kbase
diff --git a/‎.github/dependabot.yml‎
Lines changed: 12 additions & 16 deletions b/‎.github/dependabot.yml‎
Lines changed: 12 additions & 16 deletions
diff --git a/‎RELEASE_NOTES.md‎
Lines changed: 80 additions & 0 deletions b/‎RELEASE_NOTES.md‎
Lines changed: 80 additions & 0 deletions
diff --git a/‎eslint.config.mjs‎
Lines changed: 0 additions & 2 deletions b/‎eslint.config.mjs‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎kbase-extension/static/kbase/custom/custom.js‎
Lines changed: 1 addition & 14 deletions b/‎kbase-extension/static/kbase/custom/custom.js‎
Lines changed: 1 addition & 14 deletions
diff --git a/‎kbase-extension/static/kbase/js/api/auth.js‎
Lines changed: 27 additions & 21 deletions b/‎kbase-extension/static/kbase/js/api/auth.js‎
Lines changed: 27 additions & 21 deletions
diff --git a/‎kbase-extension/static/kbase/js/narrativeLogin.js‎
Lines changed: 11 additions & 8 deletions b/‎kbase-extension/static/kbase/js/narrativeLogin.js‎
Lines changed: 11 additions & 8 deletions
@@ -1,37 +1,33 @@
 version: 2
 updates:
-- package-ecosystem: pip
+- package-ecosystem: "pip"
   directory: "/src"
   schedule:
-    interval: monthly
-    time: '11:00'
+    interval: "monthly"
   groups:
-    python-dependencies:
+    pip:
       patterns:
         - "*"
   open-pull-requests-limit: 20
   ignore:
     - dependency-name: "notebook"
-      versions: '>= 7.0.0'
-- package-ecosystem: npm
+      versions: ">= 7.0.0"
+- package-ecosystem: "npm"
   directory: "/"
   schedule:
-    interval: monthly
-    time: '11:00'
+    interval: "monthly"
   groups:
-    npm-dependencies:
+    npm:
       patterns:
-        "*"
+        - "*"
   open-pull-requests-limit: 20
-- package-ecosystem: docker
+- package-ecosystem: "docker"
   directory: "/"
   schedule:
-    interval: monthly
-    time: '11:00'
+    interval: "monthly"
   open-pull-requests-limit: 20
-- package-ecosystem: github-actions
+- package-ecosystem: "github-actions"
   directory: "/.github"
   schedule:
-    interval: monthly
-    time: '11:00'
+    interval: "monthly"
   open-pull-requests-limit: 20
@@ -4,6 +4,86 @@ The Narrative Interface allows users to craft KBase Narratives using a combinati
 
 This is built on the Jupyter Notebook v6.5.6 and IPython 8.26.0 (more notes will follow).
 
+## Version 5.4.2
+- UIP-52 - repair integration tests, get WebDriverIO up to date
+- PTV-1913 - fix potential authentication issues affecting report viewing and downloads in narratives
+
+### Dependency Changes
+- Python dependency updates
+  - coverage 7.5.3 -> 7.6.1
+  - pytest 8.2.2 -> 8.3.2
+  - pytest-recording 0.13.1 -> 0.13.2
+  - ruff 0.5.5 -> 0.6.3
+
+  - certifi 2027.7.4 -> 2024.8.30
+  - cryptography 42.0.8 -> 43.0.0
+  - idna 3.7 -> 3.8
+  - jsonschema 4.16.0 -> 4.23.0
+  - markdown 3.4.1 -> 3.7
+  - markupsafe 2.1.4 -> 2.1.5
+  - pycurl 7.45.1 -> 7.45.3
+  - pyopenssl 24.1.0 -> 24.2.1
+  - setuptools 71.1.0 -> 74.0.0
+  - terminado 0.18.0 -> 0.18.1
+  - bokeh 3.5.1 -> 3.5.2
+  - ete3 3.1.2 -> 3.1.3
+  - numpy 2.0.1 -> 2.1.0
+  - plotly 5.23.0 -> 5.24.0
+  - scipy 1.14.0 -> 1.14.1
+  - sympy 1.13.1 -> 1.13.2
+
+  - ipython 8.26.0 -> 8.27.0
+  - ipywidgets 7.7.1 -> 8.1.5
+  - notebook 6.5.6 -> 6.5.7
+  - pymongo 4.7.3 -> 4.8.0
+  - pyyaml 6.0.1 -> 6.0.2
+  - scikit-learn 1.5.0 -> 1.5.1
+
+- Javascript Dependency Changes
+  - wdio-chromedriver-service -- Deprecated and removed, functionality is now built-in to WebdriverIO
+
+  - @babel/traverse 7.24.7 -> 7.25.6
+  - @eslint/js 9.6.0 -> 9.9.1
+  - @wdio/browserstack-service 8.38.2 -> 9.0.9
+  - @wdio/cli 8.38.2 -> 9.0.9
+  - @wdio/local-runner 8.38.2 -> 9.0.9
+  - @wdio/mocha-framwork 8.39.0 -> 9.0.8
+  - @wdio/spec-reporter 8.38.2 -> 9.0.8
+  - autoprefixer 10.4.19 -> 10.4.20
+  - axios 1.7.2 -> 1.7.7
+  - chromedriver 128.0.0 -> 128.0.1
+  - cssnano 7.0.2 -> 7.0.6
+  - eslint 9.4.0 -> 9.9.1
+  - expect-webdriverio 3.6.0 -> 5.0.2
+  - glob 10.4.1 -> 11.0.0
+  - globals 15.6.0 -> 15.9.0
+  - grunt-cli 1.4.3 -> 1.5.0
+  - grunt-stylelint 0.20.0 -> 0.20.1
+  - husky 9.0.11 -> 9.1.5
+  - jasmine-core 5.1.2 -> 5.2.0
+  - jquery-migrate 1.4.1 -> 3.5.2
+  - karma 6.4.3 -> 6.4.4
+  - lint-staged 15.2.6 -> 15.2.10
+  - postcss 8.4.39 -> 8.4.45
+  - prettier 3.3.2 -> 3.3.3
+  - puppeteer 23.2.1 -> 23.3.0
+  - requirejs 2.3.6 -> 2.3.7
+  - sass 1.77.5 -> 1.78.0
+  - selenium-standalone 9.5.0 -> 10.0.0
+  - selenium-webdriver 4.22.0 -> 4.24.0
+  - stylelint 16.6.1 -> 16.9.0
+  - stylelint-config-recommended 14.0.0 -> 14.0.1
+  - stylelint-config-sass-guidelines 11.1.0 -> 12.0.0
+  - stylelint-config-standard 36.0.0 -> 36.0.1
+  - terser 5.31.1 -> 5.31.6
+  - webdriverio 8.38.2 -> 9.0.9
+  
+  - dompurify 2.5.5 -> 3.1.6
+  - follow-redirects 1.15.6 -> 1.15.9
+  - jquery-ui 1.13.2 -> 1.14.0
+  - plotly.js-dist-min 2.33.0 -> 2.35.0
+  - underscore 1.13.6 -> 1.13.7
+
 ## Version 5.4.1
 - UIP-51 fix issue where JSON and STAGING download apps aren't getting properly instantiated with object inputs.
 
 
@@ -41,8 +41,6 @@ export default [{
     },
 
     rules: {
-        strict: ["error", "function"],
-
         "no-console": ["error", {
             allow: ["warn", "error"],
         }],
 
@@ -135,8 +135,6 @@ define([
     NarrativeRuntime,
     html
 ) => {
-    'use strict';
-
     // Handlebars global configuration. Since these changes affect all usage of handlebars
     // in this app, they should be performed just once.
     Handlebars.registerHelper('numeral', (value, format, defaultValue, options) => {
@@ -145,19 +143,8 @@ define([
             options = defaultValue;
             defaultValue = undefined;
         }
-        let missing = false;
-        if (typeof value === 'string') {
-            if (value.trim().length === 0) {
-                missing = true;
-            }
-        } else if (typeof value !== 'number') {
-            missing = true;
-        }
         const numeralValue = numeral(value);
-        if (isNaN(numeralValue)) {
-            missing = true;
-        }
-        if (missing) {
+        if (numeralValue.value() === null) {
             return defaultValue || 'n/a';
         }
         try {
 
@@ -24,7 +24,7 @@ define(['bluebird', 'jquery', 'narrativeConfig'], (Promise, $, Config) => {
             },
         };
 
-        const TOKEN_AGE = 14; // days
+        const DEFAULT_TOKEN_LIFE = 14 * 24 * 60 * 60 * 1000; // millis
 
         /**
          * Meant for managing auth or session cookies (mainly auth cookies as set by
@@ -33,10 +33,10 @@ define(['bluebird', 'jquery', 'narrativeConfig'], (Promise, $, Config) => {
          * If it's missing name or value, does nothing.
          * Default expiration time is 14 days.
          * domain, expires, and max-age are optional
-         * expires is expected to be in days
-         * auto set fields are:
+         * expires is expected to be the timestamp (ms since epoch) it will expire
+         * default fields are:
          *  - path = '/'
-         *  - expires = TOKEN_AGE (default 14) days
+         *  - expires = now + 14 days
          * @param {object} cookie
          *  - has the cookie keys: name, value, path, expires, max-age, domain
          *  - adds secure=true, samesite=Lax for KBase use.
@@ -50,7 +50,7 @@ define(['bluebird', 'jquery', 'narrativeConfig'], (Promise, $, Config) => {
             const name = encodeURIComponent(cookie.name);
             const value = encodeURIComponent(cookie.value || '');
             const props = {
-                expires: TOKEN_AGE, // gets translated to GMT string
+                expires: Date.now() + DEFAULT_TOKEN_LIFE, // gets translated to GMT string
                 path: '/',
                 samesite: 'Lax',
             };
@@ -66,14 +66,8 @@ define(['bluebird', 'jquery', 'narrativeConfig'], (Promise, $, Config) => {
             if (cookie.domain) {
                 props.domain = cookie.domain;
             }
-            props['max-age'] = 86400 * props.expires;
-            if (props.expires === 0) {
-                props.expires = new Date(0).toUTCString();
-            } else {
-                props.expires = new Date(
-                    new Date().getTime() + 86400000 * props.expires
-                ).toUTCString();
-            }
+            props['max-age'] = parseInt((props.expires - Date.now()) / 1000);
+            props.expires = new Date(props.expires).toUTCString();
 
             const fields = Object.keys(props).map((key) => {
                 return `${key}=${props[key]}`;
@@ -85,7 +79,7 @@ define(['bluebird', 'jquery', 'narrativeConfig'], (Promise, $, Config) => {
 
             const propStr = fields.join(';');
 
-            const newCookie = `${name}=${value}; ${propStr}`;
+            const newCookie = `${name}=${value};${propStr}`;
             document.cookie = newCookie;
         }
 
@@ -161,22 +155,34 @@ define(['bluebird', 'jquery', 'narrativeConfig'], (Promise, $, Config) => {
             return getCookie(cookieConfig.auth.name);
         }
 
-        /* Sets the given auth token into the browser's cookie.
-         * Does nothing if the token is null.
+        /**
+         * Returns a Promise that ets the given auth token into the
+         * browser's cookie, as configured. The cookie has the
+         * same lifespan as the token.
+         * If the token is null or expired, this does nothing.
+         * If there's an error in looking up the token, this throws
+         * an error.
+         * @param {string} token
+         * @returns
          */
-        function setAuthToken(token) {
+        async function setAuthToken(token) {
+            const tokenInfo = await getTokenInfo(token);
+            // if it's expired, don't set (actually should've thrown
+            // here, and get caught by the caller, but check anyway)
+            if (tokenInfo.expires - Date.now() <= 0) {
+                return;
+            }
             const deployEnv = Config.get('environment');
 
             function setToken(config) {
                 // Honor cookie host whitelist if present.
-                if (config.enableIn) {
-                    if (config.enableIn.indexOf(deployEnv) === -1) {
-                        return;
-                    }
+                if (config.enableIn && !config.enableIn.includes(deployEnv)) {
+                    return;
                 }
                 const cookieField = {
                     name: config.name,
                     value: token,
+                    expires: tokenInfo.expires,
                 };
                 if (config.domain) {
                     cookieField.domain = config.domain;
 
@@ -15,6 +15,7 @@ define([
     'util/bootstrapDialog',
 ], ($, Promise, kbapi, JupyterUtils, Config, Auth, UserMenu, BootstrapDialog) => {
     'use strict';
+
     const baseUrl = JupyterUtils.get_body_data('baseUrl');
     const authClient = Auth.make({ url: Config.url('auth') });
     let sessionInfo = null;
@@ -98,10 +99,8 @@ define([
     function showNotLoggedInDialog() {
         const message = `
         <p>You are logged out (or your session has expired).</p>
-        <p>You will be redirected to the sign in page after closing this, or ${
-            AUTO_LOGOUT_DELAY / 1000
-        } seconds,
-           whichever comes first.</p>
+        <p>You will be redirected to the sign in page after closing this, or
+        ${AUTO_LOGOUT_DELAY / 1000} seconds, whichever comes first.</p>
         `;
         const dialog = new BootstrapDialog({
             title: 'Logged Out',
@@ -304,10 +303,14 @@ define([
          */
         clearTokenCheckTimers();
         const sessionToken = authClient.getAuthToken();
-        return Promise.all([
-            authClient.getTokenInfo(sessionToken),
-            authClient.getUserProfile(sessionToken),
-        ])
+        return authClient
+            .setAuthToken(sessionToken)
+            .then(() =>
+                Promise.all([
+                    authClient.getTokenInfo(sessionToken),
+                    authClient.getUserProfile(sessionToken),
+                ])
+            )
             .then(([tokenInfo, accountInfo]) => {
                 sessionInfo = tokenInfo;
                 this.sessionInfo = tokenInfo;