v0.35 Highlights 
Current release version is v0.35.2
This release has breaking changes. Please see the “Breaking” section for more info.
Envelop/Helix GraphQL Server (preview)
This feature is in preview. We need your help with testing and feedback!
Over the last two months, @dotansimha from The Guild along with assistance from certified Redwood Whisperer @dthyresson have been working on allowing Redwood users to migrate away from Apollo Server to a different GraphQL server. This is now available now for you to try and let us know your experience!
- All the details and how to switch over via this community forums post
Self-hosted Auth with dbAuth
An alternative to third-party authentication has finally come, thanks to @cannikin. We call it dbAuth.
- Check out the dbAuth Trailer
You store your own credentials, log in your own users (for as long or as little time as you want), and it requires no third party integration. Your app stays self-contained, fast, and awesome.
- Get started, get help, and give feedback via this post on the community forums
- And check out the new “self-hosted auth” section in the Redwood Auth Doc
<head>s up! New SEO and metatag support
Redwood now gives you built in ways to modify the HTML <head> and metatags on your pages, for better SEO and social cards when links are unfurled. Note: please see the “Code Modification” section below for how to upgrade your app to use this feature.
- Head over to the new SEO + Header Doc for all the details
GraphQL Logger and Security
This release includes significant improvements to Redwood’s GraphQL implementation. In addition to the new GraphQL logging capability, there are new security configuration defaults and options such as Query Depth Limit and disabled introspection in production.
Changelog
Added
- dbAuth: Adds a totally self-contained database-based authentication option (#2701) c5b651e @cannikin
- Add helmet to web for meta tags | Prerender support (#2909) a4bcec0 @dac09
- Add
rw build --perfto measure babel-plugin impact (#2866) 93cbc42 @peterp - Apollo Server / Envelop enhancements: logging, tracing, e2e tests (#2914) 1c35d86 @dthyresson
Changed
- Check node yarn compatibility before starting crwa (#2810) e6f55ab @callingmedic911
- upgrade Prisma v2.26.0 (#2915) 40d5175 @vchoy
- upgrade Prisma v2.25.0 (#2899) 31a9ab0 @vchoy
- Upgrade supabase-js with Discord auth support (#2965) 625c0ee @dthyresson
- update contributing toc (#2937) 7bcb48b @thedavidprice
- Upgrade envelop/core to 0.3.1 (#2873) 8e843cb @dthyresson
- Create SECURITY.md (#1952) 06a702a @thedavidprice
- Add whileLoadingPage and whileLoadingAuth props (#2889) 32babb5 @LBrian
Fixed
- Used RHF get to retrieve errors (#2983) 77b7d0a @LBrian
- Update Route param parser TS (#3014) 55e4c8e @dac09
- GraphQL improvements for TSDoc and Playground/Schema Introspection using Envelop (#3005) 1e08a66 @dthyresson
- When scaffolding, generate Typescript layouts, pages, and cells (#2967) f839887 @dthyresson
- resolve storybook config to Framework (#2892) c31a222 @thedavidprice
- Upgrade Storybook to v6.3 (#2940) 7062afb @thedavidprice
- fix graphql.ts TS error d0795c1 @thedavidprice
- Use body parser limit on JSON type. (#2911) ad7ade7 @peterp
- Router: Remove RouteScanner, don’t store all routes in context (#2826) d808679 @Tobbe
- fix(cli): Make cli command casing consistent (#2988, #3032) 0526504 @dac09
- Rename the CLI “rw typeCheck” (#2906) 6171499 @simoncrypta
- Adds Failure Component to Scaffolded Cells (#2855) 2f2c1dc @dthyresson
- Don’t generate scaffold for invalid models (#2829) 6c857d6 @alicelovescake
- fix(exec): Always disconnect prisma after exec (#2894) 83e72d0 @dac09
- Fix context exports from graphql-server (#2891) 2f5e40d @dac09
- Fixes issue where
rw execexits early when running scripts that spawn other processes (#2881) 30d506d @viperfx - Fix scaffold generator: handle model name when plural form is unknown (aka the “Pokemon” bug) (#2850) f5f4a3a@callingmedic911
- Router: Filter out all but active route (#2795) 8c86cd8 @Tobbe
Package Dependencies
View all Dependency Version Upgrades
- misc dependabot updates week of July 5th (#2982) 99da9dbe @thedavidprice
Breaking
1. Fully Deprecated <Flash> component
In Redwood v0.27, the Flash component was replaced with React Hot Toast and scheduled for deprecation. In this release, <Flash />has been fully removed. Components that import <Flash /> will error.
Search your project’s codebase for “Flash”, which was used in the Scaffold generator as well as custom implementation. If there are any occurrences, you can replace Flash with Toast via this guide:
2. whileLoading replaced with whileLoadingAuth
The whileLoading prop has been renamed whileLoadingAuth, which you can pass to routes to be a little bit more specific.
If your project includes an implementation of whileLoading, it will need to be replaced. See “Code Modifications” section below.
3. Changes to Apollo Server Plugins and validationRules
This release includes major improvements to Redwood’s GraphQL Server, including a new logger and added security by default. (See PR #2914.)
Most of the changes to Apollo Server plugins and validationRules build upon previously existing options. However, if your project already includes defined plugins or validationRules, they will be overwritten. See the following docs for more information:
4. Custom ContextFunction Changes
If you use a custom ContextFunction to modify the context in the createGraphQL handler, now the function is provided only the context and not also the event. However, the event information is available as an attribute of the context as context.event.
Therefore, your custom ContextFunction setIpAddress() accessed the event as in:
const ipAddress = ({ event }) => {
return (
event?.headers?.['client-ip'] ||
event?.requestContext?.identity?.sourceIp ||
'localhost'
)
}
const setIpAddress = async ({ event, context }) => {
context.ipAddress = ipAddress({ event })
}
with envelop, you would use simple get the event from the context:
const setIpAddress = async ({ context }) => {
context.ipAddress = ipAddress({ event: context.event })
}
How to Upgrade
Code Modifications
1. Add GraphQL Logger
This is an optional but highly recommended modification.
The createGraphQLHandler now takes a loggerConfig that contains an instance of the app’s defined logger and a set of options that define what to log. Update the file api/src/functions/graphql.js|ts (see reference file):
// api/src/functions/graphql.js|ts
...
+ import { logger } from 'src/lib/logger'
export const handler = createGraphQLHandler({
+ loggerConfig: { logger, options: {} },
schema: makeMergedSchema({
schemas,
services: makeServices({ services }),
}),
onException: () => {
// Disconnect from your database with an unhandled exception.
db.$disconnect()
},
})
All the loggerConfig options are documented in Redwood’s Graphql Docs
2. Change any custom ContextFunctions in GraphQL handler
If your custom ContextFunction access the event, rework the function to access the event from the context as in:
const event = context.event
// use event as before ...
See Custom ContextFunction Changes above.
We’ve renamed the whileLoading prop to whileLoadingAuth, which you can pass to routes to be a little bit more specific. Redwood router now supports two different loaders that you can set right from your Routes.js|ts. More details here:
If your project includes an instance of whileLoading, updating is as as simple as renaming whileLoading to whileLoadingAuth. Example:
// Routes.js|tsx
- <Private whileLoading={SkeletonLoader}>
+ <Private whileLoadingAuth={SkeletonLoader}>
<Route1>
<Route2>
</Private>
3. 
Wrap your App in <RedwoodProvider> for React Helmet and SEO <Head> support
This is an optional but highly recommended modification.
To use the new <Head> for React Helmet meta and SEO, you need to make sure the RedwoodProvider wraps your entire App. Make the following changes in web/src/App.js/tsx (see reference file):
- import { FatalErrorBoundary } from '@redwoodjs/web'
+ import { FatalErrorBoundary, RedwoodProvider } from '@redwoodjs/web'
<FatalErrorBoundary page={FatalErrorPage}>
+ <RedwoodProvider>
<AuthProvider client={...} type="..."> {/* may not exist for apps without Auth */}
<RedwoodApolloProvider>
<Routes />
</RedwoodApolloProvider>
</AuthProvider> {/* may not exist for apps without Auth */}
+ </RedwoodProvider>
</FatalErrorBoundary>
Upgrade Packages to v0.35.x from v0.34.x
Run the following command within your App’s directory:
yarn redwood upgrade
Upgrading from an earlier version?
Please follow the “how to upgrade” sections for each newer version here 
Releases · redwoodjs/redwood · GitHub, as there may be manual code mods needed for each version.
Upgrading to a version that is not the latest?
The command yarn rw upgrade will always upgrade to the latest (i.e. most recent) Redwood version. If you need to upgrade incrementally to an earlier, specific release, use the --tag option. For example, if you need to upgrade from v0.27.0 to v0.28.4, run the following command:
yarn redwood upgrade --tag 0.28.4
Need help or having trouble upgrading packages?
See this forum topic for manual upgrade instructions and general upgrade help.
Redwood Releases on GitHub
You can see all Redwood release notes and version history on GitHub