The Ember Times - Issue No. 204

👋 Emberistas! 🐹

Ember Security Releases Blog Post 🔒, Ember 4.8 released 🐹, prettier-plugin-ember-template-tag released 🙌, more-confetti-addon released 🥳, Dive into modern @ember-data 🏗️, Learn how to overwrite the default transition after authentication 🗝️, Deprecation of Ember array prototype extensions 🧹, Watch the movies 🎞, Evolving Ember’s Major Version Process ⭕, Announcing the Official TypeScript Types Public Preview 🔥, Ember Resources Release 🎉

Ember Security Releases Blog Post 🔒

Ember.js 3.24.7, 3.28.10, 4.4.4, 4.8.1, and 4.9.0-beta.3 were recently released to patch a security vulnerability for apps that pass untrusted input as paths to EmberObject.setProperties or EmberObject.set, or the corresponding standalone functions setProperties or set. Apps that do this may get surprising results that, in combination with other application bugs, could lead to cross-site scripting vulnerabilities.

Head on over to the blog post to read more about the security patch.

Ember 4.8 released 🐹

Ember 4.8 was recently released!

This release included 1 new feature for Ember.js that provides an opt-in preview of Ember's official TypesScript types, one bug fix for Ember.js, adds a few new features for EmberCLI and 4 bug fixes for Ember CLI.

Ember Data 4.8 was also recently released and includes a number of bug fixes and several new features including preventing backtracking render errors, adding identifier data to the Reference public API, and enhanced logging options for debugging. The release details can be found here.

Head on over to the 4.8 release blog post and give it a read today!

prettier-plugin-ember-template-tag released 🙌

Krystan HuffMenne (@gitKrystan) just released prettier-plugin-ember-template-tag for prettifying your <template> tags in both .gjs and .gts files!

Go check out the repo today.

more-confetti-addon released 🥳

Anne-Greeth Schot-van Herwijnen (@MinThaMie) announced the release of more-confetti-addon, an addon that provides a helper to call the canvas-confetti package in your Ember templates!

Check out the repo and the docs page today!

🏗️ Dive into modern @ember-data - part 1

In a series of blog posts, Lukas Kohler (@luxferrsum) talks about the future of @ember-data and how to use it from the perspective of someone that didn’t develop it. In the first blog post, Lukas explains how to build your own @ember-data/model and use the new @ember-data APIs: Schema and RecordData.

🗝️ Ember Simple Auth - how to overwrite the default transition after authentication

This blog post by Sabin Hertanu (@herzzanu) will cover how to protect your routes, get rid of Ember Simple Auth mixins and how you can overwrite the default transitions defined in Ember Simple Auth. If you are still using the Ember Simple Auth mixins follow the steps in the blog post to migrate away from them and get rid of all deprecation warnings.

Deprecation of Ember array prototype extensions 🧹

A long-awaited RFC written by Hang Li (@smilland) to deprecate Ember array prototype extensions was recently merged. Prototype extensions now come disabled by default as of ember-cli v4.9.0-beta.0.

Santhosh Venkata Rama Siva Thanakala Gani (@tgvrssanthosh) has implemented an auto-fixer for the ember/no-array-prototype-extensions lint rule which works for all Ember array prototype extensions that do not involve reactivity in v11.1.0 of eslint-plugin-ember. Try enabling the rule in your codebase and running the autofixer. There's also an auto-fixable ember-template-lint version of no-array-prototype-extensions to try out.

🎞 EmberFest videos are live!

Last September a group of Emberistas gathered in Paris to enjoy the latest edition of EmberFest. The talks of this awesome hybrid event are now live on YouTube. So if you missed a talk because of timezone struggles, want to watch your own amazing performance or are interested in the talks in general, go check them out right now!

Evolving Ember’s Major Version Process ⭕

Starting in the current 4.0 cycle, Ember major versions will be 18 months long, running from the .0 release up to the .12 release, and then starting a new major version as outlined in RFC 0830. This means that you can expect 5.0 in May 2023, 6.0 in November 2024, 7.0 in May 2026, and so on.

While this is a significant shift in how we think about major versions in Ember, there are a lot of things which remain unchanged:

  • Our approach to minor releases is not changing. We will keep releasing on the same steady cadence. Features will be in, or not, based on whether they’re ready.
  • Our approach to Long Term Support releases is not changing. That means that every major version will have 3 LTS releases over its life: the .4, .8, and .12 releases.
  • Our approach to Editions is not changing. Similar to what we did with Octane, we will release Polaris and any future edition in a minor release, when it is fully ready.
  • Our approach to breaking changes is not changing. We will not be making more breaking changes because of this policy, and we will not make breaking changes without clear migration paths. We have also committed not to introduce new deprecations targeting the next major after the .10 release of the current major.

This change enables Ember to have a predictable cadence for major versions similar to what we have had for minor versions. Read more about this change in the full blog post.

Announcing the Official TypeScript Types Public Preview 🔥

Chris Krycho (@chriskrycho) wrote a post on how Ember is shipping a public preview of the official TypeScript support for the framework itself. Anyone using TypeScript with Ember 4.8.0 Beta 2 or later can opt into using these preview types by removing the corresponding @types packages and adding the following import in your types/<your app>/index.d.ts file:

import 'ember-source/types';
import 'ember-source/types/preview';

Note there is a known issue when using the @types/ember-data packages which are not compatible with these types because they assume the presence of many of the Ember Classic types that were removed in this migration. If you are using Ember Data with TypeScript, you will need to wait for a future update. The key difference between the stable and preview types is: our stable types must be generated from Ember's own TypeScript source code, while the preview types are hand-written type definitions. All public API remains supported however there will only be minimal support for Ember Classic APIs around class definitions (see RFC 800 for more details).

Ember Resources Release 🎉

Thomas Gossmann (@gossi) together with NullVoxPopuli (@NullVoxPopuli) released a new version of ember-resources, an addon that implements the Resource pattern. The new release starting in v5.4.0 adds the "owner" (app/engine instance) to function-based resources so now resources can access services, or whatever else is in the registry.

const myResource = resource(({ on, owner }) => {
  let foo = owner.lookup('service:foo');

  return () => foo.someValue;

Try it out today by installing it in your app!

Ember QUnit 6.0.0 Release 🚀

Chris Krycho (@chriskrycho) along with Bert De Block (@bertdeblock) and Francesco Novy (@mydea) released ember-qunit v6.0.0, which adds full support for Ember v4, including ember-auto-import v2, and drops support for Ember versions before v3.24, and fixes bugs around focus related tests.

👏 Contributors' corner

This week we'd like to thank Chris Ng (@chrisrng), Rich Glazerman (@richgt), Jan Krutisch (@halfbyte), Chris Krycho (@chriskrycho), Tomek Nieżurawski (@tniezurawski), João Almeida Santos (@jsantos42), Robert Jackson (@rwjblue), Arafat Iqbal (@arafatiqbal), Zhan Wang (@zhanwang626), Katie Gengler (@kategengler), Ben Tidy (@tben), Ben Demboski (@bendemboski), @WoodLeg, Ricardo Mendes (@locks), Giles Thompson (@gilest), Kelly Selden (@kellyselden), Jared Galanis (@jaredgalanis), Chris Thoburn (@runspired), Ilya Radchenko (@knownasilya), Robert Wagner (@rwwagner90), Gabor Babicz (@zeppelin), Chris Manson (@mansona), @redlizard, Patrick Pircher (@patricklx), Simon Ihmig (@simonihmig), Jonathan (@rondale-sc), Santhosh Venkata Rama Siva Thanakala Gani (@tgvrssanthosh), Geordan Neukum (@geneukum), Sam Van Campenhout (@Windvis), Chad Hietala (@chadhietala), Bert De Block (@bertdeblock), Adam Byrne (@misterbyrne), Steef Janssen (@SkoebaSteve), Bryan Mishkin (@bmish), David J. Hamilton (@hjdivad), and Anne-Greeth Schot-van Herwijnen (@MinThaMie) for their contributions to Ember and related repositories! 💖

🤓 Connect with us

Office Hours Tomster Mascot

Wondering about something related to Ember, Ember Data, Glimmer, or addons in the Ember ecosystem, but don't know where to ask? Readers’ Questions are just for you!

Submit your own short and sweet question under And don’t worry, there are no silly questions, we appreciate them all - promise! 🤞

Want to write for the Ember Times? Have a suggestion for next week's issue? Join us at #support-ember-times on the Ember Community Discord or ping us @embertimes on Twitter.

Keep on top of what's been going on in Emberland this week by subscribing to our e-mail newsletter! You can also find our posts on the Ember blog. See you in two weeks!

That's another wrap! ✨

Be kind,

Jared Galanis, Anne-Greeth Schot-van Herwijnen, Bryan Mishkin, Chris Ng and the Learning Team