Update dependency @redwoodjs/cli-helpers to v5.4.3

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@redwoodjs/cli-helpers	5.3.1 -> 5.4.3

---

Release Notes

redwoodjs/redwood (@​redwoodjs/cli-helpers)

v5.4.3

Compare Source

Patch Release

This patch release includes an update to Prisma and a fix for Serverless deploy (see https://github.com/redwoodjs/redwood/issues/8804)

• fix(deps): update prisma monorepo to v4.16.2 #​8800
• fix(serverless): use named exports instead of default #​8857 by @​jtoar

v5.4.2

Compare Source

Patch Release

This patch release configures the the new unsupported-route-components ESLint rule to only run on the web/src/Routes.{js,jsx,tsx} file:

• Only enable new eslint rule for the Routes file #​8794 by @​Tobbe
• eslint unsupported-route-components: Minor tweaks #​8797 by @​Tobbe

v5.4.1

Compare Source

Patch Release

This patch release fixes https://github.com/redwoodjs/redwood/issues/8789, where the new @redwoodjs/eslint-plugin package wasn't listed as one of @redwoodjs/eslint-config's dependencies:

• fix(lint): add eslint-plugin to eslint-config redwoodjs/redwood@660e8cf

v5.4.0

Compare Source

🌲 RedwoodJS Conference, September 26-29 in Oregon, USA
The first RedwoodJS in-person conference is only three months away! Details and discussions are happening on the Redwood forums.

Registration here: www.redwoodjsconf.com

Changelog

This release features a great new addition to Redwood's prerendering capabilities: Redwood now preloads the Apollo Client Cache on the frontend with the data retrieved during prerendering. Where Cells are used, this allows the data served during prerender to match the client data.

In addition to that, there's plenty more features and fixes in this release like:

• a new OAuth cookbook for dbAuth https://redwoodjs.com/docs/how-to/oauth
• integrated TypeScript support for alias paths https://redwoodjs.com/docs/typescript/introduction#using-alias-paths

We plan for this release to be the last v5 release before the next major, but will of course release patches as appropriate.

Lastly, if you're using Clerk authentication and haven't seen the new auth decoder in the v5.3.2 patch, please see the release notes and migration guide: https://github.com/redwoodjs/redwood/releases/tag/v5.3.2.

Features

• Prepopulate apollo cache on prerendered pages #​8566 by @​KrisCoulson
• Use defined path aliases for prerendering #​7575 by @​esteban-url
• Initial support for using SDL codegen for GraphQL types #​8417 by @​orta
• eslint rule for unsupported-route-components #​8774 by @​Tobbe
• eslint rule to add types to service functions #​8599 by @​orta

Fixed

• deprecate setup ui windicss (project is sunsetting) #​8597 by @​thedavidprice
• Added verbose mode to baremetal #​8544 by @​Bigood
• ChunkReferencesPlugin: Update types in webpack plugin #​8658 by @​Tobbe
• fix: Insert const in for...of loop #​8732 by @​drikusroor
• DX: Tweak comments in redwood.toml #​8744 by @​Tobbe

Docs

• fix #​8509: link to react-hook-form api #​8510 by @​rayhatfield
• Update routing-params.md #​8548 by @​andrewlamyw
• fix(docs): Remove whitespace in services.md #​8577 by @​BlackHawkSigma
• fix(docs) test should query for postId, not comment id #​8529 by @​rayhatfield
• Update cli-commands.md #​8600 by @​andrewlamyw
• fix(docs): Fix & make verifyOwnership consistent #​8596 by @​drikusroor
• Fix typos in documentation #​8659 by @​yahhuh
• OAuth cookbook #​8622 by @​cannikin

Chore

• chore(crwa): dedupe browserlist query #​8621 by @​jtoar
• Fix type ScenarioData JSDoc example #​8545 by @​BlackHawkSigma
• Get rid of 'proposal-dynamic-import' #​8456 by @​Tobbe
• Fix await import in auth setup #​8582 by @​Tobbe
• feat: Update the SDL types lib #​8586 by @​orta
• chore(rwfw): working refactor, make project:sync ignore more files #​8579 by @​jtoar
• Only use the main lodash package #​8583 by @​Tobbe
• chore(cli-plugins): make depcruise reusable #​8568 by @​jtoar
• fix(publishing): remove tsconfig.tsbuildinfo #​8637 by @​jtoar
• chore(studio): update tremor to v3 #​8645 by @​Josh-Walker-GM
• Added Amy to README #​8757 by @​pantheredeye

Core dependencies

• fix(deps): update prisma monorepo to v4.16.1 #​8695
• fix(deps): update dependency fastify to v4.18.0 #​8619
• fix(deps): update dependency react-hook-form to v7.45.0 #​8664
• fix(deps): update dependency @​apollo/client to v3.7.16 #​8678

Dependencies

Click to see all upgraded dependencies

• fix(deps): update dependency @​types/aws-lambda to v8.10.116 #​8535
• fix(deps): update typescript-eslint monorepo to v5.59.9 #​8525
• chore(deps): update dependency @​clerk/clerk-react to v4.18.0 #​8536
• chore(deps): update dependency @​clerk/types to v3.41.0 #​8538
• chore(deps): update dependency @​simplewebauthn/server to v7.3.0 #​8517
• chore(deps): update dependency @​azure/msal-browser to v2.37.1 #​8541
• fix(deps): update dependency @​fastify/http-proxy to v9.2.0 #​8539
• fix(deps): update dependency react-router-dom to v6.12.0 #​8540
• fix(deps): update opentelemetry-js monorepo #​8543
• fix(deps): update dependency graphql-scalars to v1.22.2 #​8546
• fix(deps): update dependency graphql-scalars to v1.22.2 #​8547
• chore(deps): update dependency cypress to v12.14.0 #​8550
• chore(deps): update dependency @​types/react to v18.2.9 #​8553
• fix(deps): update dependency webpack-cli to v5.1.4 #​8554
• fix(deps): update dependency systeminformation to v5.18.2 #​8542
• fix(deps): update dependency @​whatwg-node/fetch to v0.9.4 #​8563
• fix(deps): update dependency react-router-dom to v6.12.1 #​8565
• chore(deps): update dependency @​types/uuid to v9.0.2 #​8567
• chore(deps): update dependency firebase to v9.22.2 #​8570
• fix(deps): update dependency @​types/aws-lambda to v8.10.117 #​8571
• fix(deps): update dependency @​vscode/ripgrep to v1.15.4 #​8573
• fix(deps): update dependency systeminformation to v5.18.3 #​8574
• chore(deps): update dependency @​clerk/types to v3.42.0 #​8584
• chore(deps): update react monorepo #​8595
• fix(deps): update dependency @​clerk/clerk-sdk-node to v4.10.6 #​8603
• fix(deps): update dependency @​whatwg-node/fetch to v0.9.6 #​8606
• fix(deps): update dependency @​types/aws-lambda to v8.10.118 #​8608
• chore(deps): update babel monorepo to v7.22.5 #​8575
• chore(deps): update dependency @​auth0/auth0-spa-js to v2.0.8 #​8613
• fix(deps): update dependency webpack-dev-server to v4.15.1 #​8615
• fix(deps): update dependency concurrently to v8.2.0 #​8617
• fix(deps): update dependency fastify to v4.18.0 #​8619
• fix(deps): update dependency core-js to v3.31.0 #​8618
• chore(deps): update dependency lerna to v7 #​8609
• chore(deps): update node.js to v18 #​8614
• chore(deps): update dependency @​testing-library/dom to v9.3.1 #​8627
• chore(deps): update dependency lerna to v7.0.2 #​8629
• fix(deps): update dependency @​clerk/clerk-sdk-node to v4.10.7 #​8631
• fix(deps): update dependency html-webpack-plugin to v5.5.3 #​8632
• fix(deps): update dependency msw to v1.2.2 #​8633
• fix(deps): update dependency react-error-boundary to v4.0.10 #​8634
• chore(deps): update dependency @​clerk/clerk-react to v4.20.1 #​8635
• chore(deps): update dependency @​supabase/supabase-js to v2.25.0 #​8636
• chore(deps): update dependency octokit to v2.0.22 #​8647
• fix(deps): update dependency @​types/aws-lambda to v8.10.119 #​8649
• fix(deps): update dependency css-minimizer-webpack-plugin to v5.0.1 #​8650
• fix(deps): update dependency semver to v7.5.2 #​8651
• chore(deps): update dependency @​clerk/clerk-react to v4.20.4 #​8662
• fix(deps): update dependency dotenv to v16.3.1 #​8663
• fix(deps): update dependency webpack to v5.87.0 #​8549
• fix(deps): update dependency react-hook-form to v7.45.0 #​8664
• chore(deps): update dependency vite to v4.1.5 [security] #​8671
• chore(deps): update dependency @​clerk/clerk-react to v4.20.5 #​8672
• chore(deps): update dependency autoprefixer to v10.4.14 #​8668
• chore(deps): update dependency dependency-cruiser to v13.0.4 #​8674
• chore(deps): update dependency esbuild to v0.18.6 #​8670
• chore(deps): update dependency postcss to v8.4.24 #​8675
• chore(deps): update react monorepo #​8677
• fix(deps): update dependency @​clerk/clerk-sdk-node to v4.10.12 #​8679
• chore(deps): update dependency @​npmcli/arborist to v6.2.10 #​8681
• fix(deps): update dependency @​tremor/react to v3.2.3 #​8560
• fix(deps): update dependency @​apollo/client to v3.7.16 #​8678
• fix(deps): update prisma monorepo to v4.16.0 #​8684
• chore(deps): update dependency vite to v4.3.9 #​8682
• fix(deps): update dependency @​fastify/http-proxy to v9.2.1 #​8680
• fix(deps): update typescript-eslint monorepo to v5.60.0 #​8660
• fix(deps): update dependency @​graphiql/plugin-explorer to v0.1.20 #​8691
• fix(deps): update prisma monorepo to v4.16.1 #​8695
• fix(deps): update dependency react-toastify to v9.1.3 #​8694
• chore(deps): update dependency @​simplewebauthn/server to v7.3.1 #​8690
• fix(deps): update dependency @​vitejs/plugin-react to v4.0.1 #​8692
• fix(deps): update dependency react-error-boundary to v4.0.10 #​8693
• fix(deps): update dependency @​graphiql/toolkit to v0.8.4 #​8698
• fix(deps): update dependency webpack to v5.88.0 #​8697
• fix(deps): update dependency @​headlessui/react to v1.7.15 #​8700
• fix(deps): update dependency @​heroicons/react to v2.0.18 #​8701
• fix(deps): update dependency @​whatwg-node/fetch to v0.9.7 #​8702
• fix(deps): update dependency graphiql to v2.4.7 #​8703
• fix(deps): update dependency semver to v7.5.3 #​8704
• chore(deps): update dependency @​clerk/types to v3.46.0 #​8708
• fix(deps): update dependency systeminformation to v5.18.4 #​8706
• chore(deps): update dependency @​playwright/test to v1.35.1 #​8709
• chore(deps): update dependency @​types/react to v18.2.14 #​8714
• chore(deps): update dependency @​supabase/supabase-js to v2.26.0 #​8711
• chore(deps): update dependency @​types/vscode to v1.79.1 #​8715
• chore(deps): update dependency cypress to v12.15.0 #​8716
• fix(deps): update dependency @​graphiql/plugin-explorer to v0.1.21 #​8719
• chore(deps): update dependency firebase to v9.23.0 #​8718
• chore(deps): update dependency glob to v10.3.0 #​8720
• chore(deps): update dependency nx to v16.4.0 #​8722
• fix(deps): update dependency envinfo to v7.9.0 #​8725
• fix(deps): update dependency eslint to v8.43.0 #​8726
• chore(deps): update dependency octokit to v2.1.0 #​8724
• fix(deps): update dependency @​graphiql/plugin-explorer to v0.1.22 #​8737
• fix(deps): update dependency systeminformation to v5.18.5 #​8741
• fix(deps): update typescript-eslint monorepo to v5.60.1 #​8746
• fix(deps): update dependency webpack to v5.88.1 #​8768
• fix(deps): update dependency react-hook-form to v7.45.1 #​8767
• chore(deps): update dependency glob to v10.3.1 #​8783
• chore(deps): update dependency @​clerk/types to v3.46.1 #​8780

v5.3.2

Compare Source

Patch Release

Note Are you using Clerk for authentication and user management? Keep reading.

This patch adds a new auth decoder, clerkAuthDecoder to the @redwoodjs/auth-clerk-api package and deprecates the existing one, which is simply named authDecoder. We recommend that everyone using Clerk migrate to the new auth decoder unless you’re already using a custom one. The current auth decoder is subject to rate limiting.

Background

First, a quick reminder on how auth works in Redwood. On a project's api side, there's two critical auth functions, authDecoder and getCurrentUser. They're both passed to createGraphQLHandler in api/src/functions/graphql.{ts,js}:

// api/src/functions/graphql.{ts,js}

import { authDecoder } from '@​redwoodjs/auth-clerk-api'
import { createGraphQLHandler } from '@​redwoodjs/graphql-server'

// ...

import { getCurrentUser } from 'src/lib/auth'

export const handler = createGraphQLHandler({
  authDecoder,
  getCurrentUser,
  // ...
})

As the codeblock above shows, authDecoder comes from one of Redwood's auth packages (but you can write it yourself if you want), while getCurrentUser comes from the api/src/lib/auth.{ts,js} file—it's a function that you own in your project.

These functions are used together internally by Redwood. While this is a simplification, basically authDecoder's return value is the first argument to getCurrentUser, like this:

// Internally, in Redwood. This is pseudocode.

const decoded = await authDecoder(token, ...otherArgs)
const currentUser = await getCurrentUser(decoded, ...otherArgs)
// Add the user to the context...

Migration Path

The last thing you want is your project's authDecoder getting rate limited! Here's how to migrate:

1. Upgrade to this version via yarn rw upgrade
2. In your project's GraphQL file, api/src/functions/graphql.{ts,js}, import the new auth decoder, clerkAuthDecoder, as the authDecoder function from @redwoodjs/auth-clerk-api:

// api/src/functions/graphql.{ts,js}
- import { authDecoder } from '@​redwoodjs/auth-clerk-api'
+ import { clerkAuthDecoder as authDecoder } from '@​redwoodjs/auth-clerk-api'

3. In your project's api-side auth file, api/src/lib/auth.{ts,js}, modify the getCurrentUser function accordingly and customize the session token on your Clerk application's dashboard (see https://clerk.com/docs/request-authentication/customizing-session-tokens)

The modifications you'll have to make will be specific to your project. The getCurrentUser function's first argument, decoded, will be different. It'll still be an object, but by default, it has much fewer props than before. To illustrate the difference, let’s look at an example of what the decoded parameter to the getCurrentUser function is before and after:

// api/src/lib/auth.{ts,js}

export const getCurrentUser = async (
  decoded, // 👈 This will be different, see below
  // ...
) => {
  if (!decoded) {
    logger.warn('Missing decoded user')
    return null
  }

  // Your custom logic...
}

old auth decoder (`authDecoder`) return value

new auth decoder (`clerkAuthDecoder`) return value

{ id: 'user_...', passwordEnabled: true, totpEnabled: false, backupCodeEnabled: false, twoFactorEnabled: false, banned: false, createdAt: ..., updatedAt: ..., profileImageUrl: 'https://...', imageUrl: 'https://...', gender: '', birthday: '', primaryEmailAddressId: 'idn_...', primaryPhoneNumberId: null, primaryWeb3WalletId: null, lastSignInAt: ..., externalId: null, username: null, firstName: null, lastName: null, publicMetadata: {}, privateMetadata: {}, unsafeMetadata: {}, emailAddresses: [...], phoneNumbers: [], web3Wallets: [], externalAccounts: [], roles: [], }

{ id: 'user_...', azp: 'http://...', exp: ..., iat: ..., iss: 'https://...', jti: '...', nbf: ..., sid: 'sess_...', sub: 'user_...', }

It’s unlikely that you were using all of its properties before. But if you were using Clerk for user management and not just for authentication, you were certainly using some. Luckily it's easy to add them back to the object—all you have to do is customize the session token on your Clerk application's dashboard. See Clerk's docs here: https://clerk.com/docs/request-authentication/customizing-session-tokens.

Changelog

• fix(clerk): add alternative decoder #​8642 by @​jtoar, @​o0charlie0o, @​asher-eastham
• Fix failing v5 codemod for DevFatalErrorPage #​8661 by @​Tobbe

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 59f111c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (5.4.3). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.