@dynamic-labs/waas 4.72.0 → 4.73.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +21 -0
- package/package.cjs +1 -1
- package/package.js +1 -1
- package/package.json +10 -9
- package/src/DynamicWaasMixin.cjs +14 -2
- package/src/DynamicWaasMixin.d.ts +2 -1
- package/src/DynamicWaasMixin.js +14 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,4 +1,25 @@
|
|
|
1
1
|
|
|
2
|
+
### [4.73.1](https://github.com/dynamic-labs/dynamic-auth/compare/v4.73.0...v4.73.1) (2026-03-30)
|
|
3
|
+
|
|
4
|
+
|
|
5
|
+
### Features
|
|
6
|
+
|
|
7
|
+
* **tempo:** add isTempoWallet type guard and TempoWallet class ([#10814](https://github.com/dynamic-labs/dynamic-auth/issues/10814)) ([1f2ec94](https://github.com/dynamic-labs/dynamic-auth/commit/1f2ec949bcfd25b2c460e07214041d06b172f12d))
|
|
8
|
+
|
|
9
|
+
## [4.73.0](https://github.com/dynamic-labs/dynamic-auth/compare/v4.72.0...v4.73.0) (2026-03-30)
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
### Features
|
|
13
|
+
|
|
14
|
+
* allow passing credentialId at call time for step-up auth methods ([#10795](https://github.com/dynamic-labs/dynamic-auth/issues/10795)) ([9746667](https://github.com/dynamic-labs/dynamic-auth/commit/974666758ad8b01584cf30efbf2cb64dbde63986))
|
|
15
|
+
* **waas:** preserve WaaS key shares on session expiry using LogoutReason ([#10714](https://github.com/dynamic-labs/dynamic-auth/issues/10714)) ([26f40f7](https://github.com/dynamic-labs/dynamic-auth/commit/26f40f722302b8cf4cc035886d4408393a785283))
|
|
16
|
+
|
|
17
|
+
|
|
18
|
+
### Bug Fixes
|
|
19
|
+
|
|
20
|
+
* override handlebars to >=4.7.9 (CVE-2026-33937) ([#10805](https://github.com/dynamic-labs/dynamic-auth/issues/10805)) ([7aa40b8](https://github.com/dynamic-labs/dynamic-auth/commit/7aa40b8472487694b438ae3a64b14524c9c726e4))
|
|
21
|
+
* use currentColor in settings icons for dark mode support ([#10811](https://github.com/dynamic-labs/dynamic-auth/issues/10811)) ([8653e97](https://github.com/dynamic-labs/dynamic-auth/commit/8653e97759f0ea5126258c1ced36ae26af3a405c)), closes [#383C48](https://github.com/dynamic-labs/dynamic-auth/issues/383C48) [#ABACB2](https://github.com/dynamic-labs/dynamic-auth/issues/ABACB2)
|
|
22
|
+
|
|
2
23
|
## [4.72.0](https://github.com/dynamic-labs/dynamic-auth/compare/v4.71.0...v4.72.0) (2026-03-26)
|
|
3
24
|
|
|
4
25
|
|
package/package.cjs
CHANGED
package/package.js
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@dynamic-labs/waas",
|
|
3
|
-
"version": "4.
|
|
3
|
+
"version": "4.73.1",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"author": "Dynamic Labs, Inc.",
|
|
6
6
|
"license": "MIT",
|
|
@@ -16,16 +16,17 @@
|
|
|
16
16
|
"./package.json": "./package.json"
|
|
17
17
|
},
|
|
18
18
|
"dependencies": {
|
|
19
|
-
"@dynamic-labs/
|
|
19
|
+
"@dynamic-labs-sdk/client": "0.19.0",
|
|
20
|
+
"@dynamic-labs/assert-package-version": "4.73.1",
|
|
20
21
|
"@dynamic-labs/sdk-api-core": "0.0.909",
|
|
21
22
|
"@dynamic-labs-wallet/browser-wallet-client": "0.0.314",
|
|
22
|
-
"@dynamic-labs/ethereum-core": "4.
|
|
23
|
-
"@dynamic-labs/logger": "4.
|
|
24
|
-
"@dynamic-labs/solana-core": "4.
|
|
25
|
-
"@dynamic-labs/sui-core": "4.
|
|
26
|
-
"@dynamic-labs/utils": "4.
|
|
27
|
-
"@dynamic-labs/wallet-book": "4.
|
|
28
|
-
"@dynamic-labs/wallet-connector-core": "4.
|
|
23
|
+
"@dynamic-labs/ethereum-core": "4.73.1",
|
|
24
|
+
"@dynamic-labs/logger": "4.73.1",
|
|
25
|
+
"@dynamic-labs/solana-core": "4.73.1",
|
|
26
|
+
"@dynamic-labs/sui-core": "4.73.1",
|
|
27
|
+
"@dynamic-labs/utils": "4.73.1",
|
|
28
|
+
"@dynamic-labs/wallet-book": "4.73.1",
|
|
29
|
+
"@dynamic-labs/wallet-connector-core": "4.73.1"
|
|
29
30
|
},
|
|
30
31
|
"peerDependencies": {}
|
|
31
32
|
}
|
package/src/DynamicWaasMixin.cjs
CHANGED
|
@@ -572,13 +572,25 @@ const withDynamicWaas = (BaseClass) => {
|
|
|
572
572
|
});
|
|
573
573
|
});
|
|
574
574
|
}
|
|
575
|
-
endSession() {
|
|
575
|
+
endSession(reason) {
|
|
576
576
|
return _tslib.__awaiter(this, void 0, void 0, function* () {
|
|
577
577
|
const waasClient = yield this.getWaasWalletClient();
|
|
578
578
|
if (!waasClient) {
|
|
579
579
|
return;
|
|
580
580
|
}
|
|
581
|
-
|
|
581
|
+
// When a session token expires, we preserve key shares in storage instead
|
|
582
|
+
// of clearing them. Customers with short-lived sessions (minutes) were
|
|
583
|
+
// hitting excessive server-side share recovery on every re-login, which
|
|
584
|
+
// also forced users to re-enter their wallet password since the unlocked
|
|
585
|
+
// share only lives for the duration of the session.
|
|
586
|
+
//
|
|
587
|
+
// This is safe because the waas-sdk separately fingerprints the user
|
|
588
|
+
// (sub + environment_id) and clears all storage if a different user logs
|
|
589
|
+
// in. On explicit user-initiated logout, shares are always cleared for
|
|
590
|
+
// security.
|
|
591
|
+
if (reason !== 'token-expired') {
|
|
592
|
+
yield waasClient.cleanup();
|
|
593
|
+
}
|
|
582
594
|
this.dynamicWaasClient = undefined;
|
|
583
595
|
});
|
|
584
596
|
}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { BitcoinConfig, DynamicWalletClient } from '@dynamic-labs-wallet/browser-wallet-client';
|
|
2
|
+
import type { LogoutReason } from '@dynamic-labs-sdk/client';
|
|
2
3
|
import { InstrumentOptions, Logger } from '@dynamic-labs/logger';
|
|
3
4
|
import { MFAAction, TokenScope } from '@dynamic-labs/sdk-api-core';
|
|
4
5
|
import { GetWalletPasswordFn } from '@dynamic-labs/wallet-connector-core';
|
|
@@ -141,7 +142,7 @@ export declare const withDynamicWaas: <T extends abstract new (...args: any[]) =
|
|
|
141
142
|
getWalletRecoveryState({ accountAddress, }: {
|
|
142
143
|
accountAddress: string;
|
|
143
144
|
}): Promise<import("@dynamic-labs-wallet/browser-wallet-client").WalletRecoveryState>;
|
|
144
|
-
endSession(): Promise<void>;
|
|
145
|
+
endSession(reason?: LogoutReason): Promise<void>;
|
|
145
146
|
getActiveAccountAddress(): Promise<string | undefined>;
|
|
146
147
|
/**
|
|
147
148
|
* Get connected accounts by fetching wallets from Waas client.
|
package/src/DynamicWaasMixin.js
CHANGED
|
@@ -568,13 +568,25 @@ const withDynamicWaas = (BaseClass) => {
|
|
|
568
568
|
});
|
|
569
569
|
});
|
|
570
570
|
}
|
|
571
|
-
endSession() {
|
|
571
|
+
endSession(reason) {
|
|
572
572
|
return __awaiter(this, void 0, void 0, function* () {
|
|
573
573
|
const waasClient = yield this.getWaasWalletClient();
|
|
574
574
|
if (!waasClient) {
|
|
575
575
|
return;
|
|
576
576
|
}
|
|
577
|
-
|
|
577
|
+
// When a session token expires, we preserve key shares in storage instead
|
|
578
|
+
// of clearing them. Customers with short-lived sessions (minutes) were
|
|
579
|
+
// hitting excessive server-side share recovery on every re-login, which
|
|
580
|
+
// also forced users to re-enter their wallet password since the unlocked
|
|
581
|
+
// share only lives for the duration of the session.
|
|
582
|
+
//
|
|
583
|
+
// This is safe because the waas-sdk separately fingerprints the user
|
|
584
|
+
// (sub + environment_id) and clears all storage if a different user logs
|
|
585
|
+
// in. On explicit user-initiated logout, shares are always cleared for
|
|
586
|
+
// security.
|
|
587
|
+
if (reason !== 'token-expired') {
|
|
588
|
+
yield waasClient.cleanup();
|
|
589
|
+
}
|
|
578
590
|
this.dynamicWaasClient = undefined;
|
|
579
591
|
});
|
|
580
592
|
}
|