Skip to content

v8.0.0

Compare
Choose a tag to compare
@Josh-Walker-GM Josh-Walker-GM released this 04 Sep 01:31
· 273 commits to main since this release
0599b32

Upgrade Guide

https://redwoodjs.com/upgrade/v8

Changelog

🚨 Breaking

deps(react): 18.3.1 (#10885) by @Tobbe Please see #10885 for more details
fix(template): Set scripts/ module resolution to match api/ (#11366) by @Tobbe

Make the module resolution for scripts/ be more predictable/stable, and match that of api/

See also #11170

fix(tsconfig): set "module" to "ESNext" for web/tsconfig.json (#11368) by @Tobbe Please see #11368 for more details
refactor(forms): Build with esbuild and add conditional exports (#11338) by @Josh-Walker-GM

This change introduces restrictions on what can be imported from the @redwoodjs/forms package. You can no longer import from @redwoodjs/forms/dist/.... All imports should be available simply from @redwoodjs/forms.

refactor(prerender): build with esbuild and introduce conditional exports (#11337) by @Josh-Walker-GM

This change restricts the available imports from the @redwoodjs/prerender package. You will also have to use modern moduleResolution settings in your tsconfig to resolve the imports correctly within TS.

refactor(api): Add conditional exports to package.json (#11307) by @Josh-Walker-GM

This change restricts the available imports from this package. You can no longer freely import from within the dist like @redwoodjs/api/dist/.... If you were doing so please consult the @redwoodjs/api package.json file to see what exports are now available.

fix(internal): Move away from babel for building package (#11304) by @Josh-Walker-GM Please see #11304 for more details
fix: Update default tsconfig options (target, module and moduleResolution) (#11170) by @Josh-Walker-GM

This changes the default values of:

  • target
  • module
  • moduleResolution

in the tsconfig files for both the API and web side. The benefit of this change is increased correctness for build time checking of the imports from packages which specify exports in their package.json files.

This change will have a limited effect while Redwood apps are still built to CJS rather than ESM. After that switch to ESM there would be more breaking changes but they are not applied here and are a future concern.

chore: brought in typescript-eslint@v8 with stylistic preset (#10911) by @JoshuaKGoldberg

This change updates Redwood linting config and introduces some changes to the linting rules that are applied to your project.

Specifically:

  1. jsx-a11y/no-noninteractive-element-to-interactive-role has it's default config updated.
  2. @typescript-eslint/explicit-function-return-type used to be turned off, now it's no longer applied.
  3. @typescript-eslint/no-empty-interface - used to be turned off, now it's no longer applied.
  4. @typescript-eslint/explicit-module-boundary-types - used be turned off, now it's no longer applied.
  5. @typescript-eslint/ban-types - used to be 'warn', now it's no longer applied. This has been replaces with a set of smaller more specific rules.
  6. no-empty-function - used be turned off, now it's no longer applied. The ts-eslint flavour is still there and turned off still.
  7. camelcase - used to be turned off, now it's 'warn'.
  8. @typescript-eslint/camelcase - used to be turned off, now it's no longer applied.
  9. no-use-before-define - used to be turned off, now it's no longer applied.
  10. @typescript-eslint/no-use-before-define - used to be turned off, now it's no longer applied.
  11. @typescript-eslint/prefer-namespace-keyword - used to be turned off, now it's 'error'
  12. unicode-bom - used to be turned off, now it's no longer applied.
  13. @typescript-eslint/adjacent-overload-signatures - used to be 'error', now it's no longer applied.
  14. @typescript-eslint/no-explicit-any - used be 'warn', now 'error'
  15. @typescript-eslint/no-inferrable-types - used to be 'error', now it's no longer applied.
  16. no-loss-of-precision - used be 'off', now 'error'
  17. @typescript-eslint/no-loss-of-precision - used be 'error', now it's no longer applied.
  18. @typescript-eslint/no-non-null-assertion - used be 'warn', now it's no longer applied.
  19. valid-typeof - used be either 'error' or 'off', now always 'error'
  20. no-unused-expressions - used be always 'error', now either 'error' or 'off'
  21. @typescript-eslint/prefer-function-type - newly added as 'off'
  22. @typescript-eslint/no-require-imports - newly added as 'off'
  23. @typescript-eslint/no-empty-object-type - newly added as 'off'
  24. unicorn/template-indent - newly added as 'off'
  25. @typescript-eslint/no-duplicate-enum-values - newly added as 'error'
  26. @typescript-eslint/no-unsafe-declaration-merging - newly added as 'error'
  27. @typescript-eslint/no-unsafe-function-type - newly added as 'error'
  28. @typescript-eslint/no-unused-expressions - newly added as 'error'
  29. @typescript-eslint/no-wrapper-object-types - newly added as 'error'
  30. no-new-native-nonconstructor - newly added as 'off'
fix(deps): update typescript-eslint monorepo to v8 (major) (#11235) by @Josh-Walker-GM Please see #11235 for more details
fix(api-server): Use createServer in all cases, to make fastify config consistent (#11176) by @dac09

[BREAKING] Removes serverConfig support, in favour of server file to configure your Fastify instance.
You can still customise your server settings by running yarn rw setup server-file first. See docs for Server File

This PR removes all the cases where we use createFastifyInstance for the api server, and replaces it with createServer. This makes sure that the API server config is always consistent - whether you use a server file or not.

fix(deps): update dependency resend to v3 (#11040) by @Josh-Walker-GM Please see #11040 for more details
breaking: remove webpack (#10867) by @Josh-Walker-GM

This PR removes support for webpack. There are a number of breaking changes associated with removing a core component of previous versions. A list of such changes is:

  1. prebuildWebFile is function no longer exported from @redwoodjs/babel-config package
  2. @redwoodjs/cli-storybook has been removed
  3. yarn rw build no longer accepts the --stats flag
  4. yarn rw dev no longer accepts the --watchNodeModules flag
  5. yarn rw setup custom-web-index command has been removed
  6. yarn rw setup webpack has been removed
  7. @redwoodjs/core no longer provides @redwoodjs/core/config/* files
  8. The web.bundler TOML config option has been removed
  9. @redwoodjs/testing no longer provides storybook config files
  10. @redwoodjs/testing no longer provides a StorybookProvider
  11. The webpack bin has been removed from @redwoodjs/web

You can also find more information on the upgrade guide.

feat(colors): Add more chalk colors. And prepare for chalk upgrade (#10939) by @Tobbe

Add more colors to @redwoodjs/cli-helpers.

Breaking: No longer exporting green as a color. Use tip or success
instead depending on what you want to convey.

remove(cli): Remove deprecated deploy providers (#10859) by @Josh-Walker-GM

This change removes the deprecated deploy providers edgio and serverless. Serverless has been restored and is available in v8.

chore(codemods): Remove pre v1 related content (#10831) by @Josh-Walker-GM Please see #10831 for more details
fix(deps): update dependency firebase-admin to v12 (#10833) by @renovate

This change updates our firebase auth provider to use the v12 major version of the firebase-admin package. This will require you to update your own version of firebase-admin that is listed in your api side package json file.

We have noticed no breaking api changes in our limited testing. Please consult the firebase-admin upgrade guide if you experience problems after upgrading - especially if you have more extensive or complex use of the firebase suite of products.

fix(functions-test): Fix mockHttpEvent for null bodies (#10570) by @Tobbe

With an empty/null payload (which it is by default) the body should be empty, not the string 'null'

This is a breaking change for anyone who was depending on the current "null" behavior in their api function tests. More specifically, if you're NOT passing body or payload to mockHttpEvent({ ... }) or if you're trying to explicitly set payload to null you might have to update your tests.

feat: Remove `--performance` option from `yarn rw build` (#10453) by @Josh-Walker-GM

This change removes the --performance flag from the yarn rw build command. It will no longer be available to use and the CLI will no longer accept this flag being passed in.

Additionally, the associated webpack config (@redwoodjs/core/config/webpack.perf.js) has been removed so it can no longer be imported if you were doing so.

fix(router): Remove barrel exports from router.tsx (#10464) by @Tobbe

We were using both index.ts and router.tsx as barrel export files. We should move away from barrel exports at some point, and we definitely don't need two files doing it in the same package. Everything that was exported from router.tsx is already exported by other files (except Router itself). So I updated the code to import from there directly instead.

This is a breaking change for anyone who does import ... from '@redwoodjs/router/dist/router' in their project. Which hopefully isn't very many.

  • The quick fix is to find the original export and pull from there instead
  • The real fix is to talk to us on the core team and see if we can provide an
    official way of solving it instead of relying on internal implementation
    details 🙂
chore(linting): Update versions and avoid `{}` (#10266) by @Josh-Walker-GM

This PR updates the versions of the eslint and the @typescript-eslint packages from v5 to v7.

This is a major upgrade of the @typescript-eslint package and although we think it is unlikely to introduce a breaking change for you we would recommend that you read the associated documentation. The v6 upgrade can be found here and the v7 one here.

fix(navlink): Replace (don't merge) className of active link (#10342) by @Tobbe

We should be replacing className with activeClassName for the active link. Currently we try to merge them, but that makes it very difficult for end users to have full control over exactly what classes are applied to active links

Fixes #10296

Before

<NavLink
  to={routes.air()}
  className="inline-block rounded-t-lg border-b-2 border-transparent p-4 hover:border-gray-300 hover:text-gray-600 dark:hover:text-gray-300"
  activeClassName="active inline-block rounded-t-lg border-b-2 border-blue-600 p-4 text-blue-600 dark:border-blue-500 dark:text-blue-500"
>
  Air
</NavLink>

The <NavLink> above would get the following classes if it was the active link
inline-block rounded-t-lg border-b-2 border-transparent p-4 hover:border-gray-300 hover:text-gray-600 dark:hover:text-gray-300 active inline-block rounded-t-lg border-b-2 border-blue-600 p-4 text-blue-600 dark:border-blue-500 dark:text-blue-500

After

That same <NavLink> now only gets the activeClassName classes active inline-block rounded-t-lg border-b-2 border-blue-600 p-4 text-blue-600 dark:border-blue-500 dark:text-blue-500

Breaking

If you were relying on the merging behavior you will now have to copy all classes from className and also include them in activeClassName.
So if you had this:

<NavLink
  to={routes.home()}
  className="border-b-2"
  activeClassName="text-red-200"
>
  Air
</NavLink>

you will now have to change it to:

<NavLink
  to={routes.home()}
  className="border-b-2"
  activeClassName="border-b-2 text-red-200"
>
  Air
</NavLink>
feat(vite): upgrade to v5 (#10197) by @jtoar Please see #10197 for more details
feat(prettier) upgrade to prettier v3 (#10179) by @jtoar

This PR upgrades Redwood internally to Prettier v3. We believe this won't have any downstream effect for users.

If you have Tailwind CSS configured, can upgrade prettier-plugin-tailwindcss to a version later than 0.4.1 if you make a few changes:

  • Change prettier.config.js to prettier.config.mjs (js -> mjs)
  • export default instead of module.exports
  • await import('...') any plugins instead of require('...')

Here's an example of an updated prettier.config.mjs to work with prettier-plugin-tailwindcss@^0.5.12:

// prettier.config.mjs

export default {
  trailingComma: "es5",
  bracketSpacing: true,
  tabWidth: 2,
  semi: false,
  singleQuote: true,
  arrowParens: "always",
  overrides: [
    {
      files: "Routes.*",
      options: {
        printWidth: 999,
      },
    },
  ],
  tailwindConfig: "./web/config/tailwind.config.js",
  plugins: [await import("prettier-plugin-tailwindcss")],
};
RSC: createServerCell (#9987) by @Tobbe Please see #9987 for more details

🚀 Features

feat(uploads): Increase default fastify body limit to 100MB (#11412) by @dac09

Increases the default limit for receiving requests to 100MB (instead of 15MB). This number is arbitrary really, but it is the TOTAL size of the request, not of each file being uploaded.

The user can override this in their server file.

// api/server.js
const server = await createServer({
  logger,
  fastifyServerOptions: {
    bodyLimit: 1048576 * 2, // 2 MiB
  },
});
feat(rsc): Initial support for RSA rerender (#11406) by @Tobbe

This PR makes it so that the entire page is re-rendered when a React Server Action returns.
Previously when calling an RSA you'd only get the result of the action back.
Now, when calling an RSA you'll still get the result back, and in addition to that the page will update.
What this means is that if you for example update a counter on the server that a server component is displaying that counter will now immediately update.
Also, if some data has been updated by something external to the app the new data will be displayed (like if someone used an external CMS to update some .md file you're rendering)

feat(storage): Add support for createMany, updateMany and upsert (#11390) by @dac09

Extends the uploads Prisma client extension with the following:

  1. createMany: support for bulk creation with automatic cleanup of uploaded files if the operation fails.

  2. updateMany: bulk update functionality that manages file uploads across multiple records, including removal of old files after successful updates.

  3. upsert: determining whether it's an insert or update and managing file uploads accordingly - delete files on creation fail, and replace files on update

feat(uploads): Create uploads package with prisma extension and upload processors (#11263) by @dac09 Please see #11263 for more details
template(db): Update `api/src/lib/db` template (#11379) by @dac09

Updates the template in api/src/lib/db.{js,ts} to export db differently.

In your existing projects, you can make the following changes:

import { PrismaClient } from '@prisma/client'

import { emitLogLevels, handlePrismaLogging } from '@redwoodjs/api/logger'

import { logger } from './logger'
import { prismaExtension } from './uploads'

- export const db = new PrismaClient({
+ const prismaClient = new PrismaClient({
  log: emitLogLevels(['info', 'warn', 'error']),
})

handlePrismaLogging({
- db
+ db: prismaClient,
  logger,
  logLevels: ['info', 'warn', 'error'],
})

+ export const db = prismaClient
feat(uploads): Add File scalar to rootSchema (#11378) by @dac09

Adds File scalar to rootSchema, to enable parsing fields set to File as a https://developer.mozilla.org/en-US/docs/Web/API/File

The parsing and scalar is actually built in to GraphQL Yoga, this change just enables it by default instead of having to add scalar File to one or more of your SDLs.

RCS: Basic support for 'use server' inside components (#11376) by @Tobbe Please see #11376 for more details
feat(jobs): Expose types (#11369) by @Tobbe Please see #11369 for more details
Adds a "highlight" color option (#11345) by @cannikin Please see #11345 for more details
Adds background job scheduling and execution (#11238) by @cannikin

This new package provides scheduling and processing of background jobs. We want everything needed to run a modern web application to be included in Redwood itself—you shouldn't need any third party integrations if you don't want.

Background jobs have been sorely missed, but the time has come! (If you do want to use a third party service we have had an integration with Inngest since May of 2023!)

Features

  • Named queues: you can schedule jobs in separate named queues and have a different number of workers monitoring each one—makes it much easier to scale your background processing
  • Priority: give your jobs a priority from 1 (highest) to 100 (lowest). Workers will sort available jobs by priority, working the most important ones first.
  • Configurable delay: run your job as soon as possible (default), wait a number of seconds before running, or run at a specific time in the future
  • Auto-retries with backoff: if your job fails it will back off at the rate of attempts ** 4 for a default of 24 tries, the time between the last two attempts is a little over three days.
  • Run inline: instead of scheduling to run in the background, run immediately
  • Integrates with Redwood's logger: use your existing one in api/src/lib/logger or create a new one just for job logging
feat(uploads): Configure apollo client to do multi-part form uploads (#11175) by @dac09

a) Configures the Apollo client we export to use upload link - https://github.com/jaydenseric/apollo-upload-client
b) Configures our API side fastify server to accept multipart form data

Notes:

  1. apollo-upload-client is ESM only. In order to get this working for prerender, I had to bundle it for CJS version only.
    Without this change you get errors during prerender like this:
Error [ERR_REQUIRE_ESM]: require() of ES Module /Users/dac09/Experiments/apollo-upload-link/node_modules/apollo-upload-client/createUploadLink.mjs not supported.
  1. Currently the multi-part config only applies when you have a server file (see separate PR with fix: #11176)

  2. The upload link internally will handle whether to do a regular POST or multipart POST. In order to make use of this on the backend you need to set your graphql schema field to a scalar of File

feat(context): Build and publish package as dual esm/cjs (#11294) by @Josh-Walker-GM Please see #11294 for more details
feat(exec): Add --silent to silence all RW output (#11278) by @Tobbe

Run with --silent (or -s) to not have the framework itself print anything to
your console. Only console logs you have yourself in the script, or any files
the script includes, will come through.

If you're using Prisma you might want to tweak Prisma's logging (in
api/lib/db.ts) and turn off "info" logging, depending on your goals.

feat(rsc): Register top-level function-scoped RSAs (#11255) by @Tobbe Please see #11255 for more details
feat(rsc): Detect single RSA functions (not just entire files) (#11168) by @Tobbe Please see #11168 for more details
feature(studio): Make studioHandler install Studio v12 (#11131) by @Tobbe

Makes sure you get the latest version of Redwood Studio the first time you run
yarn rw studio

feat(rsc): rsc-cache-read (#11127) by @Tobbe Please see #11127 for more details
RSC cache control (#11126) by @Tobbe Please see #11126 for more details
feat(crwrsca): Add support for --template (#11123) by @Tobbe Please see #11123 for more details
feat(storybook): switch command for storybook vite (#11069) by @Josh-Walker-GM

This change moves the vite based storybook to the standard storybook command. Essentially making it the default storybook command.

Introduce RSC "live reload." (#10932) by @peterp Please see #10932 for more details
feat(cli): Move docker setup out of experimental (#11072) by @Josh-Walker-GM

This change introduces yarn rw setup docker. This is a result of moving our docker setup command out of it's experimental phase.

feat(link): Pass options to navigate() (#11058) by @Tobbe

Allow passing NavigateOptions (which for now is just replace) from a <Link> and <NavLink> to navigate() by setting an options prop on the link component.

feat(router): add router useBlocker hook (#10873) by @xmaxcooking

Add useBlocker() hook to router to allow blocking navigation. Most commonly used to prevent users from accidentally leaving a page with unsaved changes.

feat(trusted-docs): Allows useRedwoodTrustedDocuments to set more custom UsePersistedOperationsOptions (#10894) by @dthyresson

Allows useRedwoodTrustedDocuments to set more custom UsePersistedOperationsOptions

Allows the useRedwoodTrustedDocuments plugin to define:

 /**
   * Whether to allow execution of arbitrary GraphQL operations aside from persisted operations.
   */
  allowArbitraryOperations?: boolean | AllowArbitraryOperationsHandler;
  /**
   * The path to the persisted operation id
   */
  extractPersistedOperationId?: ExtractPersistedOperationId;

  /**
   * Whether to skip validation of the persisted operation
   */
  skipDocumentValidation?: boolean;

  /**
   * Custom errors to be thrown
   */
  customErrors?: CustomPersistedQueryErrors;

This can let you override to allow certain ops or skip validation etc:

If you validate your persisted operations while building your store, we recommend to skip the validation on the server. So this will reduce the work done by the server and the latency of the requests.

The allow authenticated request is still considered, but allowArbitraryOperations can override.

Omitted getPersistedOperation as this extracts hash from store.

feat(prisma): Support multi file Prisma schemas (#10869) by @dthyresson

Prisma's prismaSchemaFolder feature allows you to define multiple files in a schema subdirectory of your prisma directory.

This PR updates:

  • Prisma utilities
  • generators
  • dbAuth setup
  • documentation

to support single and multi file Prisma schemas.

If you have enabled Prisma multi file schemas, you configure your project toml api schemaPath setting the directory where your schema.prisma can be found, for example: './api/db/schema'

When organizing your Prisma Schema into multiple files, you will need enable that feature in Prisma, move your schema.prisma file into a new directory such as ./api/db/schema and then set schemaPath in the api toml config.
:::

For example:

[api]
  port = 8911
  schemaPath = "./api/db/schema"
feat(Storybook Vite): Add JS project support (#10900) by @arimendelow

This adds support to the SBV CLI for JS projects.

RSC: Add auth support to ServerRouter (#10925) by @Tobbe Please see #10925 for more details
feat(eslint-plugin): support flat config (#10910) by @JoshuaKGoldberg

Makes it possible to use the eslint-plugin package in the "flat config" eslint configuration format.

feat(baremetal): Check for setup before running deploy (#10922) by @Tobbe

Print a helpful error message if baremetal has not been setup before running yarn rw deploy baremetal.

RSC: Add auth support to ClientRouter (#10908) by @Tobbe Please see #10908 for more details
RSC: Make `rw g page` work for RSC projects (#10903) by @Tobbe Please see #10903 for more details
feat(dbAuth): Hint about migration after setup (#10875) by @Tobbe Please see #10875 for more details
feat(router): Navigate to splash page using routes.home() (#10874) by @Tobbe

This PR makes it so that routes.home() works even when there's no actual / route in the Routes.tsx file if navigating to / would show the splash page.

feat(dbAuth): Automatically create User model in fresh projects (#10871) by @Tobbe

Automatically create a User model in the project's schema.prisma when setting up dbAuth in a new project.

feat(dbAuth): Prompt to generate dbAuth pages (#10865) by @Tobbe

When setting up dbAuth we'll now prompt if the user also wants to generate pages for login, signup, password reset etc. We only prompt if no existing pages exist.

feat(g dbAuth): Detect WebAuthn support (#10864) by @Tobbe

Automatically add WebAuthn support to generated pages when WebAuthn is enabled for dbAuth

feat(dbAuth): Prompt for creating User table (#10849) by @Tobbe

To skip the prompt you can pass --createUserModel (or just -u) to yarn rw setup auth dbAuth.

RSC: Add 'use client' to auth templates (#10766) by @Tobbe Please see #10766 for more details
RSC: getLocation in ServerRouter (#10759) by @Tobbe Please see #10759 for more details
RSC: Externalize more modules during build (#10753) by @Tobbe Please see #10753 for more details
RSC: Include `` in SSR (#10688) by @Tobbe Please see #10688 for more details
feat(rsc-auth): Implement getRoles function in auth mw & update default ServerAuthState (#10656) by @dac09
  • Implement getRoles function in supabase and dbAuth middleware
  • Updates default serverAuthState to contain roles
  • Make cookieHeader a required attribute
  • Introduces new clear() function to remove auth state - just syntax sugar

Example usage

// In entry.server.tsx
export const registerMiddleware = () => {
  // This actually returns [dbAuthMiddleware, '*']
  const authMw = initDbAuthMiddleware({
    dbAuthHandler,
    getCurrentUser,
    getRoles: (decoded) => {
      return decoded.currentUser.roles || [];
    },
  });

  return [authMw];
};
feat(serverStore): Add location to serverStore for RSCs to access location (#10697) by @dac09
  1. Adds fullUrl property to serverStore
  2. Adds two utility functions:
    a) getFullUrl - to construct the absolute url from an express request
    b) getFullUrlFromFlightRequest - this is used when we get a request to render RSCs in the rscRequestHandler. This one is different because the location we want is for the actual page, not of the request (which goes to to the RSC endpoint).
  3. Adds getLocation function to retrieve the Location (URL object) from server store

Short video demonstrating location coming through in two cases:
a) Soft renders (makes a request to the RSC endpoint)
b) Hard render

https://s.tape.sh/4g7LFsYP

Usage example:

import { getLocation } from '@redwoodjs/vite/serverStore'

const NavigationLayout = ({ children, rnd }: NavigationLayoutProps) => {
  const location = getLocation()
  console.log(`👉 \n ~ location:`, location)

Longer term, we may want to change how the endpoint for flight requests so that the location doesn't have to be constructed specially.

RSC: Cache client side navigation (#10686) by @Tobbe Please see #10686 for more details
In useOgImage() hook adds searchParams option for setting arbitrary query string vars to generated URL (#10677) by @cannikin

This can be used like so:

const { url } = useOgImage({ searchParams: { foo: 'bar' })
console.log(url) // => http://localhost:8910/photo.png?foo=bar
RSC Client Router (#10557) by @Tobbe Please see #10557 for more details
feat: Reworks RSC server entries and route manifest building to derive from routes and include if route info related to authentication (#10572) by @dthyresson

This PR is in furtherance of authentication support in RSC.

It refactors:

  • How server entries are built -- not from "processing the pages dir" (which is a deprecated function) but rather the routes ... and the page info for that route. Note here that a page can be used in multiple routes, so the auth info cannot really be determined here.

  • The route manifest building to include per route:

  • isPrivate - is the route private, i.e, is it wrapped in a PrivateSet
  • unauthenticated - what route to navigate to if the user in not authenticated
  • roles - the roles to check to see if user has the require RBAC permission to navigate to the route

Now if some page, route request is being handled by RSC we might be able to check if it "isPrivate" and enforce auth with the roles and even where tp redirect to if not authenticated.

feat(auth-middleware): Return a Tuple with Route pattern configuration when creating dbAuth middleware (#10642) by @dac09
  • This PR renames createDbAuthMiddleware -> initDbAuthMiddleware
  • Returns a tuple of [dbAuthMw, '*'] from the init function to make it harder to accidentally misconfigure the auth middleware
feat(middleware): Add .shortCircuit to MiddlewareResponse (#10586) by @dac09

Adds a helper to generate a intercept/short-circuit response, that will interrupt execution of all middleware and react rendering, and immediately return the response.

There's a few different ways you can use this, see examples below:

const shortCircuitMw: Middleware = (req, res) => {
  // A) You can short circuit after building the response (or use the res param)
  // This allows you to use all the convenience helpers like cookies of MW Response
  if (req.url.includes("create-new-response")) {
    const shortCircuitResponse = new MiddlewareResponse("Short-circuiting");
    shortCircuitResponse.headers.set("shortCircuit", "yes");
    shortCircuitResponse.cookies.set("shortCircuitCookie", "do-not-allow", {
      expires: new Date(Date.now() + 1000 * 60 * 60),
    });
    shortCircuitResponse.shortCircuit();
  }

  // B) You can directly construct a new short-circuit response
  // (discarding whatever response was built before)
  if (req.url.includes("using-existing-res")) {
    res.shortCircuit("Short-circuiting directly", {
      headers: { shortCircuitDirect: "yes" },
    });
  }
};
feat(rsc-auth): Implement serverStore to hold and pass req info to RSC (#10585) by @dac09

First pass at implementing a per-request store that allows:

  • access to headers and cookies from requests in server components
  • access to serverAuthState from server components
  • maps serverAuthState updated from middleware to the the per request store

This PR also implements execution of middleware in the RSC handler. Note that this is done in a "good enough" way currently, because the RSC handler doesn't use Fetch requests (but everything else does)

Important things to note:

  • the store is initialised again in the RSC worker, with the same values on each invocation of renderRsc
  • we have not tested or tried in Dev because rw dev does not work in RSC yet
  • we have not tested behaviour on initial SSR - because this is not implemented yet in RSC
feat(cli): Setup command and codemod for OG image middleware (#10485) by @Josh-Walker-GM Please see #10485 for more details
Adds a generator for creating og:image components (#10550) by @cannikin
feat(server-auth): Supabase web client implementation with middleware support (#10522) by @dac09

Updates supabase auth client implementation to support middleware auth

In web/src/auth.ts:

// 👇 notice where this is imported from!
import { createBrowserClient } from '@supabase/ssr'

import { createAuth } from '@redwoodjs/auth-supabase-web'

const supabaseClient = createBrowserClient(
  process.env.SUPABASE_URL || '',
  process.env.SUPABASE_KEY || ''
)

export const { AuthProvider, useAuth } = createAuth(supabaseClient)
  • moves some types, and getCurrentUserFromMiddleware function to a common place so it can be shared with multiple auth implementations
feat(RSC): Remove `entries.ts` file (#10533) by @Josh-Walker-GM Please see #10533 for more details
feat(server-auth): Refactor useReauthenticate to prevent double currentUser calls (#10531) by @dac09

…by calling getCurrentUser to determine if youre logged in.

We achieve this by swapping the order in which getUserMetadata and getCurrentUser is called in reauthenticate.

Previously getUserMetadata was a short-hand for checking if the auth SDK think its logged in, however in middleware auth this is an issue because you need to getCurrentUser before getting user metadata in the case of purely cookie based auth like dbAuth (and potentially future ones like firebase, etc.) - since the cookie/token cannot be read on the browser.

feat(auth): Implement Supabase Auth Middleware (#10499) by @dthyresson

Implement Supabase Auth Middleware to authenticate server-side requests.

  • Adds middleware to the Supabase auth-providers package.
  • createSupabaseAuthMiddleware is responsible for authenticating Supabase requests
  • It does so by checking if the request has a supabase auth-provider header, and then uses the authDecoder to verify the session cookie using the Supabase ServerAuthClient and returning a decoded access token -- or throwing an exception if the session cookie is invalid
  • Once the middleware has the decoded JWT, it hands that to the provided getCurrentUser from he user's project to return the information about authenticated user
  • Lastly, it sets serverAuthState with user and metadata info to know the request isAuthenticated
  • If the session is invalid or the cookie tampered with such that the access token cannot be verified, serverAuthState is cleared as are the auth provider and Supabase cookies
feat(og-gen): Implement middleware and hooks (#10469) by @dac09

The OG Gen saga continues with @cannikin and @dac09 ⚔️

This PR:

  • adds OgImageMiddleware and Hooks to @redwoodjs/og-gen, complete with tests

⚠️ Template changes:

  • updates entry.client template to pass in Routes to App
  • updates App to take children (i.e. Routes)

This is so that we can pass the OG component to be rendered with your App's CSS setup.

How to use this?

  1. Registering the middleware:

    import OgImageMiddleware from "@redwoodjs/ogimage-gen/middleware";
    
    export const registerMiddleware = () => {
      const ogMw = new OgImageMiddleware({
        App,
        Document,
      });
    
      return [ogMw];
    };
  2. Configure your vite.config.ts

    import vitePluginOgImageGen from "@redwoodjs/ogimage-gen/plugin";
    
    const viteConfig: UserConfig = {
      // 👇 so it builds your OG components
      plugins: [redwood(), vitePluginOgImageGen()],
    };
    
    export default defineConfig(viteConfig);
  3. Add your OG Image component next to the page it's for
    e.g. web/src/pages/AboutPage/AboutPage.png.tsx

  4. Use hooks on AboutPage to generate the ogURL

feat(eslint): Disable restricted $api imports for entryserver (#10520) by @dac09

With the introduction of middleware, it's pretty common to import things from the $api side. This is a non-issue as entry.server.{jsx,tsx} is not part of the client bundle we generate.

feat(server-auth): WebAuthN support during SSR (#10498) by @dac09

This PR changes the following:
1. Moves webAuthN imports to be dynamic imports
This is because the dbauth-provider-web packages are still CJS only. When importing in an ESM environment (such as SSR/RSC server) - it complains that about ESM imports

2. Updates the default auth provider state for middleware auth
Middleware auth default state is almost the same as SPA default auth state. Except that loading is always false! Otherwise you can get stuck in a loading state forever.

feat(cookieJar): Change cookie.get to directly return value (#10493) by @dac09

Motivation
My original design of the CookeiJar.get would return the full cookie object we store, including cookie options. This is not ideal because you need to access the cookie like this:

const myCookie = mwRequest.cookies.get("myCookie");

// 👇
const actualValue = myCookie.value;

This is unwieldy, and feels unergonomic for the 98% of cases where get will be used to just see the value.

How do I still see the options of the cookie?
You can still access all the details of the cookie by doing cookie.entries. I don't really have a case for this yet, so let's not optimise for this case, but we know it's possible!

This is me just stabilizing the API for Middleware stuff, before we ship it out of experimental

feat: redwoodjs/auth-dbauth-middleware - Part 2/3 - Auth Middleware for dbAuth to authenticate users via cookie (#10447) by @dthyresson
  • Implements createDbAuthMiddleware in @redwoodjs/auth-dbauth-middleware:build
  • Used to register middleware for dbAuth in RedwoodJS projects
RSC: vite/clientSsr (#10238) by @Tobbe Please see #10238 for more details
feat(server-auth): Update getAuthenticationContext to support cookies and tokens both (#10465) by @dac09

1. Updates getAuthenticationContext to parse the cookie header and pass it to authDecoder.

Note that the authentication context itself does not pull out the token from cookies, because with some providers (e.g. supabase) - we don't know the name of the cookie. This is left to the authDecoder implementation.

The return type from this function is actually just a deserialized cookie header i.e.
cookie: auth-provider=one; session=xx/yy/zz; somethingElse=bsbs => { 'auth-provider': 'one', session: 'xx/yy/zz', somethingElse: 'bsbs'

2. Retains support for header/token based auth
See test on line 259 of packages/api/src/auth/__tests__/getAuthenticationContext.test.ts. If a the authorization and auth-provider headers are passed in the request (as we do for SPA based auth) - then cookies will take precedence.

The end result is that graphql requests will now work with middleware-based auth providers!

feat(server-auth): dbAuth 3/3 - handle login, logout, signup, etc. requests if forwarded from middleware (#10457) by @dac09

This PR updates the DbAuthHandler class to handle requests forwarded from middleware, so it can generate responses for login, logout, signup, etc. These are POST requests - it used to be to the /auth function, but now they will be captured by dbAuth middleware and forwarded onto DbAuthHandler.

High level changes:

  • use the Headers class in each of the "method" responses. This allows us to set multi-value headers like Set-Cookie. A simple object would not. See type AuthMethodOutput
  • extracts buildResponse into a testable function and adds test. For Set-Cookie headers we return an array of strings.

In the middleware here's the code I had for the final conversion:

if (AUTHHANDLER_REQUEST) {
  const output = await dbAuthHandler(req);

  const finalHeaders = new Headers();
  Object.entries(output.headers).forEach(([key, value]) => {
    if (Array.isArray(value)) {
      value.forEach((v) => finalHeaders.append(key, v));
    } else {
      finalHeaders.append(key, value);
    }
  });

  return new MiddlewareResponse(output.body, {
    headers: finalHeaders,
    status: output.statusCode,
  });
}
feat(server-auth): Part 1/3: dbAuth middleware support (web side changes) (#10444) by @dac09 Adds ability to `createMiddlewareAuth` in dbAuth client which:
  1. Updates the dbAuth web client to speak to middleware instead of graphql
  2. Implements fetching current user from middleware
feat(og-gen): Update implementation of useLocation | Update App template (#10441) by @dac09 **Updated App.tsx template** We modified the `App.tsx` template to accept possible children, and render them if present. This lets the og:image handler inject your component into the Document tree, without including the entire Router, but still style your og:image component using whatever you used to style the rest of your app (Tailwind, perhaps?)

Updated useLocation implementation
We also modified the useLocation() hook to now return everything that the URL API returns. Previously it only returned three attributes of the url (pathname, search, hash), now it returns everything available to a call to new URL() (origin, href, searchParams, etc.).

The reason for this is now that we have SSR, we can get access to more details in the hook - in this case we needed origin

Both changes should be non-breaking!

feat(og-gen): Adds package and vite plugin for dynamic og generation (#10439) by @dac09
feat: [Auth] Common AuthProvider & use* changes for middleware auth (#10420) by @dac09
  • First step of supporting Auth using middleware
  • Ensure backwards compatibility with non-SSR auth

Breaking Change

Removes skipFetchCurrentUser which was used by the no longer existing nHost auth provider, but could potentially have been used by custom auth.

Middleware Routing & `registerMiddleware` (#10395) by @dac09

Implements the new syntax of using Middleware after discussion. This sets us up for doing Auth better, but also for implementations like OG Image generation.

export const registerMiddleware = async () => {
  return [
    dbAuthMiddleware(),
    [new OgMiddleware({ rootFilename: "index" }), ["/:route.:extension"]],
  ];
};

Features

  • Registering middleware with above syntax
  • Chaining multiple middleware by passing array of middleware, or tuples
  • Defining the route patterns to match in the find-my-way syntax

What syntax are you using for the route patterns?
After discussion that Regexes are slow and unwieldy, I did some research and comparisons here: https://www.notion.so/redwoodjs/Middleware-Route-patterns-0f1c5587b4134073adfae896a782b5ea?pvs=

This implementation uses https://github.com/delvedor/find-my-way - which is the Fastify version - but still keeps us decoupled from Fastify (see implementation, or document for why).

Important for understanding
Quoting from find-my-way docs:

The nodes are matched in the following order:

static
parametric node with static ending
parametric(regex)/multi-parametric
parametric
wildcard

Which means, if you have a more specific one - example you have [mw1, *] and [mw2, '/refresh_auth'] - then a request to /refresh_auth will ONLY trigger mw2. This is sort of counter intuitive, but them are the rules with fmw.

feat: Send RSC Flight Payload to Studio (#10213) by @dthyresson

This PR sends the rendered RSC payload (aka "flight") to Studio to be ingested, persisted, and fetched.

Performance and metadata enrichments are performed in order to visualize in Studio

RSC: Initial pass at enabling `rw dev` for RSC (#10158) by @Tobbe Please see #10158 for more details
RSC: Update templates for setup command (#10130) by @Tobbe Please see #10130 for more details
feat(rsc-streaming): Integrating RSC builds with Streaming and Client side hydration (#10031) by @dac09 Please see #10031 for more details
RSC: Make babel insert `renderFromRscServer` calls into Routes.tsx (#10074) by @Tobbe Please see #10074 for more details
RSC: Simplify entriesFile loading (#10057) by @Tobbe Please see #10057 for more details
RSC: Transform client components during build (#10048) by @Tobbe Please see #10048 for more details
RSC: Insert 'use client' in scaffolded components (#9998) by @Tobbe Please see #9998 for more details
RSC: Enable babel plugins to get client Cell support (#9973) by @Tobbe Please see #9973 for more details
feat(middleware): Add support for Middleware to SSR-Streaming server (#9883) by @dac09 Please see #9883 for more details

🛠️ Fixes

fix: Use sse link with `@live` directive (#11375) by @callingmedic911

Use SSE links that allows proper headers that in turn show proper requests with the body in browser devtools.

fix(cli-helpers): Don't add spaces around `=` for env vars (#11414) by @Tobbe

The addEnvVar helper function in packages/cli-helpers no longer adds spaces around = when setting environment variables.

fix(template): api type declaration merging for scripts (#11367) by @Tobbe

Make imports in scripts (files in scripts/) find our mirror types used for declaration merging also for api/src/ imports (not just web imports)

Users upgrading are adviced to manually upgrade their tsconfig files to match
what is now in the template.

RSC: Disable client side flight caching for now (#11400) by @Tobbe Please see #11400 for more details
feat(codegen): support sdl generation for model with compound id (#8556) by @russell-dot-js

The SDL generator will no longer error when handling a table with a composite id, like so:

model Order {
  tenantId  String
  id        String   @unique @default(uuid())
  @@id([tenantId, id])
}

It will now generate code in the SDL that handles input of both these variables:

input TempIdInput {
  tenantId: String!
  id: String!
}

If you are using a custom sdl.{j,t}s.template then you may have to update it to support the new idInput.

few Flightcontrol template & doc updates (#11383) by @flybayer

Updates the flight control deployment command and documentation. Corrects issue #10754 which is to do with an outdated database setup.

Catch errors when studio is not running and mail tries to send (#11387) by @cannikin Please see #11387 for more details
fix(jobs): Fix the `deleteSuccessfulJobs` type showing up (#11377) by @Josh-Walker-GM Please see #11377 for more details
fix(jobs): Allow passing empty array when scheduling parameterless jobs (#11372) by @Josh-Walker-GM Please see #11372 for more details
fix(jobs): Type-safe arguments passing to jobs from scheduler (#11371) by @Tobbe Please see #11371 for more details
fix(template): Format tsconfig and jsconfig (#11365) by @Tobbe Please see #11365 for more details
fix(cli): Fix tests generated by `g cell` (#11364) by @Tobbe Please see #11364 for more details
feat(storybook): Remove consideration of mjs from docgen plugin (#11346) by @arimendelow Please see #11346 for more details
fix(jobs): Include bin proxies and only build to cjs (#11344) by @Josh-Walker-GM Please see #11344 for more details
fix(api-server): Fix issue with clean builds (#11340) by @Josh-Walker-GM Please see #11340 for more details
fix(record): Update dependencies and build dual esm/cjs (#11300) by @Josh-Walker-GM Please see #11300 for more details
fix(codemods): Move away from babel for building package (#11306) by @Josh-Walker-GM Please see #11306 for more details
fix(api): Move away from babel for building package (#11305) by @Josh-Walker-GM Please see #11305 for more details
fix(auth-providers): Move away from babel for building 'api' packages (#11301) by @Josh-Walker-GM Please see #11301 for more details
fix(auth-providers): Move away from babel for building 'setup' packages (#11303) by @Josh-Walker-GM Please see #11303 for more details
Detect/resolve ambiguous script names (#9848) by @codersmith

Detects and resolves ambiguous script name combinations like [foo.js, foo.ts] or [foo.ts, foo.json] when running yarn rw exec foo.

fix(cli): Service generator supports relations (#11250) by @dthyresson

This PR address an issue when using yarn rw g service independently vs having ti be called by yarn rw g sdl or yarn rw g scaffold.

When using yarn rw g service, the model's relations were not correctly determined. For the sdl generator, relations are determined and then passed as an argument to the service generator; however, if you run just the service generator, the relations were always [].

This PR fixes that by adding a check to see if the relations are already passed in as an argument. If they are, it uses that; otherwise, it falls back to determining the relations itself.

fix(exec): Include nested scripts in --list (#11262) by @Tobbe

Now also nested scripts, like scripts/nested/script.ts, are included in the
output of yarn rw exec --list

fix(babel-plugins): Handle additional syntax when extracting graphql options (#11189) by @Josh-Walker-GM

This fixes an issue with the automatic extraction of options from the createGraphQLHandler function when you were wrapping that function within a custom handler function. For example the following would have failed before this fix:

const graphQLHandler = createGraphQLHandler({
  // ...options
});
export const handler = (event, context) => {
  return graphQLHandler(event, context);
};
refactor: api-server's `watch` build process (#11110) by @callingmedic911 Please see #11110 for more details
fix: Comment out unused import line in seed script template (#11171) by @Josh-Walker-GM Please see #11171 for more details
RSC: RSA: Remove unused check for '$$id' (#11159) by @Tobbe Please see #11159 for more details
RSC: Set React resolutions during setup (#11152) by @Tobbe Please see #11152 for more details
fix(rsc): Use functions provided by RSDW (#11144) by @Tobbe Please see #11144 for more details
Remove erronerous console.log("In decorators") in Storybook package (#11141) by @Philzen Please see #11141 for more details
fix(cli): Update react versions during RSC setup command (#11140) by @Josh-Walker-GM Please see #11140 for more details
fix(rsc): Remove unused Set in vite plugin (#11139) by @Tobbe Please see #11139 for more details
fix(cli-cache): Remove RW CLI cache on upgrade (#11135) by @dac09

This change removes the redwood cli plugin cache in .redwood/commandCache.json on running rw upgrade.

This prevents the redwood CLI from using outdated versions of CLI plugins, and is particularly important when they same alias.

Before
running yarn rw sb -> would use the outdated storybook-cli package, and error out.

After
with no commandCache, it'll create a new command cache, and attempt to install the new vite CLI

fix(isCellEmpty): Fix doc comment (#11124) by @Tobbe Please see #11124 for more details
feat(testing): Configure jest to ignore sidecar files in __tests__ folder (#11108) by @V1shvesh

Solves for #10870

Description:

./api directory structure:
image
./web directory structure:
image

Before:

yarn rw test api:
image

yarn rw test web:
image

After:
yarn rw test api:
image

yarn rw test web:
image

Disable RSC live reload in production. (#11119) by @peterp Please see #11119 for more details
fix(crwrsca): push to upstream in last step (#11117) by @Tobbe Please see #11117 for more details
fix(crwrsca): Stop using parseArgs (#11112) by @Tobbe Please see #11112 for more details
fix: concurrent api builds (#11109) by @callingmedic911 Don't edit the title, but in editing the body, try to explain what this PR means for Redwood users. The more detail the better. E.g., is it a new feature? How do they use it? Code examples go a long way!

A few users reported that the API server crashes with the error EADDRINUSE when switching between branches. This issue happens on the API side when:

  1. New files are added or existing files are removed.
  2. Immediately after, an existing file is changed.

This scenario is common when doing git operations like switching branches or using git stash, where these changes occur simultaneously. When this happens, step 1 triggers a full build (without esbuild's rebuild), and step 2, without canceling the build from step 1, triggers a separate rebuild. This results in concurrent builds and two instances of the API server trying to start.

This PR provides a quick fix for the issue. A follow-up PR will be created to refactor the process, aiming to avoid separate build processes altogether, ensure a cleaner separation between the build and the server, and improve overall readability.

fix(crwrsca): Fix yarn detection when running using tsx (#11107) by @Tobbe Please see #11107 for more details
fix(cli): restore serverless deploy (#11068) by @Josh-Walker-GM

Serverless deployment is deprecated and was removed in #10859. This PR restores this for now until we can provide a better alternative to users.

fix(router): Add check for excessively long path (#11062) by @Josh-Walker-GM

This change adds an additional internal check to protect against route paths which are excessively long.

fix(realtime/trusted-docs): Supports GraphQL subscriptions and trusted documents (#10893) by @dthyresson

Fixes: #10892

This PR updates the SSELink to check if there is a trusted document hash in the request. If there is, then don't also include the query.

The persisted operations plugin checks if the params has a query. If it does then raises an error that only persisted operations are allowed.

Subscriptions failed this test because the request had both the hash and a query. And since there were query details, the request was blocked.

Now, if there is a hash, the SSELink won't add back the query and thus it succeeds.

fix(storybook): Fix import issues with storybook vite (#10961) by @Josh-Walker-GM

Fixes an issue with the yarn rw storybook-vite command where it would not start due to an import issue.

RSC: Fix red squiggles in default template (#10955) by @Tobbe Please see #10955 for more details
fix(web): Re-add generating ESM types (#10952) by @Tobbe Please see #10952 for more details
fix(g directive): Notes formatting (#10940) by @Tobbe Please see #10940 for more details
fix(dbAuth): Don't throw errors under normal auth flow conditions (#10927) by @Tobbe Please see #10927 for more details
fix: Fixes support for Mocking GraphQL Queries in Storybook when using GraphQL Fragments (#10825) by @dthyresson

Fixes #10807

If one used GraphQL fragments, when mocking the GraphQL query for use in Storybook, the typename for the data object must be included otherwise Apollo client cannot properly map the data.

This PR

  • adds the typename to the cell generator templates
  • updates the testing and graphql mock and fragments documentation to show how properly defines mock data
fix(dbauth): multiValueHeaders (#10889) by @Tobbe Please see #10889 for more details
fix(deps api): Move cookie from devDep to dep (#10886) by @Tobbe Please see #10886 for more details
fix(dbAuth): Generate types after adding new pages to make `routes.home()` work (#10882) by @Tobbe Please see #10882 for more details
fix(docs): Update url for new docs subdomain (#10863) by @Josh-Walker-GM Please see #10863 for more details
fix(ssr): Fix path for entry.client on dev (#10828) by @dac09 Please see #10828 for more details
RSC: externalize modules for dbAuth (#10765) by @Tobbe Please see #10765 for more details
RSC: Silence unsupported-dynamic-import warning (#10750) by @Tobbe Please see #10750 for more details
fix(og-mw-setup): Fix typo in notes for og-middleware setup (#10736) by @dac09 Please see #10736 for more details
RSC: Support CJS 'use client' modules (#10682) by @Tobbe Please see #10682 for more details
fix(dbAuthMw): Update and fix logic related to dbAuth "verbs" and decryptionErrors (#10668) by @dac09

This PR does the following:

  • updates the dbauth mw to correctly handle the cookieName option (it should always have been optional)
  • throws an error when the dbAuthSession returns an empty decoded token so that it clears the authState
  • we had a check for only "POST" requests to be passed to the dbAuthHandler. This was incorrect because some of the dbAuth "verbs" or actions - like webAuthnRegOptions - uses a GET request.

As a result, the tests started showing failures, so I:

  • added a mock for dbAuthSession, so we can check both happy path and unhappy paths for session decryption
  • updated the tests where relevant
RSC: Add 'use client' to all client cells in kitchen-sink (#10659) by @Tobbe Please see #10659 for more details
fix(vite): Rename `serverAuthContext` to `serverAuthState` (#10653) by @Josh-Walker-GM Please see #10653 for more details
fix(mw): Pass matched params in invokeOptions in runFeServer (#10571) by @dac09 Please see #10571 for more details
RSC: No need to use memo or useMemo in the server router (#10568) by @Tobbe Please see #10568 for more details
fix(rsc): Load all css links to support css with rsc (#10544) by @Josh-Walker-GM Please see #10544 for more details
Define `process.env.NODE_ENV` in build process. (#10553) by @peterp Please see #10553 for more details
fix(rsc): Remove entries file setup step and remove from test fixtures (#10549) by @Josh-Walker-GM Please see #10549 for more details
fix(serverauth): Export dbAuthMiddleware as default export to match supabase (#10538) by @dac09

An example:

//before
import { createDbAuthMiddleware } from "@redwoodjs/auth-dbauth-middleware";

// after
import createDbAuthMiddleware from "@redwoodjs/auth-dbauth-middleware";
fix(dbauth-mw): Use response passed in to middleware (#10516) by @dac09

Middleware can be chained - which means if auth middleware is not the first one on the list of middleware being registered, we need to use the MiddlewareResponse that gets passed to the middleware, instead of creating a new one.

fix(dbauth-mw): Unset cookie instead of clearing (#10502) by @dac09 Updates dbAuth middleware implementation to _unset_ the cookies, instead of clearing them.
fix(rsc): Disable RSC CSS loading plugin (#10503) by @Josh-Walker-GM Please see #10503 for more details
RSC: css preinit: Add required option precedence (#10481) by @Tobbe Please see #10481 for more details
fix(cli): await async prettier functions (#10478) by @Josh-Walker-GM Please see #10478 for more details
fix(ssr): Successfully serve static assets like `favicon.png` (#10455) by @Josh-Walker-GM Please see #10455 for more details
fix(middleware): Handle POST requests in middleware router too (#10418) by @dac09

Fixes issue with middleware router not accepted POST requests.

fix(middeware): Allow registration with async functions (#10413) by @dac09
SSR: Better ServerEntry types (#10412) by @Tobbe

When enabling SSR the setup command will generate an entry.server.tsx file in the user's app. This file exports a ServerEntry component that takes css and meta as props. The meta props used to be typed as any, making it difficult to use with confidence. This PR makes the type be TagDescriptor[] which is more correct.

fix(rw-eslint): Implement more specific checking on Routes (#10404) by @dac09

Fixes: If you use any other elements outside the Route tree it should not throw a linting error or warning

RSC: Vite route auto loader plugin: Fix error message grammar (#10283) by @Tobbe Please see #10283 for more details
RSC: Vite plugin for route loading (#10252) by @Josh-Walker-GM Please see #10252 for more details
RSC: Differentiate routes autoloading behaviour (#10241) by @Josh-Walker-GM Please see #10241 for more details
RSC: Use vite plugin to inject webpack shims (#10245) by @Tobbe Please see #10245 for more details
fix(rsc): avoid overriding `NODE_ENV` (#10237) by @jtoar Please see #10237 for more details
fix(rsc): use query string in rsc url (#10243) by @jtoar Please see #10243 for more details
RSC: fix css and add smoke tests for it (#10226) by @Josh-Walker-GM Please see #10226 for more details
RSC: Fix a prisma client warning during build (#10222) by @Tobbe Please see #10222 for more details
fix(rsc): Preinit client component css for server components in production (#10210) by @Josh-Walker-GM Please see #10210 for more details
RSC: Inline dependencies during rsc build (#10217) by @Josh-Walker-GM Please see #10217 for more details
fix(rsc): only use `web/src/entries.ts` as the `rscBuildAnalyze` entry point (#10218) by @jtoar Please see #10218 for more details
fix(rsc): try fixing dev (#10202) by @jtoar Please see #10202 for more details
RSC: Add some types for RSDW/client (#10199) by @Tobbe Please see #10199 for more details
fix(rsc): fix dev server websocket error (#10192) by @jtoar Please see #10192 for more details
RSC: Make rw dev not crash for /about (#10191) by @Tobbe Please see #10191 for more details
fix(rsc): emit files with `.mjs` instead of `.js` (#10189) by @jtoar Please see #10189 for more details
fix(cli): avoid `require` in prettier config during tailwind setup (#10183) by @Josh-Walker-GM

With the recent switch to prettier v3 we are no longer able to use require within the prettier.config.js
config file. This change prevents the tailwind setup CLI command from adding a require statement when it adds
the 'prettier-plugin-tailwindcss' plugin and instead it simply inserts the plugin name as a string. This
fixes commands such as yarn rw lint which would have failed in the presence of such a require statement.

fix(prettier): revert breaking changes in prettier v3 upgrade (#10188) by @jtoar Please see #10188 for more details
RSC: Fix syntax error in node-loader ('2024' -> 2024) (#10171) by @Tobbe Please see #10171 for more details
fix(rsc/ssr): build SSR as ESM (#10164) by @jtoar Please see #10164 for more details
RSC: Remove App.tsx from setup (#10137) by @Tobbe Please see #10137 for more details
RSC: rscBuildAnalyze: Start at web/src/ (#10109) by @Tobbe Please see #10109 for more details
RSC: ensureProcessDirWeb() (#10108) by @Tobbe Please see #10108 for more details
RSC: Babel react plugin not needed for analyze phase (#10106) by @Tobbe Please see #10106 for more details
RSC: distRsc and distClient paths (#10085) by @Tobbe Please see #10085 for more details
RSC: Fix server build root (#10076) by @Tobbe Please see #10076 for more details
RSC: No basePath arg to serve() (#10030) by @Tobbe Please see #10030 for more details
fix: Handle static assets on the `rw-serve-fe` (#10018) by @Josh-Walker-GM Please see #10018 for more details
RSC: server cells lowercase data function (#10015) by @Tobbe Please see #10015 for more details
fix(RSC/SSR): pass CLI options through to apiServerHandler (#10012) by @jtoar Please see #10012 for more details
RSC: Fix babel-plugin-redwood-cell to work wiht more than one cell (#9994) by @Tobbe Please see #9994 for more details
RSC: Take full control over the env vars (#9972) by @Tobbe Please see #9972 for more details
RSC: Make RWJS_ENV etc available on the server during runtime (#9971) by @Tobbe Please see #9971 for more details
fix(cell-suspense): pass through variables if passed to refetch (#9965) by @dac09 Please see #9965 for more details

📚 Docs

Adds docs for how to do recurring jobs (#11361) by @cannikin Please see #11361 for more details
Adds docs for jobs setup and generate commands (#11359) by @cannikin Please see #11359 for more details
Jobs doc updates (#11333) by @cannikin Please see #11333 for more details
Updates caching doc code snippets to be consistent (#11331) by @cannikin Please see #11331 for more details
[gh11317] Added documentation for working with Jest and Alias Paths (#11323) by @ahaywood Please see #11323 for more details
chore(docs): fix docs formatting (#11321) by @Tobbe Please see #11321 for more details
Docs: Updated api-side-currentuser.md (#11314) by @OwenJRJones Please see #11314 for more details
docs(serverConfig): Remove server config option from TOML (#11236) by @dac09 Please see #11236 for more details
Docs: update GitHub workflow file for running tests (#11173) by @c-ciobanu Please see #11173 for more details
Update GraphQL docs for Docusaurus graphql documentation generator plugin (#11102) by @edno Please see #11102 for more details
feat(storybook): Switch docs to be only about the new version (#11086) by @arimendelow Please see #11086 for more details
Update saving-data.md (#11043) by @ryanb006 Please see #11043 for more details
📝 Added page for using GitPod to the documentation (#9366) by @ahaywood

This introduces new documentation to make getting started with redwood using GitPod easy!

chore(docs): Update Storybook Vite docs to reflect recent change (#10987) by @arimendelow Please see #10987 for more details
docs: Updates vercel config for functions (#10891) by @dthyresson Please see #10891 for more details
chore: remove MailChimp Tutorial all versions (#10959) by @thedavidprice Please see #10959 for more details
fix(docs): Fix introduction link (#10938) by @Josh-Walker-GM Please see #10938 for more details
Docs: Update Storybook docs to differentiate between the Webpack and Vite versions (#10895) by @arimendelow Please see #10895 for more details
Supabase How To updated for auth setup changes (#10883) by @saminightshift Please see #10883 for more details
Small edits on the trusted documents page (#10745) by @benjie Please see #10745 for more details
docs(router): Document new NavLink className replacement behavior (#10401) by @Tobbe Please see #10401 for more details

📦 Dependencies

Click to see all dependency updates

🧹 Chore

Click to see all chore contributions