and forwards it to each item, so the /settings/tokens user-token listing is unchanged.

  • #410 0c414fc Thanks @dependabot! - Bump actions/create-github-app-token from 2 to 3

  • #410 0c414fc Thanks @dependabot! - Bump actions/github-script from 8 to 9

  • #429 6a28eb4 Thanks @jonathansick! - Add the reusable /admin section scaffold, mirroring the /settings sidebar-layout pattern.

    • New app/admin/layout.tsx (server, loads config) → AdminLayoutClient.tsx (client, usePathname()) → shared <SidebarLayout sidebarTitle="Admin">, driven by a new flat getAdminNavigation() (a single /admin/sentry item, no categories).

    • New reusable getFirstNavItemHref(navSections) helper in the SidebarLayout module (exported from its index.ts): returns the first nav item’s href, or null as a safe fallback for an empty nav.

    • app/admin/page.tsx index route redirects to the first sidebar nav item via that helper (currently /admin/sentry); reordering the nav changes the target with no other code change. An empty nav renders a fallback instead of redirecting.

    • Minimal app/admin/sentry/page.tsx placeholder so the redirect resolves.

    No access gating in this slice; the Phalanx ingress remains the deployment-time enforcement.

  • #406 0d6b970 Thanks @dependabot! - Bump ajv from 8.17.1 to 8.18.0 in the security-patch group across 1 directory

  • #443 f40b6ab Thanks @jonathansick! - Add a dev-only /dev auth control panel (login/persona/scope toggles), mock /auth/api/v1/login, and exclude all dev mocks from production builds via .dev route files.

  • #418 e6c0f92 Thanks @jonathansick! - Fix the dev-mode Repertoire /discovery mock to return absolute service URLs so they pass URL-schema validation and are fetchable from server components.

    • The dev mock route previously overrode internal service URLs (gafaelfawr, semaphore, times-square) with bare relative paths (/auth, /semaphore, …). Those failed the repertoire-client z.string().url() schema, so DiscoverySchema.parse() threw a ZodError and the app silently fell back to empty discovery (no Semaphore broadcasts, etc.).

    • Relative paths are also unfetchable during server-side prefetch in RootLayout, where there is no document origin.

    • The mock now prefixes each overridden internal URL with the dev server’s own origin (derived from the incoming request, so it stays port-agnostic). The pathnames are unchanged, so the existing next.config.js rewrites still route them to the local mock handlers.

  • #410 0c414fc Thanks @dependabot! - Bump dorny/paths-filter from 3 to 4

  • #405 1fe8816 Thanks @dependabot! - Bump dotenv from 17.2.3 to 17.2.4

  • #402 538614a Thanks @dependabot! - Bump eslint-plugin-storybook from 10.2.7 to 10.2.8

  • #405 1fe8816 Thanks @dependabot! - Bump glob from 13.0.1 to 13.0.2

  • #399 36a7ebe Thanks @dependabot! - Bump imjasonh/setup-crane from 0.4 to 0.6 in the actions group

  • #412 b4d0f20 Thanks @dependabot! - Bump lodash from 4.17.23 to 4.18.1

  • #410 0c414fc Thanks @dependabot! - Bump lsst-sqre/multiplatform-build-and-push/.github/workflows/build.yaml from 3 to 4

  • #402 538614a Thanks @dependabot! - Bump msw from 2.12.8 to 2.12.9

  • #407 fe784ae Thanks @dependabot! - Bump next-mdx-remote from 5.0.0 to 6.0.0 in /apps/squareone in the npm_and_yarn group across 1 directory

  • #384 119fd30 Thanks @dependabot! - Bump next from 15.5.9 to 16.2.7

  • #403 618ebd5 Thanks @dependabot! - Bump playwright from 1.58.1 to 1.60.0 in the playwright group

  • #410 0c414fc Thanks @dependabot! - Bump pnpm/action-setup from 4 to 6

  • #384 5304900 Thanks @dependabot! - Fix the next/image aspect-ratio warning (“width or height modified, but not the other”) surfaced under Next.js 16, and the latent logo distortion behind it.

    • Footer partner logos now use a new img.u-responsive-image global utility (max-width: 100%; width: auto; height: auto;) so both dimensions scale together as the image fills its container.

    • The header triad logo keeps its controlled height: its computed width is now rounded to an integer (a fractional width attribute can never equal the rounded rendered width, which tripped the warning) and it uses height: auto so it scales proportionally on narrow viewports without expanding to the source image’s natural size.

  • #402 538614a Thanks @dependabot! - Bump storybook from 10.2.10 to 10.2.10

  • #412 b4d0f20 Thanks @dependabot! - Bump turbo from 2.8.3 to 2.9.14

  • #415 962305d Thanks @dependabot! - Bump vitest from 2.1.9 to 4.1.0

  • #412 b4d0f20 Thanks @dependabot! - Bump yaml from 2.8.2 to 2.8.3

  • Updated dependencies [3ee4d61, 5304900]:

    • @lsst-sqre/gafaelfawr-client@1.1.0

    • @lsst-sqre/global-css@0.2.5

    • @lsst-sqre/squared@0.13.1

0.31.0#

Minor Changes#

  • #354 2d91039 Thanks @jonathansick! - Migrated four pages from Pages Router to App Router:

    • Home page (/)

    • Docs page (/docs)

    • Support page (/support)

    • API Aspect page (/api-aspect)

    Created the App Router foundation:

    • Root layout (src/app/layout.tsx) with PageShell integration

    • Providers wrapper (src/app/providers.tsx) for theme and config contexts

    • Force dynamic rendering to support runtime configuration loading

  • #383 0d1bfc3 Thanks @jonathansick! - Integrate BroadcastBannerStack with Semaphore API via semaphore-client

    The BroadcastBannerStack component now fetches broadcast messages from the Semaphore API using the new @lsst-sqre/semaphore-client package. Key changes:

    • Prefetch broadcasts in the root layout using service discovery for the Semaphore API URL

    • Consolidate BroadcastBannerStack as a client component with React Query hydration

    • Remove the legacy maintenance category from BroadcastBanner

    • Add a mock Semaphore API endpoint (/api/dev/semaphore/v1/broadcasts) for local development

  • #385 a713c75 Thanks @jonathansick! - Complete Pages Router removal

    Migrated the remaining Pages Router pages to App Router and deleted the entire src/pages/ directory:

    • terms page: Migrated to src/app/terms/page.tsx as a server component

    • enrollment pages: Migrated 4 enrollment status pages (pending-approval, pending-confirmation, thanks-for-signing-up, thanks-for-verifying) to src/app/enrollment/ using RSC MDX compilation via compileMdxForRsc()

    • Deleted framework files: _app.tsx, _document.tsx, _error.tsx (App Router uses layout.tsx, error.tsx)

    • Deleted dev-only pages: login.tsx, logout.tsx, sentry-example-page.tsx, api/sentry-example-api.ts

    • Deleted legacy modules: AppConfigContext.tsx (replaced by RSC ConfigProvider), footerLoader.ts (Pages Router MDX serialization), loadConfigAndMdx() helper

    Simplified useStaticConfig to only support the App Router ConfigProvider path, removing the AppConfigContext fallback branch. The AppConfigContextValue type is now re-exported from useStaticConfig for backward compatibility.

    squareone is now fully App Router — no Pages Router code remains.

  • #385 a03bd17 Thanks @jonathansick! - Add pino structured logging for server-side code

    • Replaced console.* calls in server-side code with pino structured JSON logging

    • Production outputs GKE-compatible JSON to stdout; development uses pino-pretty for readable output

    • Log level configurable via LOG_LEVEL environment variable (defaults to info in production, debug in development)

    • Config loading and MDX loading messages moved to debug level to reduce production noise

    • API route handlers use child loggers with route context for easier tracing

    • Client-side components remain unchanged (Sentry handles client error reporting)

  • #354 2d91039 Thanks @jonathansick! - New React Server Components-compatible utilities for loading server-side configuration and MDX content

    • Config loading (src/lib/config/rsc/loader.ts): Server-side configuration loading using React’s cache() for request deduplication

    • MDX compilation (src/lib/mdx/rsc/compiler.ts): RSC-compatible MDX content compilation for server components

    • ConfigProvider (src/contexts/rsc/ConfigProvider.tsx): Context provider using React 19’s use() hook to bridge server-loaded config to client components

    • useStaticConfig hook (src/hooks/useStaticConfig.ts) provides seamless configuration access across both router patterns

    These utilities enable the same configuration and content patterns used in Pages Router while leveraging RSC benefits like reduced client bundle size.

  • #357 8d837f6 Thanks @jonathansick! - New @lsst-sqre/repertoire-client package for Rubin Science Platform service discovery

    This package provides a reusable client for the Repertoire API, enabling dynamic service discovery across monorepo apps:

    • Zod schemas for runtime validation of API responses

    • ServiceDiscoveryQuery class with convenience methods for querying applications, services, and datasets

    • TanStack Query integration with discoveryQueryOptions() for server prefetching and client-side caching

    • useServiceDiscovery hook for client components with automatic hydration support

    • Mock data for development and testing

    Integrated into squareone:

    • Added TanStack Query providers with server-side prefetching in root layout

    • Components can now use useServiceDiscovery() to check service availability

    • Service URLs dynamically discovered instead of hard-coded in configuration

  • #368 0b3f783 Thanks @jonathansick! - Migrate Settings UI pages to App Router with TanStack Query

    Migrated pages:

    • /settings - Account overview with MDX content

    • /settings/tokens - Access token list with create button

    • /settings/tokens/new - Create new access token form

    • /settings/tokens/[id] - Token detail view

    • /settings/tokens/history - Token change history with pagination

    • /settings/sessions - Active sessions list

    • /settings/sessions/[id] - Session detail view

    • /settings/sessions/history - Session history with pagination

    • /settings/quotas - Resource quotas display

    New components:

    • AuthRequired - Reusable client component for auth-protected pages with login redirect

    • SettingsLayoutClient - App Router settings layout with sidebar navigation

  • #373 454db1b Thanks @jonathansick! - Migrate Times Square pages to App Router

    All Times Square pages now use Next.js App Router instead of Pages Router:

    • /times-square - Home page with GitHub repository listing

    • /times-square/github/[...tsSlug] - GitHub notebook viewer

    • /times-square/github-pr/[owner]/[repo]/[commit] - PR preview landing page

    • /times-square/github-pr/[owner]/[repo]/[commit]/[...tsSlug] - PR notebook viewer

    Key implementation details:

    • TimesSquareUrlParametersProvider - Consolidated provider using App Router navigation APIs (useParams, usePathname, useSearchParams); removed separate Pages Router variant

    • Shared layout - layout.tsx handles service availability checks (404 if Times Square not configured) and wraps all pages with WideContentLayout

    • Client components - SSE updates handled via TimesSquareHtmlEventsProvider in client component wrappers

    • Config access - Migrated from useAppConfig to useStaticConfig which works with both routers

    • TimesSquareParametersClient - Updated to use next/navigation hooks instead of next/router

    This completes the Times Square App Router migration as part of the broader squareone modernization effort.

  • #373 771eb09 Thanks @jonathansick! - Migrate Times Square hooks from SWR to TanStack Query

    All Times Square components now use hooks from @lsst-sqre/times-square-client instead of local SWR-based implementations:

    • TimesSquareParametersClient - uses useTimesSquarePage for parameter metadata

    • TimesSquareGitHubPagePanelClient - uses useTimesSquarePage for page info

    • TimesSquareHtmlEventsProviderClient - uses useTimesSquarePage for events URL

    • TimesSquareNotebookViewerClient - uses useTimesSquarePage and useHtmlStatus for notebook display

    • TimesSquareMainGitHubNavClient - uses useGitHubContents for navigation tree

    • TimesSquarePrGitHubNavClient - uses useGitHubPrContents for PR preview navigation

    • PR Preview Page - uses useGitHubPrContents for check status and PR details

    Deleted legacy SWR hooks:

    • apps/squareone/src/hooks/useTimesSquarePage.ts

    • apps/squareone/src/components/TimesSquareNotebookViewer/useHtmlStatus.ts

    • apps/squareone/src/components/TimesSquareMainGitHubNav/useGitHubContentsListing.ts

    • apps/squareone/src/components/TimesSquarePrGitHubNav/useGitHubPrContentsListing.ts

Patch Changes#

  • #361 3914272 Thanks @dependabot! - Bump @biomejs/biome from 2.3.8 to 2.3.12

  • #394 67ebfe8 Thanks @dependabot! - Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in the security-patch group across 0 directory

  • #345 df80f21 Thanks @dependabot! - Bump @sentry/nextjs from 10.27.0 to 10.35.0 in the runtime group

  • #344 a9c0c82 Thanks @dependabot! - Bump @storybook/addon-a11y from 10.1.4 to 10.2.7

  • #344 a9c0c82 Thanks @dependabot! - Bump @storybook/addon-docs from 10.1.4 to 10.2.7

  • #344 a9c0c82 Thanks @dependabot! - Bump @storybook/addon-links from 10.1.4 to 10.2.7

  • #344 a9c0c82 Thanks @dependabot! - Bump @storybook/addon-onboarding from 10.1.4 to 10.2.7

  • #344 a9c0c82 Thanks @dependabot! - Bump @storybook/addon-themes from 10.1.4 to 10.2.7

  • #344 a9c0c82 Thanks @dependabot! - Bump @storybook/addon-vitest from 10.1.4 to 10.1.11

  • #359 f0010d1 Thanks @dependabot! - Bump @storybook/nextjs-vite from 10.1.7 to 10.1.11

  • #344 a9c0c82 Thanks @dependabot! - Bump @storybook/react-vite from 10.1.4 to 10.1.11

  • #372 0a92d04 Thanks @dependabot! - Bump @tanstack/react-query from 5.90.12 to 5.90.19 in the misc group

  • #361 3914272 Thanks @dependabot! - Bump @testing-library/react from 16.3.0 to 16.3.2

  • #362 b9c6ec6 Thanks @dependabot! - Bump @turbo/gen from 2.6.3 to 2.8.3

  • #361 3914272 Thanks @dependabot! - Bump @types/node from 22.19.1 to 22.19.7 in the dev group

  • #365 58052ea Thanks @dependabot! - Bump @types/react from 19.2.7 to 19.2.13 in the react group

  • #361 3914272 Thanks @dependabot! - Bump @vitejs/plugin-react from 5.1.1 to 5.1.2

  • #354 2d91039 Thanks @jonathansick! - Add App Router error boundaries

    Added error handling for the App Router migration:

    • error.tsx: Catches errors in route segments and displays a recovery UI

    • global-error.tsx: Root-level error boundary for errors in the layout itself

    Both integrate with the existing design system and provide user-friendly error recovery options.

  • #385 b2ab600 Thanks @jonathansick! - Add optional structured logger injection to client packages

    • Added a Logger type to each client package (repertoire-client, semaphore-client, gafaelfawr-client, times-square-client) matching pino’s (obj, msg) calling convention

    • All console.log, console.error, and console.warn calls replaced with structured logger calls using debug, error, and warn levels

    • Logger is accepted as an optional parameter; when omitted, a console-based default preserves existing behavior for client-side and test usage

    • squareone’s server-side layout now passes its pino logger to discoveryQueryOptions, fetchServiceDiscovery, and broadcastsQueryOptions for structured JSON output on GKE

  • #343 73cd26e Thanks @dependabot! - Bump eslint-config-next from 15.5.7 to 15.5.12

  • #362 b9c6ec6 Thanks @dependabot! - Bump eslint-config-turbo from 2.6.3 to 2.8.3

  • #386 dd3a96b Thanks @dependabot! - Migrate ESLint configuration to v9 flat config format

    • Replace legacy .eslintrc.js files with eslint.config.mjs across all packages and apps

    • Convert shared @lsst-sqre/eslint-config to export a flat config array using eslint-config-turbo/flat and FlatCompat for eslint-config-next

    • Add @eslint/eslintrc dependency for FlatCompat bridging where native flat config is not yet available

    • Remove inline eslintConfig from squareone’s package.json in favor of a standalone eslint.config.mjs

    • Add explicit lint script to squareone

  • #344 a9c0c82 Thanks @dependabot! - Bump eslint-plugin-storybook from 10.1.4 to 10.1.11

  • #386 dd3a96b Thanks @dependabot! - Bump eslint from 8.57.1 to 9.26.0

  • #385 713fa38 Thanks @jonathansick! - Filter internal muster services from API rate limits display

    • Filtered out muster- prefixed services from the API Rate Limits section in the quotas settings view, as these are internal services not meaningful to users

    • The Rate Limits section now hides entirely when no user-facing services remain after filtering

  • #382 5676a89 Thanks @dependabot! - Bump lightningcss-cli from 1.30.2 to 1.31.1

  • #382 5676a89 Thanks @dependabot! - Bump lightningcss from 1.30.2 to 1.31.1

  • #378 3532ade Thanks @dependabot! - Bump lodash from 4.17.21 to 4.17.23 in the security-patch group across 1 directory

  • #391 643b9cb Thanks @jonathansick! - Migrate icons from FontAwesome and react-feather to lucide-react

    squared package:

    • Replaced @fortawesome/fontawesome-svg-core, @fortawesome/free-solid-svg-icons, @fortawesome/react-fontawesome, and react-feather with lucide-react as the unified icon library

    • Updated all components (IconPill, Button, ClipboardButton, DateTimePicker, Modal, Select) to use Lucide icon components

    • Fixed IconPill icon vertical alignment by replacing font-size: 0.9em with vertical-align: text-bottom for proper SVG baseline alignment

    • Updated component prop types from FontAwesome [IconPrefix, IconName] tuples to LucideIcon component references

    • Updated Storybook stories and tests to use Lucide icons

    squareone app:

    • Migrated all components from FontAwesome and react-feather imports to lucide-react

    • Removed FontAwesome library initialization (styles/icons.ts) and CSS import from root layout

    • Removed react-feather type declarations

    • Added a custom GitHubIcon SVG component for the GitHub logo (not available in lucide-react)

    • Updated icon CSS from font-size/margin-right patterns to width/height/flexbox for proper SVG alignment

    • Removed FontAwesome mock from test setup

  • #385 d259248 Thanks @jonathansick! - Migrate mock API routes from Pages Router to App Router

    Migrated all 12 development mock API routes from Pages Router (pages/api/dev/) to App Router Route Handlers (src/app/api/dev/):

    • Authentication routes: user-info, login, logout

    • Times Square pages routes: page list, page metadata, HTML content, HTML status, and SSE events

    • Times Square GitHub routes: directory tree and slug-based page lookup

    • Times Square GitHub PR routes: PR metadata and PR page preview

    Key changes:

    • Replaced NextApiRequest/NextApiResponse with Web API Request/Response and NextResponse

    • Converted SSE streaming from Node.js res.write() to Web Streams API (ReadableStream)

    • Dynamic route params now use Promise-based access (Next.js 15+ pattern)

    • Deleted the src/pages/api/dev/ directory entirely

  • #364 7c7123a Thanks @dependabot! - Bump msw from 2.12.4 to 2.12.7

  • #341 dda7c4b Thanks @dependabot! - Bump next from 15.5.7 to 15.5.12

  • #396 cf7bd89 Thanks @dependabot! - Bump playwright from 1.57.0 to 1.58.1 in the playwright group

  • #385 a713c75 Thanks @jonathansick! - Post-migration cleanup: remove SWR, migrate next/router references

    • Removed swr dependency (fully replaced by TanStack Query)

    • Migrated all next/router references to next/navigation in test setup, TokenHistoryView tests, and NewTokenPage Storybook story

    • Updated Storybook story parameters from Pages Router router/query format to App Router navigation/searchParams format

    • Updated CLAUDE.md and .github/copilot-instructions.md to reflect App Router-only architecture, RSC config patterns, and TanStack Query

  • #345 df80f21 Thanks @dependabot! - Bump react-day-picker from 9.11.2 to 9.13.0

  • #342 4c8991c Thanks @dependabot! - Bump react-dom from 19.2.1 to 19.2.4

  • #345 df80f21 Thanks @dependabot! - Bump react-hook-form from 7.66.1 to 7.71.1

  • #342 4c8991c Thanks @dependabot! - Bump react from 19.2.1 to 19.2.4

  • #336 bf8e71a Thanks @copilot-swe-agent! - Add TypeScript interfaces for Sentry configuration type safety. Introduces a shared SentryConfig interface in the config loader and uses it in _document.tsx to replace any types, improving type safety and removing biome-ignore lint suppressions.

  • #344 a9c0c82 Thanks @dependabot! - Bump storybook from 10.1.4 to 10.1.11

  • #345 df80f21 Thanks @dependabot! - Bump swr from 2.3.6 to 2.3.8

  • #362 b9c6ec6 Thanks @dependabot! - Bump turbo from 2.6.3 to 2.8.3

  • #361 3914272 Thanks @dependabot! - Bump yaml from 2.8.1 to 2.8.2

  • Updated dependencies [0a774e8, b2ab600, dd3a96b, 65ba6a5, 643b9cb, 8d837f6, 49e148f, 5d29200, 5dba6a8]:

    • @lsst-sqre/semaphore-client@0.2.0

    • @lsst-sqre/repertoire-client@0.2.0

    • @lsst-sqre/gafaelfawr-client@1.0.0

    • @lsst-sqre/times-square-client@1.0.0

    • @lsst-sqre/squared@0.13.0

0.30.0#

Minor Changes#

  • #323 e033943 Thanks @jonathansick! - Migrate BroadcastBanner button to squared Button component

  • #325 7109e44 Thanks @jonathansick! - Add Card, CardGroup, and Note components to squared package

    New components for documentation and content display:

    • Card: A content card with shadow and hover border when wrapped in links. Uses CSS Modules with design tokens.

    • CardGroup: A responsive CSS Grid container for Card components with configurable minCardWidth and gap props.

    • Note: A callout/note container with floating badge. Supports four types with distinct colors: note (red), warning (orange), tip (green), and info (blue).

    The squareone docs page now imports these components from squared instead of using local styled-components implementations. This is part of the ongoing styled-components to CSS Modules migration.

  • #331 b71c274 Thanks @jonathansick! - Migrate static page components from styled-components to CSS Modules

    This change converts the following component groups to CSS Modules styling:

    Layout Core Components

    • Page - Main page wrapper component

    • MainContent - Content area wrapper

    • WideContentLayout - Full-width content layout

    Header Components

    • Header - Main site header

    • HeaderNav - Navigation links in header

    • PreHeader - Above-header section

    • Login - User login/logout controls

    Footer Components

    • Footer - Main site footer

    • FooterComponents - Footer sub-components (social links, copyright)

    Sidebar Components

    • Sidebar - Sidebar container

    • SidebarLayout - Layout with sidebar

    • SidebarNavItem - Individual navigation items

    • SidebarNavSection - Navigation section groupings

    • MobileMenuToggle - Mobile menu hamburger button

    Homepage Components

    • HomepageHero - Landing page hero section

    • FullBleedBackgroundImageSection - Full-width background image sections

    Typography Components

    • Typography - Text styling components

    Static Page Components

    • Section - Content section component used in docs and support pages

    This migration moves the squareone app closer to eliminating styled-components in favor of CSS Modules with design tokens, improving consistency with the squared component library architecture.

  • #332 d61c458 Thanks @jonathansick! - Migrate Times Square components from styled-components to CSS Modules

    This change completes the CSS Modules migration for all Times Square notebook execution components, replacing styled-components with CSS Modules and design tokens.

    Times Square App Layout

    • TimesSquareApp - Main app layout wrapper

    • Sidebar - Times Square sidebar with navigation

    GitHub Navigation Components

    • TimesSquareGitHubNav - File tree navigation

    • Directory - Directory entries with expandable folders

    • Page - Notebook page entries with current state highlighting

    • TimesSquareMainGitHubNavClient - Main branch navigation container

    • TimesSquarePrGitHubNavClient - PR preview navigation container

    GitHub PR Badge Components

    • GitHubPrBadge - PR state badges with dynamic colors

    • GitHubPrTitle - PR header with title and subtitle

    • GitHubCheckBadge - CI check status badges

    Notebook Viewer Components

    • TimesSquareNotebookViewerClient - Notebook iframe viewer

    • ParameterInput - Form input wrapper with labels

    • StringInput - Text input with error state styling

    • TimesSquareParametersClient - Parameter form container

    Page Panel Components

    • TimesSquareGitHubPagePanel - Page info container

    • TimesSquareGitHubPagePanelClient - Client-side page panel

    • ExecStats - Execution statistics and recompute button

    • GitHubEditLink - Link to edit notebook on GitHub

    • IpynbDownloadLink - Notebook download link

    Page Files

    • GitHub PR landing page ([commit].tsx)

    Button Migration

    Replaced the custom Button component with @lsst-sqre/squared Button component, using appropriate variants (appearance="outline", tone="danger", size="sm"). The old Button/ component directory has been deleted.

    Dynamic Styling Patterns

    • Uses clsx for conditional classes (current page highlighting, error states)

    • Uses CSS custom properties for dynamic colors (PR state colors)

    • Uses inline styles for computed color values (check badge colors)

Patch Changes#

  • #329 8f01ffc Thanks @dependabot! - Bump @storybook/addon-a11y from 10.0.8 to 10.1.3

  • #329 8f01ffc Thanks @dependabot! - Bump @storybook/addon-docs from 10.0.8 to 10.1.3

  • #329 8f01ffc Thanks @dependabot! - Bump @storybook/addon-links from 10.0.8 to 10.1.3

  • #329 8f01ffc Thanks @dependabot! - Bump @storybook/addon-onboarding from 10.0.8 to 10.1.3

  • #329 8f01ffc Thanks @dependabot! - Bump @storybook/addon-themes from 10.0.8 to 10.1.3

  • #329 8f01ffc Thanks @dependabot! - Bump @storybook/addon-vitest from 10.0.8 to 10.1.3

  • #330 2a03f41 Thanks @dependabot! - Bump @turbo/gen from 2.6.1 to 2.6.3

  • #339 827d024 Thanks @jonathansick! - Fix API rate limit time window description

    Updated the rate limit description in QuotasView to correctly state that API rate limits are measured over a 60 second window (reset every minute) instead of the previous incorrect 15 minute window description.

  • #323 f767cf1 Thanks @jonathansick! - Fix BroadcastBanner button baseline alignment

  • #328 8001bac Thanks @dependabot! - Bump eslint-config-next from 15.5.6 to 15.5.7 in the nextjs group

  • #330 2a03f41 Thanks @dependabot! - Bump eslint-config-turbo from 2.6.1 to 2.6.3

  • #334 3fc5955 Thanks @jonathansick! - Migrate from next/legacy/image to next/image

    Upgraded the remaining Image components from the legacy next/legacy/image import to the modern next/image component. This is part of the Next.js 15 upgrade to remove deprecated APIs.

    Components updated:

    • PreHeader - Header logo image

    • Footer - Agency partner logos

    • FooterComponents - PartnerLogos MDX component

    Changes:

    • Replaced import Image from 'next/legacy/image' with import Image from 'next/image'

    • Added responsive styling with style={{ maxWidth: '100%', width: 'auto', height: 'auto' }} to maintain aspect ratios

    • Both width and height set to 'auto' to satisfy Next.js 13+ Image component requirements

    The SidebarLayout component had minor whitespace cleanup.

  • #334 611bf95 Thanks @jonathansick! - Migrate to modern next/Link behavior

    Removed the legacyBehavior prop from Next.js Link components across the application. This is part of the Next.js 15 upgrade to use the modern Link API.

    Components updated:

    • HeaderNav - Internal navigation trigger links

    • TimesSquareGitHubNav/Page - Page links in the GitHub navigation sidebar

    Changes:

    • Removed legacyBehavior and passHref props from Link components

    • Updated InternalTriggerLink to use PrimaryNavigation.TriggerLink with asChild pattern, passing the active state to support active link styling

  • #321 24c8c39 Thanks @dependabot! - Bump next from 15.5.6 to 15.5.7

  • #327 2cd11b4 Thanks @dependabot! - Bump react-dom from 19.2.0 to 19.2.1

  • #327 2cd11b4 Thanks @dependabot! - Bump react from 19.2.0 to 19.2.1

  • #333 b603d1e Thanks @jonathansick! - Remove deprecated amp config inherited from defaultConfig

    The Next.js config was spreading defaultConfig which included the deprecated amp configuration option. This caused deprecation warnings during builds. The fix removes the unnecessary defaultConfig spread since Next.js applies sensible defaults automatically, and we only need to specify our custom configuration options.

  • #335 6085ca2 Thanks @jonathansick! - Remove styled-components dependency from squareone

    This completes the CSS Modules migration by removing all styled-components configuration, dependencies, and documentation references from the monorepo.

    Code Changes

    • Remove ServerStyleSheet SSR configuration from _document.tsx (Sentry config injection retained)

    • Remove styledComponents: true compiler option from next.config.js

    • Remove styled-components module declaration from src/types/index.d.ts

    • Remove styled-components and @types/styled-components dependencies from package.json

    Documentation Updates

    • Update CLAUDE.md, README.md, and .github/copilot-instructions.md to reflect CSS Modules as the standard styling approach

    • Remove styled-components RST reference from docs epilog

    Development Tooling

    • Remove styled-components VS Code extension from .devcontainer/devcontainer.json

    • Update Storybook decorator comment (GlobalStyles is CSS-based, not styled-components)

    All styling in both the squared package and squareone app now uses CSS Modules.

  • #330 2a03f41 Thanks @dependabot! - Bump turbo from 2.6.1 to 2.6.3

  • Updated dependencies [2bb920e, 7109e44, 611bf95]:

    • @lsst-sqre/squared@0.12.0

0.29.0#

Minor Changes#

  • #302 f2a2796 Thanks @jonathansick! - Add MDX-configurable footer

    The page footer can now be customized using MDX content. This enables deployments to customize footer content (contact information, legal notices, institutional links) without code changes. The new footerMdxPath configuration sets the path to the footer MDX file relative to mdxDir (defaults to footer.mdx).

  • #302 8fa6d87 Thanks @jonathansick! - Add runtime-configurable header logo

    The header logo can now be customized at runtime through the AppConfig system, enabling per-deployment branding without code changes. The custom header can be an external image URL (headerLogoUrl configuration), or embedded base64-encoded image data (headerLogoData + headerLogoMimeType configurations). When using custom logos, headerLogoWidth and headerLogoHeight must be provided to ensure correct display dimensions.

Patch Changes#

0.28.5#

Patch Changes#

  • #295 8190c5a Thanks @jonathansick! - Adopt Biome as primary code formatter

    Replaced Prettier with Biome for formatting JavaScript, TypeScript, JSON, and CSS files. Biome provides faster formatting with better tooling integration while maintaining the same code style. Prettier is retained exclusively for YAML file formatting.

    Key changes:

    • Added Biome configuration matching existing Prettier formatting rules

    • Updated CI workflow to check Biome formatting

    • Configured VSCode to use Biome as the default formatter

    • Updated pre-commit hooks (lint-staged) to run Biome

    • Applied Biome formatting across the entire codebase

    • Cleaned up unused imports exposed by Biome’s import organization

    Developer impact:

    • Formatting commands changed: Use pnpm run biome:format instead of pnpm run format

    • VSCode will now use Biome for auto-formatting JavaScript/TypeScript files

    • YAML files continue to use Prettier formatting

    • package.json files are intentionally excluded from automatic formatting to avoid conflicts with pnpm and dependabot

  • #298 4f37d09 Thanks @jonathansick! - Add Biome linting alongside ESLint for comprehensive code quality

    Enabled Biome’s linting capabilities to complement the existing ESLint setup, creating a hybrid approach that leverages the strengths of both tools.

    Biome linting features:

    • Fast, modern linting for JavaScript/TypeScript/JSON/CSS

    • All recommended rule groups enabled (accessibility, complexity, correctness, performance, security, style, suspicious)

    • Severity-based exit behavior: errors block builds, warnings are visible but non-blocking

    • Integrated with the same biome check command used for formatting

    Linting strategy:

    • Biome provides fast feedback for common issues with auto-fix capabilities

    • ESLint continues to run via Turborepo for comprehensive rule coverage and framework-specific rules

    • Both tools run in CI for thorough code quality validation

    Code quality improvements:

    • Resolved 152 Biome linting violations across the codebase

    • Fixed unused variables and unreachable code

    • Replaced any types with unknown or proper types for better type safety

    • Fixed accessibility issues (ARIA roles, button types, semantic elements)

    • Eliminated unnecessary code fragments and shadowed restricted names

    • Added missing React imports for JSX transform compatibility

    Developer impact:

    • Use pnpm biome:lint for fast local linting with auto-fix

    • Use pnpm lint for comprehensive ESLint checks via Turborepo

    • Both checks run in CI and pnpm localci for pre-push validation

    • VSCode configured to show Biome diagnostics in real-time

  • #298 4f37d09 Thanks @jonathansick! - Improve CI validation with better tooling and local testing

    Enhanced the GitHub Actions CI workflow and local development validation to catch issues earlier and provide better feedback:

    New validation tools:

    • Docker version validation ensures Dockerfile versions match package.json before builds

    • Prettier YAML formatting check catches configuration file formatting issues

    • Biome formatting and linting integrated into CI pipeline

    localci improvements:

    • Comprehensive local CI simulation matching production workflow exactly

    • Execution order mirrors CI: Docker validation → formatting → linting → type-check → tests → build

    • Catches all CI issues locally before pushing

    CI workflow enhancements:

    • Renamed linting steps for clarity (“ESLint” instead of generic “Lint”)

    • Proper Biome severity handling: errors fail builds, warnings are visible but non-blocking

    • Optimized type-check dependencies to enable better parallelization

    Developer impact:

    • Run pnpm localci to validate changes exactly as CI will before pushing

    • Earlier detection of Docker version mismatches

    • YAML formatting validation prevents workflow file issues

    • Faster feedback loop with local validation matching CI behavior

  • #299 62a81bc Thanks @dependabot! - Bump glob from 11.0.3 to 12.0.0

  • #297 67085a9 Thanks @dependabot! - Bump js-yaml from 4.1.0 to 4.1.1 in the security-patch group across 1 directory

  • #295 8190c5a Thanks @jonathansick! - Automate Playwright browser installation in CI

    Added automatic Playwright browser installation script that runs during CI setup. This eliminates manual browser installation steps and ensures the correct browser versions are always available for testing.

    The installation script detects the CI environment and automatically installs Playwright browsers when needed, improving CI reliability and reducing setup complexity.

  • Updated dependencies [8190c5a, 4f37d09]:

    • @lsst-sqre/squared@0.11.1

0.28.4#

Patch Changes#

  • #259 ba1633c Thanks @dependabot! - Bump @radix-ui/react-label from 2.1.7 to 2.1.8

  • #259 ba1633c Thanks @dependabot! - Bump @radix-ui/react-visually-hidden from 1.2.3 to 1.2.4

  • #263 f0f29ef Thanks @dependabot! - Bump @sentry/nextjs from 10.8.0 to 10.25.0 in the sentry group

  • #279 fc4e806 Thanks @dependabot! - Bump @storybook/addon-a11y from 10.0.6 to 10.0.7

  • #279 fc4e806 Thanks @dependabot! - Bump @storybook/addon-docs from 10.0.6 to 10.0.7

  • #279 fc4e806 Thanks @dependabot! - Bump @storybook/addon-links from 10.0.6 to 10.0.7

  • #279 fc4e806 Thanks @dependabot! - Bump @storybook/addon-onboarding from 10.0.6 to 10.0.7

  • #279 fc4e806 Thanks @dependabot! - Bump @storybook/addon-themes from 10.0.6 to 10.0.7

  • #279 fc4e806 Thanks @dependabot! - Bump @storybook/addon-vitest from 10.0.6 to 10.0.7

  • #279 fc4e806 Thanks @dependabot! - Bump @storybook/nextjs-vite from 10.0.6 to 10.0.7

  • #279 fc4e806 Thanks @dependabot! - Bump @storybook/react-vite from 10.0.6 to 10.0.7

  • #255 5a7c20e Thanks @dependabot! - Bump @testing-library/jest-dom from 6.8.0 to 6.9.1 in the testing-library group

  • #273 28644d0 Thanks @dependabot! - Bump @turbo/gen from 2.6.0 to 2.6.1

  • #287 b145d65 Thanks @dependabot! - Bump @types/node from 24.10.0 to 24.10.1

  • #252 4fa4584 Thanks @dependabot! - Bump @types/react-dom from 19.1.9 to 19.2.3

  • #252 4fa4584 Thanks @dependabot! - Bump @types/react from 19.1.12 to 19.2.3

  • #261 fe635ef Thanks @dependabot! - Bump @types/styled-components from 5.1.34 to 5.1.35 in the styling group

  • #262 1cff726 Thanks @dependabot! - Bump @vitejs/plugin-react from 5.0.2 to 5.1.0 in the build-tools group

  • #246 dc8cc3f Thanks @jonathansick! - Update Node.js from 22.13.0 to 22.21.1

    This infrastructure update brings the latest LTS improvements, bug fixes, and security patches from Node.js 22. Updated in:

    • .nvmrc for local development environment

    • apps/squareone/Dockerfile for production Docker builds

    • GitHub Actions workflows automatically use the .nvmrc version

    Developers should run nvm use to switch to the new Node.js version locally.

  • #246 2af16dd Thanks @jonathansick! - Pre-install pnpm in Docker base image to eliminate startup download

    The Dockerfile now uses corepack prepare pnpm@10.20.0 --activate in the base stage to download and cache pnpm during the image build. This eliminates the “Corepack is about to download…” message and network request that previously occurred on every container startup.

    This improves container startup time and reliability, especially in environments with restricted network access.

  • #246 8158829 Thanks @jonathansick! - Use local turbo via pnpm in Dockerfile

    The Dockerfile now uses pnpm dlx turbo@2.6.0 instead of a globally installed turbo package. This:

    • Removes the npm install -g turbo step from the base image

    • Uses the exact turbo version (2.6.0) consistently via pnpm dlx

    • Copies the scripts/ directory to ensure turbo-wrapper.js is available for remote caching

    • Aligns Docker builds with the local development workflow that uses pnpm scripts

    This change makes the Docker build process more consistent with local development and reduces the base image size.

  • #270 26789ea Thanks @dependabot! - Bump eslint-config-next from 15.5.2 to 15.5.6

  • #273 28644d0 Thanks @dependabot! - Bump eslint-config-turbo from 2.5.6 to 2.6.1

  • #279 fc4e806 Thanks @dependabot! - Bump eslint-plugin-storybook from 10.0.6 to 10.0.7

  • #281 a79fd1f Thanks @dependabot! - Bump formik from 2.4.6 to 2.4.9

  • #260 3c86dc3 Thanks @dependabot! - Bump lightningcss-cli from 1.30.1 to 1.30.2

  • #260 3c86dc3 Thanks @dependabot! - Bump lightningcss from 1.30.1 to 1.30.2

  • #265 02a9457 Thanks @dependabot! - Bump msw from 2.12.0 to 2.12.1

  • #294 a88c2b0 Thanks @jonathansick! - Enable “next” image tag for changeset release previews

    The CI workflow now builds and pushes Docker images with a special “next” tag when the changeset-release/main branch is updated. This allows developers and managers to preview the next version before merging the “Version Packages” PR.

    Previously, the workflow would only build images for the changeset-release branch without pushing them to the registry. Now:

    • Images are pushed to ghcr.io with both the branch-derived tag and the “next” tag

    • The “next” tag can be used to deploy and test the upcoming version in staging environments

    • Other changeset-release branches (non-main) remain build-only

    This improves the release preview workflow by making pre-release images easily accessible via a stable tag name.

  • #270 26789ea Thanks @dependabot! - Bump next-plausible from 3.12.4 to 3.12.5

  • #270 26789ea Thanks @dependabot! - Bump next-themes from 0.2.1 to 0.4.6

  • #270 26789ea Thanks @dependabot! - Bump next from 15.5.2 to 15.5.6

  • #291 5027c65 Thanks @jonathansick! - Bump playwright from 1.55.0 to 1.56.1

  • #252 4fa4584 Thanks @dependabot! - Bump react-dom from 19.1.1 to 19.2.0

  • #264 a266241 Thanks @dependabot! - Bump react-hook-form from 7.62.0 to 7.66.0

  • #252 4fa4584 Thanks @dependabot! - Bump react from 19.1.1 to 19.2.0

  • #250 eff9f7a Thanks @jonathansick! - Align dependency versions across packages to prepare for Dependabot groups

    • Update eslint-config-next from 12.2.4 to 15.5.0 in eslint-config package

    • Standardize eslint to 8.46.0 across squared and squareone packages

    • Update swr from 2.2.1 to 2.3.6 in squared package

    • Update @fortawesome/react-fontawesome from 0.2.0 to 0.2.2 in squareone package

    These version alignments eliminate inconsistencies that could cause conflicts when Dependabot groups are enabled for coordinated dependency updates.

  • #269 c2de825 Thanks @jonathansick! - Upgrade to Storybook 10.0.6

    • Migrated both squared and squareone Storybook configurations to Storybook 10.0.6

    • Updated all Storybook addons and dependencies to v10

    • Applied ESM migration with standardized import.meta.resolve() for addon resolution

    • Added a11y testing configuration with ‘todo’ mode (shows violations without failing CI)

    • Improved vitest integration with a11y addon annotations in squared package

  • #279 fc4e806 Thanks @dependabot! - Bump storybook from 10.0.6 to 10.0.7

  • #273 28644d0 Thanks @dependabot! - Bump turbo from 2.6.0 to 2.6.1

  • #287 b145d65 Thanks @dependabot! - Bump typescript from 5.9.2 to 5.9.3

  • #246 33f3a82 Thanks @jonathansick! - Update Turborepo from 2.5.6 to 2.6.0

    This infrastructure update brings the latest improvements and bug fixes from Turborepo 2.6.0. Updated packages:

    • turbo from 2.5.6 to 2.6.0

    • @turbo/gen from 1.13.4 to 2.6.0

    The global turbo installation has been removed as it’s not needed for this monorepo workflow - all commands use the local installation via turbo-wrapper.js.

  • #246 8ddc6f3 Thanks @jonathansick! - Update pnpm from 10.12.1 to 10.20.0

    This infrastructure update improves package management performance and includes the latest bug fixes and security patches. The pnpm version is managed via corepack and specified in the root package.json.

  • Updated dependencies [5027c65, eff9f7a, c2de825]:

    • @lsst-sqre/squared@0.11.0

0.28.3#

Patch Changes#

  • #247 868aaeca5ce61b31cf099c132ae36cd3a70f0f82 Thanks @jonathansick! - Filter available scopes in token creation form based on user’s authentication token

    The token creation form now filters the available scopes to only show scopes that the user’s current authentication token possesses. This prevents users from attempting to create tokens with scopes they don’t have access to, providing a better user experience and clearer security boundaries. Changes:

    • Modified /settings/tokens/new page to filter loginInfo.config.scopes by loginInfo.scopes

    • Updated NewTokenPage Storybook story to match implementation and added a new LimitedScopes story demonstrating the filtering behavior

0.28.2#

Patch Changes#

0.28.1#

Patch Changes#

  • #242 5641bc3b4b3e704d0cc489b3db909ee0b43fe317 Thanks @jonathansick! - Improve dark mode accessibility and color system

    Enhanced dark mode support across components with improved text contrast for better accessibility:

    • Fixed button text visibility in dark theme (secondary buttons)

    • Fixed ClipboardButton success text contrast

    • Fixed DateTimePicker calendar hover states and year input backgrounds

    • Fixed TokenHistory hover text contrast

    • Improved token key text contrast in TokenDetailsView

    • Enhanced footer and general link contrast with blue-300 color

    • Adapted dropdown shadows for better dark mode visibility

    • Consolidated navigation menu viewport styling

    Added complete color ramps to design tokens:

    • Added missing primary color shades (primary-300, primary-400, primary-600, primary-700)

    • Added complete gray color scale (gray-100 through gray-900)

    • Added text-light token for improved light text on dark backgrounds

    These changes ensure WCAG AA compliance for text contrast in both light and dark themes.

  • #242 5641bc3b4b3e704d0cc489b3db909ee0b43fe317 Thanks @jonathansick! - Fix sidebar layout footer positioning

    Corrected footer positioning issues in SidebarLayout component to ensure the footer properly anchors to the bottom of the layout in all viewport sizes.

  • #242 5641bc3b4b3e704d0cc489b3db909ee0b43fe317 Thanks @jonathansick! - Add dark theme support to Storybook

    Added dark theme background support to both squareone and squared Storybook configurations, enabling proper testing and development of components in dark mode. This includes setting up the appropriate CSS custom properties for dark theme backgrounds in Storybook preview environments.

  • #242 5641bc3b4b3e704d0cc489b3db909ee0b43fe317 Thanks @jonathansick! - Fix TokenForm scope selector layout and focus behavior

    Replaced CSS columns with CSS Grid layout in TokenForm’s ScopeSelector to fix focus ring fragmentation issues. The Grid layout provides better control over item positioning and prevents focus rings from being split across column breaks, improving keyboard navigation accessibility.

  • Updated dependencies [5641bc3b4b3e704d0cc489b3db909ee0b43fe317, 5641bc3b4b3e704d0cc489b3db909ee0b43fe317, 5641bc3b4b3e704d0cc489b3db909ee0b43fe317]:

    • @lsst-sqre/squared@0.10.1

    • @lsst-sqre/rubin-style-dictionary@0.7.0

    • @lsst-sqre/global-css@0.2.4

0.28.0#

Minor Changes#

  • #237 af2ef1a46ed362af3aed65e4f212ec0f4d556cd8 Thanks @jonathansick! - Add MDX content support to Account settings page

    The Account settings page (/settings) now uses MDX for its content instead of hardcoded placeholder text. This enables deployments to customize account management instructions and external links via ConfigMaps.

    Key changes:

    • Account page loads content from settings__index.mdx using the existing MDX content system

    • Includes error handling with fallback content when MDX file is unavailable

    • Default content includes sections for account management, identity providers, and personal information

    • Uses Lede and CtaLink components for consistent styling

    • Deployments can provide custom MDX files via mdxDir configuration to include deployment-specific URLs and instructions for their account management systems (COManage, etc.)

  • #240 a387930a65aecb397b22c8d275c8d9f31bbfd156 Thanks @jonathansick! - Add Quotas page for viewing user resource limits

    A new Quotas page is now available at /settings/quotas that displays user quota allocations from Gafaelfawr for notebook servers, API rate limits, and TAP concurrent query limits.

    New features:

    • QuotasView component: Displays quota information organized into three conditional sections:

      • Notebooks section: Shows CPU cores, memory (GB), and spawning status (only displayed when disabled)

      • Rate limits section: Shows API request quotas per service in a 15-minute window

      • Concurrent queries section: Shows TAP database query limits per service

    • Settings navigation: Added “Quotas” link to the settings sidebar between “Access tokens” and “Sessions”

    • Deep linking: Each section has an anchor tag for direct linking (#notebook, #rate-limit, #tap)

    • Empty states: Sections are omitted when no data is available; “Not configured” message shown if entire quota object is missing

  • #228 f5ec250ce28a0f2185aadd916608161f830318bb Thanks @jonathansick! - Add session tokens management pages

    Implements a new /settings/sessions section for viewing and managing web sessions, notebook sessions, and internal tokens. This feature provides users with a unified interface to monitor and control their active sessions across the platform.

    New pages:

    • /settings/sessions main page: Tab-based UI using the new Tabs component for type-based filtering with URL state management. ?type= query parameter persists selected tab.

    • /settings/sessions/history page: Displays change history for sessions with tab-based navigation and filter persistence.

    • /settings/sessions/[id] details page: Shows detailed information for individual session tokens with edit/delete capabilities.

    New components:

    • SessionTokensView component: Displays tokens by type (web sessions, notebook sessions, internal tokens) with filtering, loading states, and error handling

    • SessionTokenItem component: Individual token card showing metadata (creation date, expiration, host), with delete functionality

Patch Changes#

  • #237 d1a05ef7e32c9a20f38eeb7e36a384aeea21c69e Thanks @jonathansick! - Simplify user menu to show only Settings and Log out

    The user menu has been streamlined to display only two essential items:

    • Settings - Links to /settings page for all account and token management

    • Log out - Logs user out with proper redirect handling

    This change removes the conditional external “Account settings” link and consolidates the “Access tokens” link into a general “Settings” link. All settings pages remain accessible through the sidebar navigation at /settings, including:

    • Account settings (/settings)

    • Access tokens (/settings/tokens)

    • Sessions (/settings/sessions)

    This simplification improves the user experience by reducing menu clutter while maintaining full access to all functionality through the settings section.

  • #241 7b013336c51bc891a4470a90a01bbcb58528fdaf Thanks @jonathansick! - Fix token creation error display for validation errors

    Resolved Sentry SQUAREONE-26: Fixed a crash that occurred when the Gafaelfawr API returned Pydantic validation errors during token creation. Previously, validation error objects were rendered directly in React, causing “Objects are not valid as a React child” errors.

  • Updated dependencies [1d8161aa169c159762e28b0e3c1afaea5514ef15, 0e49cf80e8be37ffca6e7897ba07aa91881e7be3, bf0a8e50a321874abe551ad148255b7546680f31]:

    • @lsst-sqre/squared@0.10.0

0.27.0#

Minor Changes#

0.26.1#

Patch Changes#

0.26.0#

Minor Changes#

  • #205 362b05ea70a859f982c01fd129328d126816dfba Thanks @jonathansick! - Adopted @storybook/addon-vitest for improved testing performance and browser-based testing

    • Run pnpm test-storybook to execute Storybook tests using Vitest

  • #208 f6c8b474823fa07ed0940205858cd209bf67f2a6 Thanks @jonathansick! - Fixed hydration mis-match warnings with the UserMenu

  • #208 f6c8b474823fa07ed0940205858cd209bf67f2a6 Thanks @jonathansick! - Add comprehensive sidebar layout system and settings pages

    • New sidebar navigation page layout::

      • SidebarLayout: Responsive layout component with mobile-first design, CSS Grid on desktop, and flexbox on mobile

      • MobileMenuToggle: Hamburger menu component with accessibility features and smooth animations

      • Sidebar: Navigation sidebar with sticky positioning and structured navigation sections

      • SidebarNavItem: Individual navigation items with hover, active, and focus states

      • SidebarNavSection: Grouped navigation with optional section labels

    • Settings pages implementation:

      • SettingsLayout: Settings-specific layout using the sidebar system with dynamic navigation

      • Pages: Account (/settings/), and Access Tokens (/settings/tokens)

      • Complete server-side rendering with proper getServerSideProps implementation

  • #210 98a4d6560c08a72ba52be6d9e8017e89f7df2cbb Thanks @jonathansick! - Configure Next.js to transpile squared package

    Added the @lsst-sqre/squared package to Next.js transpilePackages configuration to support the new build system that exports TypeScript source directly.

  • #220 43a98d2009568d1b1b4f7d2fa2c641fcb6c18374 Thanks @jonathansick! - Add comprehensive token change history viewing

    Implements a complete token change history system that allows users to view the full audit trail of changes to their Gafaelfawr access tokens:

    New Components:

    • TokenHistoryView - Main view with filters, summary stats, and paginated history list

    • TokenHistoryFilters - Date range and event type filtering with URL state persistence

    • TokenHistoryList - Infinite scroll pagination for history entries

    • TokenHistoryItem - Individual change entry display with action-specific formatting

    • TokenHistoryDetails - Detailed change information with before/after comparisons

    • TokenHistorySummary - Statistics panel showing total changes, first/last activity

    • TokenScopeBadge - Visual badges for token scopes

    • TokenScopeChangeBadge - Diff display for scope modifications (added/removed)

    New Hooks:

    • useTokenChangeHistory - SWR-based infinite pagination for change history API

    • useTokenHistoryFilters - URL-based state management for filters

    • useTokenDetails - Fetch individual token details from Gafaelfawr API

    New Pages:

    • /settings/tokens/history - Global token change history for all user tokens

    • /settings/tokens/[id] - Individual token details with dedicated history view

    Features:

    • Infinite scroll pagination with “Load more” button

    • Date range filtering with DateTimePicker integration

    • Event type filtering (creation, revocation, expiration, scope changes, etc.)

    • URL-based filter state (shareable/bookmarkable filtered views)

    • Local timezone support with ISO 8601 format for all timestamps

    • Graceful handling of deleted tokens (shows history even when token no longer exists)

    • Responsive design with proper loading and error states

    • Comprehensive test coverage for all components and hooks

    This feature provides complete visibility into token lifecycle events, helping users understand token usage patterns and security-relevant changes.

  • #216 7238f2ede9e3c1838311bea84d2c3c065be2ad13 Thanks @jonathansick! - Add comprehensive token creation workflow

    Implements a full-featured token creation system including:

    • New /settings/tokens/new page with form interface

    • Token name validation to prevent duplicates

    • Scope selection with configurable available scopes

    • Flexible expiration options (preset durations and custom dates)

    • Query parameter support for pre-filling form values from URL templates

    • Integration with Gafaelfawr token API for token creation

    • Success modal displaying newly created tokens with copy functionality

    • Enhanced navigation with “Access Tokens” link in settings

    This feature enables users to create personal access tokens with appropriate scopes and expiration settings through a guided interface.

  • #220 43a98d2009568d1b1b4f7d2fa2c641fcb6c18374 Thanks @jonathansick! - Add token details page and enhance token management UI

    New Features:

    • Individual token details page at /settings/tokens/[id] showing comprehensive token information

    • TokenDetailsView component with metadata display (scopes, creation date, expiration, parent info)

    • Clickable token IDs throughout the UI that link to token details pages

    • “View history” button on main tokens page for quick access to change history

    • Standalone TokenDate component for consistent date/time formatting across views

    Improvements:

    • Removed confusing “Last used” date displays (data reliability issues)

    • Fixed token created date incorrectly showing as “Expired”

    • Better visual hierarchy in token listings with clickable elements

    • Consistent ISO 8601 timestamp display with relative time formatting

    • Proper handling of undefined/null token fields from API

    • Integration with token history viewing workflow

    Components:

    • TokenDetailsView - Full token information display with action buttons

    • TokenDate - Reusable date formatting component with semantic HTML time elements

    • Enhanced AccessTokenItem with clickable token ID links

    • Date formatter utilities for consistent timestamp handling

    This update improves the token management experience by providing dedicated detail views and clearer navigation between token information and change history.

  • #217 8c5de054db869e7d02942e6c23ceaccab4f260bc Thanks @jonathansick! - Add token viewing and deletion functionality

    Implements comprehensive token management capabilities including:

    • New AccessTokensView component displaying user’s existing tokens

    • AccessTokenItem component with semantic HTML time elements for dates

    • Token deletion workflow with confirmation modal

    • useDeleteToken hook for API integration with Gafaelfawr

    • Date formatting utilities with relative time display

    • Integration into /settings/tokens page alongside token creation

    • Proper handling of undefined/null token fields from API

    Users can now view their existing access tokens, see expiration and last-used dates, and delete tokens through a confirmation workflow. The interface provides clear visual feedback and follows the application’s design system.

Patch Changes#

0.25.0#

Minor Changes#

  • #200 279dbcb6352839f434a729cccdd9d12f74cf7eac Thanks @jonathansick! - Upgrade Next.js to version 15.5.0

    This is a major version upgrade from Next.js 14.x to 15.5.0, which includes:

    • New App Router improvements and features (although Squareone remains on the pages router)

    • Breaking changes in build system and runtime behavior (turbopack)

    • Updated instrumentation configuration

    • Performance improvements

    This upgrade may require configuration updates in consuming applications.

  • #200 279dbcb6352839f434a729cccdd9d12f74cf7eac Thanks @jonathansick! - Upgrade Node.js to version 22.13.0 LTS

    Updated the Node.js runtime requirement from 18.x to 22.x LTS, which includes:

    • Latest LTS stability and security improvements

    • Updated build toolchain and CI environment

    • Improved performance and new language features

    This change updates the development environment and deployment requirements.

  • #200 279dbcb6352839f434a729cccdd9d12f74cf7eac Thanks @jonathansick! - Upgrade React to version 19.1.1

    This is a major version upgrade from React 18.x to React 19.1.1, which includes:

    • New React 19 features and improvements

    • Updated TypeScript types for React 19

    • Breaking changes that may affect consumers

    This upgrade requires peer dependency updates in consuming applications.

  • #200 279dbcb6352839f434a729cccdd9d12f74cf7eac Thanks @jonathansick! - Upgrade Storybook to version 9.1.3

    This is a major version upgrade from Storybook 7.x to 9.1.3, which includes:

    • New Storybook 9 features and testing capabilities

    • Updated addon ecosystem and configuration

    • Breaking changes in story format and testing utilities

    • Improved performance and build system

    • Migration from deprecated addons to new alternatives

    This upgrade includes configuration changes and may require story updates in consuming projects.

Patch Changes#

0.24.0#

Minor Changes#

  • #197 410c0329d2915b61763937977dd9e3a5c7a5e60c Thanks @jonathansick! - MDX content is now sourced from individual files, rather than as keys in the app configuration. The files are named after the page they correspond to. The MDX content directory is flat, with __ standing in for a path separator. The directory that MDX is sourced from is configured via the mdxDir field in the configuration YAML.

  • #197 410c0329d2915b61763937977dd9e3a5c7a5e60c Thanks @jonathansick! - Replaced next/config and getInitialProps with AppConfigContext that is loaded from getServerSideProps. Individual components can now access configuration from the useAppConfig hook.

    • Moved the client-side Sentry configuration to _app.tsx so that it can use the AppConfigContext. Previously it was loaded directly in the instrumentation-client.js hook that didn’t have access to the app configuration.

  • #197 c92f852908b16a8b429d9b616dfdcbb759de99ce Thanks @jonathansick! - Migrated Squareone to Typescript and Next.js 14!

    • Adopted the SWC compiler, replacing Babel, for improved performance and compatibility. This change preserves ES modules.

    • Updated TypeScript target to ES2017 and enabled strict type checking.

    • Updated SWR to v2.3.6.

    • Updated next-mdx-remote to v5.

  • #197 410c0329d2915b61763937977dd9e3a5c7a5e60c Thanks @jonathansick! - Resolved server-side rendering (SSR) issues that were exposed by the TypeScript migration and new tree shaking:

    • Improved next-mdx-remote usage by ensuring that the serialize function is called from getServerSideProps.

    • Improved swr usage by segreagating it into client-side components that are dynamically imported.

Patch Changes#

0.23.0#

Minor Changes#

Patch Changes#

0.22.0#

Minor Changes#

  • #192 50d8d1f6cfef0318cb6c2767ba4feda8e120e348 Thanks @jonathansick! - Migrate to React 18.3.1

    • Updated React from 17.0.2 to 18.3.1 across all packages

    • Updated React DOM to 18.3.1 for improved hydration and performance

    • Updated TypeScript types for React 18 compatibility

    • Updated styled-components to v5.3.11 for React 18 support

    • Updated Storybook React dependencies for compatibility

Patch Changes#

0.21.1#

Patch Changes#

0.21.0#

Minor Changes#

Patch Changes#

0.20.0#

Minor Changes#

Patch Changes#

0.19.0#

Minor Changes#

0.18.0#

Minor Changes#

  • #179 92ecf5f Thanks @jonathansick! - Add a configurable Apps menu to the header navigation. This menu is for linking for non-aspect applications within the RSP, such as Times Square.

  • #179 b4b2fdb Thanks @jonathansick! - Moved auth URLs into Squared as a library. The getLoginUrl and getLogout URL functions compute the full URLs to the RSP’s login and logout endpoints and include the ?rd query strings to return the user to current and home URL respectively.

  • #179 6be6b1c Thanks @jonathansick! - Reimplement HeaderNav using the PrimaryNavigation component from Squared. Although the menu looks the same visually, it is now entirely powered by the Radix NavigationMenu primitive so that any menu item can be a trigger for a menu rather than a link to another page. The Login / user menu is reimplemented as a menu item rather than with the special GafaelfawrUserMenu component.

Patch Changes#

0.17.0#

Minor Changes#

  • #175 9cadf35 Thanks @jonathansick! - The Times Square UI now closes its connection to the /times-square/pages/:page/html/events?<qs> SSE endpoint once the page instance’s execution status is “complete” and the HTML hash is computed. With this change, the Times Square UI reduces its ongoing load on the API and also reduces network usage. The HTML page will still update to the latest version because the iframe component pings the Times Square pages/:page/htmlstatus?<qs> endpoint. We may back this off or convert the page update to an opt-in future in the future to further reduce network and API load from the front-end.

0.16.0#

Minor Changes#

  • #176 8e5b789 Thanks @fajpunk! - Added Sentry instrumentation to the squareone app.

    Both the NextJS client (frontend) and server (backend) code are instrumented with the official Sentry NextJS integration. The Sentry DSN should be provided in a SENTRY_DSN environment variable. If a Sentry DSN is not provided, there will be no changes to app behaviour. If a Sentry DSN is provided, then these things will be sent to Sentry:

    • Any uncaught exceptions and error-level logs

    • Traces for user interaction (according to the sample settings)

    • Session replays for user interaction (according to the sample settings)

    There are new config file options for Sentry configuration:

    • sentryTracesSampleRate

    • sentryReplaysSessionSampleRate

    • sentryReplaysOnErrorSampleRate

    • sentryDebug

    There is a new route, /sentry-example-page which provides a way to quickly check that the Sentry integration is working.

0.15.0#

Minor Changes#

  • #173 c5dac7f Thanks @jonathansick! - The Times Square interface now includes a link to its user documentation. The root of the environment-specific rsp.lsst.io site is configured through the new docsBaseUrl configuration parameter.

  • #173 c5dac7f Thanks @jonathansick! - Migrated Squareone CSS custom properties / design tokens to global-css from the globals.css file in the Squareone app

    With this change, any app as well as the Squared component library can use CSS custom properties such as the elevations (box-shadows, e.g. --sqo-elevation-md) and transitions (--sqo-transition-basic) that are included as global CSS custom properties.

Patch Changes#

  • Updated dependencies [c5dac7f, c5dac7f]:

    • @lsst-sqre/squared@0.3.0

    • @lsst-sqre/global-css@0.2.0

0.14.0#

Minor Changes#

  • #171 55ff9ab Thanks @jonathansick! - Add support for Plausible.io analytics

    In Squareone, set the plausibleDomain configuration to the Plausible tracking domain. E.g. data.lsst.cloud for the RSP. To disable Plausible tracking where it isn’t supported, set this configuration to null.

0.13.1#

Patch Changes#

0.13.0#

Minor Changes#

  • #166 157d03d Thanks @jonathansick! - Usage of Reach UI is now removed and replaced with Radix UI. The user menu now uses GafaelfawrUserMenu from @lsst-sqre/squared and is based on Radix UI’s Navigation Menu component. It is customized here to work with the Gafaelawr API to show a log in button for the logged out state, and to show the user’s menu with a default log out button for the logged in state. Previously we also used Reach UI for showing an accessible validation alert in the Times Square page parameters UI. For now we’ve dropped this functionality.

Patch Changes#

0.12.0#

Minor Changes#

  • #164 0574c00 Thanks @jonathansick! - Users can now download the Jupyter Notebook (ipynb) file that they are viewing, with the current parameters filled in. This enables further interactive exploration.

  • #164 2adb0af Thanks @jonathansick! - Times Square notebook pages show a link to the source notebook on GitHub.

0.11.0#

Minor Changes#

  • #153 3561d09 Thanks @jonathansick! - Squareone uses a base stylesheet from the @lsst-sqre/global-css package. This reduces the amount of global CSS managed in Squareone itself, and offloads configuring the Rubin Style Dictionary tokens into base CSS elements.

  • #163 72dd989 Thanks @jonathansick! - Implement background recomputation for cached Times Square pages. The “Recompute” button submits a request to Times Square’s DELETE /v1/pages/:page/html?{params} endpoint, which causes a background recomputation of the notebook and re-rendering of the cached HTML.

    The new TimesSquareHtmlEventsProvider is a React context provider that provides real-time updates from Times Square about the status of an HTML rendering for a given set of parameters using Times Square’s /v1/pages/:page/html/events/{params} endpoint. Squareone uses @microsoft/fetch-event-source to subscribe to this server-sent events (SSE) endpoint. Using this provider, the UI is able to show new data to the user, including the status of the computation, and once the computation is complete, the date/age of computation and the execution time.

  • #163 72dd989 Thanks @jonathansick! - The Times Square “Update” and “Reset” buttons are now disabled when appropriate. The Update button is disabled when the parameter inputs have not been changed relative to their current state. Likewise, the Reset button is disabled when the parameters are unchanged from the current state.

  • #153 1240924 Thanks @jonathansick! - Drop the use of normalize.css and instead rely on the base CSS from the global-css package.

  • #163 72dd989 Thanks @jonathansick! - New TimesSquareUrlParametersProvider component. This React context provides the URL-based state to Times Square components, such as the page being viewed, its notebook parameters values, and the display settings. This change simplifies the structure of the React pages by refactoring all of the URL parsing into a common component. As well, this context eliminates “prop drilling” to provide this URL-based state to all components in the Times Square application.

Patch Changes#

0.10.3#

Patch Changes#

  • #150 1bcd1a4 Thanks @jonathansick! - The squareone Docker image release is now triggered by a GitHub Release being published.

0.10.2#

Patch Changes#

  • #148 0e4d392 Thanks @jonathansick! - Tweaks to the release process:

    • Use a custom GITHUB_TOKEN for the changesets/action in order to trigger the Docker release workflow for Squareone.

  • Updated dependencies [0e4d392]:

    • @lsst-sqre/rubin-style-dictionary@0.4.2

0.10.1#

Patch Changes#

  • #143 13e6f4c Thanks @jonathansick! - Migrated lsst-sqre/squareone into a turbo-based monorepo. Rubin Style Dictionary is now a package inside the monorepo.

  • Migrated to pnpm from npm for package management.

  • Upgrade to Storybook 7.

  • Add development set up documentation to the squareone.lsst.io site.

  • Updated dependencies [13e6f4c]:

    • @lsst-sqre/rubin-style-dictionary@0.4.1

0.10.0 (2023-03-27)#

New features#

  • Add new pages for the COmanage sign-up flow. The content for these pages is configurable via MDX fields in squareone.config.yaml:

    • verifyEmailPageMdx for /enrollment/thanks-for-signing-up

    • emailVerifiedPageMdx for /enrollment/thanks-for-verifying

    • pendingApprovalPageMdx for /enrollment/pending-approval

    • pendingVerificationPageMdx for /enrollment/pending-confirmation

  • Other pages’ content are now configurable with MDX:

    • apiAspectPageMdx for /api-aspect

    • docsPageMdx for /docs

    • supportPageMdx for /support

0.9.0 (2023-03-01)#

New features#

  • Display an “Account settings” link in the user menu that goes to the COmanage Registry. This registry URL, which is optional, can be configured in squareone.config.yaml with the coManageRegistryUrl field.

0.8.1 (2022-08-25)#

Bug fixes#

  • Improved UI for Times pull request preview pages.

Development changes#

  • Added additional stories and integration with Chromatic, the hosted Storybook service.

0.8.0 (2022-08-18)#

New features#

  • New pages for Times Square to preview pages in GitHub pull requests at /times-square/github-pr/:owner/:repo:/:commit paths.

Development changes#

  • Initial integration with Storybook for designing and documenting components within Squareone.

0.7.1 (2022-06-26)#

Bug fixes#

  • Link to DP0.2 documentation.

0.7.0 (2022-06-23)#

New features#

  • Add initial support for Times Square.

  • Update background image for the homepage hero component to a new image by Bruno Quint, taken September 2021.

Development changes#

  • Refresh dependencies.

0.6.0 (2022-04-14)#

New features#

  • Informational broadcast messages are now displayed with Rubin’s primary teal as the background color (see lsst-sqre/semaphore#29 for more information).

  • Replaced custom fetch hook for the Semaphore broadcast message data with swr, enabling us to automatically refresh broadcast data.

  • Updated the component layout in the source code.

0.5.0 (2022-04-06)#

New features#

  • Squareone is cross-published on the GitHub Container Registry at ghcr.io/lsst-sqre/squareone.

Bug fixes#

  • Fix minor UI issues, including unnecessary scrollbars in the broadcast message disclosures and Link usage.

  • Remove the note on the documentation page about Generation 3 middleware.

Development changes#

  • Upgrade to Next 12 and various upgrades of dependencies and linting tools.

  • Upgrade to Node 16.

0.4.0 (2021-08-11)#

New features#

  • Broadcast messages are now sourced through Semaphore <https://github/lsst-sqre/semaphore>, a service that is installed in the science platform and sources messages from GitHub. With this update, messages can also have additional information that is visible if a user clicks on a “Read more” button. This disclosure is powered by react-a11y-disclosure <https://github.com/KittyGiraudel/react-a11y-disclosure>.

  • There is a new configuration field, semaphoreUrl, to configure the root URL for the Semaphore API service. The broadcastMarkdown field is removed.

0.3.1 (2021-08-04)#

Bug fixes#

  • Update funding text.

Development changes#

  • Refresh README with status badges and revise text on git hooks.

0.3.0 (2021-07-12)#

New features#

  • Add a broadcastMarkdown configuration field to the public configuration schema. If set, this content is shown in a new BroadcastBanner component on any page. This is a configuration-driven way of displaying notifications to users without requiring code changes. The semaphore application will add further flexibility for pushing notifications in the future.

Bug fixes#

  • Fix the name of the GitHub repository for support on the /support page.

0.2.2 (2021-06-25)#

Bug fixes#

  • Revised capitalization in the Acceptable Use Policy.

0.2.1 (2021-06-24)#

Bug fixes#

  • Add description on how to use the auth token with TAP clients that rely on basic authentication (username and password).

0.2.0 (2021-06-24)#

New features#

This release includes many features in preparation for DP0.1:

  • New /docs page that links to data, service, and software documentation relevant to RSP users.

  • New /api-aspect page that provides information about how to access the TAP API.

  • New /terms page that includes the RSP Acceptable Use Policy

  • New /support page that describes how to get support.

Bug fixes#

  • Fix open graph metadata

0.1.5 (2021-05-06)#

Bug fixes#

  • Update funding agency text and logos to the operations era.

0.1.4 (2021-05-03)#

Bug fixes#

  • Fix CSS loading for the UserMenu component by adding the babel styled-components plugin.

  • Change the UserMenu component to display the username rather than the user’s name, as Gafaelfawr does not guarantee the “name” property is available.

  • Switch to Font Source for the Source Sans font (from Google Fonts).

  • Remove temporary content from the index page.

0.1.3 (2021-04-05)#

Bug fixes#

  • Fix hero links for Portal and Notebooks

  • Enable links in nav bar

  • Enable documentation links

0.1.2 (2021-04-05)#

Bug fixes#

  • Fix how the configuration path is computed.

0.1.1 (2021-04-05)#

Bug fixes#

  • This release adds next.config.js to the Docker image.

0.1.0 (2021-03-30)#

New features#

This is the first development release of Squareone! 🎉

This page was last modified on .