Vue Storefront is now Alokai! Learn More
Change Log

Change Log

1.1.2

Patch Changes

  • FIXED @alokai/connect: Fixed logger type in API Client extension hooks
  • Updated dependencies:
    • @alokai/cookies-bridge@1.0.1

1.1.1

Patch Changes

Security vulnerability fixes across multiple packages

This change addresses critical security vulnerabilities identified in the dependency audit across several packages. The fixes primarily target dependency updates and security patches to resolve high and critical severity issues.

Before fix:

  • 40 vulnerabilities found (Packages audited: 3081)
  • Severity breakdown: 23 Low | 8 Moderate | 2 High | 7 Critical

After fix:

  • 24 vulnerabilities found (Packages audited: 3115)
  • Severity breakdown: 22 Low | 2 Moderate | 0 High | 0 Critical

Key improvements:

  • Eliminated all 7 critical vulnerabilities
  • Resolved 2 high severity vulnerabilities
  • Reduced moderate vulnerabilities from 8 to 2
  • Overall 40% reduction in total vulnerabilities (40 → 24)

The remaining low and moderate vulnerabilities are either false positives or require major version updates that would introduce breaking changes.

1.1.0

Minor Changes

Introduced Alokai instrumentation support

Patch Changes

  • CHANGED The @alokai/connect/config-switcher now supports using no header with the extension, defaulting to the default value when no header is provided.
  • ADDED JSDoc for context.getApiClient in the @alokai/connect/middleware's MiddlewareContext.
  • CHANGED Update multer
  • Updated dependencies:
    • @alokai/instrumentation@1.0.0

1.0.0

Major Changes

  • CHANGED Guarantee compatibility with @alokai/connect package.
  • CHANGED Updated the package for compatibility with Node.js 22.

Key Updates:

  • Upgraded to the latest version of Node.js 22
  • Updated CI pipelines to use Node.js 22 for consistency.
  • Updated .nvmrc or .node-version files to specify Node.js version 22.14.
  • Upgraded @types/node to version ^22.13.17 for compatibility with the latest Node.js features.

Recommendations:

  • Use Node.js version 22.14.0 or higher for optimal performance, security, and compatibility.
  • While Node.js 20 is technically supported, it is not recommended as it may cause compatibility issues with certain packages and has not been thoroughly tested.

Minor Changes

  • CHANGED Update axios version to "^1.7.9"
  • ADDED getConfigSwitcherHeader to defaultRequestConfig in the middlewareModule of @alokai/connect/sdk. It allows setting the x-alokai-middleware-config-id header on the Storefront side for the Config Switcher extension.

Example usage:

export function getSdkConfig() {
  return defineSdkConfig(
    ({ buildModule, config, getRequestHeaders, middlewareModule }) => ({
      commerce: buildModule(middlewareModule<CommerceEndpoints>, {
        apiUrl: `${config.apiUrl}/commerce`,
        cdnCacheBustingId: config.cdnCacheBustingId,
        defaultRequestConfig: {
          getConfigSwitcherHeader: (computedHeaders) => "some-value",
          headers: getRequestHeaders(),
        },
        ssrApiUrl: `${config.ssrApiUrl}/commerce`,
      }),
    }),
  );
}
  • ADDED An option to specify RequestConfig.headers as a function in @alokai/connect/sdk middleware module. This might be helpful when you need to dynamically modify the headers before each request.

Example for Next.js:

// sdk/config.ts
export function getSdkConfig() {
  return defineSdkConfig(
    ({ buildModule, config, getRequestHeaders, middlewareModule }) => ({
      unified: buildModule(middlewareModule<UnifiedEndpoints>, {
        apiUrl: `${config.apiUrl}/commerce/unified`,
        cdnCacheBustingId: config.cdnCacheBustingId,
        defaultRequestConfig: {
          headers: getRequestHeaders,
        },
        methodsRequestConfig:
          config.defaultMethodsRequestConfig.unifiedCommerce.middlewareModule,
        ssrApiUrl: `${config.ssrApiUrl}/commerce/unified`,
      }),
    }),
  );
}
  • CHANGED Interface for the parameter received by getConfigSwitcherHeader. Now it is an object featuring 3 properties: headers, pathname and searchParams.
  • ADDED defineGetConfigSwitcherHeader type-safe function to define the getConfigSwitcherHeader callback in SDK configuration.
  • ADDED New feature for the middleware app. Now, for every request, the middleware will convert the x-alokai-locale header into vsf-locale cookie. This change is important in CDN support, as we cannot pass cookies to the CDN. The feature can also be implemented in the projects that are NOT using @alokai/connect package, by adding an extension to each registered integration:
  1. Install @alokai/cookies-bridge package:
yarn add @alokai/cookies-bridge
  1. Add the extension to the integration configuration:
apps/storefront-middleware/integrations/<your-integration>/config.ts
// Only in projects that are NOT using `@alokai/connect` package.

+ import { createCookiesBridgeExtension } from "@alokai/cookies-bridge";
+ const cookiesBridgeExtension = createCookiesBridgeExtension([{
+   header: 'x-alokai-locale',
+   cookie: 'vsf-locale',
+ }]);

export const config = {
  configuration: {
    // ...
  }

  extensions: (extensions: ApiClientExtension[]) => [
+    cookiesBridgeExtension,
    ...extensions,
    unifiedApiExtension,
    cdnExtension,
    ...(IS_MULTISTORE_ENABLED === 'true' ? [configSwitcherExtensionFactory()] : []),
  ],
};

Note: The extension should be added as first in the extensions list, as it should be executed before any other extension.

In some projects, the middleware configuration might be placed in middleware.config.ts file, but implementation is the same.

  • CHANGED The maximum file upload size limit has been increased to 20MB.

Patch Changes

  • FIXED Errors thrown in the integration extension's beforeCall hook now correctly propagate their statusCode property to the response, instead of defaulting to 404.
  • CHANGED Used custom merger function in the config-switcher API Client extension to handle merging objects featuring getters and setters.
  • CHANGED Updated the express version to ^4.20.0 to fix security vulnerabilities. See more in GitHub Vulnerability Alert.
  • Updated dependencies:
    • @alokai/cookies-bridge@1.0.0

1.0.0-rc.4

Minor Changes

  • ADDED An option to specify RequestConfig.headers as a function in @alokai/connect/sdk middleware module. This might be helpful when you need to dynamically modify the headers before each request.

Example for Next.js:

// sdk/config.ts
export function getSdkConfig() {
  return defineSdkConfig(
    ({ buildModule, config, getRequestHeaders, middlewareModule }) => ({
      unified: buildModule(middlewareModule<UnifiedEndpoints>, {
        apiUrl: `${config.apiUrl}/commerce/unified`,
        cdnCacheBustingId: config.cdnCacheBustingId,
        defaultRequestConfig: {
          headers: getRequestHeaders,
        },
        methodsRequestConfig:
          config.defaultMethodsRequestConfig.unifiedCommerce.middlewareModule,
        ssrApiUrl: `${config.ssrApiUrl}/commerce/unified`,
      }),
    }),
  );
}
  • CHANGED Interface for the parameter received by getConfigSwitcherHeader. Now it is an object featuring 3 properties: headers, pathname and searchParams.
  • ADDED defineGetConfigSwitcherHeader type-safe function to define the getConfigSwitcherHeader callback in SDK configuration.
  • CHANGED The maximum file upload size limit has been increased to 20MB.

Patch Changes

  • CHANGED Used custom merger function in the config-switcher API Client extension to handle merging objects featuring getters and setters.
  • CHANGED Updated the express version to ^4.20.0 to fix security vulnerabilities. See more in GitHub Vulnerability Alert.

1.0.0-rc.3

Major Changes

  • CHANGED Updated the package for compatibility with Node.js 22.

Key Updates:

  • Upgraded to the latest version of Node.js 22
  • Updated CI pipelines to use Node.js 22 for consistency.
  • Updated .nvmrc or .node-version files to specify Node.js version 22.14.
  • Upgraded @types/node to version ^22.13.17 for compatibility with the latest Node.js features.

Recommendations:

  • Use Node.js version 22.14.0 or higher for optimal performance, security, and compatibility.
  • While Node.js 20 is technically supported, it is not recommended as it may cause compatibility issues with certain packages and has not been thoroughly tested.

Minor Changes

  • ADDED getConfigSwitcherHeader to defaultRequestConfig in the middlewareModule of @alokai/connect/sdk. It allows setting the x-alokai-middleware-config-id header on the Storefront side for the Config Switcher extension.

Example usage:

export function getSdkConfig() {
  return defineSdkConfig(
    ({ buildModule, config, getRequestHeaders, middlewareModule }) => ({
      commerce: buildModule(middlewareModule<CommerceEndpoints>, {
        apiUrl: `${config.apiUrl}/commerce`,
        cdnCacheBustingId: config.cdnCacheBustingId,
        defaultRequestConfig: {
          getConfigSwitcherHeader: (computedHeaders) => "some-value",
          headers: getRequestHeaders(),
        },
        ssrApiUrl: `${config.ssrApiUrl}/commerce`,
      }),
    }),
  );
}

Patch Changes

  • Updated dependencies:
    • @alokai/cookies-bridge@1.0.0-rc.1

1.0.0-rc.2

Minor Changes

  • CHANGED Update axios version to "^1.7.9"

1.0.0-rc.1

Minor Changes

  • ADDED New feature for the middleware app. Now, for every request, the middleware will convert the x-alokai-locale header into vsf-locale cookie. This change is important in CDN support, as we cannot pass cookies to the CDN. The feature can also be implemented in the projects that are NOT using @alokai/connect package, by adding an extension to each registered integration:
  1. Install @alokai/cookies-bridge package:
yarn add @alokai/cookies-bridge
  1. Add the extension to the integration configuration:
apps/storefront-middleware/integrations/<your-integration>/config.ts
// Only in projects that are NOT using `@alokai/connect` package.

+ import { createCookiesBridgeExtension } from "@alokai/cookies-bridge";
+ const cookiesBridgeExtension = createCookiesBridgeExtension([{
+   header: 'x-alokai-locale',
+   cookie: 'vsf-locale',
+ }]);

export const config = {
  configuration: {
    // ...
  }

  extensions: (extensions: ApiClientExtension[]) => [
+    cookiesBridgeExtension,
    ...extensions,
    unifiedApiExtension,
    cdnExtension,
    ...(IS_MULTISTORE_ENABLED === 'true' ? [configSwitcherExtensionFactory()] : []),
  ],
};

Note: The extension should be added as first in the extensions list, as it should be executed before any other extension.

In some projects, the middleware configuration might be placed in middleware.config.ts file, but implementation is the same.

Patch Changes

  • FIXED Errors thrown in the integration extension's beforeCall hook now correctly propagate their statusCode property to the response, instead of defaulting to 404.

1.0.0-rc.0

Major Changes

Fix builds

Patch Changes

Update packages to work with connect rc version

1.0.0

Major Changes

Release of the package @alokai/connect version 1.0.0.

Middleware

CHANGED Updated the type of the hooks property in the ApiClientExtension interface so that the hooks' configuration param is typed properly. This is a breaking change if you are using legacy @vue-storefront/middleware version 4.1.2 or lower.

Config Switcher (previously multistore)

UPDATED Set the return type of the createMultistoreExtension helper to ApiClientExtension.

SDK

CHANGED The config parameter available in the callback passed to defineSdkConfig() no longer contains computed middlewareUrl property. It now exposes apiUrl and ssrApiUrl that should be used instead. CHANGED The middleware.ssrApiUrl parameter is now required in the resolveSdkOptions() method.

Migration guide

  1. Update environment variables

In the apps/storefront-unified-nextjs/sdk/options.ts file, verify the NEXT_PUBLIC_ALOKAI_MIDDLEWARE_SSR_API_URL environment variable exists:

const ssrApiUrl = env('NEXT_PUBLIC_ALOKAI_MIDDLEWARE_SSR_API_URL');

+ if (!ssrApiUrl) {
+   throw new Error('NEXT_PUBLIC_ALOKAI_MIDDLEWARE_SSR_API_URL is required to run the app');
+ }

See our guide on initializing the SDK for a complete version of the file.

  1. Update SDK configuration file

Update your SDK configuration file (apps/storefront-unified-nextjs/sdk/config.ts) so that registered modules use apiUrl and ssrApiUrl properties instead of middlewareUrl.

import { defineSdkConfig } from '@vue-storefront/next';

export function getSdkConfig() {
  return defineSdkConfig(({ buildModule, config, getRequestHeaders, middlewareModule }) => ({
    commerce: buildModule(middlewareModule, {
-     apiUrl: `${config.middlewareUrl}/commerce`,
+     apiUrl: `${config.apiUrl}/commerce`,
+     ssrApiUrl: `${config.ssrApiUrl}/commerce`,
    }),
  }));
}