v220.127.116.11 ChangesSeptember 26, 2017
⚡️ Updating to Meteor 18.104.22.168 will automatically patch a security vulnerability in the
[email protected]or later. If for any reason you are not ready or able to update to Meteor 22.214.171.124 by running
meteor update, please at least run
meteor update allow-deny
instead. More details about the security vulnerability can be found on the Meteor forums.
meteortool no longer invokes
--expose-gcflag. Although this flag allowed the build process to be more aggressive about collecting garbage, it was also a source of problems in Meteor 1.5.2 and Node 4.8.4, from increased segmentation faults during (the more frequent) garbage collections to occasional slowness in rebuilding local packages. The flag is likely to return in Meteor 1.6, where it has not exhibited any of the same problems.
👷 Meteor now supports
.meteorignorefiles, which cause the build system to ignore certain files and directories using the same pattern syntax as
.gitignorefiles. These files may appear in any directory of your app or package, specifying rules for the directory tree below them. Of course,
.meteorignorefiles are also fully integrated with Meteor's file watching system, so they can be added, removed, or modified during development. Feature request #5
connection.onReconnect = funcfeature has been deprecated. This functionality was previously supported as a way to set a function to be called as the first step of reconnecting. This approach has proven to be inflexible as only one function can be defined to be called when reconnecting. Meteor's accounts system was already setting an
onReconnectcallback to be used internally, which means anyone setting their own
onReconnectcallback was inadvertently overwriting code used internally. Moving forward the
DDP.onReconnect(callback)method should be used to register callbacks to call when a connection reconnects. The connection that is reconnecting is passed as the only argument to
callback. This is used by the accounts system to re-login on reconnects without interfering with other code that uses
connection.onReconnect. Issue #5665 PR #9092
destroywill clear the
ReactiveDicts data and unregister the
ReactiveDictfrom data migration. i.e. When a
ReactiveDictis instantiated with a name on the client and the
reloadpackage is present in the project. Feature Request #76 PR #9063
webapppackage has been updated to support UNIX domain sockets. If a
UNIX_SOCKET_PATHenvironment variable is set with a valid UNIX socket file path (e.g.
UNIX_SOCKET_PATH=/tmp/socktest.sock), Meteor's HTTP server will use that socket file for inter-process communication, instead of TCP. This can be useful in cases like using Nginx to proxy requests back to an internal Meteor application. Leveraging UNIX domain sockets for inter-process communication reduces the sometimes unnecessary overhead required by TCP based communication. Issue #7392 PR #8702
fastclickpackage (previously included by default in Cordova applications through the
mobile-experiencepackage) has been deprecated. This package is no longer maintained and has years of outstanding unresolved issues, some of which are impacting Meteor users. Most modern mobile web browsers have removed the 300ms tap delay that
fastclickworked around, as long as the following
metaelement is set (which is generally considered a mobile best practice regardless, and which the Meteor boilerplate generator already sets by default for Cordova apps):
<meta name="viewport" content="width=device-width">If anyone is still interested in using
fastclickwith their application, it can be installed from npm directly (
meteor npm install --save fastclick). Reference: Mobile Chrome Mobile Safari PR #9039
for...ofloops, spread operator,
yield*, and destructuring assignments. PR #8888
v1.5.1 ChangesJuly 12, 2017
⬆️ Node has been upgraded to version 4.8.4.
📦 A new core Meteor package called
server-renderprovides generic support for server-side rendering of HTML, as described in the package's
README.md. PR #8841
To reduce the total number of file descriptors held open by the Meteor build system, native file watchers will now be started only for files that have changed at least once. This new policy means you may have to wait up to 5000ms for changes to be detected when you first edit a file, but thereafter changes will be detected instantaneously. In return for that small initial waiting time, the number of open file descriptors will now be bounded roughly by the number of files you are actively editing, rather than the number of files involved in the build (often thousands), which should help with issues like #8648. If you need to disable the new behavior for any reason, simply set the
METEOR_WATCH_PRIORITIZE_CHANGEDenvironment variable to
"false", as explained in PR #8866.
observeChangescallbacks are now bound using
Meteor.bindEnvironment. The same
EnvironmentVariables that were present when
observeChangeswas called are now available inside the callbacks. PR #8734
onReadyis now fired again during a re-subscription, even if the subscription has the same arguments. Previously, when subscribing to a publication the
onReadywould have only been called if the arguments were different, creating a confusing difference in functionality. This may be breaking behavior if an app uses the firing of
onReadyas an assumption that the data was just received from the server. If such functionality is still necessary, consider using
observeChangesPR #8754 Issue #1173
mongopackages are now compliant with the upsert behavior of MongoDB 2.6 and higher. As a result support for MongoDB 2.4 has been dropped. This mainly changes the effect of the selector on newly inserted documents. PR #8815
reactive-dictnow supports setting initial data when defining a named
ReactiveDict. No longer run migration logic when used on the server, this is to prevent duplicate name error on reloads. Initial data is now properly serialized.
example.comas a default "from" address instead of
meteor.com. This change could break account-related e-mail notifications (forgot password, activation, etc.) for applications which do not properly configure a "from" domain since e-mail providers will often reject mail sent from
example.com. Ensure that
Accounts.emailTemplates.fromis set to a proper domain in all applications. PR #8760
facebook-oauthpackages have been updated to use the v2.9 of the Facebook Graph API for the Login Dialog since the v2.2 version will be deprecated by Facebook in July. There shouldn't be a problem regardless since Facebook simply rolls over to the next active version (v2.3, in this case) however this should assist in avoiding deprecation warnings and should enable any new functionality which has become available. PR #8858
DDP._CurrentInvocationremains for backwards-compatibility. This change allows method calls from publications to inherit the
connectionfrom the the publication which called the method. PR #8629
Note: If you're calling methods from publications that are using
this.connectionto see if the method was called from server code or not. These checks will now be more restrictive because
this.connectionwill now be available when a method is called from a publication.
🛠 Fix issue with publications temporarily having
DDP._CurrentInvocationset on re-run after a user logged in. This is now provided through
DDP._CurrentPublicationInvocationat all times inside a publication, as described above. PR #8031 PR #8629
Meteor.user()can now be used in both method calls and publications. PR #8629
this.onStopcallbacks in publications are now run with the publication's context and with its
EnvironmentVariables bound. PR #8629
minifier-jspackage will now replace
process.env.NODE_ENVwith its string value (or
meteor-babelnpm package has been upgraded to version 0.22.0.
reifynpm package has been upgraded to version 0.11.24.
uglify-jsnpm package has been upgraded to version 3.0.18.
🏗 Illegal characters in paths written in build output directories will now be replaced with
_s rather than removed, so that file and directory names consisting of only illegal characters do not become empty strings. PR #8765.
➕ Additional "extra" packages (packages that aren't saved in
.meteor/packages) can be included temporarily using the
--extra-packagesoption. For example:
meteor run --extra-packages bundle-visualizer. Both
meteor test-packagesalso support the
--extra-packagesoption and commas separate multiple package names. PR #8769
Note: Packages specified using the
--extra-packagesoption override version constraints from
coffeescriptpackage has been updated to use CoffeeScript version 1.12.6. PR #8777
It's now possible to pipe a series of statements to
meteor shell, whereas previously the input had to be an expression; for example:
> echo 'import pkg from "babel-runtime/package.json"; quote> pkg.version' | pipe> meteor shell "6.23.0"
Errorthrown by a DDP method with the
error.isClientSafeproperty set to
truewill now be serialized and displayed to the client, whereas previously only
Meteor.Errorobjects were considered client-safe. PR #8756
v1.5 ChangesMay 30, 2017
meteor-basepackage implies a new
dynamic-importpackage, which provides runtime support for the proposed ECMAScript dynamic
import(...)syntax, enabling asynchronous module fetching or "code splitting." If your app does not use the
meteor-basepackage, you can use the package by simply running
meteor add dynamic-import. See this blog post and PR #8327 for more information about how dynamic
import(...)works in Meteor, and how to use it in your applications.
ecmascript-runtimepackage, which provides polyfills for various new ECMAScript runtime APIs and language features, has been split into
ecmascript-runtime-server, to reflect the different needs of browsers versus Node 4. The client runtime now relies on the
core-jslibrary found in the
node_modulesdirectory of the application, rather than a private duplicate installed via
Npm.depends. This is unlikely to be a disruptive change for most developers, since the
babel-runtimenpm package is expected to be installed, and
core-jsis a dependency of
node_modules/core-jsshould already be present. If that's not the case, just run
meteor npm install --save core-jsto install it.
npmnpm package has been upgraded to version 4.6.1.
meteor-babelnpm package has been upgraded to version 0.21.4, enabling the latest Reify compiler and the transform-class-properties plugin, among other improvements.
reifynpm package has been upgraded to version 0.11.21, fixing issue #8595 and improving compilation and runtime performance.
Note: With this version of Reify,
importdeclarations are compiled to
module.watch(require(id), ...)instead of
module.importSync(id, ...)or the older
module.import(id, ...). The behavior of the compiled code should be the same as before, but the details seemed different enough to warrant a note.
installnpm package has been upgraded to version 0.10.1.
meteor-promisenpm package has been upgraded to version 0.8.4.
uglify-jsnpm package has been upgraded to version 3.0.13, fixing #8704.
📦 If you're using the
standard-minifier-jsMeteor package, as most Meteor developers do, it will now produce a detailed analysis of package and module sizes within your production
.jsbundle whenever you run
meteor run --production. These data are served by the application web server at the same URL as the minified
.jsbundle, except with a
.stats.jsonfile extension instead of
.js. If you're using a different minifier plugin, and would like to support similar functionality, refer to these commits for inspiration.
To visualize the bundle size data produced by
meteor add bundle-visualizerand then start your development server in production mode with
meteor run --production. Be sure to remove the
bundle-visualizerpackage before actually deploying your app, or the visualization will be displayed to your users.
If you've been developing an app with multiple versions of Meteor, or testing with beta versions, and you haven't recently run
meteor reset, your
.meteor/local/bundler-cachedirectory may have become quite large. This is just a friendly reminder that this directory is perfectly safe to delete, and Meteor will repopulate it with only the most recent cached bundles.
Apps created with
meteor create --barenow use the
static-htmlpackage for processing
.htmlfiles instead of
blaze-html-templates, to avoid large unnecessary dependencies like the
🔌 Babel plugins now receive file paths without leading
/characters, which should prevent confusion about whether the path should be treated as absolute. PR #8610
It is now possible to override the Cordova iOS and/or Android compatibility version by setting the
METEOR_CORDOVA_COMPAT_VERSION_ANDROIDenvironment variables. PR #8581
node_modulesdirectories will no longer automatically have access to the
require("buffer").Buffer. Issue #8645.
📦 Packages in
node_modulesdirectories are now considered non-portable (and thus may be automatically rebuilt for the current architecture), if their
package.jsonfiles contain any of the following install hooks:
postinstall. Previously, a package was considered non-portable only if it contained any
.nodebinary modules. Issue #8225
v1.4.4 ChangesApril 07, 2017
⬆️ Node has been upgraded to version 4.8.1.
npmnpm package has been upgraded to version 4.4.4. It should be noted that this version reduces extra noise previously included in some npm errors.
node-gypnpm package has been upgraded to 3.6.0 which adds support for VS2017 on Windows.
node-pre-gypnpm package has been updated to 0.6.34.
Thanks to the outstanding efforts of @sethmurphy18, the
minifier-jspackage now uses Babili instead of UglifyJS, resolving numerous long-standing bugs due to UglifyJS's poor support for ES2015+ syntax. Issue #8378 PR #8397
meteor-babelnpm package has been upgraded to version 0.19.1, and
reifyhas been upgraded to version 0.6.6, fixing several subtle bugs introduced by Meteor 1.4.3 (see below), including issue #8461.
🔌 The Reify module compiler is now a Babel plugin, making it possible for other custom Babel plugins configured in
package.jsonfiles to run before Reify, fixing bugs that resulted from running Reify before other plugins in Meteor 1.4.3. Issue #8399 Issue #8422
👍 Two new
export ... from ...syntax extensions are now supported:
export * as namespace from "./module" export def from "./module"
Read the ECMA262 proposals here:
Meteor.callis used on the server to invoke a method that returns a
Promiseobject, the result will no longer be the
Promiseobject, but the resolved value of the
Promise. Issue #8367
Note: if you actually want a
Meteor.applyon the server, use
Meteor.applyAsyncinstead. Issue #8367, https://github.com/meteor/meteor/commit/0cbd25111d1249a61ca7adce23fad5215408c821
smtp-connectionnpms have been updated to resolve an issue with the encoding of long header lines. Issue #8425 PR #8495
Accounts.confignow supports an
ambiguousErrorMessagesoption which enabled generalization of messages produced by the
accounts-*packages. PR #8520
🛠 A bug which caused account enrollment tokens to be deleted too soon was fixed. Issue #8218 PR #8474
🚀 On Windows, bundles built during
meteor deploywill maintain the executable bit for commands installed in the
node_modules\.bindirectory. PR #8503
⬆️ On Windows, the upgrades to Node.js,
mongodbare now in-sync with other archs again after being mistakenly overlooked in 126.96.36.199. An admin script enhancement has been applied to prevent this from happening again. PR #8505
v188.8.131.52 ChangesApril 02, 2018
⬆️ Node has been upgraded to version 4.9.0, an important security release. The Node v4.x release line will exit the Node.js Foundation's long-term support (LTS) status on April 30,
- We strongly advise updating to a version of Meteor using a newer version of Node which is still under LTS status, such as Meteor 1.6.x which uses Node 8.x.
npmpackage has been upgraded to version 4.6.1.
v184.108.40.206 ChangesDecember 08, 2017
- ⬆️ Node has been upgraded to version 4.8.7, an important security release.
v220.127.116.11 ChangesSeptember 26, 2017
- ⚡️ Updating to Meteor 18.104.22.168 will automatically patch a security
vulnerability in the
[email protected]or later. If for any reason you are not ready or able to update to Meteor 22.214.171.124 by running
meteor update, please at least run
sh meteor update allow-denyinstead. More details about the security vulnerability can be found on the Meteor forums.
- ⚡️ Updating to Meteor 126.96.36.199 will automatically patch a security vulnerability in the
v188.8.131.52 ChangesMay 22, 2017
⬆️ Node has been upgraded to version 4.8.3.
A bug in checking body lengths of HTTP responses that was affecting Galaxy deploys has been fixed. PR #8709.
v184.108.40.206 ChangesMay 02, 2017
⬆️ Node has been upgraded to version 4.8.2.
npmnpm package has been upgraded to version 4.5.0. Note that when using npm
scriptsthere has been a change regarding what happens when
SIGINT(Ctrl-C) is received. Read more here.
🛠 Fix a regression which prevented us from displaying a helpful banner when running
meteor debugbecause of a change in Node.js.
node-inspectornpm to 1.1.1, fixing a problem encountered when trying to press "Enter" in the inspector console. Issue #8469
mailcomposernpm package swapped with a Node 4 fork of
nodemailerdue to its ability to support connection pooling in a similar fashion as the original
mailcomposer. Issue #8591 PR #8605
MAIL_URLshould be configured with a scheme which matches the protocol desired by your e-mail vendor/mail-transport agent. For encrypted connections (typically listening on port 465), this means using
smtps://. Unencrypted connections or those secured through a
STARTTLSconnection upgrade (typically using port 587 and sometimes port 25) should continue to use
smtp://. TLS/SSL will be automatically enabled if the mail provider supports it.
Tracker.inFlush()has been added to provide a global Tracker "flushing" state. PR #8565.
meteor-babelnpm package has been upgraded to version 0.20.1, and the
reifynpm package has been upgraded to version 0.7.4, fixing issue #8595. (This was fixed between full Meteor releases, but is being mentioned here.)
v220.127.116.11 ChangesApril 07, 2017
- 🚚 A change in Meteor 1.4.4 to remove "garbage" directories asynchronously
files.renameDirAlmostAtomicallyhad unintended consequences for rebuilding some npm packages, so that change was reverted, and those directories are now removed before
files.renameDirAlmostAtomicallyreturns. PR #8574
- 🚚 A change in Meteor 1.4.4 to remove "garbage" directories asynchronously in