Releases: redwoodjs/redwood
v0.32.2
v0.32 Highlights 🎉
☂️ <Set>
now takes the prop private
to mark a set of routes as Private
For those who like to be less verbose, you can now mark a whole set of Routes as private, without wrapping it in an explicit <Private>
block. All the juicy details here: Redwood Router docs
🔐 Secure Services by default (experimental)
Auth is hard. So is accidentally exposing functionality to the interwebs because you forgot to check for auth in your graphQL query. This release we're shipping some nifty tricks that make your services secure by default, so we can finally say Auth is was hard. Make sure you read the upgrade guide below to add this functionality to your existing Redwood app.
📖 Redwood Security Docs
In addition to documentation about securing Services, Redwood contributors have added and updated many docs with security-specific content, from general overviews to best practices to How-tos. Take a look:
Fixed
- Lock engines package.json: node 14.x, yarn 1.x (#2474) 6661670 @Tobbe
- Fix babel loose warnings & SVG import (#2475) 9d854ec @dac09
- Call any included onClick before navigating with
<Link>
and<NavLink>
(#2346) 740ca2d @cannikin - Fix runtime error "Cannot find module 'prettier'" (#2498) 2e2048a @peterp
- Update error message to reference "rules" instead of "before" 130507c @cannikin
- Stop msw from prompting for the file (#2512) caa4298 @jtoar
Added
- MSW integration: update package, expose additional features (#2063) 4852a6c @msutkowski
- Decode Nhost JWT and add in needed claims and roles for API side (#2350) dace5ef @dthyresson
- Allow private prop on Set (#2364) cb50977 @Tobbe
- Create github workflow to publish release candidate (#2399) ccde222 @renansoares
- Secure Services with beforeResolver (#2272) 064a34d @cannikin
- Pass service args through to beforeResolver verification functions (#2363) 30aec82 @cannikin
Changed
- Rework and Cleanup Seed template for Typescript and multiple inserts (#2432) fe57eed @dthyresson
- Tidies auth template by removing verbose comments (#2433) 6fd86c4 @dthyresson
- Silences log output when in Test environment and with Webhook verifiers (#2491) a6db163 @dthyresson
- improve
rw upgrade
command and remove "publish PR packages" option (#2497) 0fb8a3b @dac09 - Ignore dev.db-journal (#2496) f19481b @bozdoz
- Bump ts-morph in rw/structure (#2415) 281fda3 @dac09
- upgrade React (et al.) to v17.0.2 (#2375) 7fe4da6 @thedavidprice
- upgrade prisma v2.22.1 (#2493) eb1872f @thedavidprice
- upgrade eslint v7.25.0 and other eslint packages (#2391) 9d8e255 @thedavidprice
- Upgrade @typescript-eslint to v4.22 (dependabot) (#2366) d497c16 @thedavidprice
Dependabot updates
- build(deps): bump @typescript-eslint/eslint-plugin from 4.22.0 to 4.23.0 (#2482) 71c433e dependabot[bot]
- build(deps-dev): bump npm-packlist from 2.1.5 to 2.2.2 (#2464) 0e415b8 dependabot[bot]
- build(deps): bump @typescript-eslint/parser from 4.22.0 to 4.23.0 (#2483) 84a4f9d dependabot[bot]
- build(deps): bump lodash from 4.17.20 to 4.17.21 in /tasks/e2e (#2476) bb8ec93 dependabot[bot]
- build(deps): bump youch from 2.2.1 to 2.2.2 (#2459) 9f3ac7f dependabot[bot]
- build(deps-dev): bump @types/fs-extra from 9.0.8 to 9.0.11 (#2444) 36618ac dependabot[bot]
- build(deps): bump fs-extra from 9.1.0 to 10.0.0 (#2446) 13a7e89 dependabot[bot]
- build(deps): bump youch-terminal from 1.0.1 to 1.1.1 (#2460) 7497136 dependabot[bot]
- build(deps-dev): bump @supabase/supabase-js from 1.11.8 to 1.11.12 (#2490) 314df63 dependabot[bot]
- build(deps-dev): bump firebase from 8.4.3 to 8.6.0 (#2494) 6b8ca87 dependabot[bot]
- build(deps): bump @types/node from 14.14.35 to 15.0.1 (#2369) 3a65eee dependabot[bot]
- Build(deps): Bump ssri from 6.0.1 to 6.0.2 (#2400) a7a9e6d dependabot[bot]
- Build(deps): Bump graphql-scalars from 1.9.0 to 1.9.3 (#2408) 96c785b dependabot[bot]
- Build(deps-dev): Bump @types/node-fetch from 2.5.8 to 2.5.10 (#2411) 34588ef dependabot[bot]
- Build(deps): Bump esbuild from 0.11.13 to 0.11.16 (#2412) d644c3e dependabot[bot]
- Build(deps-dev): Bump firebase from 8.4.2 to 8.4.3 (#2414) c062a8b dependabot[bot]
- Build(deps): Bump graphql-tag from 2.12.2 to 2.12.4 (#2409) f677ab1 dependabot[bot]
- Bump youch from 2.1.1 to 2.2.1 (#2373) a68cd6d dependabot[bot]
- Build(deps-dev): Bump firebase-admin from 9.6.0 to 9.7.0 (#2407) f2f26e4 dependabot[bot]
- Bump typescript from 4.1.3 to 4.2.4 (#2292) 2c38d26 dependabot[bot]
- Bump @storybook/addon-a11y from 6.2.8 to 6.2.9 (#2387) 6995be3 dependabot[bot]
- Bump @babel/core from 7.13.15 to 7.13.16 (#2376) 5f0243a dependabot[bot]
- Bump msal from 1.4.9 to 1.4.10 (#2377) d1ac806 dependabot[bot]
- Bump @types/pino from 6.3.7 to 6.3.8 (#2378) 97f6fdc dependabot[bot]
- Bump @apollo/client from 3.3.12 to 3.3.15 (#2379) 2a67471 dependabot[bot]
- Bump @types/jest from 26.0.21 to 26.0.23 (#2381) 879f724 dependabot[bot]
- Bump chalk from 4.1.0 to 4.1.1 (#2382) cba16da dependabot[bot]
- Bump @supabase/supabase-js from 1.11.6 to 1.11.8 (#2383) d34622e dependabot[bot]
- Bump @graphql-tools/merge from 6.2.10 to 6.2.13 (#2313) 8ed09f0 dependabot[bot]
- Bump jest-watch-typeahead from 0.6.1 to 0.6.3 (#2348) 4523a90 dependabot[bot]
- build(deps-dev): bump @types/aws-lambda from 8.10.72 to 8.10.76 (#2357) acd5101 dependabot[bot]
- build(deps-dev): bump firebase from 8.4.1 to 8.4.2 (#2367) f3a5d56 dependabot[bot]
- Bump @testing-library/user-event from 13.1.2 to 13.1.6 (#2374) 836a17c dependabot[bot]
- Bump boxen from 4.2.0 to 5.0.1 (#2308) 6d4400b dependabot[bot]
- Bump concurrently from 5.3.0 to 6.0.2 (#2295) 9e8f756 dependabot[bot]
- Bump envinfo from 7.7.4 to 7.8.1 (#2293) 34eaaf5 dependabot[bot]
- Bump @testing-library/react from 11.2.2 to 11.2.6 (#2291) 82ed18b dependabot[bot]
- Bump esbuild from 0.11.6 to 0.11.13 (#2337) 76fb814 dependabot[bot]
- misc Dependabot patch release PRs grouped (#2495) 1607257 @thedavidprice
Breaking ⚠️
Nothing to see here! 🙈
How to Upgrade
Code Modifications
1. Bump React and React-dom versions; remove resolutions
Redwood internally bumped to React v17.0.2. Update the versions in your project's web/package.json
(example file):
// web/package.json
- "react": "^17.0.1",
- "react-dom": "^17.0.1"
+ "react": "^17.0.2",
+ "react-dom": "^17.0.2"
And then remove the resolutions from package.json
, which are no longer necessary (example file):
// ./package.json
- },
- "resolutions": {
- "react": "17.0.1",
- "react-dom": "17.0.1"
}
2. Update .gitignore
If you are using SQLite, you might want to add the following to your project's .gitignore
, which will exclude the file dev.db-journal
from git commits:
- dev.db
+ dev.db*
Upgrade Packages to v0.32.x from v0.31.x
Run the following command within your App's directory:
yarn redwood upgrade
Ensure yarn has installed everything correctly by running:
yarn install --force
Upgrading from an earlier version?
Please follow the "how to upgrade" sections for each newer version here 👉 https://github.com/redwoodjs/redwood/releases, as there may be manual codemods needed for each version.
Upgrading to a version that is not the latest?
The command yarn rw upgrade
will always upgrade to the latest (i.e. most recent) Redwood version. If you need to upgrade incrementally to a earlier, specific release, use the --tag
option. For example, if you need to upgrade from v0.27.0 to v0.28.4, run the following command:
yarn redwood upgrade --tag 0.28.4
Need help or having trouble upgrading packages?
See this forum topic for manual upgrade instructions and general upgrade help.
v0.31.2
Patch release with the following fixes:
Tip 👇
If you're deploying to Heroku, or using Heroku buildpacks to self host, they have recently upgraded their environment to use Node 16, which is incompatible with Prisma 2.21.x
You can set the version of node to use by changing your package.json
like this:
- "node": ">=14",
+ "node": "14.x",
"yarn": ">=1.15"
},
v0.31.0
v0.31.0 Highlights 🎉
🥇 All generators now support typescript
We're working hard to have full typescript support for 1.0, and this release we're making it a lot easier for the TS crowd. All Redwood generators now generate typescript — and it even auto-detects if your Redwood project is in TypeScript
🔐 Built in support for verifiying webhooks
Do you wince whenever you realise you have to actually verify the webhooks your application receives? Fear not, this release Redwood brings you built-in support for checking the webhook signatures, including a plethora of common verification methods — SHA256, JWT, among others.
📦 New deploy provider Render
It's now super easy to setup a "serverful" deployment, with a database included, thanks to our friends at Render. In typical Redwood fashion, of course, it's one CLI command to get everything setup.
- Get started with the Render Redwood Deployment doc
Fixed
- Fix "yarn rw test web" in e2e tests (#2329) 4c8c894 @peterp
- Fix type for update service function (#2326) d1ea508 @dac09
- Disable role linting in Routes (#2318) 293c99d @jtoar
- Teardown should attempt to delete dbName table (#2083) 36b6f91 @nexneo
- Restore @storybook/addon-a11y (#2309) 0b93201 @jtoar
- Auth: Implement automatic token refresh on supported providers (#2277) 3557f70 @dthyresson @dac09
- Move api-server dep from api to cli (#2307) 89c1310 @dac09
- logger.ts: Fix comment spelling (#2256) 006a1dd @Tobbe
- Fix page generator taking in ts | Fix rw serve crashing out cli (#2335) @dac09
- Adds process and require to eslint config web (#2354) @dthyresson
Added
- Verify signatures for secure webhooks and functions (#1843) 2780246 @dthyresson
- Webhooks: Handle base64 encoded webhook payloads (#2340) @dthyresson
- Serve web/dist with
yarn rw serve web
(#2234) 22ea3fc @dac09 - Handle focus on route change (#2321) 99575c3 @jtoar
- Support generating typescript cells and pages | Autodetect ts project (#2279) adcc6d7 @dac09
- Add import type to configuration files (#2214) 555c72c @renansoares
- Adding Setup Deploy Render Command (#2099) e4cfe34 @SEANDOUGHTY
- Updates to Redwood-Render integration (#2336) @SEANDOUGHTY
- Static typing for cells (#2208) 0730651 @corbt
Changed
- Upgraded pino and new related types for PinoPretty (#2330) 930eda7 @dthyresson
- create-redwood-app messages: moved app start commands to end (#2278) 5432900 @qooqu
- Recommended Babel package upgrades (dependabot) (#2255) 05639db @thedavidprice
- Update CONTRIBUTING.md (#2084) a02bee5 @qooqu
- Router README: Pass props to set wrappers (#2257) 7be2581 @Tobbe
- [Internal] Adds skipLibCheck flag to tsconfig (#2175) b09a967 @dac09
Dependabot updates
- Bump @reach/skip-nav from 0.13.2 to 0.15.0 (#2237) 61e0f8e dependabot[bot]
- Bump core-js from 3.6.5 to 3.10.1 (#2243) 3e0e1eb dependabot[bot]
- Bump react-refresh from 0.9.0 to 0.10.0 (#2195) 5ce8336 dependabot[bot]
- Bump mini-css-extract-plugin from 1.3.9 to 1.4.1 (#2240) a0aece0 dependabot[bot]
- Bump esbuild from 0.9.0 to 0.11.6 (#2241) 1ded37e dependabot[bot]
- Bump @testing-library/user-event from 12.5.0 to 13.1.2 (#2254) 2722a6c dependabot[bot]
- Bump prompts from 2.4.0 to 2.4.1 (#2194) 42cb13b dependabot[bot]
- Bump firebase-admin from 9.5.0 to 9.6.0 (#2185) f98a206 dependabot[bot]
- Bump @testing-library/user-event from 12.5.0 to 13.1.1 (#2196) b74640f dependabot[bot]
- Bump eslint-plugin-jest-dom from 3.6.5 to 3.7.0 (#2184) 5c98e1e dependabot[bot]
Breaking ⚠️
Surprise! Nothing to see here. If you've been keeping up with upgrades for a while, you've earned yourself a treat 🍦
But we have changed the flags on the generator cli. Take a look with yarn redwood generate --help
How to Upgrade
Code Modifications
If you created your project at Redwood v0.30.0
, you are most likely missing .gitignore
in the root directory. Create the file and copy the contents from this reference template/.gitignore
Upgrade Packages to v0.31 from v0.30.x
Run the following command within your App's directory:
yarn redwood upgrade
Ensure yarn has installed everything correctly by running
yarn install --force
Upgrading from an earlier version?
Skipping versions when upgrading is not recommended and will likely cause problems. Please follow the "how to upgrade" sections for each newer version here 👉 https://github.com/redwoodjs/redwood/releases
Upgrading to a version that is not the latest?
The command yarn rw upgrade
will always upgrade to the latest (i.e. most recent) Redwood version. If you need to upgrade incrementally to a earlier, specific release, use the --tag
option. For example, if you need to upgrade from v0.27.0 to v0.28.4, run the following command:
yarn redwood upgrade --tag 0.28.4
Need help or having trouble upgrading packages?
See this forum topic for manual upgrade instructions and general upgrade help.
v0.30.1
This patch release only affects a new project creation via yarn create redwood-app ...
, resolving the missing .gitignore
file in the codebase. See #2310
Upgrading projects created at Redwood v0.30.0
If you created your project at Redwood v0.30.0
, you are most likely missing .gitignore
in the root directory. Create the file and copy the contents from this reference template/.gitignore
v0.30.0
This release brings in a few incremental fixes and features, primarily through the upgraded prisma dependency. Key fixes are:
- Netlify builds were failing due to size limit for some users #2250
- Fixes many-to-many relations handling in prisma (Prisma issue #1970)
⚠️ This release contains a minor breaking change. See the "Breaking" section for more details.
Fixed
- Cli package should depend on api server explicitly (#2251) e73aea9 @dac09
- Tooling: making rwt link more resilient (#2269) 7f206e2 @dac09
- Fix: webpack optimizations for JS (#2235) 3e9ea10 @dac09
Changed
- upgrade Prisma v2.21.0 (#2273) b2be018 @thedavidprice
- upgrade prisma v2.21.2 (#2280) 60e1227 @thedavidprice
Breaking ⚠️
A few small changes introduced in Prisma 2.21+, so watch out for these if you use aggregate
or disconnect
in your services.
- Previously, aggregations on nullable fields always returned 0. All aggregated fields are now nullable. Aggregated fields can return null when there's either no record in the database or if all the aggregated records are null.
- disconnect no longer throws an error on unconnected records
@default(dbgenerated(""))
is no longer permitted
Full prisma release notes here: Prisma 2.21.0 release notes
How to upgrade to Redwood v0.30 from v0.29
Upgrade Packages to v0.30
Run the following command within your App's directory:
yarn redwood upgrade
Ensure yarn has installed everything correctly by running
yarn install --force
Upgrading from an earlier version? Please follow the "how to upgrade" sections for each newer version here 👉 https://github.com/redwoodjs/redwood/releases
Need help or having trouble upgrading packages? See this forum topic for manual upgrade instructions and general upgrade help.
v0.29.0
This is a MakesItBetter™ release, including incremental improvements and fixes across tooling, TypeScript, api-server, auth, docs, and more. Thank you to everyone in the community who helped make this possible!
⚠️ This release contains a minor breaking change and code modifications that are applicable to some projects. See the "Breaking" and "How to Upgrade" sections for more details.
Changed
- Storybook: CLI Storybook command — add output directory option and change default #2168 #2176 by @thedavidprice
⚠️ - Tooling: Enables fast refresh by default in dev mode #2085 by @dac09
- you can disable it through the
redwood.toml
file via[web] fastRefresh = false
- you can disable it through the
- API: Add root-path to api-server #1691 by @jeliasson
- Tooling: Improved yarn rwt link, with selective copy #2122 by @dac09
- Router: Set —Forward props to wrapper components #2125 by @Tobbe
- Docs: update CRWA quick-start Node requirement #2151 by @thedavidprice
- CI: Update E2E Tutorial test: add Toast and per Tutorial #2164 by @thedavidprice
- CI: Router tests — Don't use window.__REDWOOD__USE_AUTH #2174 by @Tobbe
- Auth: Just decode, not verify, auth0 token during development and test #2172 by @peterp
- TS: Improved types | Handling for Boolean and Float route params #2177 by @dac09
- CLI: add api-server to upgrade command #2245 by @thedavidprice
- Prisma: upgrade Prisma v2.20 #2223 by @thedavidprice
Added
- Generators: Add generator message with info on how to secure a function #2211 by @dthyresson
- Forms: Adding Transform Capability to SelectField #2138 by @cjreimer
- Auth: Implement Supabase OAuth Provider Scopes and Redirects #2207 by @dthyresson
- CLI: Adds yarn
rw serve api
#2217 by @dac09
Fixes
- TS: Correctly type GraphQLHookOptions #2166 by @corbt
- TS: Fix types for CurrentUser #2216 by @dac09
- Auth: Firebase fix for 8.3.x #2134 by @noire-munich
- Forms: fixed form submission to be more resilient with abnormal inputs and transformValue properties #2167 by @cjreimer
- Tooling: Fix rwt link performance issues #2200 by @dac09
- Tooling: fix(build-link) — Wait for build to complete before copying #2221 by @dac09
- Docs: fix typo for --javascript option #2213 by @jangxyz
- CI: e2e Fix for step 1 #2229 by @Tobbe
- Webpack: (webpack-chunks) Don't merge all modules into vendors #2082 by @dac09
Breaking ⚠️
This is a minor change only affecting projects using
yarn redwood storybook --build
The output directory for yarn redwood storybook --build
can now be configured with the --build-directory
flag. And the output directory default has been changed from web/storybook-static
to web/public/storybook
, taking advantage of Redwood's public web directory to serve static files. See #2168 #2176
Users can still output to web/storybook-static
via:
yarn redwood storybook --build --build-directory storybook-static
How to upgrade to Redwood v0.29 from v0.28
👉 IMPORTANT: Skipping versions when upgrading is not recommended and will likely cause problems. Do read through all Release Notes between your current version and this latest version. Each minor release will likely require you to implement breaking change fixes and apply manual code modifications.
Manual Code Modifications
The following modifications will not be necessary for all projects.
1. Install @redwoodjs/api-server
This modification applies to projects created prior to v0.28.1
In patch release v0.28.1, the @redwoodjs/api-server
package was added to api/package.json
. See this commit for reference.
Add the dependency:
//api/package.json
...
"version": "0.0.0",
"private": true,
"dependencies": {
"@redwoodjs/api": "^0.29.0",
+ "@redwoodjs/api-server": "^0.29.0"
}
}
And then install:
yarn install
2. Remove apollo-server-core
package resolution
This modification applies to projects created after v0.28.0
In patch v0.28.1 (#2129), we added an apollo-server-core
resolution to ./package.json
as a workaround for an Apollo Server bug. The bug was resolved and the fix applied to Redwood in patch v0.28.4.
If it exists, remove the resolution from your project (see reference commit here):
// ./package.json
...
"resolutions": {
"react": "17.0.1",
- "react-dom": "17.0.1",
+ "react-dom": "17.0.1"
- "// Temporary fix for": "https://github.com/redwoodjs/redwood/issues/2127",
- "apollo-server-core": "2.21.2"
}
And then run a forced install:
yarn --force
Upgrade Packages to v0.29
Run the following command within your App's directory:
yarn redwood upgrade
Double Check
api/package.json
: For some projects, it is possible the package dependency@redwoodjs/api-server
inapi/package.json
will not be correctly upgraded to v0.29.0. Confirm it is"@redwoodjs/api-server": "^0.29.0"
in your project. If not, manually update the package version and then runyarn --force
.
How to upgrade to an incremental version that is not the latest release
The command yarn rw upgrade
will always upgrade to the latest (i.e. most recent) Redwood version. If you need to upgrade incrementally to an earlier, specific release, use the --tag
option. For example, if you need to upgrade from v0.27.0 to v0.28.4 (which is not the latest release), run the following command:
yarn redwood upgrade --tag 0.28.4
Need help or having trouble upgrading packages? See this forum topic for manual upgrade instructions and general upgrade help.
v0.28.4
v0.28.3
This patch release fixes several bugs related to Router Sets, TypeScript, Apollo Server:
- TS: setup tsconfig: github version tag for canary builds #2156 by @dac09
- TS: named routes types #2154 by @dac09
- API: upgrade apollo-server-lambda and remove resolution #2153 by @thedavidprice
- Sets: Recalculate
useParams
on location change when used in<Set />
#2152 by @KrisCoulson - Sets: Make understand authentication #2147 by @peterp
Code Modification
Patch releases v0.28.1 and v0.28.2 introduced a workaround to fix an error in Apollo Server. Check if your ./package.json
includes "apollo-server-core": "2.21.2"
. If so, make the following modification:
},
"resolutions": {
"react": "17.0.1",
- "react-dom": "17.0.1",
+ "react-dom": "17.0.1"
- "// Temporary fix for": "https://github.com/redwoodjs/redwood/issues/2127",
- "apollo-server-core": "2.21.2"
}
}
See reference code here.