fix: Update link tag on stylesheet modification (#22504)

Reverts previously added file watcher for stylesheet files as the static resource folder is already watched by hotswap mechanism.
Updates link tag once a modification is detected so stylesheet is hot reloaded.

Related-to: #22465

fix: always wait for navigated event for title (#22494) (#22510)

When running with react-router
always wait for vaadin-navigated
event before updating the title.

Fixes #21171

Co-authored-by: caalador <[email protected]>

fix: always wait for navigated event for title (#22494) (#22511)

When running with react-router
always wait for vaadin-navigated
event before updating the title.

Fixes #21171

Co-authored-by: caalador <[email protected]>

fix: Always permit Aura and Lumo requests (#22444)

Fixes #22413

chore: Format JS+TS files (#22455)

Do not format files which are checksummed in tests

fix: make sure request principal is available (#22368) (#22398)

When Spring Security request matchers are executed within SpringPathAccessChecker
the request object is a stub instance that throw UnsupportedOperationException
for many methods. This can cause failure when the path access checker is used
in combination with request matchers that, for example, try to access the
request user principal. An example is the pre-configured 'isAllowedHillaView'
matcher.
This change wraps the request matchers configured by Vaadin so that the
request principal is taken from the Spring Security context, if not available
on the request.

In addition provides documentation and helper to set a global HttpServletRequestTransformer
to augment all requests handled by WebInvocationPrivilegeEvaluator with the
proper getUserPrincipal method override.

Fixes #22284

fix: make sure request principal is available (#22368) (#22399)

When Spring Security request matchers are executed within SpringPathAccessChecker
the request object is a stub instance that throw UnsupportedOperationException
for many methods. This can cause failure when the path access checker is used
in combination with request matchers that, for example, try to access the
request user principal. An example is the pre-configured 'isAllowedHillaView'
matcher.
This change wraps the request matchers configured by Vaadin so that the
request principal is taken from the Spring Security context, if not available
on the request.

In addition provides documentation and helper to set a global HttpServletRequestTransformer
to augment all requests handled by WebInvocationPrivilegeEvaluator with the
proper getUserPrincipal method override.

Fixes #22284

Revert "fix: authentication redirect to login (#22354)" (#22369)

This reverts commit b0f7666.

feat: conditionally load workbox dependencies only when PWA is enabled (

#22320)

Move workbox-core and workbox-precaching from default dependencies to a new
workbox folder that is only loaded when PWA is enabled. This reduces
unnecessary dependencies for projects that don't use PWA functionality.

chore: Deprecate WebBrowser and BrowserDetails (#22283)

* chore!: Deprecate WebBrowser and BrowserDetails

BrowserDetail only parses required parts.
Log server parsing exceptions as debug only.

Fixes #21830