Feat/matb/web sdk upgrade

[matbmapspeople]

Summary by CodeRabbit

• Bug Fixes
  • Updated MapsIndoors JavaScript SDK to version 4.49.1 for improved stability and reliability.
• Documentation
  • Added a new changelog entry for version 1.91.5 (2026-02-13) noting the SDK update.

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated the MapsIndoors JavaScript SDK reference from 4.49.0 to 4.49.1 in the MapTemplate dynamic loader and added a changelog entry (version 1.91.5) documenting the Web SDK update.

Changes

Cohort / File(s)	Summary
SDK Version Bump packages/map-template/src/components/MapTemplate/MapTemplate.jsx, packages/map-template/CHANGELOG.md	Bumped MapsIndoors Web SDK URL and Subresource Integrity hash from 4.49.0 to 4.49.1 in the dynamic loader; added changelog entry for version 1.91.5 (2026-02-13) noting the Web SDK update.

Sequence Diagram(s)

(omitted — changes are small and do not introduce new multi-component control flow)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• Upgrade mapbox-gl-js version for the Map Template to v3.15.0 and upgrade SDK version #564: Updates the same MapTemplate.jsx SDK script URL and integrity hash (MapsIndoors Web SDK bump).
• Upgrade SDK Version #585: Modifies MapTemplate.jsx to bump the MapsIndoors Web SDK and adds a changelog entry.
• Update MapTemplate to use MapsIndoors SDK version 4.47.0 and bump @ma… #610: Changes the MapTemplate.jsx dynamic SDK loader, updating the script version and SRI hash.

Suggested reviewers

• Lucaci-Andrei

Poem

🐰 A tiny hop, a tidy run,
From 4.49.0 to 4.49.1.
Hash refreshed and changelog spun,
Map tiles ready — work is done! 🥕✨

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Feat/matb/web sdk upgrade' directly describes the main change: upgrading the Web SDK version from 4.49.0 to 4.49.1 across the codebase.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into main

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/matb/web_sdk_upgrade

---

No actionable comments were generated in the recent review. 🎉

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@packages/map-template/src/components/MapTemplate/MapTemplate.jsx`:
- Around line 238-239: The integrity attribute used when creating the
MapsIndoors SDK script tag is incorrect and causes browsers to reject the
resource; update the call that sets the integrity on miSdkApiTag (see
miSdkApiTag.setAttribute('integrity', ...)) to use the correct SRI value
"sha384-AgZdUiaUaOcGFaV4SsCcMecYmDg21p3YCodPeBJujrfIpm6+sexCHkzdXhc5g2Aa" so the
loaded SDK matches its published artifact.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify the SRI hash for the MapsIndoors SDK 4.49.1
EXPECTED_HASH="sha384-Yt+gfsWoPoSA+odTtvTDJaQK8tsiKgVmTQt4AwN4TlYcRtZS89BowiE8Ycgzbhlm"

# Download the SDK file
curl -sL -o /tmp/mapsindoors-sdk.js.gz "https://app.mapsindoors.com/mapsindoors/js/sdk/4.49.1/mapsindoors-4.49.1.js.gz"

# Check if download succeeded
if [ ! -s /tmp/mapsindoors-sdk.js.gz ]; then
  echo "ERROR: Failed to download SDK file or file is empty"
  exit 1
fi

# Compute SRI hash
COMPUTED_HASH="sha384-$(openssl dgst -sha384 -binary /tmp/mapsindoors-sdk.js.gz | openssl base64 -A)"

echo "Expected:  $EXPECTED_HASH"
echo "Computed:  $COMPUTED_HASH"

if [ "$EXPECTED_HASH" = "$COMPUTED_HASH" ]; then
  echo "✅ SRI hash matches!"
else
  echo "❌ SRI hash DOES NOT match!"
fi

Repository: MapsPeople/web-ui

Length of output: 300

---

🏁 Script executed:

#!/bin/bash
python3 << 'EOF'
import hashlib
import base64
import urllib.request

EXPECTED_HASH = "sha384-Yt+gfsWoPoSA+odTtvTDJaQK8tsiKgVmTQt4AwN4TlYcRtZS89BowiE8Ycgzbhlm"
SDK_URL = "https://app.mapsindoors.com/mapsindoors/js/sdk/4.49.1/mapsindoors-4.49.1.js.gz"

try:
    # Download the SDK file
    with urllib.request.urlopen(SDK_URL) as response:
        sdk_data = response.read()
    
    if not sdk_data:
        print("ERROR: Failed to download SDK file or file is empty")
        exit(1)
    
    # Compute SHA-384 hash
    sha384_hash = hashlib.sha384(sdk_data).digest()
    computed_base64 = base64.b64encode(sha384_hash).decode('utf-8')
    computed_hash = f"sha384-{computed_base64}"
    
    print(f"Expected:  {EXPECTED_HASH}")
    print(f"Computed:  {computed_hash}")
    
    if EXPECTED_HASH == computed_hash:
        print("✅ SRI hash MATCHES!")
    else:
        print("❌ SRI hash DOES NOT match!")
except Exception as e:
    print(f"ERROR: {e}")
    exit(1)
EOF

Repository: MapsPeople/web-ui

Length of output: 195

---

🏁 Script executed:

#!/bin/bash
python3 << 'EOF'
import hashlib
import base64
import urllib.request
import ssl

EXPECTED_HASH = "sha384-Yt+gfsWoPoSA+odTtvTDJaQK8tsiKgVmTQt4AwN4TlYcRtZS89BowiE8Ycgzbhlm"
SDK_URL = "https://app.mapsindoors.com/mapsindoors/js/sdk/4.49.1/mapsindoors-4.49.1.js.gz"

try:
    # Disable SSL verification for sandbox environment
    ssl_context = ssl._create_unverified_context()
    
    # Download the SDK file
    with urllib.request.urlopen(SDK_URL, context=ssl_context) as response:
        sdk_data = response.read()
    
    if not sdk_data:
        print("ERROR: Failed to download SDK file or file is empty")
        exit(1)
    
    # Compute SHA-384 hash
    sha384_hash = hashlib.sha384(sdk_data).digest()
    computed_base64 = base64.b64encode(sha384_hash).decode('utf-8')
    computed_hash = f"sha384-{computed_base64}"
    
    print(f"Expected:  {EXPECTED_HASH}")
    print(f"Computed:  {computed_hash}")
    print(f"File size: {len(sdk_data)} bytes")
    
    if EXPECTED_HASH == computed_hash:
        print("✅ SRI hash MATCHES!")
    else:
        print("❌ SRI hash DOES NOT match!")
except Exception as e:
    print(f"ERROR: {e}")
    import traceback
    traceback.print_exc()
    exit(1)
EOF

Repository: MapsPeople/web-ui

Length of output: 277

---

Update the SRI integrity hash to match the published SDK artifact.

The integrity hash in the code does not match the actual published SDK file. The hash sha384-Yt+gfsWoPoSA+odTtvTDJaQK8tsiKgVmTQt4AwN4TlYcRtZS89BowiE8Ycgzbhlm is incorrect. Browsers will reject the SDK load due to failed integrity verification. Update line 239 to use the correct hash: sha384-AgZdUiaUaOcGFaV4SsCcMecYmDg21p3YCodPeBJujrfIpm6+sexCHkzdXhc5g2Aa

🤖 Prompt for AI Agents

In `@packages/map-template/src/components/MapTemplate/MapTemplate.jsx` around
lines 238 - 239, The integrity attribute used when creating the MapsIndoors SDK
script tag is incorrect and causes browsers to reject the resource; update the
call that sets the integrity on miSdkApiTag (see
miSdkApiTag.setAttribute('integrity', ...)) to use the correct SRI value
"sha384-AgZdUiaUaOcGFaV4SsCcMecYmDg21p3YCodPeBJujrfIpm6+sexCHkzdXhc5g2Aa" so the
loaded SDK matches its published artifact.