Features

Some security vulnerabilities were showing up with npm audit. This version updates Foal's dependencies to get rid of them.

Dependencies

• @foal/acceptance-tests
  • [email protected]
  • [email protected]
• @foal/aws-s3
  • @aws-sdk/[email protected]
  • @aws-sdk/[email protected]
• @foal/core
  • [email protected]
• @foal/examples
  • [email protected]
• @foal/redis
  • [email protected]

Features

• [Internal] Upgrade to lerna v8 (PR: #1259)
• Deprecate use of CLI globally (PR: #1273)
• Fix foal connect react and support build output dir (PR: #1274)
• Make logging more suitable for log monitoring softwares (PR: #1275)
• Allow to run async tasks and catch and log them appropriately on failure (PR: #1276)
• Improve GoogleProvider types (PR: #1277)
• Improve social auth for SPA (PR: #1277)
• Remove the link to the official site from the index.html of new applications to avoid polluting the traffic analytics of foalts.org (PR: #1278)

Dependencies

• @foal/aws-s3
  • @aws-sdk/[email protected]
  • @aws-sdk/[email protected]
• @foal/cli
  • [email protected]
  • [email protected]
• @foal/core
  • [email protected]
• @foal/graphql
  • [email protected]
  • [email protected] (peer dependency)
• @foal/mongodb
  • [email protected]

Features

This release updates Foal's sub-dependencies, including the express library, which presents a moderate vulnerability in versions prior to 4.19.2.

Dependencies

• @foal/aws-s3
  • @aws-sdk/[email protected]
  • @aws-sdk/[email protected]
• @foal/core
  • [email protected]
• @foal/swagger
  • [email protected]

Contributions

Thanks to Lucho for reporting this vulnerability in the first place!

Features / improvements / fixes

• [Internal] Use fs native API with promises (PR: #1243)
• [Bug] Fix HTTP logger error when the client request is aborted (issue: #1247) (PRs: #1249, #1252)
• [CLI] Display all errors when the validation of script arguments fails (PR: #1251)

Dependencies

#1250

• @foal/aws-s3
  • @aws-sdk/[email protected]
  • @aws-sdk/[email protected]
• @foal/cli
  • [email protected]
  • [email protected]
• @foal/core
  • [email protected]
• @foal/jwks-rsa
  • [email protected]
• @foal/social
  • [email protected]
• @foal/socket.io
  • [email protected]
• @foal/swagger
  • [email protected]

Features

• [Bug] Fix "foal connect angular" to support latest versions of Angular (issue: #1197) (PR: #1236)
• Allow to disable AJV strict mode (issue: #1206) (PR: #1239)
• Possibility to pass cacheControl option to static middleware (issue: #1221) (PR: #1241 )
• Logs added to socket.io controllers (PR: #1240)

Features

• Add request ID (PR: #1234)
• Add Foal logger (PR: #1234)
• Support XML requests (issue: #1203) (PR: #1231)

Dependencies

• @foal/cli
  • [email protected]
• @foal/swagger
  • [email protected]

Contributors

@paoloevan

Overview and goals

#1223

Migration guide

• Run npx foal upgrade.
• Version 16 of Node is not supported anymore. Upgrade to version 18 or version 20.
• Support of MariaDB has been dropped.
• If you use any of these dependencies, upgrade typeorm to v0.3.17, graphql to v16, type-graphql to v2, class-validator to v0.14, mongodb to v5 and @socket.io/redis-adapter to v8.
• If you use both TypeORM and MongoDBStore, there is no need anymore to maintain two versions of mongodb. You can use version 5 of mongodb dependency.
• If you use @foal/socket.io with redis, install socket.io-adapter.
• Support for better-sqlite driver has been dropped. Use the sqlite3 driver instead. In DB configuration, use type: 'sqlite' instead of type: 'better-sqlite3'.
• In your project dependencies, upgrade @types/node to v18.11.9.
• If you use TypeORM with MongoDB, for the entities definitions, rename import { ObjectID } from 'typeorm'; to import { ObjectId } from 'typeorm';

Dependencies

• @foal/aws-s3
  • @aws-sdk/[email protected]
  • @aws-sdk/[email protected]
• @foal/cli
  • [email protected]
• @foal/graphiql
  • [email protected]
• @foal/graphql
  • [email protected]
  • graphql@^16.8 (peer dependency)
• @foal/jwks-rsa
  • [email protected]
• @foal/mongodb
  • [email protected]
• @foal/redis
  • [email protected]
• @foal/socket.io
  • [email protected]
• @foal/swagger
  • [email protected]
• @foal/typeorm
  • [email protected] (peer dependency)
  • [email protected] (dev dependency / driver)
  • [email protected] (dev dependency / driver)
• @foal/typestack
  • [email protected] (peer dependency)

Features

The jsonwebtoken dependency has been upgraded to v9 to address security issues.

Note that RSA key size now must be 2048 bits or greater. Make sure to check the size of your RSA key before upgrading to this version.

Dependencies

• @foal/cli
  • [email protected]
• @foal/core
  • [email protected]
• @foal/graphql
  • [email protected]
• @foal/jwt
  • [email protected]
• @foal/social
  • [email protected]

Dev dependencies

• mocha
• rimraf
• typescript
• supertest
• concurrently
• ESLint dependencies
• nyc

Features

• Re-add @foal/password (issue: #1195) (PR: 1196)
• Add ctx.controllerName and ctx.controllerMethodeName (issue: #1183) (PR: #1199)

Contributors

@lcnvdl

Features

• Update the max-age attribute of the Strict-Transport-Security header to "industry standard" (issue: #1146) (PR: #1155)
• [CLI] Disable ESLint rule @typescript-eslint/no-non-null-assertion in generated projects (PR: #1178)
• [Bug] Support whitespaces around variable names in .env files (issue: #1182) (PR: #1185)
• Support custom cookie domain in social auth (issue: #1099) (PR: #1187)
• [CLI] Add foal upgrade command (issue: #1158) (PR: #1186, #1193)
• Fix: support custom OpenAPI "example" keyword in AJV validation (issue: #1192) (PR: #1194)

Dependencies

https://github.com/FoalTS/foal/pull/1162

Dependencies

• @foal/aws-s3
  • @aws-sdk/[email protected]
  • @aws-sdk/[email protected]
• @foal/cli
  • [email protected]
• @foal/core
  • [email protected]
• @foal/jwks-rsa
  • [email protected]
• @foal/mongodb
  • [email protected]
• @foal/socket.io
  • [email protected]
• @foal/swagger
  • [email protected]

Contributors

• @edw1882

Fixes

• Make createapp install v3 of @foal/cli (PR: #1172)

Fixes

• [CLI] Support AJV formats in shell scripts (issue: #1167) (PR: #1168)

Features

• Drop support for Node 10 (unmaintained), 12 (not maintained from April 2022) and 14 (not maintained in less that a year). Support versions 16 and 18.
  • #1029
  • #1070
  • #1075
• Upgrade all 3p dependencies doing major upgrades (graphql, etc). Specify which minimum version of TypeORM is required. Upgrade the peer dependencies.
  • #1028
  • #1030
  • #1033
  • #1035
  • #1036
  • #1041
  • #1056
  • #1148
  • #1079
  • #1081
  • #1082
  • #1154
• Use latest version of AJV and use its TS integration (maybe related: #988). Check that the option names are still the same. Check potential conflicts with OpenAPI types.
  • #1037
• Remove the functions escape and escapeProp. Modern frontend frameworks (React, Angular, Vue, etc) take care of this.
  • #1034
• Improve the interface of the Context class to mainly improve type safety.
  • #1073
• Correct the bad design on the precedence of environment variables. (issue: #1021)
  • #1128
• Support optional fields in @ValidateMultipartFormDataBody (issue: #1008)
  • #1048
• Support TypeORM 0.3.0.
  • #1074
  • #1089
  • #1091
  • #1092
  • #1093
  • #1094
  • #1095
  • #1096
  • #1098
  • #1100
  • #1156
• Ignore undefined values in configuration (issue: #1071)
  • #1113
• Simplify generated CLI files.
  • #1077
• Drop foal generate rest-api command.
  • #1078
  • #1088
• Make the session and JWT systems a bit simpler.
  • #1107
  • #1108
  • #1119
  • #1133
  • #1134
  • #1135
  • #1145
  • #1147
  • #1152
• Miscellaneous
  • #1114
  • #1117
  • #1121
  • #1124
  • #1125
  • #1127
  • Replace v2 migration with empty v3 migration

Dependencies

• @foal/aws-s3
  • aws-sdk -> @aws-sdk/[email protected] and @aws-sdk/[email protected]
• @foal/cli
  • [email protected]
  • [email protected]
• @foal/core
  • [email protected]
  • [email protected]
  • [email protected]
• @foal/graphql
  • [email protected]
  • peerDependencies: graphql@^15.8.0
• @foal/jwks-rsa
  • [email protected]
• @foal/jwt
  • [email protected]
• @foal/mongodb
  • [email protected]
• @foal/redis
  • [email protected]
• @foal/socket.io
  • [email protected]
• @foal/storage
  • [email protected]
  • [email protected]
• @foal/swagger
  • [email protected]
• @foal/typeorm
  • peerDependencies: typeorm@^0.3.10
• @foal/typestack
  • peerDependencies: [email protected]
  • peerDependencies: [email protected]

Features

• Increase password hashing iterations (PR: #1149)

Content

• [Internal] Add getCsrfTokenFromRequest util (PR: #1138)
• [Internal] Split directories jwt and sessions into jwt|sessions/core and jwt|sessions/http (PR: #1137)
• [Internal] Add getCsrfTokenFromCookie and shouldVerifyCsrfToken utils (PR: #1140)
• [Internal] Reorganize utils in jwt/ and sessions/ (PR: #1141)

Fixes

• Do not throw errors on uploads with empty filenames (PR: #1129)
• Add default Content-Type header in Disk.createHttpResponse responses (PR: #1130)

Features

• @foal/cli included as dev dependency in new projects generated by createapp (issue: #1097) (PR: #1109)
• [CLI] Do not use http module in new projects (PR: #1118)
• [CLI] Fix concurrently issue on some OS (issues: #1115, #1022) (PR: #1123)
• [Internal] [CLI] Add fs.getProjectDependencies and fs.getProjectDevDependencies (PR: #1111)
• [Internal] Re-organize common/ internal directory (PR: #1122)

Contributors

@scho-to

Features

• Support version 15 of graphql and recent versions of type-graphql (issue: #1066) (PR: #1068)
• Support PKCE in OAuth2 providers (issue: #1014) (PR: #1053)
• Add Twitter provider (issue: #1047) (PR: #1053)

Dependencies

• @foal/core
  • [email protected]
• @foal/mongodb
  • [email protected]
• @foal/socket.io
  • [email protected]

Contributors

@LeonardoSalvucci

• [CLI] Fix installation with yarn on node 10 (PR: #1058)
• Show security requirements, servers and external doc of sub-controllers in Swagger auto-generated document (issue: #1057) (PR: #1060)

Improvements / fixes

• [WS] Allow to emit client events without payload or callback (issue: #1043) (PR: #1044)