v0.32.2

v0.32 Highlights 🎉

☂️ <Set> now takes the prop private to mark a set of routes as Private

For those who like to be less verbose, you can now mark a whole set of Routes as private, without wrapping it in an explicit <Private> block. All the juicy details here: Redwood Router docs

🔐 Secure Services by default (experimental)

Auth is hard. So is accidentally exposing functionality to the interwebs because you forgot to check for auth in your graphQL query. This release we're shipping some nifty tricks that make your services secure by default, so we can finally say Auth is was hard. Make sure you read the upgrade guide below to add this functionality to your existing Redwood app.

• Forum Announcement and Discussion Thread
• Redwood Services Doc

📖 Redwood Security Docs

In addition to documentation about securing Services, Redwood contributors have added and updated many docs with security-specific content, from general overviews to best practices to How-tos. Take a look:

• Redwood Security
• Serverless Function Security Considerations
• Webhooks
• GraphQL Security

Fixed

• Lock engines package.json: node 14.x, yarn 1.x (#2474) 6661670 @Tobbe
• Fix babel loose warnings & SVG import (#2475) 9d854ec @dac09
• Call any included onClick before navigating with <Link> and <NavLink> (#2346) 740ca2d @cannikin
• Fix runtime error "Cannot find module 'prettier'" (#2498) 2e2048a @peterp
• Update error message to reference "rules" instead of "before" 130507c @cannikin
• Stop msw from prompting for the file (#2512) caa4298 @jtoar

Added

• MSW integration: update package, expose additional features (#2063) 4852a6c @msutkowski
• Decode Nhost JWT and add in needed claims and roles for API side (#2350) dace5ef @dthyresson
• Allow private prop on Set (#2364) cb50977 @Tobbe
• Create github workflow to publish release candidate (#2399) ccde222 @renansoares
• Secure Services with beforeResolver (#2272) 064a34d @cannikin
• Pass service args through to beforeResolver verification functions (#2363) 30aec82 @cannikin

Changed

• Rework and Cleanup Seed template for Typescript and multiple inserts (#2432) fe57eed @dthyresson
• Tidies auth template by removing verbose comments (#2433) 6fd86c4 @dthyresson
• Silences log output when in Test environment and with Webhook verifiers (#2491) a6db163 @dthyresson
• improve rw upgrade command and remove "publish PR packages" option (#2497) 0fb8a3b @dac09
• Ignore dev.db-journal (#2496) f19481b @bozdoz
• Bump ts-morph in rw/structure (#2415) 281fda3 @dac09
• upgrade React (et al.) to v17.0.2 (#2375) 7fe4da6 @thedavidprice
• upgrade prisma v2.22.1 (#2493) eb1872f @thedavidprice
• upgrade eslint v7.25.0 and other eslint packages (#2391) 9d8e255 @thedavidprice
• Upgrade @typescript-eslint to v4.22 (dependabot) (#2366) d497c16 @thedavidprice

Dependabot updates

• build(deps): bump @typescript-eslint/eslint-plugin from 4.22.0 to 4.23.0 (#2482) 71c433e dependabot[bot]
• build(deps-dev): bump npm-packlist from 2.1.5 to 2.2.2 (#2464) 0e415b8 dependabot[bot]
• build(deps): bump @typescript-eslint/parser from 4.22.0 to 4.23.0 (#2483) 84a4f9d dependabot[bot]
• build(deps): bump lodash from 4.17.20 to 4.17.21 in /tasks/e2e (#2476) bb8ec93 dependabot[bot]
• build(deps): bump youch from 2.2.1 to 2.2.2 (#2459) 9f3ac7f dependabot[bot]
• build(deps-dev): bump @types/fs-extra from 9.0.8 to 9.0.11 (#2444) 36618ac dependabot[bot]
• build(deps): bump fs-extra from 9.1.0 to 10.0.0 (#2446) 13a7e89 dependabot[bot]
• build(deps): bump youch-terminal from 1.0.1 to 1.1.1 (#2460) 7497136 dependabot[bot]
• build(deps-dev): bump @supabase/supabase-js from 1.11.8 to 1.11.12 (#2490) 314df63 dependabot[bot]
• build(deps-dev): bump firebase from 8.4.3 to 8.6.0 (#2494) 6b8ca87 dependabot[bot]
• build(deps): bump @types/node from 14.14.35 to 15.0.1 (#2369) 3a65eee dependabot[bot]
• Build(deps): Bump ssri from 6.0.1 to 6.0.2 (#2400) a7a9e6d dependabot[bot]
• Build(deps): Bump graphql-scalars from 1.9.0 to 1.9.3 (#2408) 96c785b dependabot[bot]
• Build(deps-dev): Bump @types/node-fetch from 2.5.8 to 2.5.10 (#2411) 34588ef dependabot[bot]
• Build(deps): Bump esbuild from 0.11.13 to 0.11.16 (#2412) d644c3e dependabot[bot]
• Build(deps-dev): Bump firebase from 8.4.2 to 8.4.3 (#2414) c062a8b dependabot[bot]
• Build(deps): Bump graphql-tag from 2.12.2 to 2.12.4 (#2409) f677ab1 dependabot[bot]
• Bump youch from 2.1.1 to 2.2.1 (#2373) a68cd6d dependabot[bot]
• Build(deps-dev): Bump firebase-admin from 9.6.0 to 9.7.0 (#2407) f2f26e4 dependabot[bot]
• Bump typescript from 4.1.3 to 4.2.4 (#2292) 2c38d26 dependabot[bot]
• Bump @storybook/addon-a11y from 6.2.8 to 6.2.9 (#2387) 6995be3 dependabot[bot]
• Bump @babel/core from 7.13.15 to 7.13.16 (#2376) 5f0243a dependabot[bot]
• Bump msal from 1.4.9 to 1.4.10 (#2377) d1ac806 dependabot[bot]
• Bump @types/pino from 6.3.7 to 6.3.8 (#2378) 97f6fdc dependabot[bot]
• Bump @apollo/client from 3.3.12 to 3.3.15 (#2379) 2a67471 dependabot[bot]
• Bump @types/jest from 26.0.21 to 26.0.23 (#2381) 879f724 dependabot[bot]
• Bump chalk from 4.1.0 to 4.1.1 (#2382) cba16da dependabot[bot]
• Bump @supabase/supabase-js from 1.11.6 to 1.11.8 (#2383) d34622e dependabot[bot]
• Bump @graphql-tools/merge from 6.2.10 to 6.2.13 (#2313) 8ed09f0 dependabot[bot]
• Bump jest-watch-typeahead from 0.6.1 to 0.6.3 (#2348) 4523a90 dependabot[bot]
• build(deps-dev): bump @types/aws-lambda from 8.10.72 to 8.10.76 (#2357) acd5101 dependabot[bot]
• build(deps-dev): bump firebase from 8.4.1 to 8.4.2 (#2367) f3a5d56 dependabot[bot]
• Bump @testing-library/user-event from 13.1.2 to 13.1.6 (#2374) 836a17c dependabot[bot]
• Bump boxen from 4.2.0 to 5.0.1 (#2308) 6d4400b dependabot[bot]
• Bump concurrently from 5.3.0 to 6.0.2 (#2295) 9e8f756 dependabot[bot]
• Bump envinfo from 7.7.4 to 7.8.1 (#2293) 34eaaf5 dependabot[bot]
• Bump @testing-library/react from 11.2.2 to 11.2.6 (#2291) 82ed18b dependabot[bot]
• Bump esbuild from 0.11.6 to 0.11.13 (#2337) 76fb814 dependabot[bot]
• misc Dependabot patch release PRs grouped (#2495) 1607257 @thedavidprice

Breaking ⚠️

Nothing to see here! 🙈

---

How to Upgrade

Code Modifications

1. Bump React and React-dom versions; remove resolutions

Redwood internally bumped to React v17.0.2. Update the versions in your project's web/package.json (example file):

// web/package.json

-     "react": "^17.0.1",
-     "react-dom": "^17.0.1"
+     "react": "^17.0.2",
+     "react-dom": "^17.0.2"

And then remove the resolutions from package.json, which are no longer necessary (example file):

// ./package.json

-  },
-   "resolutions": {
-     "react": "17.0.1",
-     "react-dom": "17.0.1"
  }

2. Update .gitignore

If you are using SQLite, you might want to add the following to your project's .gitignore, which will exclude the file dev.db-journal from git commits:

- dev.db
+ dev.db*

Upgrade Packages to v0.32.x from v0.31.x

Run the following command within your App's directory:

yarn redwood upgrade

Ensure yarn has installed everything correctly by running:

yarn install --force

Upgrading from an earlier version?

Please follow the "how to upgrade" sections for each newer version here 👉 https://github.com/redwoodjs/redwood/releases, as there may be manual codemods needed for each version.

Upgrading to a version that is not the latest?

The command yarn rw upgrade will always upgrade to the latest (i.e. most recent) Redwood version. If you need to upgrade incrementally to a earlier, specific release, use the --tag option. For example, if you need to upgrade from v0.27.0 to v0.28.4, run the following command:

yarn redwood upgrade --tag 0.28.4

Need help or having trouble upgrading packages?

See this forum topic for manual upgrade instructions and general upgrade help.

v0.31.2

Patch release with the following fixes:

• Page generators not working on TypeScript projects without flag (#2413) d9b2cb9 @dac09

Tip 👇

If you're deploying to Heroku, or using Heroku buildpacks to self host, they have recently upgraded their environment to use Node 16, which is incompatible with Prisma 2.21.x

You can set the version of node to use by changing your package.json like this:

-    "node": ">=14",
+    "node": "14.x",
     "yarn": ">=1.15"
   },

v0.31.0

v0.31.0 Highlights 🎉

🥇 All generators now support typescript

We're working hard to have full typescript support for 1.0, and this release we're making it a lot easier for the TS crowd. All Redwood generators now generate typescript — and it even auto-detects if your Redwood project is in TypeScript

🔐 Built in support for verifiying webhooks

Do you wince whenever you realise you have to actually verify the webhooks your application receives? Fear not, this release Redwood brings you built-in support for checking the webhook signatures, including a plethora of common verification methods — SHA256, JWT, among others.

📦 New deploy provider Render

It's now super easy to setup a "serverful" deployment, with a database included, thanks to our friends at Render. In typical Redwood fashion, of course, it's one CLI command to get everything setup.

• Get started with the Render Redwood Deployment doc

Fixed

• Fix "yarn rw test web" in e2e tests (#2329) 4c8c894 @peterp
• Fix type for update service function (#2326) d1ea508 @dac09
• Disable role linting in Routes (#2318) 293c99d @jtoar
• Teardown should attempt to delete dbName table (#2083) 36b6f91 @nexneo
• Restore @storybook/addon-a11y (#2309) 0b93201 @jtoar
• Auth: Implement automatic token refresh on supported providers (#2277) 3557f70 @dthyresson @dac09
• Move api-server dep from api to cli (#2307) 89c1310 @dac09
• logger.ts: Fix comment spelling (#2256) 006a1dd @Tobbe
• Fix page generator taking in ts | Fix rw serve crashing out cli (#2335) @dac09
• Adds process and require to eslint config web (#2354) @dthyresson

Added

• Verify signatures for secure webhooks and functions (#1843) 2780246 @dthyresson
• Webhooks: Handle base64 encoded webhook payloads (#2340) @dthyresson
• Serve web/dist with yarn rw serve web (#2234) 22ea3fc @dac09
• Handle focus on route change (#2321) 99575c3 @jtoar
• Support generating typescript cells and pages | Autodetect ts project (#2279) adcc6d7 @dac09
• Add import type to configuration files (#2214) 555c72c @renansoares
• Adding Setup Deploy Render Command (#2099) e4cfe34 @SEANDOUGHTY
• Updates to Redwood-Render integration (#2336) @SEANDOUGHTY
• Static typing for cells (#2208) 0730651 @corbt

Changed

• Upgraded pino and new related types for PinoPretty (#2330) 930eda7 @dthyresson
• create-redwood-app messages: moved app start commands to end (#2278) 5432900 @qooqu
• Recommended Babel package upgrades (dependabot) (#2255) 05639db @thedavidprice
• Update CONTRIBUTING.md (#2084) a02bee5 @qooqu
• Router README: Pass props to set wrappers (#2257) 7be2581 @Tobbe
• [Internal] Adds skipLibCheck flag to tsconfig (#2175) b09a967 @dac09

Dependabot updates

• Bump @reach/skip-nav from 0.13.2 to 0.15.0 (#2237) 61e0f8e dependabot[bot]
• Bump core-js from 3.6.5 to 3.10.1 (#2243) 3e0e1eb dependabot[bot]
• Bump react-refresh from 0.9.0 to 0.10.0 (#2195) 5ce8336 dependabot[bot]
• Bump mini-css-extract-plugin from 1.3.9 to 1.4.1 (#2240) a0aece0 dependabot[bot]
• Bump esbuild from 0.9.0 to 0.11.6 (#2241) 1ded37e dependabot[bot]
• Bump @testing-library/user-event from 12.5.0 to 13.1.2 (#2254) 2722a6c dependabot[bot]
• Bump prompts from 2.4.0 to 2.4.1 (#2194) 42cb13b dependabot[bot]
• Bump firebase-admin from 9.5.0 to 9.6.0 (#2185) f98a206 dependabot[bot]
• Bump @testing-library/user-event from 12.5.0 to 13.1.1 (#2196) b74640f dependabot[bot]
• Bump eslint-plugin-jest-dom from 3.6.5 to 3.7.0 (#2184) 5c98e1e dependabot[bot]

Breaking ⚠️

Surprise! Nothing to see here. If you've been keeping up with upgrades for a while, you've earned yourself a treat 🍦

But we have changed the flags on the generator cli. Take a look with yarn redwood generate --help

---

How to Upgrade

Code Modifications

If you created your project at Redwood v0.30.0, you are most likely missing .gitignore in the root directory. Create the file and copy the contents from this reference template/.gitignore

Upgrade Packages to v0.31 from v0.30.x

Run the following command within your App's directory:

yarn redwood upgrade

Ensure yarn has installed everything correctly by running

yarn install --force

Upgrading from an earlier version?

Skipping versions when upgrading is not recommended and will likely cause problems. Please follow the "how to upgrade" sections for each newer version here 👉 https://github.com/redwoodjs/redwood/releases

Upgrading to a version that is not the latest?

The command yarn rw upgrade will always upgrade to the latest (i.e. most recent) Redwood version. If you need to upgrade incrementally to a earlier, specific release, use the --tag option. For example, if you need to upgrade from v0.27.0 to v0.28.4, run the following command:

yarn redwood upgrade --tag 0.28.4

Need help or having trouble upgrading packages?

See this forum topic for manual upgrade instructions and general upgrade help.

v0.30.1

This patch release only affects a new project creation via yarn create redwood-app ..., resolving the missing .gitignore file in the codebase. See #2310

Upgrading projects created at Redwood v0.30.0

If you created your project at Redwood v0.30.0, you are most likely missing .gitignore in the root directory. Create the file and copy the contents from this reference template/.gitignore

v0.30.0

This release brings in a few incremental fixes and features, primarily through the upgraded prisma dependency. Key fixes are:

• Netlify builds were failing due to size limit for some users #2250
• Fixes many-to-many relations handling in prisma (Prisma issue #1970)

⚠️ This release contains a minor breaking change. See the "Breaking" section for more details.

Fixed

• Cli package should depend on api server explicitly (#2251) e73aea9 @dac09
• Tooling: making rwt link more resilient (#2269) 7f206e2 @dac09
• Fix: webpack optimizations for JS (#2235) 3e9ea10 @dac09

Changed

• upgrade Prisma v2.21.0 (#2273) b2be018 @thedavidprice
• upgrade prisma v2.21.2 (#2280) 60e1227 @thedavidprice

Breaking ⚠️

A few small changes introduced in Prisma 2.21+, so watch out for these if you use aggregate or disconnect in your services.

• Previously, aggregations on nullable fields always returned 0. All aggregated fields are now nullable. Aggregated fields can return null when there's either no record in the database or if all the aggregated records are null.
• disconnect no longer throws an error on unconnected records
• @default(dbgenerated("")) is no longer permitted

Full prisma release notes here: Prisma 2.21.0 release notes

---

How to upgrade to Redwood v0.30 from v0.29

Upgrade Packages to v0.30

Run the following command within your App's directory:

yarn redwood upgrade

Ensure yarn has installed everything correctly by running

yarn install --force

Upgrading from an earlier version? Please follow the "how to upgrade" sections for each newer version here 👉 https://github.com/redwoodjs/redwood/releases

Need help or having trouble upgrading packages? See this forum topic for manual upgrade instructions and general upgrade help.

v0.29.0

This is a MakesItBetter™ release, including incremental improvements and fixes across tooling, TypeScript, api-server, auth, docs, and more. Thank you to everyone in the community who helped make this possible!

⚠️ This release contains a minor breaking change and code modifications that are applicable to some projects. See the "Breaking" and "How to Upgrade" sections for more details.

Changed

• Storybook: CLI Storybook command — add output directory option and change default #2168 #2176 by @thedavidprice ⚠️
• Tooling: Enables fast refresh by default in dev mode #2085 by @dac09
  • you can disable it through the redwood.toml file via [web] fastRefresh = false
• API: Add root-path to api-server #1691 by @jeliasson
• Tooling: Improved yarn rwt link, with selective copy #2122 by @dac09
• Router: Set —Forward props to wrapper components #2125 by @Tobbe
• Docs: update CRWA quick-start Node requirement #2151 by @thedavidprice
• CI: Update E2E Tutorial test: add Toast and per Tutorial #2164 by @thedavidprice
• CI: Router tests — Don't use window.__REDWOOD__USE_AUTH #2174 by @Tobbe
• Auth: Just decode, not verify, auth0 token during development and test #2172 by @peterp
• TS: Improved types | Handling for Boolean and Float route params #2177 by @dac09
• CLI: add api-server to upgrade command #2245 by @thedavidprice
• Prisma: upgrade Prisma v2.20 #2223 by @thedavidprice
  • v2.20.0 and v2.20.1 Release Notes
    • New push operation available for arrays on PostgreSQL
    • groupBy and createMany are now Generally Available

Added

• Generators: Add generator message with info on how to secure a function #2211 by @dthyresson
• Forms: Adding Transform Capability to SelectField #2138 by @cjreimer
• Auth: Implement Supabase OAuth Provider Scopes and Redirects #2207 by @dthyresson
• CLI: Adds yarn rw serve api #2217 by @dac09

Fixes

• TS: Correctly type GraphQLHookOptions #2166 by @corbt
• TS: Fix types for CurrentUser #2216 by @dac09
• Auth: Firebase fix for 8.3.x #2134 by @noire-munich
• Forms: fixed form submission to be more resilient with abnormal inputs and transformValue properties #2167 by @cjreimer
• Tooling: Fix rwt link performance issues #2200 by @dac09
• Tooling: fix(build-link) — Wait for build to complete before copying #2221 by @dac09
• Docs: fix typo for --javascript option #2213 by @jangxyz
• CI: e2e Fix for step 1 #2229 by @Tobbe
• Webpack: (webpack-chunks) Don't merge all modules into vendors #2082 by @dac09

---

Breaking ⚠️

This is a minor change only affecting projects using yarn redwood storybook --build

The output directory for yarn redwood storybook --build can now be configured with the --build-directory flag. And the output directory default has been changed from web/storybook-static to web/public/storybook, taking advantage of Redwood's public web directory to serve static files. See #2168 #2176

Users can still output to web/storybook-static via:

yarn redwood storybook --build --build-directory storybook-static

---

How to upgrade to Redwood v0.29 from v0.28

👉 IMPORTANT: Skipping versions when upgrading is not recommended and will likely cause problems. Do read through all Release Notes between your current version and this latest version. Each minor release will likely require you to implement breaking change fixes and apply manual code modifications.

Manual Code Modifications

The following modifications will not be necessary for all projects.

1. Install @redwoodjs/api-server

This modification applies to projects created prior to v0.28.1

In patch release v0.28.1, the @redwoodjs/api-server package was added to api/package.json. See this commit for reference.

Add the dependency:

//api/package.json
...

"version": "0.0.0",
  "private": true,
  "dependencies": {
    "@redwoodjs/api": "^0.29.0",
+   "@redwoodjs/api-server": "^0.29.0"
  }

}

And then install:

yarn install

2. Remove apollo-server-core package resolution

This modification applies to projects created after v0.28.0

In patch v0.28.1 (#2129), we added an apollo-server-core resolution to ./package.json as a workaround for an Apollo Server bug. The bug was resolved and the fix applied to Redwood in patch v0.28.4.

If it exists, remove the resolution from your project (see reference commit here):

// ./package.json
...

"resolutions": {
    "react": "17.0.1",
-   "react-dom": "17.0.1",
+   "react-dom": "17.0.1"
-   "// Temporary fix for": "https://github.com/redwoodjs/redwood/issues/2127",
-   "apollo-server-core": "2.21.2"
  }

And then run a forced install:

yarn --force

Upgrade Packages to v0.29

Run the following command within your App's directory:

yarn redwood upgrade

Double Check api/package.json: For some projects, it is possible the package dependency @redwoodjs/api-server in api/package.json will not be correctly upgraded to v0.29.0. Confirm it is"@redwoodjs/api-server": "^0.29.0" in your project. If not, manually update the package version and then run yarn --force.

How to upgrade to an incremental version that is not the latest release

The command yarn rw upgrade will always upgrade to the latest (i.e. most recent) Redwood version. If you need to upgrade incrementally to an earlier, specific release, use the --tag option. For example, if you need to upgrade from v0.27.0 to v0.28.4 (which is not the latest release), run the following command:

yarn redwood upgrade --tag 0.28.4

Need help or having trouble upgrading packages? See this forum topic for manual upgrade instructions and general upgrade help.

v0.28.4

This fixes a TypeScript issue introduced by Router Sets where routes was made a prop of <Router>. routes is now correctly omitted from the prop interface:

• Router: routes is not a prop #2173 by @Tobbe

v0.28.3

This patch release fixes several bugs related to Router Sets, TypeScript, Apollo Server:

• TS: setup tsconfig: github version tag for canary builds #2156 by @dac09
• TS: named routes types #2154 by @dac09
• API: upgrade apollo-server-lambda and remove resolution #2153 by @thedavidprice
• Sets: Recalculate useParams on location change when used in <Set /> #2152 by @KrisCoulson
• Sets: Make understand authentication #2147 by @peterp

Code Modification

Patch releases v0.28.1 and v0.28.2 introduced a workaround to fix an error in Apollo Server. Check if your ./package.json includes "apollo-server-core": "2.21.2". If so, make the following modification:

  },
  "resolutions": {
    "react": "17.0.1",
-   "react-dom": "17.0.1",
+   "react-dom": "17.0.1"
-   "// Temporary fix for": "https://github.com/redwoodjs/redwood/issues/2127",
-   "apollo-server-core": "2.21.2"
  }
}

See reference code here.

v0.28.2

This is a patch release that fixes two problems we've had with the router:

• useParams should always be populated. #2142
• Populate the routes in MockRouteProvider for tests: #2133

v0.28.1

This patch release fixes two issues introduced in v0.28.0:

1. esbuild requires @redwoodjs/api-server to be installed: #2120, #2126
2. Fixing apollo-server-core by pinning it's version: #2127

Both of these issues are fixed via #2129