v6.4.0-rc.98

Changelog

Features

• dbAuth: Unique session cookie name per port #9248 by @Tobbe

  Previously, when using dbAuth, you couldn't run two different Redwood apps at the same time on different ports. One app would overwrite the session cookie used by the other, and vice versa. They both used the same cookie name (session), and browsers distinguish cookies by hostname, not port.

  This PR lets users configure the cookie name they want to use by setting cookie.name in their api/src/functions/auth.ts file:

  // api/src/functions/auth.ts
  
  const authHandler = new DbAuthHandler(event, context, {
    // ...
  
    cookie: {
      name: 'session_%port%',
  
      // The cookie's attributes have moved to `cookie.attributes`:
      attributes: {
        // ...
      }
    },
  })

  If that option isn't set, it defaults to the old session name for backwards compatibility. In a similar vein, DbAuthHandler still handles all the properties that are now nested in cookie.attributes at the top level.

• <PrivateSet> #9303 by @Tobbe

  Fixes #2562, #9304, and https://community.redwoodjs.com/t/private-route-error-with-7-0-0-canary-347/5337. This PR deprecates the Router's <Private> component and the private prop on the Router's <Set> component. In their place, it introduces a new Router component, <PrivateSet>.

  Starting in this release, you'll see strikethroughs in IDE when you use <Private> or the private on <Set>.
  They still work just as they did, but they'll be removed in a future major release, and <PrivateSet> is little more than a new name. The reason for the change is that in strict mode, private is a reserved word and there were just some bugs we couldn't fix without changing the name.

• feat(cli): Setup command for mailer #9335 by @Josh-Walker-GM

  This PR adds a setup command for the mailer:

  yarn rw setup mailer
  

  and adds functionality that enables it to conditionally use an in-memory handler for tests and the studio handler for development if those dependencies are available.

  Check out the mailer docs for more: https://redwoodjs.com/docs/canary/mailer.

Fixes

• Fix infinite loops on nested private routes with roles #9204 by @KrisCoulson

  Fixes #9131. This restores the Router's ability to handle multiple nested routes with different levels of authentication and redirect contexts.

• fix(types): Generate maps to allow improved "go to definition" behaviour #9269 by @Josh-Walker-GM

  Fixes #5862 and #2867. Previously, navigating to the definition of cells, components, layouts, pages, etc. would lead you to the .d.ts file. This could be pretty frustrating if you're used to flying between definitions this way. This PR generates basic definition/source mappings for directory-mapped modules, cell mirrors, router pages, and route links.

• Fix Set wrapper type so you can have an array of wrappers #9314 by @Tobbe

  Fixes #9313. This PR lets you do something like this in your web/src/Routes.tsx without type errors (notice the array of wrappers):

  const Routes = () => {
    return (
      <Router>
        <Set wrap={[Wrapper]}>
          <Route path="/" page={HomePage} name="home" />
        </Set>
        {/* ... */}
      </Router>
    )
  }

• Don't remount wrap components when navigating within Set #9312 by @Tobbe

  Fixes #9105. This PR assigns each Set a unique id and uses that id as a key when rendering all the wrapper components.

Core Dependencies

• fix(deps): update storybook monorepo to v7.4.6 #9256
• fix(deps): update dependency vite to v4.4.11 #9255
• fix(deps): update prisma monorepo to v5.6.0 #9447
• fix(deps): update babel monorepo to v7.23.3 #9450
• fix(deps): update dependency fastify to v4.24.3 #9457
• chore(deps): update yarn to v3.7.0 #9489
• upgrade vite to v4.5.0 #9328

Docs

• Fix typos, removing erroneous apostrophes from personal possessive pronouns #9216 by @Philzen
• Fix broken link to most recent jest config example #9266 by @Philzen
• Fix TypeScript code highlighting (Chapter 6: Comments – Testing the service) #9267 by @Philzen
• Clarify Auth0 Configuration #9238 by @jdrbc
• docs: add missing await in service validation example #9243 by @G-Rath
• docs: Clarifies the testimonial section of the What is Redwood documentation #9207 by @jdrbc
• fix (docs): use default markdown numbered list #9265 by @esteban-url
• Fix typo in RBAC @requireAuth example #9286 by @Philzen
• Fix links to Prisma n:m relationship docs #9285 by @Philzen
• docs: How to Use Prisma Client Extensions with DB Client and Logging #9283 by @dthyresson
• docs(mailer): Initial mailer docs #9363 by @Josh-Walker-GM
• Added missing type to routing-params.md #9377 by @pr0h0
• Update dbauth-passwordless.md #9357 by @brendandonahue
• docs: Update Deployment Docs to Provide Guidance on Extending the Timeout Duration in Vercel #9370 by @dinakartumu

Experimental features

Note

These features aren't officially released, but are included here for completeness since they're in this version. They're usable, but aren't fully documented and their API may change in future releases.

• feat: add experimental docker setup command #9024 by @jtoar

  This release features the first iteration of Redwood's Dockerfile and compose files. Thanks to everyone who participated in the container working group! Get started with the experimental setup command:

  yarn rw exp setup-docker
  

  And consult the docs here if you have any questions: https://redwoodjs.com/docs/canary/docker. Feedback welcome!

• feat: Support GraphQL Subscriptions in Apollo Client using SSE links #9009 by @dthyresson

  This PR adds support for GraphQL SSE (Server Sent Events) in both Redwood's GraphQL Server and RedwoodApolloProvider if realtime is enabled. For more on the status of realtime, see https://community.redwoodjs.com/t/redwoodjs-realtime/5002.

• feature: Support defer and stream GraphQL Directives in RedwoodRealtime #9235 by @dthyresson

• feat(cli-helpers): Root package install and RWJS env var #9296 by @Josh-Walker-GM

  This PR adds a few helper functions for installing packages in a Redwood app's root workspace and for setting the RWJS_CWD env var correctly.

• feature: Adds utility functions to add envars and update redwood.toml #9324 by @dthyresson

Dependencies

Click to see all upgraded dependencies

• chore(deps): update dependency @clerk/types to v3.52.0 #9213
• fix(deps): update dependency @clerk/clerk-sdk-node to v4.12.6 #9214
• chore(deps): update dependency @clerk/clerk-react to v4.25.1 #9212
• chore(deps): update dependency firebase to v10.4.0 #9203
• chore(deps): update dependency rimraf to v5.0.5 #9360
• fix(deps): update dependency concurrently to v8.2.2 #9361
• chore(deps): update dependency tailwindcss to v3.3.5 #9378
• fix(deps): update dependency msw to v1.3.2 #9379
• fix(deps): update dependency core-js to v3.33.2 #9293
• fix(deps): update apollo graphql packages #9418
• fix(deps): update dependency pino to v8.16.2 #9476
• fix(deps): update dependency prism-react-renderer to v2.2.0 #9492

v6.3.3

Patch Release

• Update crypto library, CryptoJS CVE & deprecation #9350 by @cannikin

  See https://community.redwoodjs.com/t/dbauth-security-release/5507.

• Conditionally guarantee cell success data #9037 by @pvenable

  The CellSuccessData type is typed as though all query fields are guaranteed. When there are multiple fields, this typing isn't accurate since there only needs to be one populated field to render Success. We can't know ahead of time that any particular field is guaranteed. This fix continues to guarantee CellSuccessData as before when there's only one field, but now the query data type will be left as-is when there's more than one. This brings the types more in-line with the actual runtime behavior of Cells.

• fix(fastify): Don't fallback to index html if requesting static assets #9272 by @dac09

  If requesting an asset (e.g. .js, .jpeg, .ico) that doesn't exist, the Redwood server's not found handler responded with the index.html file. This response is meant for routes that haven't been prerendered, and is an SPA fallback. Because the 200 response here can get cached, it can lead to problems. The change here makes the server return a 404 instead, mainly to prevent caching.

• fix(babel): Improved message for error relating to multiple files ending in Page.{js,jsx,ts,tsx} in page directories #9329 by @Josh-Walker-GM

  If you had multiple files ending in Page.{...} (like HomePage.tsx, useHomePage.tsx) in a web-side page directory (like web/src/pages/HomePage), the Router tried to import both files as HomePage, basically redeclaring a variable, resulting in a cryptic error. This PR improves the error message by telling you which files the Router tried to import.

• fix(cli): Tailwind setup updates scaffold.css when needed #9290 by @Josh-Walker-GM

  Redwood's scaffold generator detects if you have Tailwind CSS setup and changes the contents of scaffold.css accordingly. But if you generate a scaffold before setting up Tailwind, the yarn rw setup ui tailwind command wasn't smart enough to ask you if you wanted to update the scaffold.css file too. Now it prompts you for you preference.

• fix(babel): Fix opentelemetry api wrapping and allow it to be disabled #9298 by @Josh-Walker-GM

  Some projects fail to build when OpenTelemetry is enabled because the babel plugin which automatically wraps api side functions failed to handle some syntax cases. In those cases the transpiled syntax would be invalid javascript. This fix expands the syntax cases the plugin can handle, and reworks the error handling: we now bail out and do not modify the users source code rather than transpile into nonsense syntax.

• fix(server-file): prefix MODULE_NOT_FOUND with ERR_ #9372 by @jtoar

  The @redwoodjs/graphql-server package takes some cues from the presence of an experimental file, api/src/server.ts. If that file exists, @redwoodjs/graphql-server tries to import the @redwoodjs/realtime package. The import is wrapped in a try-catch because realtime is something you opt into. But there was a bug in the conditional in the try-catch block: if you require a module and it's not found, it'll throw MODULE_NOT_FOUND while await import throws ERR_MODULE_NOT_FOUND. We were checking for the wrong error code.

• Fix suggested code snippet #9288 by @pepicrft

  Redwood's auth setup commands include codeblocks you can copy-paste into your project's redwood.toml file for ease. This one was missing some trailing commas that added friction to copy-pasting.

• Cell generator: Fix formatting in template #9301 by @Tobbe

  A simple formatting fix for Cells so you don't get red squiggles out of the box.

v6.3.3-rc.8

Patch Release

• Update crypto library, CryptoJS CVE & deprecation #9350 by @cannikin

  See https://community.redwoodjs.com/t/dbauth-security-release/5507.

• Conditionally guarantee cell success data #9037 by @pvenable

  The CellSuccessData type is typed as though all query fields are guaranteed. When there are multiple fields, this typing isn't accurate since there only needs to be one populated field to render Success. We can't know ahead of time that any particular field is guaranteed. This fix continues to guarantee CellSuccessData as before when there's only one field, but now the query data type will be left as-is when there's more than one. This brings the types more in-line with the actual runtime behavior of Cells.

• fix(fastify): Don't fallback to index html if requesting static assets #9272 by @dac09

  If requesting an asset (e.g. .js, .jpeg, .ico) that doesn't exist, the Redwood server's not found handler responded with the index.html file. This response is meant for routes that haven't been prerendered, and is an SPA fallback. Because the 200 response here can get cached, it can lead to problems. The change here makes the server return a 404 instead, mainly to prevent caching.

• fix(babel): Improved message for error relating to multiple files ending in Page.{js,jsx,ts,tsx} in page directories #9329 by @Josh-Walker-GM

  If you had multiple files ending in Page.{...} (like HomePage.tsx, useHomePage.tsx) in a web-side page directory (like web/src/pages/HomePage), the Router tried to import both files as HomePage, basically redeclaring a variable, resulting in a cryptic error. This PR improves the error message by telling you which files the Router tried to import.

• fix(cli): Tailwind setup updates scaffold.css when needed #9290 by @Josh-Walker-GM

  Redwood's scaffold generator detects if you have Tailwind CSS setup and changes the contents of scaffold.css accordingly. But if you generate a scaffold before setting up Tailwind, the yarn rw setup ui tailwind command wasn't smart enough to ask you if you wanted to update the scaffold.css file too. Now it prompts you for you preference.

• fix(babel): Fix opentelemetry api wrapping and allow it to be disabled #9298 by @Josh-Walker-GM

  Some projects fail to build when OpenTelemetry is enabled because the babel plugin which automatically wraps api side functions failed to handle some syntax cases. In those cases the transpiled syntax would be invalid javascript. This fix expands the syntax cases the plugin can handle, and reworks the error handling: we now bail out and do not modify the users source code rather than transpile into nonsense syntax.

• fix(server-file): prefix MODULE_NOT_FOUND with ERR_ #9372 by @jtoar

  The @redwoodjs/graphql-server package takes some cues from the presence of an experimental file, api/src/server.ts. If that file exists, @redwoodjs/graphql-server tries to import the @redwoodjs/realtime package. The import is wrapped in a try-catch because realtime is something you opt into. But there was a bug in the conditional in the try-catch block: if you require a module and it's not found, it'll throw MODULE_NOT_FOUND while await import throws ERR_MODULE_NOT_FOUND. We were checking for the wrong error code.

• Fix suggested code snippet #9288 by @pepicrft

  Redwood's auth setup commands include codeblocks you can copy-paste into your project's redwood.toml file for ease. This one was missing some trailing commas that added friction to copy-pasting.

• Cell generator: Fix formatting in template #9301 by @Tobbe

  A simple formatting fix for Cells so you don't get red squiggles out of the box.

v6.3.2

Patch Release

This patch release includes a host of fixes, most notably for the api server. On larger projects (we've only come across one instance so far), in dev mode, there was a race condition between prebuilding and building the api side that sometimes caused the api server to loop. For now we've avoided this by ignoring an extraneous event emitted by chokidar, but in the future we'll consider fixing it in a more robust way by introducing api build caching.

What may be more relevant to most users, this patch release ships with a codemod to apply the type fix in #9251 to TS strict-mode projects: npx @redwoodjs/codemods entry-client-null-check.

Lastly, the postcss security release only affects @redwoodjs/studio, which is a dev-time only package, but if you're using tailwind or another CSS library that uses postcss, you'll want to upgrade it in your project accordingly.

• fix(generate dbAuth): restore one-more-thing formatting #9247 by @Tobbe
• fix: await Promise when seeding #9245 by @G-Rath
• Include @types/react as devDep in projects #9250 by @Tobbe
• fix(api-sever): stop infinite loop on large projects #9270 by @jtoar
• small tweak to Flightcontrol deploy config template #9240 by @flybayer
• fix(crwa): Explicit check for possible null value in entry.client.tsx #9251 by @Josh-Walker-GM
• chore(deps): update dependency postcss to v8.4.31 [security] #9260

v6.3.2-rc.2

Patch Release

• generate dbAuth: fix "one more thing" formatting #9247 by @Tobbe
• fix(crwa): await Promise when seeding #9245 by @G-Rath
• fix(api-sever): stop infinite loop on large projects #9270 by @jtoar

v6.3.1

Security Release: Redwood Dependency Vulnerabilities

Two of Redwood's dependencies, systeminformation and graphql, just released a security release; this patch includes the patched versions of both packages. Here are links to the CVEs for systeminformation and graphql respectively: GHSA-gx6r-qc2v-3p3v, https://nvd.nist.gov/vuln/detail/CVE-2023-26144.

• fix(deps): update dependency systeminformation to v5.21.7 [security] #9218
• fix(deps): update dependency graphql to v16.8.1 [security] #9228

v6.3.0

Changelog

Features

• feat(cli): Setup command which uses an npm package #8920 by @Josh-Walker-GM
• feat(mailer): Resend handler #9175 by @Josh-Walker-GM

Docs

• Update what-is-redwood.md #9151 by @rodrigojmartin
• Fixed broken link (404) in the cell tutorial #9176 by @sidshetty
• Notes SDL codegen in docs #8917 by @orta
• Update services.md #9189 by @papaponmx
• docs(cli): Setup from npm package #9215 by @Josh-Walker-GM

Core dependencies

• fix(deps): update prisma monorepo to v5.3.1 #9187
• fix(deps): update dependency react-hook-form to v7.46.1 #9162
• fix(deps): update dependency fastify to v4.23.2 #9184
• fix(deps): update dependency @apollo/client to v3.8.4 #9208
• fix(deps): update storybook monorepo to v7.4.3 #9211

Dependencies

Click to see all upgraded dependencies

• fix(deps): update dependency @apollo/client to v3.8.3 #9123
• fix(deps): update dependency fastify to v4.22.2 #9124
• fix(deps): update dependency @fastify/static to v6.11.0 #9129
• fix(deps): update dependency fastify-raw-body to v4.2.2 #9126
• chore(deps): update dependency typescript to v5.2.2 #9128
• fix(deps): update opentelemetry-js monorepo #9147
• fix(deps): update dependency pino to v8.15.1 #9146
• fix(deps): update dependency nodemailer to v6.9.5 #9145
• fix(deps): update dependency msw to v1.3.0 #9161
• fix(deps): update dependency react-hook-form to v7.46.1 #9162
• fix(deps): update dependency fastify to v4.23.0 #9160
• fix(deps): update jest monorepo to v29.7.0 #9163
• fix(deps): update dependency fastify to v4.23.1 #9167
• fix(deps): update dependency @fastify/static to v6.11.1 #9182
• fix(deps): update dependency fastify to v4.23.2 #9184
• fix(deps): update prisma monorepo to v5.3.1 #9187
• fix(deps): update dependency concurrently to v8.2.1 #9183
• fix(deps): update storybook monorepo to v7.4.2 #9185
• chore(deps): update dependency react-error-boundary to v4.0.11 #9181
• fix(deps): update dependency @apollo/client to v3.8.4 #9208
• fix(deps): update storybook monorepo to v7.4.3 #9211

v6.2.3

Patch Release

This patch release makes installing decoupled Redwood CLI commands more robust by adding a deduplication step after install, similar to the upgrade command:

• fix(cli): run dedupe after installing a redwood plugin #9199 by @jtoar
• chore: bump babel packages' versions #9200 by @jtoar

v6.3.0-rc.34

Changelog

Features

• feat(cli): Setup command which uses an npm package #8920 by @Josh-Walker-GM

Docs

• Update what-is-redwood.md #9151 by @rodrigojmartin
• Fixed broken link (404) in the cell tutorial #9176 by @sidshetty
• Notes SDL codegen in docs #8917 by @orta

Core dependencies

• fix(deps): update dependency @apollo/client to v3.8.3 #9123
• fix(deps): update dependency react-hook-form to v7.46.1 #9162
• fix(deps): update dependency fastify to v4.23.2 #9184
• fix(deps): update prisma monorepo to v5.3.1 #9187
• fix(deps): update storybook monorepo to v7.4.2 #9185

Dependencies

Click to see all upgraded dependencies

• fix(deps): update dependency @apollo/client to v3.8.3 #9123
• fix(deps): update dependency fastify to v4.22.2 #9124
• fix(deps): update dependency @fastify/static to v6.11.0 #9129
• fix(deps): update dependency fastify-raw-body to v4.2.2 #9126
• chore(deps): update dependency typescript to v5.2.2 #9128
• fix(deps): update opentelemetry-js monorepo #9147
• fix(deps): update dependency pino to v8.15.1 #9146
• fix(deps): update dependency nodemailer to v6.9.5 #9145
• fix(deps): update dependency msw to v1.3.0 #9161
• fix(deps): update dependency react-hook-form to v7.46.1 #9162
• fix(deps): update dependency fastify to v4.23.0 #9160
• fix(deps): update jest monorepo to v29.7.0 #9163
• fix(deps): update dependency fastify to v4.23.1 #9167
• fix(deps): update dependency @fastify/static to v6.11.1 #9182
• fix(deps): update dependency fastify to v4.23.2 #9184
• chore(deps): update dependency lerna to v7.3.0 #9186
• fix(deps): update prisma monorepo to v5.3.1 #9187
• fix(deps): update dependency concurrently to v8.2.1 #9183
• fix(deps): update storybook monorepo to v7.4.2 #9185

v6.2.2

Patch Release

The last patch release didn't fix the Babel issues for all users, particularly those with older projects. This patch release has a better fix for the issue, which was just a matter of using carets to specify the versions of the Babel packages Redwood depends on. Redwood has a long history of pinning dependencies because many packages release breaking changes in minor releases, but in this case it was causing more than one version of some of the Babel packages to be installed, which lead to hoisting problems.

• fix(babel): use caret to specify some package versions #9174 by @jtoar
• fix(cli): Prevent stale command cache defaults #9169 by @Josh-Walker-GM