npm @redwoodjs/core 0.32.2
v0.32.2

latest releases: 9.0.0-canary.239, 9.0.0-canary.237, 9.0.0-canary.236...
3 years ago

v0.32 Highlights 🎉

☂️ <Set> now takes the prop private to mark a set of routes as Private

For those who like to be less verbose, you can now mark a whole set of Routes as private, without wrapping it in an explicit <Private> block. All the juicy details here: Redwood Router docs

🔐 Secure Services by default (experimental)

Auth is hard. So is accidentally exposing functionality to the interwebs because you forgot to check for auth in your graphQL query. This release we're shipping some nifty tricks that make your services secure by default, so we can finally say Auth is was hard. Make sure you read the upgrade guide below to add this functionality to your existing Redwood app.

📖 Redwood Security Docs

In addition to documentation about securing Services, Redwood contributors have added and updated many docs with security-specific content, from general overviews to best practices to How-tos. Take a look:

Fixed

Added

Changed

Dependabot updates
  • build(deps): bump @typescript-eslint/eslint-plugin from 4.22.0 to 4.23.0 (#2482) 71c433e dependabot[bot]
  • build(deps-dev): bump npm-packlist from 2.1.5 to 2.2.2 (#2464) 0e415b8 dependabot[bot]
  • build(deps): bump @typescript-eslint/parser from 4.22.0 to 4.23.0 (#2483) 84a4f9d dependabot[bot]
  • build(deps): bump lodash from 4.17.20 to 4.17.21 in /tasks/e2e (#2476) bb8ec93 dependabot[bot]
  • build(deps): bump youch from 2.2.1 to 2.2.2 (#2459) 9f3ac7f dependabot[bot]
  • build(deps-dev): bump @types/fs-extra from 9.0.8 to 9.0.11 (#2444) 36618ac dependabot[bot]
  • build(deps): bump fs-extra from 9.1.0 to 10.0.0 (#2446) 13a7e89 dependabot[bot]
  • build(deps): bump youch-terminal from 1.0.1 to 1.1.1 (#2460) 7497136 dependabot[bot]
  • build(deps-dev): bump @supabase/supabase-js from 1.11.8 to 1.11.12 (#2490) 314df63 dependabot[bot]
  • build(deps-dev): bump firebase from 8.4.3 to 8.6.0 (#2494) 6b8ca87 dependabot[bot]
  • build(deps): bump @types/node from 14.14.35 to 15.0.1 (#2369) 3a65eee dependabot[bot]
  • Build(deps): Bump ssri from 6.0.1 to 6.0.2 (#2400) a7a9e6d dependabot[bot]
  • Build(deps): Bump graphql-scalars from 1.9.0 to 1.9.3 (#2408) 96c785b dependabot[bot]
  • Build(deps-dev): Bump @types/node-fetch from 2.5.8 to 2.5.10 (#2411) 34588ef dependabot[bot]
  • Build(deps): Bump esbuild from 0.11.13 to 0.11.16 (#2412) d644c3e dependabot[bot]
  • Build(deps-dev): Bump firebase from 8.4.2 to 8.4.3 (#2414) c062a8b dependabot[bot]
  • Build(deps): Bump graphql-tag from 2.12.2 to 2.12.4 (#2409) f677ab1 dependabot[bot]
  • Bump youch from 2.1.1 to 2.2.1 (#2373) a68cd6d dependabot[bot]
  • Build(deps-dev): Bump firebase-admin from 9.6.0 to 9.7.0 (#2407) f2f26e4 dependabot[bot]
  • Bump typescript from 4.1.3 to 4.2.4 (#2292) 2c38d26 dependabot[bot]
  • Bump @storybook/addon-a11y from 6.2.8 to 6.2.9 (#2387) 6995be3 dependabot[bot]
  • Bump @babel/core from 7.13.15 to 7.13.16 (#2376) 5f0243a dependabot[bot]
  • Bump msal from 1.4.9 to 1.4.10 (#2377) d1ac806 dependabot[bot]
  • Bump @types/pino from 6.3.7 to 6.3.8 (#2378) 97f6fdc dependabot[bot]
  • Bump @apollo/client from 3.3.12 to 3.3.15 (#2379) 2a67471 dependabot[bot]
  • Bump @types/jest from 26.0.21 to 26.0.23 (#2381) 879f724 dependabot[bot]
  • Bump chalk from 4.1.0 to 4.1.1 (#2382) cba16da dependabot[bot]
  • Bump @supabase/supabase-js from 1.11.6 to 1.11.8 (#2383) d34622e dependabot[bot]
  • Bump @graphql-tools/merge from 6.2.10 to 6.2.13 (#2313) 8ed09f0 dependabot[bot]
  • Bump jest-watch-typeahead from 0.6.1 to 0.6.3 (#2348) 4523a90 dependabot[bot]
  • build(deps-dev): bump @types/aws-lambda from 8.10.72 to 8.10.76 (#2357) acd5101 dependabot[bot]
  • build(deps-dev): bump firebase from 8.4.1 to 8.4.2 (#2367) f3a5d56 dependabot[bot]
  • Bump @testing-library/user-event from 13.1.2 to 13.1.6 (#2374) 836a17c dependabot[bot]
  • Bump boxen from 4.2.0 to 5.0.1 (#2308) 6d4400b dependabot[bot]
  • Bump concurrently from 5.3.0 to 6.0.2 (#2295) 9e8f756 dependabot[bot]
  • Bump envinfo from 7.7.4 to 7.8.1 (#2293) 34eaaf5 dependabot[bot]
  • Bump @testing-library/react from 11.2.2 to 11.2.6 (#2291) 82ed18b dependabot[bot]
  • Bump esbuild from 0.11.6 to 0.11.13 (#2337) 76fb814 dependabot[bot]
  • misc Dependabot patch release PRs grouped (#2495) 1607257 @thedavidprice

Breaking ⚠️

Nothing to see here! 🙈


How to Upgrade

Code Modifications

1. Bump React and React-dom versions; remove resolutions

Redwood internally bumped to React v17.0.2. Update the versions in your project's web/package.json (example file):

// web/package.json

-     "react": "^17.0.1",
-     "react-dom": "^17.0.1"
+     "react": "^17.0.2",
+     "react-dom": "^17.0.2"

And then remove the resolutions from package.json, which are no longer necessary (example file):

// ./package.json

-  },
-   "resolutions": {
-     "react": "17.0.1",
-     "react-dom": "17.0.1"
  }

2. Update .gitignore

If you are using SQLite, you might want to add the following to your project's .gitignore, which will exclude the file dev.db-journal from git commits:

- dev.db
+ dev.db*

Upgrade Packages to v0.32.x from v0.31.x

Run the following command within your App's directory:

yarn redwood upgrade

Ensure yarn has installed everything correctly by running:

yarn install --force

Upgrading from an earlier version?

Please follow the "how to upgrade" sections for each newer version here 👉 https://github.com/redwoodjs/redwood/releases, as there may be manual codemods needed for each version.

Upgrading to a version that is not the latest?

The command yarn rw upgrade will always upgrade to the latest (i.e. most recent) Redwood version. If you need to upgrade incrementally to a earlier, specific release, use the --tag option. For example, if you need to upgrade from v0.27.0 to v0.28.4, run the following command:

yarn redwood upgrade --tag 0.28.4

Need help or having trouble upgrading packages?

See this forum topic for manual upgrade instructions and general upgrade help.

Don't miss a new core release

NewReleases is sending notifications on new releases.