Today we’re announcing Redwood v4.0.0! 
This major features a New Auth API and Enhanced GraphQL Security.
We went to great lengths to completely decouple auth from the framework so that you can use any auth provider you want and don’t have to wait for us to support it. And we made some improvements to the GraphQL Server, bumping the version of GraphQL Yoga to v3 and adding GraphQL Armor to beef up security.
We also bumped the Node.js versions Redwood supports. Redwood used to support 14 and 16 and the api side would build for 14. Now it supports 16 and 18 and the api side builds for 16.
Come join us this Thursday for our first Redwood meetup of 2023 where I’ll go over the release notes for this major:
v4.0.0 Highlights
Decoupled auth
Want to use Amazon Cognito? Keycloak? Now you don’t have to wait, you just have to set it up.
Redwood has a new auth API you can use to integrate your auth provider of choice as if it was official. (It’s the same API our official integrations use.) Check out the new-and-improved Custom Auth doc for step-by-step instructions.
GraphQL Yoga v3
The Guild recently released a new major version of GraphQL Yoga, and we’ve included it in this major. The most salient user-facing change is the brand new GraphiQL:
For the full list of changes in GraphQL Yoga v3, check out The Guild’s blog post.
GraphQL Armor
Just by upgrading to v4, your GraphQL API got more secure by default. v4 features Escape’s GraphQL Armor, a middleware that adds a security layer to your GraphQL endpoint. GraphQL Armor implements a suite of security best practices, protecting your endpoint from abuse of aliases, depth, directives, tokens, and more. Check out the new GraphQL Armor section in the docs for more.
Node.js 16 and 18
With Node.js 14 already in maintenance mode and 16 scheduled to enter it soon, it was high-time to bump the Node.js versions Redwood supports to 16 and 18. In this major, Redwood’s api side now builds for Node.js 16.