Merge branch 'main' into dt-trusted-docs-auth

.changesets/10830.md

@@ -0,0 +1,3 @@
+- fix(cli): Add check for excessively long route (#10830) by @Josh-Walker-GM
+
+This change adds an additional internal check to protect against route definitions which are preposterously long. 

.changesets/10833.md

@@ -0,0 +1,5 @@
+- fix(deps): update dependency firebase-admin to v12 (#10833) by @renovate
+
+This change updates our firebase auth provider to use the v12 major version of the `firebase-admin` package. This will require you to update your own version of `firebase-admin` that is listed in your api side package json file.
+
+We have noticed no breaking api changes in our limited testing. Please consult the `firebase-admin` upgrade guide if you experience problems after upgrading - especially if you have more extensive or complex use of the firebase suite of products. 

.changesets/10849.md

@@ -0,0 +1,3 @@
+- feat(dbAuth): Prompt for creating User table (#10849) by @Tobbe
+
+To skip the prompt you can pass `--createUserModel` (or just `-u`) to `yarn rw setup auth dbAuth`.

.github/actions/check_changesets/check_changesets.mjs

@@ -11,6 +11,14 @@ async function main() {
     return
   }
 
+  // We only enforce changesets on PRs that are not marked as "chore" or "SSR" or "RSC"
+  const skipOnMilestone = ['chore', 'SSR', 'RSC']
+  const { milestone } = github.context.payload.pull_request
+  if (milestone && skipOnMilestone.includes(milestone.title)) {
+    console.log(`Skipping check because of the "${milestone.title}" milestone`)
+    return
+  }
+
   // Check if the PR adds a changeset.
   await exec('git fetch origin main', [], { silent: true })
   const { stdout } = await getExecOutput('git diff origin/main --name-only', [], { silent: true })

.github/workflows/check-changelog.yml

@@ -2,7 +2,7 @@ name: 📝 Check changesets
 
 on:
   pull_request:
-    types: [opened, synchronize, reopened, labeled, unlabeled]
+    types: [opened, synchronize, reopened, labeled, unlabeled, milestoned, demilestoned]
 
 # Cancel in-progress runs of this workflow.
 # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-only-cancel-in-progress-jobs-or-runs-for-the-current-workflow.

__fixtures__/empty-project/api/package.json

@@ -3,7 +3,7 @@
   "version": "0.0.0",
   "private": true,
   "dependencies": {
-    "@redwoodjs/api": "0.49.1",
-    "@redwoodjs/graphql-server": "0.49.1"
+    "@redwoodjs/api": "canary",
+    "@redwoodjs/graphql-server": "canary"
   }
 }

__fixtures__/empty-project/package.json

@@ -8,7 +8,7 @@
     ]
   },
   "devDependencies": {
-    "@redwoodjs/core": "0.49.1"
+    "@redwoodjs/core": "canary"
   },
   "eslintConfig": {
     "extends": "@redwoodjs/eslint-config",

__fixtures__/empty-project/web/package.json

@@ -13,9 +13,9 @@
     ]
   },
   "dependencies": {
-    "@redwoodjs/forms": "0.49.1",
-    "@redwoodjs/router": "0.49.1",
-    "@redwoodjs/web": "0.49.1",
+    "@redwoodjs/forms": "canary",
+    "@redwoodjs/router": "canary",
+    "@redwoodjs/web": "canary",
     "prop-types": "15.8.1",
     "react": "17.0.2",
     "react-dom": "17.0.2"

__fixtures__/example-todo-main-with-errors/api/package.json

@@ -3,6 +3,6 @@
   "name": "api",
   "version": "0.0.0",
   "dependencies": {
-    "@redwoodjs/api": "0.7.0"
+    "@redwoodjs/api": "canary"
   }
 }

__fixtures__/example-todo-main-with-errors/package.json

@@ -5,7 +5,7 @@
     "web"
   ],
   "devDependencies": {
-    "@redwoodjs/core": "0.7.0"
+    "@redwoodjs/core": "canary"
   },
   "eslintConfig": {
     "extends": "@redwoodjs/eslint-config"

__fixtures__/example-todo-main-with-errors/web/package.json

@@ -3,8 +3,8 @@
   "name": "web",
   "version": "0.0.0",
   "dependencies": {
-    "@redwoodjs/router": "0.7.0",
-    "@redwoodjs/web": "0.7.0",
+    "@redwoodjs/router": "canary",
+    "@redwoodjs/web": "canary",
     "prop-types": "^15.7.2",
     "react": "^16.13.1",
     "react-dom": "^16.13.1",

__fixtures__/example-todo-main/api/package.json

@@ -3,6 +3,6 @@
   "name": "api",
   "version": "0.0.0",
   "dependencies": {
-    "@redwoodjs/api": "0.32.2"
+    "@redwoodjs/api": "canary"
   }
 }

__fixtures__/example-todo-main/package.json

@@ -6,7 +6,7 @@
     "../../packages/*"
   ],
   "devDependencies": {
-    "@redwoodjs/core": "0.32.2"
+    "@redwoodjs/core": "canary"
   },
   "eslintConfig": {
     "extends": "@redwoodjs/eslint-config"

__fixtures__/example-todo-main/web/package.json

@@ -3,8 +3,8 @@
   "name": "web",
   "version": "0.0.0",
   "dependencies": {
-    "@redwoodjs/router": "0.32.2",
-    "@redwoodjs/web": "0.32.2",
+    "@redwoodjs/router": "canary",
+    "@redwoodjs/web": "canary",
     "prop-types": "^15.7.2",
     "react": "^17.0.2",
     "react-dom": "^17.0.2",

docs/docs/graphql/trusted-documents.md

@@ -4,7 +4,7 @@ RedwoodJS can be setup to enforce [persisted operations](https://the-guild.dev/g
 
 Use trusted documents if your GraphQL API is only for your own app (which is the case for most GraphQL APIs) for a massively decreased attack-surface, increased performance, and decreased bandwidth usage.
 
-At app build time, Redwood will extract the GraphQL documents (queries, etc) and make them available to the server. At run time, you can then send "document id" or "hash" instead of the whole document; only accept requests with a known document id.
+At app build time, Redwood will extract the GraphQL documents (queries, etc) and make them available to the server. At run time, you must then send "document id" or "hash" instead of the whole document as the server will only accept requests with a known document id.
 
 This prevents malicious attackers from executing arbitrary GraphQL thus helping with unwanted resolver traversal or information leaking.
 
@@ -84,9 +84,9 @@ See how the `76308e971322b1ece4cdff75185bb61d7139e343` hash ids match?
 
 Now, when the client requests to make a query for `76308e971322b1ece4cdff75185bb61d7139e343`, the GraphQL server knows to execute the corresponding query associated with that hash.
 
-This means that because queries are pre-generated and the hash ids ***must match**, there is no way for any un-trusted or ad-hock queries to get executed by the GraphQL server.
+This means that because queries are pre-generated and the hash ids **must match**, there is no way for any un-trusted or ad-hoc queries to get executed by the GraphQL server.
 
-Thus preventing unwanted queries or GraphQl traversal attacks,
+Thus preventing unwanted queries or GraphQL traversal attacks,
 
 * Configure RedwoodJS to use Trusted Documents via `redwood.toml`
 * Configure the GraphQL Server

docs/docusaurus.config.ts

@@ -133,9 +133,9 @@ const config: Config = {
   // ?
   scripts: [
     {
-      src: 'https://plausible.io/js/plausible.js',
+      src: 'https://plausible.io/js/script.outbound-links.tagged-events.js',
       defer: true,
-      'data-domain': 'redwoodjs.com',
+      'data-domain': 'docs.redwoodjs.com',
     },
   ],
   stylesheets: [

docs/package.json

@@ -24,10 +24,10 @@
     ]
   },
   "dependencies": {
-    "@docusaurus/core": "3.3.2",
-    "@docusaurus/plugin-content-docs": "3.3.2",
-    "@docusaurus/preset-classic": "3.3.2",
-    "@docusaurus/theme-common": "3.3.2",
+    "@docusaurus/core": "3.4.0",
+    "@docusaurus/plugin-content-docs": "3.4.0",
+    "@docusaurus/preset-classic": "3.4.0",
+    "@docusaurus/theme-common": "3.4.0",
     "@mdx-js/react": "3.0.1",
     "clsx": "2.1.1",
     "prism-react-renderer": "2.3.1",
@@ -36,8 +36,8 @@
     "react-player": "2.16.0"
   },
   "devDependencies": {
-    "@docusaurus/module-type-aliases": "3.3.2",
-    "@docusaurus/tsconfig": "3.3.2",
+    "@docusaurus/module-type-aliases": "3.4.0",
+    "@docusaurus/tsconfig": "3.4.0",
     "typescript": "5.4.5"
   },
   "packageManager": "[email protected]"