From 1848d619aba7b3c4d6d918e5b6ecca118473a567 Mon Sep 17 00:00:00 2001
From: Nanda <nanda.sankaran@gmail.com>
Date: Thu, 2 May 2024 12:55:44 +1000
Subject: [PATCH 1/2] Remove `string-replace-webpack-plugin` to fix critical
 security warning.

The plugin was mainly used for replacing babel generated getters with `superGet` in
mobx 4. But after mobx upgrade this is no longer required.

It is currently only used for upadting the credit string in Ion.js that is shown when using the
default Ion token. I have dropped that in favour of keeping the build script simpler.
---
 buildprocess/configureWebpack.js | 62 --------------------------------
 package.json                     |  2 --
 2 files changed, 64 deletions(-)

diff --git a/buildprocess/configureWebpack.js b/buildprocess/configureWebpack.js
index 964deee41f0..043db0434b5 100644
--- a/buildprocess/configureWebpack.js
+++ b/buildprocess/configureWebpack.js
@@ -1,6 +1,5 @@
 const path = require("path");
 const CopyPlugin = require("copy-webpack-plugin");
-const StringReplacePlugin = require("string-replace-webpack-plugin");
 const ForkTsCheckerWebpackPlugin = require("fork-ts-checker-webpack-plugin");
 const ForkTsCheckerNotifierWebpackPlugin = require("fork-ts-checker-notifier-webpack-plugin");
 const webpack = require("webpack");
@@ -51,66 +50,6 @@ function configureWebpack(
   config.module = config.module || {};
   config.module.rules = config.module.rules || [];
 
-  config.module.rules.push({
-    test: /\.js?$/,
-    include: path.dirname(require.resolve("terriajs-cesium/README.md")),
-    exclude: [
-      // require.resolve("terriajs-cesium/Source/ThirdParty/zip"),
-      // require.resolve("terriajs-cesium/Source/Core/buildModuleUrl"),
-      // require.resolve("terriajs-cesium/Source/Core/TaskProcessor")
-    ],
-    loader: StringReplacePlugin.replace({
-      replacements: [
-        // {
-        //   pattern: /buildModuleUrl\([\'|\"|\`](.*)[\'|\"|\`]\)/gi,
-        //   replacement: function (match, p1, offset, string) {
-        //     let p1_modified = p1.replace(/\\/g, "\\\\");
-        //     return (
-        //       "require(`" +
-        //       cesiumDir.replace(/\\/g, "\\\\") +
-        //       "/Source/" +
-        //       p1_modified +
-        //       "`)"
-        //     );
-        //   }
-        // },
-        {
-          pattern: /Please assign <i>Cesium.Ion.defaultAccessToken<\/i>/g,
-          replacement: function () {
-            return 'Please set "cesiumIonAccessToken" in config.json';
-          }
-        },
-        {
-          pattern: / before making any Cesium API calls/g,
-          replacement: function () {
-            return "";
-          }
-        }
-      ]
-    })
-  });
-
-  // The sprintf module included by Cesium includes a license comment with a big
-  // pile of links, some of which are apparently dodgy and cause Websense to flag
-  // web workers that include the comment as malicious.  So here we munge URLs in
-  // comments so broken security software doesn't consider them links that a user
-  // might actually visit.
-  config.module.rules.push({
-    test: /\.js?$/,
-    include: path.resolve(cesiumDir, "Source", "ThirdParty"),
-    loader: StringReplacePlugin.replace({
-      replacements: [
-        {
-          pattern: /\/\*[\S\s]*?\*\//g, // find multi-line comments
-          replacement: function (match) {
-            // replace http:// and https:// with a spelling-out of it.
-            return match.replace(/(https?):\/\//g, "$1-colon-slashslash ");
-          }
-        }
-      ]
-    })
-  });
-
   const zipJsDir = path.dirname(require.resolve("@zip.js/zip.js/package.json"));
 
   config.module.rules.push({
@@ -316,7 +255,6 @@ function configureWebpack(
   };
 
   config.plugins = (config.plugins || []).concat([
-    new StringReplacePlugin(),
     new webpack.IgnorePlugin(/^\.\/locale$/, /moment$/)
   ]);
 
diff --git a/package.json b/package.json
index 671ad8b3d51..b3791a068c5 100644
--- a/package.json
+++ b/package.json
@@ -172,8 +172,6 @@
     "sass-loader": "^10",
     "shpjs": "^3.6.0",
     "simple-statistics": "^7.0.1",
-    "string-replace-loader": "^2.1.1",
-    "string-replace-webpack-plugin": "^0.1.3",
     "style-loader": "^0.23.1",
     "styled-components": "^5.3.9",
     "svg-sprite-loader": "^6.0.11",

From fa838ff86059787215c5a11c962a776f2528dad4 Mon Sep 17 00:00:00 2001
From: Nanda <nanda.sankaran@gmail.com>
Date: Thu, 2 May 2024 13:38:50 +1000
Subject: [PATCH 2/2] Update CHANGES.md.

---
 CHANGES.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGES.md b/CHANGES.md
index 9d0d1f50712..3a3527d6bd7 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -3,6 +3,7 @@
 #### next release (8.7.2)
 
 - Add NumberParameterEditor to enable WPS AllowedValues Ranges to be set and use DefaultValue
+- Show Cesium's original credit message instead of a custom Terria one when using the default Ion access token.
 
 #### 8.7.1 - 2024-04-16