vaadin/flow 23.1.0

Vaadin Flow 23.1.0

on GitHub

All changes since 23.0.7

Breaking changes

• Upgrade to Spring Boot 2.7 and Security 5.7.1 (#13821)
  Commit · Pull request
  Vaadin 23.1 uses Spring Boot 2.7 and Security 5.7.1. Spring Boot 2.7 includes the update of H2 from 1.x to 2.x, which in most cases requires changes if you use H2 in your project, see more details here.

• Always load static files from context root (#13795)
  Commit · Pull request · Issue

  Static resources are always served from /VAADIN in the context path.
  If you're not using Spring and use a non-root mapping for your servlet (not a /*), then you need to separately map a Vaadin servlet to /VAADIN/* like shown below:

  @WebServlet(asyncSupported = true, urlPatterns = { "/admin/*", "/VAADIN/*" })
  public class ViewTestServlet extends VaadinServlet {
  }

  For multiple servlet mappings, this makes the application load a static files only once from /VAADIN and not from both /myapp/VAADIN and /admin/VAADIN.

• Avoid duplicated field bindings
  Commit · Pull request · Issue

  If custom binding is added or completed after the call to Binder.bindInstanceFields the field is bound twice and this may lead to potential multiple application of converters, producing wrong representation and value for the field.
  This change ignores incomplete bindings during bindInstanceFields() process and overwrites existing bindings when Binding.bind() is invoked after bindInstanceFields().

• Rename dev mode gizmo to dev tools (#13679)
  Commit · Pull request

New features

• License checker in Java instead of browser
  Commit · Pull request · Issue

  For development mode:

  • Checks the license from the Java side to avoid cookies
  • Replaces commercial components with a login/validation link if the subscription could not be validated

  For production mode:

  • Requires a license during a production build for commercial components
  • Removes commercial components from the fallback bundle if there is no license
  • Speeds up production build for free users as charts/maps/... are not compiled in the fallback bundle

• Add Vite support for exported web components
  Commit · Pull request · Issue

  Vite support for exported web components making it possible to build and run them with Vite in development and production modes.
  A brief overview of the differences between Webpack and Vite implementations:

  • Webpack: When there is any component marked as exported, in addition to bundle-***.js, Webpack will build an export-***.js chunk that contains generated-flow-imports. The Flow client will be generated by Flow as a separate script. Once an exported web component is requested, WebComponentBootstrapHandler is the one that is in charge of generating a bootstrap script to initialize this web component. The current Webpack implementation of WebComponentBootstrapHandler is based on BootstrapHandler. It dynamically builds an HTML bootstrap document injecting all the scripts required for the exported web component to work to the document's head. There is where it will inject the Flow client as a separate script and the export-***.js chunk, getting it from the chunk stats file. Eventually, the handler serializes the head of the resulting HTML document into a set of javascript instructions and sends them to the browser as a result.
  • Vite: When there is any component marked as exported, Vite will build vaadin-web-component.ts and inject it to web-component.html. It is worth noting that vaadin-web-component.ts includes both generated-flow-imports and the Flow client. For Vite, the WebComponentBootstrapHandler logic was modified such that it instead takes web-component.html as an initial bootstrap document. The bootstrap document already contains the actual link to vaadin-web-component.ts which is injected by Vite. All the other scripts required for the exported web component to work, such as the @Push annotation script, the handler injects dynamically. An advantage of this approach is that it doesn't require any chunk stats so that it works pretty much the same way as IndexHtmlRequestHandler. Eventually, the handler serializes the head of the resulting HTML document into a set of javascript instructions and sends them to the browser as a result.

• Support view access checking in background threads with Spring (#13675)
  Commit · Pull request

  Requires the spring context to be properly set up for the background thread. Based on #13674

• Hilla push implementation behind a feature flag
  Commit · Pull request

  This adds support for endpoints methods to return a Flux which will be streamed to the client side to the subscribers that have registered using TheEndpoint.theMethod().onNext(value => ...); The implementation is based on https://socket.io/ but this is not considered to be part of the public API. We should be free to change the underlying implementation if needed.

• Add flag for CE backend support (#13711)
  Commit · Pull request

• Support listening to browser unsubscribe in endpoint methods (#13731)
  Commit · Pull request

  Adds support for EndpointSubscription as an endpoint return value An endpoint subscription is the same as a Flux but in addition supports an unsubscribe event handler, triggered when the client closes the subscription (not when the flux completes or errors)

• Add Binder.refreshFields()
  Commit · Pull request

• Add experimental flag for the spreadsheet component
  Commit · Pull request

• Clarify "Access denied" message when the view is implicitly treated as @Denyall
  Commit · Pull request

• Automatically use available converters in Binder
  Commit · Pull request

  When binding a field and a property which do not have the same value type an exception is thrown. With this change, an attempt is made to automatically pick a suitable converter from the ones provided by the framework. Closes #12881

• Enable usage of pnpm >5
  Commit · Pull request

  Allow usage of pnpm 6 by then generating .pnpmfile.cjs instead of pnpmfile.js Closes #12953

• Add scrollIntoView method to Component
  Commit · Pull request

  Adds back a scrollIntoView method that we had in past framework versions. The implementation is a trivial shorthand to the similarly named DOM method, and very handy in UI development.

• Add an offline property to the PWA annotation
  Commit · Pull request

  The offline property allows you to disable creation and use of a service worker. By default, the property is true so everything works as before.

Fixes

• Upgrade lit from 2.2.1 to 2.2.3 (#13848)
  Commit · Pull request

  Upgrades the dependency in flow-client which was missing from the last commit

• Pass url mapping to Atmosphere (#13845)
  Commit · Pull request · Issue

• Update Page Title after processing AfterNavigation listeners (#13825)
  Commit · Pull request · Issue

  The page title is updated after afterNavigation invocation and properly updated the title.

• Workaround Spring Boot UnsupportedOperationException for error page requests (#13808)
  Commit · Pull request

• Properly clean up when a flux immediately errors or completes (#13730)
  Commit · Pull request

• Use /HILLA/push as the Hilla push endpoint (#13809)
  Commit · Pull request

  This avoids conflict with the VaadinServlet when it is bound to /VAADIN/* Related to vaadin/hilla#424

• Clean up flux subscription on browser disconnect (#13729)
  Commit · Pull request

• Avoid potential slow Set#removeAll call in HierarchicalCommunicator (#13746)
  Commit · Pull request · Issue

• Improve message sender / handler robustness in resync scenarios (#13733)
  Commit · Pull request · Issue

  Process re-sync messages via normal message queue and use semaphore to protect re-sync process (i.e. do not allow other messages while performing re-sync).
  This PR is adopted from similar fixes for Vaadin 8, see: #11791, #12043 and #12178
  This also changes the method forceMessageHandling in a way that the desire to resynchronise is registered before calling endRequest. If this is not done, endRequest may end up sending out a request itself and that then causes the re-sync request to fail because a request is already in flight. This ends up throwing an IllegalStateException at com/vaadin/client/communication/RequestResponseTracker.java.

• Always get url mapping using helpers when using Spring Boot (#13791)
  Commit · Pull request · Issue

  The properties in application.properties use a relaxed mapping strategy in Spring Boot so all variants of "url-mapping","urlmapping","urlMapping" are mapped to the same value in VaadinConfigurationProperties.

• Devmode popup will show Hilla instead of Vaadin in Hilla applications (#13725)
  Commit · Pull request

• Ignore CancellationException for running UI update tasks (#13708)
  Commit · Pull request · Issue

  Ignore CancellationException if the task is cancelled in the meantime.

• Do not serve static resources from dev server if dev server startup failed (#13773)
  Commit · Pull request · Issue

  This happens when the dev server startup fails, i.e. DevModeInitializer.runNodeTasks throws an exception, then "action" in the constructor throws an exception and devServerStartFuture completes with an exception.
  After this when the browser reloads, it needs to go to AbstractDevModeHandler.handleRequest which checks if an exception happened and sets isDevServerFailedToStart accordingly.
  However before getting to AbstractDevModeHandler.handleRequest the static file server checks if the requested path is a static resource by calling AbstractDevModeHandler.serveDevModeRequest. This throws an exception because it only checks that the dev server is not still starting and then it tries to access it using port 0.

• Move the clean-frontend phase to be before clean (#13763)
  Commit · Pull request

  Move clean-frontend to pre-clean as if mvn clean is executed before clean-frontend clean will remove the target folder making removal of node_modules fail on windows if there is a symlink to target/flow-frontend touches #13760

• Ensure @HandlesTypes types are not included in the collection (#13677)
  Commit · Pull request

• Serialize byte[] as Array (#13656)
  Commit · Pull request

• Open Liberty includes AppShellConfigurator interface as an implementation of itself #13608
  Commit · Pull request · Issue

  Filter out AppShellConfigurator interface as Open Liberty includes the implementation itself.

• Only run new license checker when flag is enabled
  Commit · Pull request

  The checker is invoked in three places:
  1- After production build with the plugin.
  2- For fallback chunk in production build.
  3- Development time through Vaadin Developer Tools.
  With this addition, all the three places are guarded by the feature flag

• Disable strict peer dependencies to make pnpm 7 work
  Commit · Pull request

• Optimize Binder#doWriteIfValid to avoid duplicate field level validations
  Commit · Pull request

• Ignore server-modality for poll RPC invocations
  Commit · Pull request · Issue

  The inert status of the UI as the result of server-modality should be ignored for some RPC calls such as polling events.

• Exclude license-checker and usage-statistics from optimizeDeps
  Commit · Pull request

  Excludes @vaadin/vaadin-license-checker and @vaadin/vaadin-usage-statistics from the Vite deps optimization to prevent the special part of their source code serialized into a code comment from eliminating in dev mode:

• Do not select from session if parent has a better match
  Commit · Pull request · Issue

  Check if parent registry contains a better match than the session registry.

• Upgrade io.dropwizard.metrics:metrics-core from 4.2.8 to 4.2.9
  Commit · Pull request

  Snyk has created this PR to upgrade io.dropwizard.metrics:metrics-core from 4.2.8 to 4.2.9.
  See this package in Maven Repository.
  See this project in Snyk

• Properly clean up socket.io on shutdown
  Commit · Pull request

• Upgrade org.tensorflow:tensorflow from 1.14.0 to 1.15.0
  Commit · Pull request

  Snyk has created this PR to upgrade org.tensorflow:tensorflow from 1.14.0 to 1.15.0.
  See this package in Maven Repository
  See this project in Snyk

• Not fetch entire page if number of requested items is less
  Commit · Pull request · Issues #34, #16
  Many kudos to @s76527 for contribution.

• Register push related beans only when the feature flag is enabled
  Commit · Pull request

• Upgrade org.springframework.security:spring-security-oauth2-authorization-server from 0.2.2 to 0.2.3
  Commit · Pull request

  Snyk has created this PR to upgrade org.springframework.security:spring-security-oauth2-authorization-server from 0.2.2 to 0.2.3.
  See this package in Maven Repository
  See this project in Snyk

• Reusable themes with vite
  Commit · Pull request · Issue

  Fix resolution of reusable themes when using Vite tool.

• Upgrade com.google.guava:guava from 31.0.1-jre to 31.1-jre
  Commit · Pull request

  Snyk has created this PR to upgrade com.google.guava:guava from 31.0.1-jre to 31.1-jre.
  See this package in Maven Repository
  See this project in Snyk

• Upgrade glob from 7.1.6 to 7.2.0
  Commit · Pull request

  Snyk has created this PR to upgrade glob from 7.1.6 to 7.2.0.
  See this package in npm
  See this project in Snyk

• Force async version 3.2.2
  Commit · Pull request

  Force async version 3.2.2 to get fix for Prototype Pollution in async

• Upgrade javax.activation:activation from 1.1 to 1.1.1
  Commit · Pull request

  Snyk has created this PR to upgrade javax.activation:activation from 1.1 to 1.1.1.
  See this package in Maven Repository
  See this project in Snyk

• Keep polling for dev mode server if an exception occurs
  Commit · Pull request

  If the server is restarting, fetch can result in Uncaught (in promise) TypeError: Failed to fetch

• Do not warn for unset disabled property change
  Commit · Pull request · Issue

  Do not log a waning if getting a property change for a disabled component when that property has not been set for the component.

• Do not append a nonsense slot to exported web components
  Commit · Pull request · Issue

• Import unsafeCSS when using Vite and @CssImport
  Commit · Pull request

• Change reconnecting message defaults to match the client-side defaults
  Commit · Pull request

• Fix determining edge from userAgent
  Commit · Pull request · Issue

• Upgrade com.google.inject:guice from 4.0 to 4.2.3
  Commit · Pull request

  Snyk has created this PR to upgrade com.google.inject:guice from 4.0 to 4.2.3.
  See this package in Maven Repository

• Always register EndpointController
  Commit · Pull request

  This allows the controller to return 404 when no endpoints are registered instead of letting the index html handler return an HTML page

• Upgrade Vite to v2.9.1
  Commit · Pull request · Issue

• Enable skipLibCheck in the default TS config
  Commit · Pull request

• Make the Vite config respect PWA offline property
  Commit · Pull request

• Fix Vite to use vaadin/bundles on Windows (#13879)
  Commit · Pull request · Issue
  Fix resolving the node_modules directory path to enable the @vaadin/bundles usage while using Vite in Windows as well.

• Upgrade lit default version from 2.2.1 to 2.2.3
  Commit · Pull request

  The defaults are come into effect when the user clears out or deletes the package.json, so it is being generated from scratch.

• Fix theme paths resolution when using Vite (#13862)
  Commit · Pull request
  Makes Vite work with a custom theme that packaged as JAR. Fixes theme paths resolution for Vite apps by adding a custom resolver for the themes alias. The custom resolver sequentially attempts to resolve the requested path inside the folders (1) flow-frontend (2) frontend returning the first successful resolution.

Known issues

• Flow does not work on Node 16 which is dynamically linked to openssl 3 (#13889)
  If you have a new Node 16 installed that is dynamically linked to openssl3, building the frontend fails with
  /usr/bin/node: --openssl-legacy-provider is not allowed in NODE_OPTIONS
  Workaround: enable Vite and use it instead of webpack.
  Should be fixed in the next Node 16.16.0.