Releases: redwoodjs/redwood
v6.4.0-rc.98
Changelog
Features
-
dbAuth: Unique session cookie name per port #9248 by @Tobbe
Previously, when using dbAuth, you couldn't run two different Redwood apps at the same time on different ports. One app would overwrite the session cookie used by the other, and vice versa. They both used the same cookie name (
session
), and browsers distinguish cookies by hostname, not port.This PR lets users configure the cookie name they want to use by setting
cookie.name
in theirapi/src/functions/auth.ts
file:// api/src/functions/auth.ts const authHandler = new DbAuthHandler(event, context, { // ... cookie: { name: 'session_%port%', // The cookie's attributes have moved to `cookie.attributes`: attributes: { // ... } }, })
If that option isn't set, it defaults to the old
session
name for backwards compatibility. In a similar vein,DbAuthHandler
still handles all the properties that are now nested incookie.attributes
at the top level. -
Fixes #2562, #9304, and https://community.redwoodjs.com/t/private-route-error-with-7-0-0-canary-347/5337. This PR deprecates the Router's
<Private>
component and theprivate
prop on the Router's<Set>
component. In their place, it introduces a new Router component,<PrivateSet>
.Starting in this release, you'll see strikethroughs in IDE when you use
<Private>
or theprivate
on<Set>
.
They still work just as they did, but they'll be removed in a future major release, and<PrivateSet>
is little more than a new name. The reason for the change is that in strict mode,private
is a reserved word and there were just some bugs we couldn't fix without changing the name. -
feat(cli): Setup command for mailer #9335 by @Josh-Walker-GM
This PR adds a setup command for the mailer:
yarn rw setup mailer
and adds functionality that enables it to conditionally use an in-memory handler for tests and the studio handler for development if those dependencies are available.
Check out the mailer docs for more: https://redwoodjs.com/docs/canary/mailer.
Fixes
-
Fix infinite loops on nested private routes with roles #9204 by @KrisCoulson
Fixes #9131. This restores the Router's ability to handle multiple nested routes with different levels of authentication and redirect contexts.
-
fix(types): Generate maps to allow improved "go to definition" behaviour #9269 by @Josh-Walker-GM
Fixes #5862 and #2867. Previously, navigating to the definition of cells, components, layouts, pages, etc. would lead you to the
.d.ts
file. This could be pretty frustrating if you're used to flying between definitions this way. This PR generates basic definition/source mappings for directory-mapped modules, cell mirrors, router pages, and route links. -
Fix Set wrapper type so you can have an array of wrappers #9314 by @Tobbe
Fixes #9313. This PR lets you do something like this in your
web/src/Routes.tsx
without type errors (notice the array of wrappers):const Routes = () => { return ( <Router> <Set wrap={[Wrapper]}> <Route path="/" page={HomePage} name="home" /> </Set> {/* ... */} </Router> ) }
-
Don't remount wrap components when navigating within Set #9312 by @Tobbe
Fixes #9105. This PR assigns each Set a unique id and uses that id as a key when rendering all the wrapper components.
Core Dependencies
- fix(deps): update storybook monorepo to v7.4.6 #9256
- fix(deps): update dependency vite to v4.4.11 #9255
- fix(deps): update prisma monorepo to v5.6.0 #9447
- fix(deps): update babel monorepo to v7.23.3 #9450
- fix(deps): update dependency fastify to v4.24.3 #9457
- chore(deps): update yarn to v3.7.0 #9489
- upgrade vite to v4.5.0 #9328
Docs
- Fix typos, removing erroneous apostrophes from personal possessive pronouns #9216 by @Philzen
- Fix broken link to most recent jest config example #9266 by @Philzen
- Fix TypeScript code highlighting (Chapter 6: Comments β Testing the service) #9267 by @Philzen
- Clarify Auth0 Configuration #9238 by @jdrbc
- docs: add missing
await
in service validation example #9243 by @G-Rath - docs: Clarifies the testimonial section of the What is Redwood documentation #9207 by @jdrbc
- fix (docs): use default markdown numbered list #9265 by @esteban-url
- Fix typo in RBAC @requireAuth example #9286 by @Philzen
- Fix links to Prisma n:m relationship docs #9285 by @Philzen
- docs: How to Use Prisma Client Extensions with DB Client and Logging #9283 by @dthyresson
- docs(mailer): Initial mailer docs #9363 by @Josh-Walker-GM
- Added missing type to routing-params.md #9377 by @pr0h0
- Update dbauth-passwordless.md #9357 by @brendandonahue
- docs: Update Deployment Docs to Provide Guidance on Extending the Timeout Duration in Vercel #9370 by @dinakartumu
Experimental features
Note
These features aren't officially released, but are included here for completeness since they're in this version. They're usable, but aren't fully documented and their API may change in future releases.
-
feat: add experimental docker setup command #9024 by @jtoar
This release features the first iteration of Redwood's Dockerfile and compose files. Thanks to everyone who participated in the container working group! Get started with the experimental setup command:
yarn rw exp setup-docker
And consult the docs here if you have any questions: https://redwoodjs.com/docs/canary/docker. Feedback welcome!
-
feat: Support GraphQL Subscriptions in Apollo Client using SSE links #9009 by @dthyresson
This PR adds support for GraphQL SSE (Server Sent Events) in both Redwood's GraphQL Server and
RedwoodApolloProvider
if realtime is enabled. For more on the status of realtime, see https://community.redwoodjs.com/t/redwoodjs-realtime/5002. -
feature: Support defer and stream GraphQL Directives in RedwoodRealtime #9235 by @dthyresson
-
feat(cli-helpers): Root package install and RWJS env var #9296 by @Josh-Walker-GM
This PR adds a few helper functions for installing packages in a Redwood app's root workspace and for setting the
RWJS_CWD
env var correctly. -
feature: Adds utility functions to add envars and update
redwood.toml
#9324 by @dthyresson
Dependencies
Click to see all upgraded dependencies
- chore(deps): update dependency @clerk/types to v3.52.0 #9213
- fix(deps): update dependency @clerk/clerk-sdk-node to v4.12.6 #9214
- chore(deps): update dependency @clerk/clerk-react to v4.25.1 #9212
- chore(deps): update dependency firebase to v10.4.0 #9203
- chore(deps): update dependency rimraf to v5.0.5 #9360
- fix(deps): update dependency concurrently to v8.2.2 #9361
- chore(deps): update dependency tailwindcss to v3.3.5 #9378
- fix(deps): update dependency msw to v1.3.2 #9379
- fix(deps): update dependency core-js to v3.33.2 #9293
- fix(deps): update apollo graphql packages #9418
- fix(deps): update dependency pino to v8.16.2 #9476
- fix(deps): update dependency prism-react-renderer to v2.2.0 #9492
v6.3.3
Patch Release
-
Update crypto library, CryptoJS CVE & deprecation #9350 by @cannikin
See https://community.redwoodjs.com/t/dbauth-security-release/5507.
-
Conditionally guarantee cell success data #9037 by @pvenable
The
CellSuccessData
type is typed as though all query fields are guaranteed. When there are multiple fields, this typing isn't accurate since there only needs to be one populated field to renderSuccess
. We can't know ahead of time that any particular field is guaranteed. This fix continues to guaranteeCellSuccessData
as before when there's only one field, but now the query data type will be left as-is when there's more than one. This brings the types more in-line with the actual runtime behavior of Cells. -
fix(fastify): Don't fallback to index html if requesting static assets #9272 by @dac09
If requesting an asset (e.g.
.js
,.jpeg
,.ico
) that doesn't exist, the Redwood server's not found handler responded with theindex.html
file. This response is meant for routes that haven't been prerendered, and is an SPA fallback. Because the 200 response here can get cached, it can lead to problems. The change here makes the server return a 404 instead, mainly to prevent caching. -
fix(babel): Improved message for error relating to multiple files ending in
Page.{js,jsx,ts,tsx}
in page directories #9329 by @Josh-Walker-GMIf you had multiple files ending in
Page.{...}
(likeHomePage.tsx
,useHomePage.tsx
) in a web-side page directory (likeweb/src/pages/HomePage
), the Router tried to import both files asHomePage
, basically redeclaring a variable, resulting in a cryptic error. This PR improves the error message by telling you which files the Router tried to import. -
fix(cli): Tailwind setup updates
scaffold.css
when needed #9290 by @Josh-Walker-GMRedwood's scaffold generator detects if you have Tailwind CSS setup and changes the contents of
scaffold.css
accordingly. But if you generate a scaffold before setting up Tailwind, theyarn rw setup ui tailwind
command wasn't smart enough to ask you if you wanted to update thescaffold.css
file too. Now it prompts you for you preference. -
fix(babel): Fix opentelemetry api wrapping and allow it to be disabled #9298 by @Josh-Walker-GM
Some projects fail to build when OpenTelemetry is enabled because the babel plugin which automatically wraps api side functions failed to handle some syntax cases. In those cases the transpiled syntax would be invalid javascript. This fix expands the syntax cases the plugin can handle, and reworks the error handling: we now bail out and do not modify the users source code rather than transpile into nonsense syntax.
-
fix(server-file): prefix
MODULE_NOT_FOUND
withERR_
#9372 by @jtoarThe
@redwoodjs/graphql-server
package takes some cues from the presence of an experimental file,api/src/server.ts
. If that file exists,@redwoodjs/graphql-server
tries to import the@redwoodjs/realtime
package. The import is wrapped in a try-catch because realtime is something you opt into. But there was a bug in the conditional in the try-catch block: if yourequire
a module and it's not found, it'll throwMODULE_NOT_FOUND
whileawait import
throwsERR_MODULE_NOT_FOUND
. We were checking for the wrong error code. -
Fix suggested code snippet #9288 by @pepicrft
Redwood's auth setup commands include codeblocks you can copy-paste into your project's
redwood.toml
file for ease. This one was missing some trailing commas that added friction to copy-pasting. -
Cell generator: Fix formatting in template #9301 by @Tobbe
A simple formatting fix for Cells so you don't get red squiggles out of the box.
v6.3.3-rc.8
Patch Release
-
Update crypto library, CryptoJS CVE & deprecation #9350 by @cannikin
See https://community.redwoodjs.com/t/dbauth-security-release/5507.
-
Conditionally guarantee cell success data #9037 by @pvenable
The
CellSuccessData
type is typed as though all query fields are guaranteed. When there are multiple fields, this typing isn't accurate since there only needs to be one populated field to renderSuccess
. We can't know ahead of time that any particular field is guaranteed. This fix continues to guaranteeCellSuccessData
as before when there's only one field, but now the query data type will be left as-is when there's more than one. This brings the types more in-line with the actual runtime behavior of Cells. -
fix(fastify): Don't fallback to index html if requesting static assets #9272 by @dac09
If requesting an asset (e.g.
.js
,.jpeg
,.ico
) that doesn't exist, the Redwood server's not found handler responded with theindex.html
file. This response is meant for routes that haven't been prerendered, and is an SPA fallback. Because the 200 response here can get cached, it can lead to problems. The change here makes the server return a 404 instead, mainly to prevent caching. -
fix(babel): Improved message for error relating to multiple files ending in
Page.{js,jsx,ts,tsx}
in page directories #9329 by @Josh-Walker-GMIf you had multiple files ending in
Page.{...}
(likeHomePage.tsx
,useHomePage.tsx
) in a web-side page directory (likeweb/src/pages/HomePage
), the Router tried to import both files asHomePage
, basically redeclaring a variable, resulting in a cryptic error. This PR improves the error message by telling you which files the Router tried to import. -
fix(cli): Tailwind setup updates
scaffold.css
when needed #9290 by @Josh-Walker-GMRedwood's scaffold generator detects if you have Tailwind CSS setup and changes the contents of
scaffold.css
accordingly. But if you generate a scaffold before setting up Tailwind, theyarn rw setup ui tailwind
command wasn't smart enough to ask you if you wanted to update thescaffold.css
file too. Now it prompts you for you preference. -
fix(babel): Fix opentelemetry api wrapping and allow it to be disabled #9298 by @Josh-Walker-GM
Some projects fail to build when OpenTelemetry is enabled because the babel plugin which automatically wraps api side functions failed to handle some syntax cases. In those cases the transpiled syntax would be invalid javascript. This fix expands the syntax cases the plugin can handle, and reworks the error handling: we now bail out and do not modify the users source code rather than transpile into nonsense syntax.
-
fix(server-file): prefix
MODULE_NOT_FOUND
withERR_
#9372 by @jtoarThe
@redwoodjs/graphql-server
package takes some cues from the presence of an experimental file,api/src/server.ts
. If that file exists,@redwoodjs/graphql-server
tries to import the@redwoodjs/realtime
package. The import is wrapped in a try-catch because realtime is something you opt into. But there was a bug in the conditional in the try-catch block: if yourequire
a module and it's not found, it'll throwMODULE_NOT_FOUND
whileawait import
throwsERR_MODULE_NOT_FOUND
. We were checking for the wrong error code. -
Fix suggested code snippet #9288 by @pepicrft
Redwood's auth setup commands include codeblocks you can copy-paste into your project's
redwood.toml
file for ease. This one was missing some trailing commas that added friction to copy-pasting. -
Cell generator: Fix formatting in template #9301 by @Tobbe
A simple formatting fix for Cells so you don't get red squiggles out of the box.
v6.3.2
Patch Release
This patch release includes a host of fixes, most notably for the api server. On larger projects (we've only come across one instance so far), in dev mode, there was a race condition between prebuilding and building the api side that sometimes caused the api server to loop. For now we've avoided this by ignoring an extraneous event emitted by chokidar, but in the future we'll consider fixing it in a more robust way by introducing api build caching.
What may be more relevant to most users, this patch release ships with a codemod to apply the type fix in #9251 to TS strict-mode projects: npx @redwoodjs/codemods entry-client-null-check
.
Lastly, the postcss security release only affects @redwoodjs/studio
, which is a dev-time only package, but if you're using tailwind or another CSS library that uses postcss, you'll want to upgrade it in your project accordingly.
- fix(generate dbAuth): restore one-more-thing formatting #9247 by @Tobbe
- fix:
await
Promise when seeding #9245 by @G-Rath - Include @types/react as devDep in projects #9250 by @Tobbe
- fix(api-sever): stop infinite loop on large projects #9270 by @jtoar
- small tweak to Flightcontrol deploy config template #9240 by @flybayer
- fix(crwa): Explicit check for possible null value in
entry.client.tsx
#9251 by @Josh-Walker-GM - chore(deps): update dependency postcss to v8.4.31 [security] #9260
v6.3.2-rc.2
v6.3.1
Security Release: Redwood Dependency Vulnerabilities
Two of Redwood's dependencies, systeminformation and graphql, just released a security release; this patch includes the patched versions of both packages. Here are links to the CVEs for systeminformation and graphql respectively: GHSA-gx6r-qc2v-3p3v, https://nvd.nist.gov/vuln/detail/CVE-2023-26144.
v6.3.0
Changelog
Features
- feat(cli): Setup command which uses an npm package #8920 by @Josh-Walker-GM
- feat(mailer): Resend handler #9175 by @Josh-Walker-GM
Docs
- Update what-is-redwood.md #9151 by @rodrigojmartin
- Fixed broken link (404) in the cell tutorial #9176 by @sidshetty
- Notes SDL codegen in docs #8917 by @orta
- Update services.md #9189 by @papaponmx
- docs(cli): Setup from npm package #9215 by @Josh-Walker-GM
Core dependencies
- fix(deps): update prisma monorepo to v5.3.1 #9187
- fix(deps): update dependency react-hook-form to v7.46.1 #9162
- fix(deps): update dependency fastify to v4.23.2 #9184
- fix(deps): update dependency @apollo/client to v3.8.4 #9208
- fix(deps): update storybook monorepo to v7.4.3 #9211
Dependencies
Click to see all upgraded dependencies
- fix(deps): update dependency @apollo/client to v3.8.3 #9123
- fix(deps): update dependency fastify to v4.22.2 #9124
- fix(deps): update dependency @fastify/static to v6.11.0 #9129
- fix(deps): update dependency fastify-raw-body to v4.2.2 #9126
- chore(deps): update dependency typescript to v5.2.2 #9128
- fix(deps): update opentelemetry-js monorepo #9147
- fix(deps): update dependency pino to v8.15.1 #9146
- fix(deps): update dependency nodemailer to v6.9.5 #9145
- fix(deps): update dependency msw to v1.3.0 #9161
- fix(deps): update dependency react-hook-form to v7.46.1 #9162
- fix(deps): update dependency fastify to v4.23.0 #9160
- fix(deps): update jest monorepo to v29.7.0 #9163
- fix(deps): update dependency fastify to v4.23.1 #9167
- fix(deps): update dependency @fastify/static to v6.11.1 #9182
- fix(deps): update dependency fastify to v4.23.2 #9184
- fix(deps): update prisma monorepo to v5.3.1 #9187
- fix(deps): update dependency concurrently to v8.2.1 #9183
- fix(deps): update storybook monorepo to v7.4.2 #9185
- chore(deps): update dependency react-error-boundary to v4.0.11 #9181
- fix(deps): update dependency @apollo/client to v3.8.4 #9208
- fix(deps): update storybook monorepo to v7.4.3 #9211
v6.2.3
v6.3.0-rc.34
Changelog
Features
- feat(cli): Setup command which uses an npm package #8920 by @Josh-Walker-GM
Docs
- Update what-is-redwood.md #9151 by @rodrigojmartin
- Fixed broken link (404) in the cell tutorial #9176 by @sidshetty
- Notes SDL codegen in docs #8917 by @orta
Core dependencies
- fix(deps): update dependency @apollo/client to v3.8.3 #9123
- fix(deps): update dependency react-hook-form to v7.46.1 #9162
- fix(deps): update dependency fastify to v4.23.2 #9184
- fix(deps): update prisma monorepo to v5.3.1 #9187
- fix(deps): update storybook monorepo to v7.4.2 #9185
Dependencies
Click to see all upgraded dependencies
- fix(deps): update dependency @apollo/client to v3.8.3 #9123
- fix(deps): update dependency fastify to v4.22.2 #9124
- fix(deps): update dependency @fastify/static to v6.11.0 #9129
- fix(deps): update dependency fastify-raw-body to v4.2.2 #9126
- chore(deps): update dependency typescript to v5.2.2 #9128
- fix(deps): update opentelemetry-js monorepo #9147
- fix(deps): update dependency pino to v8.15.1 #9146
- fix(deps): update dependency nodemailer to v6.9.5 #9145
- fix(deps): update dependency msw to v1.3.0 #9161
- fix(deps): update dependency react-hook-form to v7.46.1 #9162
- fix(deps): update dependency fastify to v4.23.0 #9160
- fix(deps): update jest monorepo to v29.7.0 #9163
- fix(deps): update dependency fastify to v4.23.1 #9167
- fix(deps): update dependency @fastify/static to v6.11.1 #9182
- fix(deps): update dependency fastify to v4.23.2 #9184
- chore(deps): update dependency lerna to v7.3.0 #9186
- fix(deps): update prisma monorepo to v5.3.1 #9187
- fix(deps): update dependency concurrently to v8.2.1 #9183
- fix(deps): update storybook monorepo to v7.4.2 #9185
v6.2.2
Patch Release
The last patch release didn't fix the Babel issues for all users, particularly those with older projects. This patch release has a better fix for the issue, which was just a matter of using carets to specify the versions of the Babel packages Redwood depends on. Redwood has a long history of pinning dependencies because many packages release breaking changes in minor releases, but in this case it was causing more than one version of some of the Babel packages to be installed, which lead to hoisting problems.
- fix(babel): use caret to specify some package versions #9174 by @jtoar
- fix(cli): Prevent stale command cache defaults #9169 by @Josh-Walker-GM