search

redwoodjs / example-todo

Example Todo app written with Redwood
95 stars 28 forks source link

Update dependency @redwoodjs/api to v2 [SECURITY] - autoclosed #81

Closed renovate[bot] closed 2 months ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@redwoodjs/api (source) 0.47.1 -> 2.2.5 age adoption passing confidence

GitHub Vulnerability Alerts

GHSA-3qmc-2r76-4rqp

Impact

What kind of vulnerability is it? Who is impacted?

This is an API vulnerability in Redwood's [dbAuth], specifically the dbAuth forgot password feature:

User Accounts are Vulnerable to Takeover (Hijacking)

A reset token for any user can be obtained given knowledge of their username or email via the forgot-password API. With the leaked reset token, a malicious user could request to reset a user's password, changing their credentials and gaining access to their account.

How to Determine if Projects have been Attacked

To determine if a project has been attacked, we recommend checking logs for suspicious activity; namely, the volume of requests to the forgot-password API using emails that don't exist. Another indication is if users inform you that they can't access their accounts.

If you have question or concerns, reach out via the "For More Information" section below.

Patch Releases Available

The problem has been patched on the v3 and v2 release lines. Users should upgrade to v3.3.1+ or v2.2.5+ respectively.

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

We recommend upgrading to the Patch Releases above. If upgrading is not possible, there are several workarounds:

Manually strip out resetToken and resetTokenExpiresAt in the forgotPassword.handler()

Users on all release lines can have their forgotPassword.handler() function strip out the sensitive fields manually before returning

handler: (user) => {
  // your code to notify/email user of the link to reset their password...

  const = { resetToken, resetTokenExpiresAt, ...rest }

  return rest
}

Use yarn patch to manually apply the fix

Users on v3 and v2 can use [yarn patch] to apply the fix if they're using yarn v3. See the dbAuth "forgot-password" Account Takeover Vulnerability high gist for instructions.

Disable the forgot password flow entirely v3 only

Users on v3 can disable the forgot password flow entirely.

Release Notes

redwoodjs/redwood (@​redwoodjs/api) ### [`v2.2.5`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v225) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v2.2.4...v2.2.5) - See https://github.com/redwoodjs/redwood/releases/tag/v2.2.5 ### [`v2.2.4`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v224) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v2.2.3...v2.2.4) - See https://github.com/redwoodjs/redwood/releases/tag/v2.2.4 ### [`v2.2.3`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v223) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v2.2.2...v2.2.3) - See https://github.com/redwoodjs/redwood/releases/tag/v2.2.3 ### [`v2.2.2`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v222) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v2.2.1...v2.2.2) - See https://github.com/redwoodjs/redwood/releases/tag/v2.2.2 ### [`v2.2.1`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v221) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v2.2.0...v2.2.1) - See https://github.com/redwoodjs/redwood/releases/tag/v2.2.1 ### [`v2.2.0`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v220) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v2.1.1...v2.2.0) - See https://github.com/redwoodjs/redwood/releases/tag/v2.2.0 ### [`v2.1.1`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v211) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v2.1.0...v2.1.1) - See https://github.com/redwoodjs/redwood/releases/tag/v2.1.1 ### [`v2.1.0`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v210) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v2.0.0...v2.1.0) - See https://github.com/redwoodjs/redwood/releases/tag/v2.1.0 ### [`v2.0.0`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v200) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.5.2...v2.0.0) - See https://github.com/redwoodjs/redwood/releases/tag/v2.0.0 for the release notes and upgrade guide ### [`v1.5.2`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v152) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.5.1...v1.5.2) - See https://github.com/redwoodjs/redwood/releases/tag/v1.5.2 ### [`v1.5.1`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v151) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.5.0...v1.5.1) - See https://github.com/redwoodjs/redwood/releases/tag/v1.5.1 ### [`v1.5.0`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v150) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.4.3...v1.5.0) - See https://github.com/redwoodjs/redwood/releases/tag/v1.5.0 ### [`v1.4.3`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v143) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.4.2...v1.4.3) - See https://github.com/redwoodjs/redwood/releases/tag/v1.4.3 ### [`v1.4.2`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v142) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.4.1...v1.4.2) - See https://github.com/redwoodjs/redwood/releases/tag/v1.4.2 ### [`v1.4.1`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v141) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.4.0...v1.4.1) - See https://github.com/redwoodjs/redwood/releases/tag/v1.4.1 ### [`v1.4.0`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v140) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.3.3...v1.4.0) - See https://github.com/redwoodjs/redwood/releases/tag/v1.4.0 ### [`v1.3.3`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v133) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.3.2...v1.3.3) - See https://github.com/redwoodjs/redwood/releases/tag/v1.3.3 ### [`v1.3.2`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v132) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.3.1...v1.3.2) - See https://github.com/redwoodjs/redwood/releases/tag/v1.3.2 ### [`v1.3.1`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v131) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.3.0...v1.3.1) - See https://github.com/redwoodjs/redwood/releases/tag/v1.3.1 ### [`v1.3.0`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v130) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.2.1...v1.3.0) - See https://github.com/redwoodjs/redwood/releases/tag/v1.3.0 ### [`v1.2.1`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v121) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.2.0...v1.2.1) - See https://github.com/redwoodjs/redwood/releases/tag/v1.2.1 ### [`v1.2.0`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v120) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.1.1...v1.2.0) - See https://github.com/redwoodjs/redwood/releases/tag/v1.2.0 ### [`v1.1.1`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v111) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.1.0...v1.1.1) - See https://github.com/redwoodjs/redwood/releases/tag/v1.1.1 ### [`v1.1.0`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v110) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.0.2...v1.1.0) - See https://github.com/redwoodjs/redwood/releases/tag/v1.1.0 ### [`v1.0.2`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v102) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.0.1...v1.0.2) - See https://github.com/redwoodjs/redwood/releases/tag/v1.0.2 ### [`v1.0.1`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v101) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v1.0.0...v1.0.1) - See https://github.com/redwoodjs/redwood/releases/tag/v1.0.1 ### [`v1.0.0`](https://togithub.com/redwoodjs/redwood/blob/HEAD/CHANGELOG.md#v100) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v0.50.0...v1.0.0) - See https://github.com/redwoodjs/redwood/releases/tag/v1.0.0-rc.final.1 ### [`v0.50.0`](https://togithub.com/redwoodjs/redwood/releases/tag/v0.50.0) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v0.49.1...v0.50.0) > ⚠️ This release removes prior Deprecations and includes Code Modifications ### Changelog Unique contributors: 19 PRs merged: 76 #### Features - allow Redirect to use navigate options.replace [#​4704](https://togithub.com/redwoodjs/redwood/issues/4704) by [@​odjhey](https://togithub.com/odjhey) - Use GraphQL Yoga [#​4712](https://togithub.com/redwoodjs/redwood/issues/4712) by [@​ardatan](https://togithub.com/ardatan) - Send a 'ready' message to parent process if api server was spawned [#​4744](https://togithub.com/redwoodjs/redwood/issues/4744) by [@​cannikin](https://togithub.com/cannikin) - Adds baremetal deploy strategy [#​4750](https://togithub.com/redwoodjs/redwood/issues/4750) by [@​cannikin](https://togithub.com/cannikin) - Add yarn 3 to create redwood app template [#​4761](https://togithub.com/redwoodjs/redwood/issues/4761) by [@​jtoar](https://togithub.com/jtoar) - Auth Provider: Update Nhost to V2 [#​4770](https://togithub.com/redwoodjs/redwood/issues/4770) by [@​nunopato](https://togithub.com/nunopato) - See Code Modification section below - Add flightcontrol deploy command [#​4788](https://togithub.com/redwoodjs/redwood/issues/4788) by [@​beerose](https://togithub.com/beerose) - Add Layer0 deploy command to CLI and docs [#​4886](https://togithub.com/redwoodjs/redwood/issues/4886) by [@​tristanlee85](https://togithub.com/tristanlee85) - Cleanup deprecated features [#​4856](https://togithub.com/redwoodjs/redwood/issues/4856) by [@​callingmedic911](https://togithub.com/callingmedic911) - DEPRECATION: see section below - Sets Secure cookie attribute in config template to be dependent on NODE_ENV [#​4722](https://togithub.com/redwoodjs/redwood/issues/4722) by [@​cannikin](https://togithub.com/cannikin) - BREAKING: see sections below - Pretty print query in DevFatalErrorPage for better DX and readability [#​4696](https://togithub.com/redwoodjs/redwood/issues/4696) by [@​dthyresson](https://togithub.com/dthyresson) - BREAKING: see sections below - Update private routes and Set to use roles vs role [#​4681](https://togithub.com/redwoodjs/redwood/issues/4681) by [@​dthyresson](https://togithub.com/dthyresson) - BREAKING: see sections below - netlify build with rw record [#​4618](https://togithub.com/redwoodjs/redwood/issues/4618) by [@​aguscha333](https://togithub.com/aguscha333) - RW Record is an experimental package. This release requires a Code Modification to deploy on Netlify #### Fixed - Catch getToken error and set token to null [#​4669](https://togithub.com/redwoodjs/redwood/issues/4669) by [@​kengreeff](https://togithub.com/kengreeff) - Fix react/prop-types lint warnings [#​4674](https://togithub.com/redwoodjs/redwood/issues/4674) by [@​callingmedic911](https://togithub.com/callingmedic911) - fix(auth): hasRole handles when currentUser.roles is a string [#​4678](https://togithub.com/redwoodjs/redwood/issues/4678) by [@​dac09](https://togithub.com/dac09) - Allow requireAuth directive to be used with a string or array of strings [#​4680](https://togithub.com/redwoodjs/redwood/issues/4680) by [@​dthyresson](https://togithub.com/dthyresson) - Allow the number 0 for numericality validation values [#​4700](https://togithub.com/redwoodjs/redwood/issues/4700) by [@​kwstewar](https://togithub.com/kwstewar) - Fix failing codemod test for RedwoodDevFatalErrorPage [#​4723](https://togithub.com/redwoodjs/redwood/issues/4723) by [@​dthyresson](https://togithub.com/dthyresson) - Check for gql documents before running codegen [#​4728](https://togithub.com/redwoodjs/redwood/issues/4728) by [@​Tobbe](https://togithub.com/Tobbe) - Serverles api template: Fix spelling [#​4736](https://togithub.com/redwoodjs/redwood/issues/4736) by [@​Tobbe](https://togithub.com/Tobbe) - graphql-server types: Fix/format jsdocs [#​4737](https://togithub.com/redwoodjs/redwood/issues/4737) by [@​Tobbe](https://togithub.com/Tobbe) - dbAuth: Prevent futureExpiresDate from changing when referenced in tests [#​4742](https://togithub.com/redwoodjs/redwood/issues/4742) by [@​cannikin](https://togithub.com/cannikin) - Service Validations - Adds error message for FormError fields [#​4756](https://togithub.com/redwoodjs/redwood/issues/4756) by [@​dthyresson](https://togithub.com/dthyresson) - feat: only wrap affected resolver functions by using the 'onSchemaChange' hook with 'mapSchema' instead of the 'onResolverCalled' hook. [#​4760](https://togithub.com/redwoodjs/redwood/issues/4760) by [@​n1ru4l](https://togithub.com/n1ru4l) - When mocking a cell, set the id value as a String or Number based on the type of primary key [#​4778](https://togithub.com/redwoodjs/redwood/issues/4778) by [@​dthyresson](https://togithub.com/dthyresson) - Always generate 200.html as part of web build | Change [#​4782](https://togithub.com/redwoodjs/redwood/issues/4782) by [@​dac09](https://togithub.com/dac09) - Generate CRUD by default for SDL and Services to mitigate issues in GraphQL used in cells [#​4785](https://togithub.com/redwoodjs/redwood/issues/4785) by [@​dthyresson](https://togithub.com/dthyresson) - Service Validations: Returns error message as an array in faked extensions [#​4792](https://togithub.com/redwoodjs/redwood/issues/4792) by [@​cannikin](https://togithub.com/cannikin) - Copy fix from learn PR [#​222](https://togithub.com/redwoodjs/redwood/issues/222) [#​4803](https://togithub.com/redwoodjs/redwood/issues/4803) by [@​jtoar](https://togithub.com/jtoar) - Copy fix from learn PR [#​221](https://togithub.com/redwoodjs/redwood/issues/221) [#​4804](https://togithub.com/redwoodjs/redwood/issues/4804) by [@​jtoar](https://togithub.com/jtoar) - Copy fix from learn PR [#​218](https://togithub.com/redwoodjs/redwood/issues/218) [#​4805](https://togithub.com/redwoodjs/redwood/issues/4805) by [@​jtoar](https://togithub.com/jtoar) - Reverse logic in smoke test for setting yarn 1 [#​4806](https://togithub.com/redwoodjs/redwood/issues/4806) by [@​jtoar](https://togithub.com/jtoar) - Copy fix from learn PR [#​217](https://togithub.com/redwoodjs/redwood/issues/217) [#​4807](https://togithub.com/redwoodjs/redwood/issues/4807) by [@​jtoar](https://togithub.com/jtoar) - Copy fix from learn PR [#​213](https://togithub.com/redwoodjs/redwood/issues/213) [#​4808](https://togithub.com/redwoodjs/redwood/issues/4808) by [@​jtoar](https://togithub.com/jtoar) - Copy fix from learn PR [#​207](https://togithub.com/redwoodjs/redwood/issues/207) [#​4809](https://togithub.com/redwoodjs/redwood/issues/4809) by [@​jtoar](https://togithub.com/jtoar) - Copy fix from learn PR [#​198](https://togithub.com/redwoodjs/redwood/issues/198) [#​4810](https://togithub.com/redwoodjs/redwood/issues/4810) by [@​jtoar](https://togithub.com/jtoar) - Fix import in tutorial [#​4838](https://togithub.com/redwoodjs/redwood/issues/4838) by [@​jtoar](https://togithub.com/jtoar) - change flightcontrol setup to use yarn v3 and change cookie config [#​4843](https://togithub.com/redwoodjs/redwood/issues/4843) by [@​flybayer](https://togithub.com/flybayer) - Update algolia config [#​4851](https://togithub.com/redwoodjs/redwood/issues/4851) by [@​jtoar](https://togithub.com/jtoar) - Fix URL of all tutorial path [#​4852](https://togithub.com/redwoodjs/redwood/issues/4852) by [@​simoncrypta](https://togithub.com/simoncrypta) - Fix linting warnings on new gql function [#​4859](https://togithub.com/redwoodjs/redwood/issues/4859) by [@​dac09](https://togithub.com/dac09) - Handle case when requestContext is undefined getting protocol [#​4864](https://togithub.com/redwoodjs/redwood/issues/4864) by [@​dthyresson](https://togithub.com/dthyresson) - Make doc links to relative file paths [#​4866](https://togithub.com/redwoodjs/redwood/issues/4866) by [@​jtoar](https://togithub.com/jtoar) - Fix Request object passed to Yoga [#​4870](https://togithub.com/redwoodjs/redwood/issues/4870) by [@​ardatan](https://togithub.com/ardatan) - Fix favicon on docs site [#​4874](https://togithub.com/redwoodjs/redwood/issues/4874) by [@​jtoar](https://togithub.com/jtoar) - Fix favicon for docs site (continued) [#​4875](https://togithub.com/redwoodjs/redwood/issues/4875) by [@​jtoar](https://togithub.com/jtoar) - Try using URL for favicon [#​4876](https://togithub.com/redwoodjs/redwood/issues/4876) by [@​jtoar](https://togithub.com/jtoar) - event.requestContext can be optional for domain name [#​4877](https://togithub.com/redwoodjs/redwood/issues/4877) by [@​dthyresson](https://togithub.com/dthyresson) - GraphQL Yoga / Rework multi and non-multi query string param handling when building request [#​4883](https://togithub.com/redwoodjs/redwood/issues/4883) by [@​dthyresson](https://togithub.com/dthyresson) - add rw-server bin to core bins [#​4889](https://togithub.com/redwoodjs/redwood/issues/4889) by [@​thedavidprice](https://togithub.com/thedavidprice) - Fallback to localhost for hostname correctly and respect base64 encoded event bodies [#​4891](https://togithub.com/redwoodjs/redwood/issues/4891) by [@​ardatan](https://togithub.com/ardatan) - Use Node's Buffer.from to decode base64 instead of atob [#​4892](https://togithub.com/redwoodjs/redwood/issues/4892) by [@​ardatan](https://togithub.com/ardatan) - Fix link to docs/contributing [#​4893](https://togithub.com/redwoodjs/redwood/issues/4893) by [@​jtoar](https://togithub.com/jtoar) #### Chore - Auth smoke tests [#​4673](https://togithub.com/redwoodjs/redwood/issues/4673) by [@​dac09](https://togithub.com/dac09) - Remove supertokens-node from packages/api dependencies [#​4715](https://togithub.com/redwoodjs/redwood/issues/4715) by [@​dthyresson](https://togithub.com/dthyresson) - jwtVerifier: Remove unreachable code [#​4734](https://togithub.com/redwoodjs/redwood/issues/4734) by [@​Tobbe](https://togithub.com/Tobbe) - useRequireAuth: Refactor to make it easier to read [#​4738](https://togithub.com/redwoodjs/redwood/issues/4738) by [@​Tobbe](https://togithub.com/Tobbe) - Move tutorial and docs into main repo [#​4749](https://togithub.com/redwoodjs/redwood/issues/4749) by [@​jtoar](https://togithub.com/jtoar) - \[Renovate] Ignore [@​types/lru-cache](https://togithub.com/types/lru-cache) [#​4759](https://togithub.com/redwoodjs/redwood/issues/4759) by [@​jtoar](https://togithub.com/jtoar) - (docs) update link to Tutorial forms section [#​4771](https://togithub.com/redwoodjs/redwood/issues/4771) by [@​thedavidprice](https://togithub.com/thedavidprice) - Update links and codeblocks in tutorial [#​4781](https://togithub.com/redwoodjs/redwood/issues/4781) by [@​jtoar](https://togithub.com/jtoar) - Documents how to regenerate just SDL [#​4787](https://togithub.com/redwoodjs/redwood/issues/4787) by [@​dthyresson](https://togithub.com/dthyresson) - Skip v44.x updateJestConfig codemod test [#​4789](https://togithub.com/redwoodjs/redwood/issues/4789) by [@​dac09](https://togithub.com/dac09) - Reorg codemod for dev fatal error page [#​4790](https://togithub.com/redwoodjs/redwood/issues/4790) by [@​dac09](https://togithub.com/dac09) - Chore: Change yarn cache key, to bust invalid cache [#​4791](https://togithub.com/redwoodjs/redwood/issues/4791) by [@​dac09](https://togithub.com/dac09) - Updates Saving Data section with Service Validations [#​4796](https://togithub.com/redwoodjs/redwood/issues/4796) by [@​cannikin](https://togithub.com/cannikin) - Consider not running CI on changes to docs [#​4816](https://togithub.com/redwoodjs/redwood/issues/4816) by [@​jtoar](https://togithub.com/jtoar) - Copy content and fixes from redwoodjs.com [#​4819](https://togithub.com/redwoodjs/redwood/issues/4819) by [@​jtoar](https://togithub.com/jtoar) - (docs) add Flightcontrol.dev Deploy [#​4826](https://togithub.com/redwoodjs/redwood/issues/4826) by [@​thedavidprice](https://togithub.com/thedavidprice) - Minor tweaks to the "regenerate" docs [#​4841](https://togithub.com/redwoodjs/redwood/issues/4841) by [@​Tobbe](https://togithub.com/Tobbe) - Reorgnize tutorial into chapters [#​4855](https://togithub.com/redwoodjs/redwood/issues/4855) by [@​cannikin](https://togithub.com/cannikin) - Change reference link to the docs [#​4845](https://togithub.com/redwoodjs/redwood/issues/4845) by [@​joriswill](https://togithub.com/joriswill) - Remove pre-v1 warning [#​4865](https://togithub.com/redwoodjs/redwood/issues/4865) by [@​thedavidprice](https://togithub.com/thedavidprice) - Restore some redwood-iness to the docs styles [#​4881](https://togithub.com/redwoodjs/redwood/issues/4881) by [@​jtoar](https://togithub.com/jtoar) ##### Package Dependencies
View all Dependency Version Upgrades
  • fix(deps): update dependency msw to v0.39.2 #​4685 by @​renovate
  • Update dependency @​supabase/supabase-js to v1.31.1 #​4690 by @​renovate
  • Update dependency css-loader to v6.7.1 #​4691 by @​renovate
  • Update dependency graphql-helix to v1.12.0 #​4692 by @​renovate
  • Update dependency webpack-manifest-plugin to v5 #​4693 by @​renovate
  • Update dependency fastify to v3.27.4 #​4702 by @​renovate
  • Update dependency pino to v7.8.1 #​4703 by @​renovate
  • Update dependency @​clerk/clerk-js to v2.17.3 #​4706 by @​renovate
  • Update dependency @​clerk/clerk-sdk-node to v2.9.8 #​4707 by @​renovate
  • Update dependency @​clerk/types to v1.28.3 #​4708 by @​renovate
  • Update dependency @​testing-library/react to v12.1.4 #​4709 by @​renovate
  • Update dependency @​types/react to v17.0.40 #​4711 by @​renovate
  • Update graphqlcodegenerator monorepo #​4714 by @​renovate
  • Update dependency systeminformation to v5.11.7 #​4716 by @​renovate
  • Update dependency @​clerk/clerk-js to v2.17.4 #​4719 by @​renovate
  • Update dependency @​clerk/clerk-sdk-node to v2.9.9 #​4720 by @​renovate
  • chore(deps): update dependency @​clerk/types to v1.29.0 #​4721 by @​renovate
  • Update dependency systeminformation to v5.11.8 #​4726 by @​renovate
  • Update dependency eslint to v8.11.0 #​4727 by @​renovate
  • fix(deps): update dependency mime-types to v2.1.35 #​4733 by @​renovate
  • fix(deps): update dependency react-hook-form to v7.28.0 #​4740 by @​renovate
  • fix(deps): update dependency eslint-plugin-react to v7.29.4 #​4745 by @​renovate
  • chore(deps): update dependency @​clerk/clerk-sdk-node to v2.9.10 #​4746 by @​renovate
  • fix(deps): update dependency esbuild to v0.14.26 #​4747 by @​renovate
  • chore(deps): update dependency @​types/lodash to v4.14.180 #​4751 by @​renovate
  • fix(deps): update typescript-eslint monorepo to v5.15.0 #​4752 by @​renovate
  • chore(deps): update dependency cypress to v9.5.2 #​4754 by @​renovate
  • fix(deps): update dependency esbuild to v0.14.27 #​4755 by @​renovate
  • chore(deps): update dependency @​playwright/test to v1.20.0 #​4757 by @​renovate
  • chore(deps): update dependency zx to v5.3.0 #​4758 by @​renovate
  • fix(deps): update prisma monorepo to v3.11.0 #​4763 by @​renovate
  • chore(deps): update dependency zx to v6 #​4768 by @​renovate
  • chore(deps): update dependency zx to v6.0.1 #​4769 by @​renovate
  • fix(deps): update graphql-tools monorepo #​4777 by @​renovate
  • fix(deps): update dependency @​graphql-codegen/typescript-resolvers to v2.6.0 #​4779 by @​renovate
  • chore(deps): update dependency @​clerk/clerk-js to v2.17.6 #​4783 by @​renovate
  • chore(deps): update dependency @​clerk/types to v1.29.2 #​4784 by @​renovate
  • chore(deps): update dependency @​actions/exec to v1.1.1 #​4794 by @​renovate
  • chore(deps): update dependency firebase to v9.6.9 #​4795 by @​renovate
  • chore(deps): update dependency zx to v6.0.3 #​4797 by @​renovate
  • fix(deps): update dependency node-ssh to v12.0.4 #​4798 by @​renovate
  • fix(deps): update graphqlcodegenerator monorepo #​4799 by @​renovate
  • fix(deps): update dependency fastify-static to v4.6.0 #​4800 by @​renovate
  • fix(deps): update dependency pino to v7.9.1 #​4801 by @​renovate
  • fix(deps): update dependency fastify-static to v4.6.1 #​4814 by @​renovate
  • chore(deps): update dependency zx to v6.0.6 #​4821 by @​renovate
  • chore(deps): update dependency @​types/react-dom to v17.0.14 #​4829 by @​renovate
  • chore(deps): update dependency @​types/babel__core to v7.1.19 #​4839 by @​renovate
  • fix(deps): update dependency react-hook-form to v7.28.1 #​4840 by @​renovate
  • fix(deps): update dependency systeminformation to v5.11.9 #​4844 by @​renovate
  • chore(deps): update actions/cache action to v3 #​4847 by @​renovate
  • fix(deps): update dependency @​graphql-yoga/common to v0.1.0-canary-bfd2627.0 #​4857 by @​renovate
  • fix(deps): update dependency cross-undici-fetch to v0.1.27 #​4858 by @​renovate
  • chore(deps): update dependency zx to v6.0.7 #​4861 by @​renovate
  • fix(deps): update typescript-eslint monorepo to v5.16.0 #​4862 by @​renovate
  • chore(deps): update peter-evans/create-or-update-comment action to v2 #​4867 by @​renovate
  • chore(deps): update peter-evans/find-comment action to v2 #​4868 by @​renovate
  • chore(deps): update dependency @​clerk/clerk-js to v2.17.7 #​4871 by @​renovate
  • chore(deps): update dependency @​clerk/types to v1.29.3 #​4872 by @​renovate
  • fix(deps): update graphql-tools monorepo #​4878 by @​renovate
  • chore(deps): update dependency @​clerk/clerk-sdk-node to v2.10.0 #​4879 by @​renovate
  • fix(deps): update dependency pino to v7.9.2 #​4884 by @​renovate
  • chore(deps): update dependency @​supabase/supabase-js to v1.31.2 #​4887 by @​renovate
  • fix(deps): update graphql-tools monorepo #​4888 by @​renovate
  • fix(deps): update dependency graphql-scalars to v1.16.0 #​4890 by @​renovate
#### Removed Deprecations and Breaking Changes This release removes prior deprecations and has breaking changes. ##### Removed binary `rw-api-server`; replaced with `rw-server [side]` This bin is used for running the Fastify server, which is called when you run `yarn rw serve`. Projects should use `yarn rw-server api`. Also takes `web` positional (or both). ##### dbAuth: removed COOKIE_META cookies PR [#​4722](https://togithub.com/redwoodjs/redwood/issues/4722) dbAuth cookie config has moved to `api/src/function/auth.js` for better customization. See: - https://redwoodjs.com/docs/authentication#cookie-config Refer to Code Modification below to update. ##### DevFatalErrorPage now pretty prints query PR [#​4696](https://togithub.com/redwoodjs/redwood/issues/4696) updates `src/components/FatalErrorPage.tsx` Refer to Code Modification below to update. ##### Private routes and Set now use roles (instead of role) PR [#​4681](https://togithub.com/redwoodjs/redwood/issues/4681) Changes the use of Router `role` to be replaced by `roles` plural. Projects using `role` for RBAC will need to make a Code Modification #### Code Modifications ##### Update DevFatalErrorPage We've made a small change to FatalErrorPage make sure your bundle sizes are as small as possible! If you only have the default FatalErrorPage, you can run our automatic codemod to pull in the latest changes. npx @​redwoodjs/codemods@canary update-dev-fatal-error-page If you've customised your error page, just a small tweak is needed: ```diff // src/components/FatalErrorPage.tsx if (process.env.NODE_ENV === 'development') { - RedwoodDevFatalErrorPage = require('@​redwoodjs/web').DevFatalErrorPage + RedwoodDevFatalErrorPage = require('@​redwoodjs/web/dist/components/DevFatalErrorPage').DevFatalErrorPage } ``` ##### Update `roles` for `role` in Private routes and Sets Projects using roles and RBAC will need to change any prop in `Routes.ts|js` named `role` to `roles`. The value can be a string or array of strings, which is consistent with previous behavior. Example: ```diff - + ``` ##### Netlify Deploy: Update .toml PR [#​4782](https://togithub.com/redwoodjs/redwood/issues/4782) improves prerender performance on Jamstack deploy providers. For most cases, the changes are automatic. It is recommended that projects deploying to Netlify should update `netlify.toml`: ```diff [[redirects]] from = "/*" - to = "/index.html" + to = "/200.html" status = 200 ` ``` ##### Nhost Auth: Upgrade to v2 PR [#​4770](https://togithub.com/redwoodjs/redwood/issues/4770) updates Nhost Auth provider to use Nhost v2. Existing projects using Nhost need to use the new Nhost SDK. Make the following changes to `Auth.ts|js`: ```diff - import { createClient } from 'nhost-js-sdk' + import { NhostClient } from '@​nhost/nhost-js' - const nhostClient = createClient({ - baseUrl: 'url' + const nhostClient = new NhostClient({ + backendUrl: 'url' }) ``` ##### dbAuth: Set Secure Cookie Attribute in Config Template If you're using dbAuth with the new `cookie` config that we added to `api/src/functions/auth.js` in the last release, you'll need to make a change if you use Safari as your dev browser, or if you access your dev server at a host other than `localhost` (you may have noticed that you can't stay logged in). Change the `Secure` config to this: ```diff cookie: { HttpOnly: true, Path: '/', SameSite: 'Strict', - Secure: true, + Secure: process.env.NODE_ENV !== 'development' ? true : false, }, ``` This will set the cookie to *not* secure when in a development environment, but otherwise `true` everywhere else (like in production). Chrome has an exception that you can set a secure cookie over HTTP, but only if the domain is `localhost`. Safari does not have this exception! ##### Deploy Redwood Record on Netlify (experimental) See [#​4618](https://togithub.com/redwoodjs/redwood/issues/4618) **Redwood Record datamodel file** In order to fix the Netlify deploy when using Redwood Record the `datamodel.json` generated by running `yarn rw record init` was moved and will now be tracked under git. *How to Update* If you are using the RedwoodRecord lib the only thing you have to do is run `yarn rw record init` again and you'll be good to go. ### [`v0.49.1`](https://togithub.com/redwoodjs/redwood/releases/tag/v0.49.1) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v0.49.0...v0.49.1) ### Patch Release This release includes the following fixes: - \[Yarn 3] Add bin proxy for rw-log-formatter [#​4695](https://togithub.com/redwoodjs/redwood/issues/4695) by [@​jtoar](https://togithub.com/jtoar) - fix storybook DX by removing default type check config [#​4699](https://togithub.com/redwoodjs/redwood/issues/4699) by [@​thedavidprice](https://togithub.com/thedavidprice) ### [`v0.49.0`](https://togithub.com/redwoodjs/redwood/releases/tag/v0.49.0) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v0.48.0...v0.49.0) > 🎬 **Call for Redwood product and startup demos** > Redwood 1.0.0 will arrive within the month. We’re planning the first RedwoodJS Startup Showcase, full of demos and panels, highlighting the amazing people and projects using Redwood. *Want to demo?* Let's talk! Just take a look at [this forum post](https://community.redwoodjs.com/t/call-for-startup-and-product-demos-redwood-showcase-event/2831) and complete the [submission form](https://forms.gle/JViTcz46BgoFDJwQA). > 🔬**Help QA the new Redwood Tutorials** > Both Tutorials I and II have been re-written for v1. We need your help making sure that every "i" is dotted and "t" is crossed. If you're interested in helping, [check out the details here](https://community.redwoodjs.com/t/community-help-wanted-help-qa-the-new-improved-tutorial/2825). ### Changelog Unique contributors: 4 PRs merged: 7 #### Features - Implement dbAuth CORS support + Add cookie options to auth handler [#​4150](https://togithub.com/redwoodjs/redwood/issues/4150) by [@​dac09](https://togithub.com/dac09) - DEPRECATION Warning: see "dbAuth Cookie Configuration" section below - Codemod for webhook verifier option renaming [#​4675](https://togithub.com/redwoodjs/redwood/issues/4675) by [@​Tobbe](https://togithub.com/Tobbe) #### Fixed - jscodeshift and webhook verifier doc updates [#​4658](https://togithub.com/redwoodjs/redwood/issues/4658) by [@​Tobbe](https://togithub.com/Tobbe) - Make upgrade-yarn codemod more robust by preparing yarn version [#​4662](https://togithub.com/redwoodjs/redwood/issues/4662) by [@​jtoar](https://togithub.com/jtoar) - Clear up dev log in error page [#​4671](https://togithub.com/redwoodjs/redwood/issues/4671) by [@​callingmedic911](https://togithub.com/callingmedic911) #### Chore - Remove yarn 3 project deps script [#​4637](https://togithub.com/redwoodjs/redwood/issues/4637) by [@​jtoar](https://togithub.com/jtoar) - Mod upgrade yarn codemod to handle CI [#​4659](https://togithub.com/redwoodjs/redwood/issues/4659) by [@​jtoar](https://togithub.com/jtoar) ##### Package Dependencies
View all Dependency Version Upgrades
  • Update dependency esbuild to v0.14.25 #​4657 by @​renovate
  • Update dependency @​clerk/clerk-js to v2.17.0 #​4660 by @​renovate
  • Update dependency @​clerk/types to v1.28.0 #​4661 by @​renovate
  • Update dependency css-loader to v6.7.0 #​4663 by @​renovate
  • Update dependency @​clerk/clerk-js to v2.17.1 #​4664 by @​renovate
  • Update dependency @​clerk/clerk-sdk-node to v2.9.5 #​4665 by @​renovate
  • Update dependency @​clerk/types to v1.28.1 #​4666 by @​renovate
  • Update dependency @​clerk/clerk-sdk-node to v2.9.6 #​4667 by @​renovate
  • Update dependency firebase to v9.6.8 #​4668 by @​renovate
  • Update dependency @​supabase/supabase-js to v1.31.0 #​4677 by @​renovate
  • Update dependency @​auth0/auth0-spa-js to v1.20.1 #​4682 by @​renovate
  • Update dependency fastify to v3.27.3 #​4683 by @​renovate
  • Update dependency magic-sdk to v8.1.0 #​4684 by @​renovate
  • Update dependency @​azure/msal-browser to v2.22.1 #​4686 by @​renovate
  • Update typescript-eslint monorepo to v5.14.0 #​4687 by @​renovate
### Recommended Code Modification #### dbAuth Cookie Configuration If you are using dbAuth, we've moved the configuration for the dbAuth cookie alongside the rest of the configuration in `api/src/functions/auth.js`. The original configuration, which was internal to Redwood itself, is now deprecated. If you do not add this cookie config to auth.js your app will continue to work for now, but will show a deprecation notice in your api logs. The old behavior will be removed in a future version of Redwood. To preserve the existing cookie settings, add the `cookie` property to the options sent into `new DbAuthHandler()`: ```diff const authHandler = new DbAuthHandler(event, context, { db: db, authModelAccessor: 'user', authFields: { id: 'id', username: 'email', hashedPassword: 'hashedPassword', salt: 'salt', resetToken: 'resetToken', resetTokenExpiresAt: 'resetTokenExpiresAt', }, forgotPassword: forgotPasswordOptions, login: loginOptions, resetPassword: resetPasswordOptions, signup: signupOptions, + cookie: { + HttpOnly: true, + Path: '/', + SameSite: 'Strict', + Secure: true, + // Domain: 'example.com', + }, }) ``` The cookie `Domain` is now set here instead of in an ENV var. When do you need to set `Domain`? If your web side and api side are served from different domains (such as `www.example.com` and `api.example.com`). To read more about `Domain` config: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies ### [`v0.48.0`](https://togithub.com/redwoodjs/redwood/releases/tag/v0.48.0) [Compare Source](https://togithub.com/redwoodjs/redwood/compare/v0.47.1...v0.48.0) #### Highlight: 🧶 Yarn 3 (Preview) This release adds preview support for using Yarn v3 with Redwood projects. Why would you want to bump from Yarn v1 to v3? Because it's amazingly superior. *And* it's SuperEasy™ to upgrade and try it out. Just run the codemod: npx @​redwoodjs/codemods@canary upgrade-yarn Let us know how it goes! > **Known Gotchas** > Upgrading to Yarn 3 requires `corepack`. If you're on a Node.js version less than `v14.19`, you need to install it manually via `npm i -g corepack` #### Code Modification: Webhook timestamp verifiers *This is a required modification for projects using the the `timestamp` webhook verifier option.* PR [#​4608](https://togithub.com/redwoodjs/redwood/issues/4608) introduces a new option called `eventTimestamp`. Together with the existing tolerance option it's possible to add timestamp diff checks to all verifiers. But do note that all webhook events won't have the needed timestamp info to implement. That's up to the vendor you're integrating with to include or not include. Currently we know Svix, Clerk and Stripe have the required info. 🚨This PR renames the `timestamp` webhook verifier option to `currentTimestampOverride`. To automatically update your code, simply run this code modification in your Redwood project: npx @​redwoodjs/codemods@canary rename-verifier-timestamp **Manual Upgrade Step** *Only necessary if you do not use the automated code mod above.* 1. For any webhook verifier you have a customized `timestamp` value, you'll need to rename the timestamp object key to `currentTimestampOverride`. A simple find and replace should do the trick! ### Changelog Unique contributors: 9 PRs merged: 22 #### Features - Enable yarn 3 for Redwood projects [#​4444](https://togithub.com/redwoodjs/redwood/issues/4444) by [@​jtoar](https://togithub.com/jtoar) - Webhook verifiers: Add Base64Sha256 version for Svix webhooks used by Clerk auth [#​4598](https://togithub.com/redwoodjs/redwood/issues/4598) by [@​Tobbe](https://togithub.com/Tobbe) - feat(exec): Allow listing of scripts with rw exec to improve dx [#​4600](https://togithub.com/redwoodjs/redwood/issues/4600) by [@​dac09](https://togithub.com/dac09) - Webhook verifiers: Make them all support timestamp diff check [#​4608](https://togithub.com/redwoodjs/redwood/issues/4608) by [@​Tobbe](https://togithub.com/Tobbe) - BREAKING: see "Code Modifications" #### Fixed - Checking jest config web api [#​4529](https://togithub.com/redwoodjs/redwood/issues/4529) by [@​josemasar](https://togithub.com/josemasar) - Tailwind: Generate prettier-approved code [#​4541](https://togithub.com/redwoodjs/redwood/issues/4541) by [@​Tobbe](https://togithub.com/Tobbe) - Update seed.ts to reflect correct input type [#​4560](https://togithub.com/redwoodjs/redwood/issues/4560) by [@​martinjuhasz](https://togithub.com/martinjuhasz) - remove --schema option from `rw prisma migrate diff` [#​4590](https://togithub.com/redwoodjs/redwood/issues/4590) by [@​thedavidprice](https://togithub.com/thedavidprice) #### Chore - Revamp Readme for 1.0 [#​4398](https://togithub.com/redwoodjs/redwood/issues/4398) by [@​mojombo](https://togithub.com/mojombo) - improve rebuildFixture ts-to-js logic [#​4574](https://togithub.com/redwoodjs/redwood/issues/4574) by [@​thedavidprice](https://togithub.com/thedavidprice) - use rebuildFixture without passing dir, fix test-project tailwind deps installation [#​4576](https://togithub.com/redwoodjs/redwood/issues/4576) by [@​thedavidprice](https://togithub.com/thedavidprice) - Add Codemod to Update Fatal Error Page to support Development version [#​4577](https://togithub.com/redwoodjs/redwood/issues/4577) by [@​dthyresson](https://togithub.com/dthyresson) - updates the release script used to bump package versions [#​4612](https://togithub.com/redwoodjs/redwood/issues/4612) by [@​thedavidprice](https://togithub.com/thedavidprice) - remove Redwood extension from CRWA VS Code extension list [#​4613](https://togithub.com/redwoodjs/redwood/issues/4613) by [@​thedavidprice](https://togithub.com/thedavidprice) - Add custom log payload support to logFormatter [#​4619](https://togithub.com/redwoodjs/redwood/issues/4619) by [@​dthyresson](https://togithub.com/dthyresson) - (fixture chore) move tailwind devDeps into root package.json [#​4623](https://togithub.com/redwoodjs/redwood/issues/4623) by [@​thedavidprice](https://togithub.com/thedavidprice) - part II of `#4623` [#​4626](https://togithub.com/redwoodjs/redwood/issues/4626) by [@​thedavidprice](https://togithub.com/thedavidprice) - \[CI] E2E wait for server start and Test move `setTimeout` outside test block [#​4638](https://togithub.com/redwoodjs/redwood/issues/4638) by [@​jtoar](https://togithub.com/jtoar) - \[Codemod] Handle node versions that don't bundle corepack [#​4645](https://togithub.com/redwoodjs/redwood/issues/4645) by [@​jtoar](https://togithub.com/jtoar) - fix dbAuth Auth template roles logic and types, run type-check on Smoke-test CI, and resolve TS errors [#​4566](https://togithub.com/redwoodjs/redwood/issues/4566) by [@​thedavidprice](https://togithub.com/thedavidprice) ##### Package Dependencies
View all Dependency Version Upgrades
  • Update prisma monorepo to v3.10.0 #​4551 by @​renovate
  • Update graphql-tools monorepo #​4568 by @​renovate
  • Update dependency @​clerk/clerk-sdk-node to v2.9.4 #​4570 by @​renovate
  • Update dependency @​clerk/types to v1.25.4 #​4571 by @​renovate
  • Update dependency @​playwright/test to v1.19.2 #​4572 by @​renovate
  • Update dependency @​types/node to v16.11.26 #​4573 by @​renovate
  • Update dependency @​clerk/clerk-js to v2.14.3 #​4575 by @​renovate
  • Update dependency eslint-plugin-react to v7.29.1 #​4579 by @​renovate
  • Update actions/setup-node action to v3 #​4580 by @​renovate
  • Update dependency @​types/lodash to v4.14.179 #​4582 by @​renovate
  • Update dependency eslint to v8.10.0 #​4583 by @​renovate
  • Update dependency eslint-plugin-react to v7.29.2 #​4586 by @​renovate
  • Update dependency systeminformation to v5.11.5 #​4587 by @​renovate
  • Update dependency @​supabase/supabase-js to v1.30.7 #​4589 by @​renovate
  • Update dependency yargs-parser to v21.0.1 #​4595 by @​renovate
  • Update dependency zx to v5.2.0 #​4596 by @​renovate
  • Update typescript-eslint monorepo to v5.13.0 #​4601 by @​renovate
  • Update dependency cypress to v9.5.1 #​4602 by @​renovate
  • Update dependency typescript to v4.6.2 #​4603 by @​renovate
  • Update dependency @​clerk/clerk-js to v2.15.0 #​4606 by @​renovate
  • Update dependency @​clerk/types to v1.26.0 #​4607 by @​renovate
  • Update dependency @​apollo/client to v3.5.10 #​4609 by @​renovate
  • Update actions/checkout action to v3 #​4610 by @​renovate
  • Update dependency systeminformation to v5.11.6 #​4611 by @​renovate
  • Update dependency @​types/aws-lambda to v8.10.93 #​4620 by @​renovate
  • Update dependency @​types/react-dom to v17.0.12 #​4621 by @​renovate
  • Update dependency @​types/testing-library__jest-dom to v5.14.3 #​4624 by @​renovate
  • Update dependency @​clerk/clerk-js to v2.16.0 #​4627 by @​renovate
  • Update dependency @​clerk/types to v1.27.0 #​4628 by @​renovate
  • Update dependency @​types/react-dom to v17.0.13 #​4629 by @​renovate
  • Update dependency msw to v0.38.2 #​4630 by @​renovate
  • Update dependency eslint-config-prettier to v8.5.0 #​4631 by @​renovate
  • Update dependency esbuild to v0.14.24 #​4635 by @​renovate
  • Update dependency graphql-scalars to v1.15.0 #​4636 by @​renovate
  • Update dependency @​clerk/clerk-js to v2.16.1 #​4639 by @​renovate
  • Update dependency @​clerk/types to v1.27.1 #​4640 by @​renovate
  • Update dependency supertokens-auth-react to v0.19.0 #​4641 by @​renovate
  • Update dependency webpack to v5.70.0 #​4642 by @​renovate
  • Update dependency @​envelop/core to v2.1.0 #​4643 by @​renovate
  • Update dependency @​envelop/depth-limit to v1.3.0 #​4644 by @​renovate
  • Update dependency @​envelop/disable-introspection to v3.1.0 #​4646 by @​renovate
  • Update dependency @​envelop/filter-operation-type to v3.1.0 #​4647 by @​renovate
  • Update dependency @​envelop/parser-cache to v4.1.0 #​4648 by @​renovate
  • Update dependency @​envelop/testing to v4.1.0 #​4649 by @​renovate
  • Update dependency eslint-plugin-react to v7.29.3 #​4650 by @​renovate
  • Update dependency @​envelop/validation-cache to v4.1.0 #​4651 by @​renovate
  • Update dependency @​types/vscode to v1.65.0 #​4652 by @​renovate
  • Update dependency mini-css-extract-plugin to v2.6.0 #​4653 by @​renovate
  • Update actions/upload-artifact action to v3 #​4654 by @​renovate
  • Update dependency npm-packlist to v4 #​4655 by @​renovate
  • Update dependency ts-morph to v14 #​4656 by @​renovate
  • Bump url-parse from 1.5.7 to 1.5.10 in /__fixtures__/example-todo-main-with-errors #​4584 by @​dependabot
  • Bump url-parse from 1.5.7 to 1.5.10 in /__fixtures__/example-todo-main #​4585 by @​dependabot

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.