v1.1.7

Ordinarily, I would not have released this, but it includes a backport of a security fix from v2.0.3. If you're stuck on v1.x, you should really update to this ASAP.

Bug fixes

• core: Workaround for Internet Explorer bug when running in an iframe
• Fix prototype pollution vulnerability in m.parseQueryString (#2523 @isiahmeadows @Hunter-Dolan)

v2.0.4

• Fix double-rendering of trusted content within contenteditable elements (#2516 @isiahmeadows)
• Fix error on m.trust updating (#2516 @isiahmeadows)

v2.0.3

• Ensure vnodes are removed correctly in the face of onbeforeremove resolving after new nodes are added (#2492 @isiahmeadows)
• Fix prototype pollution vulnerability in m.parseQueryString (#2494 @isiahmeadows)

v2.0.2 was skipped as it had a critical flaw and was immediately unpublished.

v2.0.1

This is really what v2.0.0 was supposed to be, but the npm upload got botched the first time around.

Breaking changes

• API: Component vnode children are not normalized into vnodes on ingestion; normalization only happens if and when they are ingested by the view (#2155 (thanks to @magikstm for related optimization #2064))
• API: m.redraw() is always asynchronous (#1592)
• API: m.mount() will only render its own root when called, it will not trigger a redraw() (#1592)
• API: Assigning to vnode.state (as in vnode.state = ...) is no longer supported. Instead, an error is thrown if vnode.state changes upon the invocation of a lifecycle hook.
• API: m.request will no longer reject the Promise on server errors (eg. status >= 400) if the caller supplies an extract callback. This gives applications more control over handling server responses.
• hyperscript: when attributes have a null or undefined value, they are treated as if they were absent. #1773 (#2174)
• API: m.request errors no longer copy response fields to the error, but instead assign the parsed JSON response to error.response and the HTTP status code error.code.
• hyperscript: when an attribute is defined on both the first and second argument (as a CSS selector and an attrs field, respectively), the latter takes precedence, except for class attributes that are still added together. #2172 (#2174)
• cast className using toString (#2309)
• render: call attrs' hooks last, with express exception of onbeforeupdate to allow attrs to block components from even diffing (#2297)
• API: m.withAttr removed. (#2317)
• request: data has now been split to params and body and useBody has been removed in favor of just using body. (#2361)
• route, request: Interpolated arguments are URL-escaped (and for declared routes, URL-unescaped) automatically. If you want to use a raw route parameter, use a variadic parameter like in /asset/:path.../view. This was previously only available in m.route route definitions, but it's now usable in both that and where paths are accepted. (#2361)
• route, request: Interpolated arguments are not appended to the query string. This means m.request({url: "/api/user/:id/get", params: {id: user.id}}) would result in a request like GET /api/user/1/get, not one like GET /api/user/1/get?id=1. If you really need it in both places, pass the same value via two separate parameters with the non-query-string parameter renamed, like in m.request({url: "/api/user/:urlID/get", params: {id: user.id, urlID: user.id}}). (#2361)
• route, request: m.route.set, m.request, and m.jsonp all use the same path template syntax now, and vary only in how they receive their parameters. Furthermore, declared routes in m.route shares the same syntax and semantics, but acts in reverse as if via pattern matching. (#2361)
• request: options.responseType now defaults to "json" if extract is absent, and deserialize receives the parsed response, not the raw string. If you want the old behavior, use responseType: "text". (#2335)
• request: set Content-Type: application/json; charset=utf-8 for all XHR methods by default, provided they have a body that's != null (#2361, #2421)
  • This can cause CORS issues when issuing GET with bodies, but you can address them through configuring CORS appropriately.
  • Previously, it was only set for all non-GET methods and only when useBody: true was passed (the default), and it was always set for them. Now it's automatically omitted when no body is present, so the hole is slightly broadened.
• route: query parameters in hash strings are no longer supported (#2448 @isiahmeadows)
  • It's technically invalid in hashes, so I'd rather push people to keep in line with spec.
• render: validate all elements are either keyed or unkeyed, and treat null/undefined/booleans as strictly unkeyed (#2452 @isiahmeadows)
  • Gives a nice little perf boost with keyed fragments.
  • Minor, but imperceptible impact (within the margin of error) with unkeyed fragments.
  • Also makes the model a lot more consistent - all values are either keyed or unkeyed.
• vnodes: normalize boolean children to null/undefined at the vnode level, always stringify non-object children that aren't holes (#2452 @isiahmeadows)
  • Previously, true was equivalent to "true" and false was equivalent to "".
  • Previously, numeric children weren't coerced. Now, they are.
  • Unlikely to break most components, but it could break some users.
  • This increases consistency with how booleans are handled with children, so it should be more intuitive.
• route: key parameter for routes now only works globally for components (#2458 @isiahmeadows)
  • Previously, it worked for route resolvers, too.
  • This lets you ensure global layouts used in render still render by diff.
• redraw: mithril/redraw now just exposes the m.redraw callback (#2458 @isiahmeadows)
  • The .schedule, .unschedule, and .render properties of the former redrawService are all removed.
  • If you want to know how to work around it, look at the call to mount in Mithril's source for m.route. That should help you in finding ways around the removed feature. (It doesn't take that much more code.)
• api: m.version has been removed. If you really need the version for whatever reason, just read the version field of mithril/package.json directly. (#2466 @isiahmeadows)
• route: m.route.prefix(...) is now m.route.prefix = .... (#2469 @isiahmeadows)
  • This is a fully fledged property, so you can not only write to it, but you can also read from it.
  • This aligns better with user intuition.
• route: m.route.link function removed in favor of m.route.Link component. (#2469 @isiahmeadows)
  • An optional options object is accepted as an attribute. This was initially targeting the old m.route.link function and was transferred to this. (#1930)
  • The new component handles many more edge cases around user interaction, including accessibility.
  • Link navigation can be disabled and cancelled.
  • Link targets can be trivially changed.

News

• Mithril now only officially supports IE11, Firefox ESR, and the last two versions of Chrome/FF/Edge/Safari. (#2296)
• API: Introduction of m.redraw.sync() (#1592)
• API: Event handlers may also be objects with handleEvent methods (#1949, #2222).
• API: m.request better error message on JSON parse error - (#2195, @codeclown)
• API: m.request supports timeout as attr - (#1966)
• API: m.request supports responseType as attr - (#2193)
• Mocks: add limited support for the DOMParser API (#2097)
• API: add support for raw SVG in m.trust() string (#2097)
• render/core: remove the DOM nodes recycling pool (#2122)
• render/core: revamp the core diff engine, and introduce a longest-increasing-subsequence-based logic to minimize DOM operations when re-ordering keyed nodes.
• docs: Emphasize Closure Components for stateful components, use them for all stateful component examples.
• API: ES module bundles are now available for mithril and mithril/stream (#2194 @porsager).
  • All of the m.* properties from mithril are re-exported as named exports in addition to being attached to m.
  • m() itself from mithril is exported as the default export.
  • mithril/stream's primary export is exported as the de...

(Unpublished)

When publishing, the npm upload got interrupted and it didn't publish properly. So I unpublished it. Don't try installing this version - it won't work!

v2.0.0-rc.9

This is a hotfix release for critical issues discovered in v2.0.0-rc.8.

• It did not previously censor magic attributes, causing lifecycle hooks to be double-called. #2471
• I named the m.route.Link selector argument component: when it should've been called selector:. #2475 (This is the only breaking change.)
• Routing prevention via ev.preventDefault() was critically broken, and button values and modifier state was incorrectly tested for. #2476

I also included various docs fixes in this release to clear up some confusion.

v2.0.0-rc

Breaking changes

• API: Component vnode children are not normalized into vnodes on ingestion; normalization only happens if and when they are ingested by the view (#2155 (thanks to @magikstm for related optimization #2064))
• API: m.redraw() is always asynchronous (#1592)
• API: m.mount() will only render its own root when called, it will not trigger a redraw() (#1592)
• API: Assigning to vnode.state (as in vnode.state = ...) is no longer supported. Instead, an error is thrown if vnode.state changes upon the invocation of a lifecycle hook.
• API: m.request will no longer reject the Promise on server errors (eg. status >= 400) if the caller supplies an extract callback. This gives applications more control over handling server responses.
• hyperscript: when attributes have a null or undefined value, they are treated as if they were absent. #1773 (#2174)
• API: m.request errors no longer copy response fields to the error, but instead assign the parsed JSON response to error.response and the HTTP status code error.code.
• hyperscript: when an attribute is defined on both the first and second argument (as a CSS selector and an attrs field, respectively), the latter takes precedence, except for class attributes that are still added together. #2172 (#2174)
• render: Align custom elements to work like normal elements, minus all the HTML-specific magic. (#2221)
• cast className using toString (#2309)
• render: call attrs' hooks first, with express exception of onbeforeupdate to allow attrs to block components from even diffing (#2297)
• API: m.withAttr removed. (#2317)
• request: data has now been split to params and body and useBody has been removed in favor of just using body. (#2361)
• route, request: Interpolated arguments are URL-escaped (and for declared routes, URL-unescaped) automatically. If you want to use a raw route parameter, use a variadic parameter like in /asset/:path.../view. This was previously only available in m.route route definitions, but it's now usable in both that and where paths are accepted. (#2361)
• route, request: Interpolated arguments are not appended to the query string. This means m.request({url: "/api/user/:id/get", params: {id: user.id}}) would result in a request like GET /api/user/1/get, not one like GET /api/user/1/get?id=1. If you really need it in both places, pass the same value via two separate parameters with the non-query-string parameter renamed, like in m.request({url: "/api/user/:urlID/get", params: {id: user.id, urlID: user.id}}). (#2361)
• route, request: m.route.set, m.request, and m.jsonp all use the same path template syntax now, and vary only in how they receive their parameters. Furthermore, declared routes in m.route shares the same syntax and semantics, but acts in reverse as if via pattern matching. (#2361)
• request: options.responseType now defaults to "json" if extract is absent, and deserialize receives the parsed response, not the raw string. If you want the old behavior, use responseType: "text". (#2335)
• request: set Content-Type: application/json; charset=utf-8 for all XHR methods by default, provided they have a body that's != null (#2361, #2421)
  • This can cause CORS issues when issuing GET with bodies, but you can address them through configuring CORS appropriately.
  • Previously, it was only set for all non-GET methods and only when useBody: true was passed (the default), and it was always set for them. Now it's automatically omitted when no body is present, so the hole is slightly broadened.
• route: query parameters in hash strings are no longer supported (#2448 @isiahmeadows)
  • It's technically invalid in hashes, so I'd rather push people to keep in line with spec.
• render: validate all elements are either keyed or unkeyed, and treat null/undefined/booleans as strictly unkeyed (#2452 @isiahmeadows)
  • Gives a nice little perf boost with keyed fragments.
  • Minor, but imperceptible impact (within the margin of error) with unkeyed fragments.
  • Also makes the model a lot more consistent - all values are either keyed or unkeyed.
• vnodes: normalize boolean children to null/undefined at the vnode level, always stringify non-object children that aren't holes (#2452 @isiahmeadows)
  • Previously, true was equivalent to "true" and false was equivalent to "".
  • Previously, numeric children weren't coerced. Now, they are.
  • Unlikely to break most components, but it could break some users.
  • This increases consistency with how booleans are handled with children, so it should be more intuitive.
• route: key parameter for routes now only works globally for components (#2458 @isiahmeadows)
  • Previously, it worked for route resolvers, too.
  • This lets you ensure global layouts used in render still render by diff.
• redraw: mithril/redraw now just exposes the m.redraw callback (#2458 @isiahmeadows)
  • The .schedule, .unschedule, and .render properties of the former redrawService are all removed.
  • If you want to know how to work around it, look at the call to mount in Mithril's source for m.route. That should help you in finding ways around the removed feature. (It doesn't take that much more code.)
• api: m.version has been removed. If you really need the version for whatever reason, just read the version field of mithril/package.json directly. (#2466 @isiahmeadows)
• route: m.route.prefix(...) is now m.route.prefix = .... (#2469 @isiahmeadows)
  • This is a fully fledged property, so you can not only write to it, but you can also read from it.
  • This aligns better with user intuition.
• route: m.route.link function removed in favor of m.route.Link component. (#2469 @isiahmeadows)
  • An optional options object is accepted as an attribute. This was initially targeting the old m.route.link function and was transferred to this. (#1930)
  • The new component handles many more edge cases around user interaction, including accessibility.
  • Link navigation can be disabled and cancelled.
  • Link targets can be trivially changed.
• API: Full DOM no longer required to execute require("mithril"). You just need to set the necessary globals to something, even if null or undefined, so they can be properly used. (#2469 @isiahmeadows)
  • This enables isomorphic use of m.route.Link and m.route.prefix.
  • This enables isomorphic use of m.request, provided the background: true option is set and that an XMLHttpRequest polyfill is included as necessary.
  • Note that methods requiring DOM operations will still throw errors, such as m.render(...), m.redraw(), and m.route(...).

News

• Mithril now only officially supports IE11, Firefox ESR, and the last two versions of Chrome/FF/Edge/Safari. (#2296)
• API: Introduction of m.redraw.sync() (#1592)
• API: Event handlers may also be objects with handleEvent methods (#1949, #2222).
• API: `m.reques...

v2.0.0-rc.8

🚨🚨🚨 This is the final release candidate. There will be no more breaking changes added between now and when v2.0.0 stable is released. What you see here is precisely what to expect from v2.0.0 beyond small bug fixes. 🚨🚨🚨

Few new bug fixes, but a few major breaking changes since v2.0.0-rc.7.

• require("mithril/redraw") now returns the m.redraw function directly. There is no longer any redrawService exposed in any way. #2458
• m.version no longer exists. In general, rely on feature detection, not version detection. #2466
• The m.route.link method has been replaced with the m.route.Link component, with a capital L. #2469
• The m.route.prefix method has been made a property instead. #2469

And a couple new features:

• You can use m.route.SKIP to skip a route from onmatch. #2469
• It's now safe to require("mithril") in environments that lack a full DOM implementation. You just need a few of the globals defined, even if just to null or undefined, to ensure proper instantiation. #2469

Breaking changes

• API: Component vnode children are not normalized into vnodes on ingestion; normalization only happens if and when they are ingested by the view (#2155 (thanks to @magikstm for related optimization #2064))
• API: m.redraw() is always asynchronous (#1592)
• API: m.mount() will only render its own root when called, it will not trigger a redraw() (#1592)
• API: Assigning to vnode.state (as in vnode.state = ...) is no longer supported. Instead, an error is thrown if vnode.state changes upon the invocation of a lifecycle hook.
• API: m.request will no longer reject the Promise on server errors (eg. status >= 400) if the caller supplies an extract callback. This gives applications more control over handling server responses.
• hyperscript: when attributes have a null or undefined value, they are treated as if they were absent. #1773 (#2174)
• API: m.request errors no longer copy response fields to the error, but instead assign the parsed JSON response to error.response and the HTTP status code error.code.
• hyperscript: when an attribute is defined on both the first and second argument (as a CSS selector and an attrs field, respectively), the latter takes precedence, except for class attributes that are still added together. #2172 (#2174)
• render: Align custom elements to work like normal elements, minus all the HTML-specific magic. (#2221)
• cast className using toString (#2309)
• render: call attrs' hooks first, with express exception of onbeforeupdate to allow attrs to block components from even diffing (#2297)
• API: m.withAttr removed. (#2317)
• request: data has now been split to params and body and useBody has been removed in favor of just using body. (#2361)
• route, request: Interpolated arguments are URL-escaped (and for declared routes, URL-unescaped) automatically. If you want to use a raw route parameter, use a variadic parameter like in /asset/:path.../view. This was previously only available in m.route route definitions, but it's now usable in both that and where paths are accepted. (#2361)
• route, request: Interpolated arguments are not appended to the query string. This means m.request({url: "/api/user/:id/get", params: {id: user.id}}) would result in a request like GET /api/user/1/get, not one like GET /api/user/1/get?id=1. If you really need it in both places, pass the same value via two separate parameters with the non-query-string parameter renamed, like in m.request({url: "/api/user/:urlID/get", params: {id: user.id, urlID: user.id}}). (#2361)
• route, request: m.route.set, m.request, and m.jsonp all use the same path template syntax now, and vary only in how they receive their parameters. Furthermore, declared routes in m.route shares the same syntax and semantics, but acts in reverse as if via pattern matching. (#2361)
• request: options.responseType now defaults to "json" if extract is absent, and deserialize receives the parsed response, not the raw string. If you want the old behavior, use responseType: "text". (#2335)
• request: set Content-Type: application/json; charset=utf-8 for all XHR methods by default, provided they have a body that's != null (#2361, #2421)
  • This can cause CORS issues when issuing GET with bodies, but you can address them through configuring CORS appropriately.
  • Previously, it was only set for all non-GET methods and only when useBody: true was passed (the default), and it was always set for them. Now it's automatically omitted when no body is present, so the hole is slightly broadened.
• route: query parameters in hash strings are no longer supported (#2448 @isiahmeadows)
  • It's technically invalid in hashes, so I'd rather push people to keep in line with spec.
• render: validate all elements are either keyed or unkeyed, and treat null/undefined/booleans as strictly unkeyed (#2452 @isiahmeadows)
  • Gives a nice little perf boost with keyed fragments.
  • Minor, but imperceptible impact (within the margin of error) with unkeyed fragments.
  • Also makes the model a lot more consistent - all values are either keyed or unkeyed.
• vnodes: normalize boolean children to null/undefined at the vnode level, always stringify non-object children that aren't holes (#2452 @isiahmeadows)
  • Previously, true was equivalent to "true" and false was equivalent to "".
  • Previously, numeric children weren't coerced. Now, they are.
  • Unlikely to break most components, but it could break some users.
  • This increases consistency with how booleans are handled with children, so it should be more intuitive.
• route: key parameter for routes now only works globally for components (#2458 @isiahmeadows)
  • Previously, it worked for route resolvers, too.
  • This lets you ensure global layouts used in render still render by diff.
• redraw: mithril/redraw now just exposes the m.redraw callback (#2458 @isiahmeadows)
  • The .schedule, .unschedule, and .render properties of the former redrawService are all removed.
  • If you want to know how to work around it, look at the call to mount in Mithril's source for m.route. That should help you in finding ways around the removed feature. (It doesn't take that much more code.)
• api: m.version has been removed. If you really need the version for whatever reason, just read the version field of mithril/package.json directly. (#2466 @isiahmeadows)
• route: m.route.prefix(...) is now m.route.prefix = .... (#2469 @isiahmeadows)
  • This is a fully fledged property, so you can not only write to it, but you can also read from it.
  • This aligns better with user intuition.
• route: m.route.link function removed in favor of m.route.Link component. (#2469 @isiahmeadows)
  • An optional options object is accepted as an attribute. This was initially targeting the old m.route.link function and was transferred to this. (#1930)
  • The new component handles many more edge cases around user interaction, including accessibility.
  • Link navigation can be disabled and cancelled.
  • Link targets can be trivially changed.
• API: Full DOM no longer required to execute require("mithril"). You just need to set the necessary globals to something, even if null or undefined, so they can be properly used. (#2469 @isiahmeadows)
  • This enables isomorphic use of m.route.Link and m.route.prefix.
  • This enables isomorphic use of m.request, provided the background: true option is set and that an XMLHttpRequest polyfill is included as necessary.
  • Note that methods req...

v2.0.0-rc.7

v2.0.0-rc.7

Several new bug fixes, including the dreaded Uncaught TypeError: Cannot read property 'onbeforeupdate' of undefined on Chrome, TypeError: vnode.state is undefined on Firefox, but there are also a few breaking changes since v2.0.0-rc.6:

• Paths no longer accept #a=b&c=d as equivalent to ?a=b&c=d. This aligns with the URL spec better, where # is itself illegal in URL fragments. #2448
• Fragments must either all contain keys or none contain keys. This is not only recommended by the docs, but also enforced by the framework itself. #2452
• null/undefined are no longer valid in keyed fragments. #2452
• true, false, and undefined are all normalized to null at the vnode level. Unlikely to break people, as the past behavior was so counterintuitive and inconsistent people actively avoided using it as it had a knack for creating subtle bugs. #2452

Breaking changes

• API: Component vnode children are not normalized into vnodes on ingestion; normalization only happens if and when they are ingested by the view (#2155 (thanks to @magikstm for related optimization #2064))
• API: m.redraw() is always asynchronous (#1592)
• API: m.mount() will only render its own root when called, it will not trigger a redraw() (#1592)
• API: Assigning to vnode.state (as in vnode.state = ...) is no longer supported. Instead, an error is thrown if vnode.state changes upon the invocation of a lifecycle hook.
• API: m.request will no longer reject the Promise on server errors (eg. status >= 400) if the caller supplies an extract callback. This gives applications more control over handling server responses.
• hyperscript: when attributes have a null or undefined value, they are treated as if they were absent. #1773 (#2174)
• API: m.request errors no longer copy response fields to the error, but instead assign the parsed JSON response to error.response and the HTTP status code error.code.
• hyperscript: when an attribute is defined on both the first and second argument (as a CSS selector and an attrs field, respectively), the latter takes precedence, except for class attributes that are still added together. #2172 (#2174)
• render: Align custom elements to work like normal elements, minus all the HTML-specific magic. (#2221)
• cast className using toString (#2309)
• render: call attrs' hooks first, with express exception of onbeforeupdate to allow attrs to block components from even diffing (#2297)
• API: m.withAttr removed. (#2317)
• request: data has now been split to params and body and useBody has been removed in favor of just using body. (#2361)
• route, request: Interpolated arguments are URL-escaped (and for declared routes, URL-unescaped) automatically. If you want to use a raw route parameter, use a variadic parameter like in /asset/:path.../view. This was previously only available in m.route route definitions, but it's now usable in both that and where paths are accepted. (#2361)
• route, request: Interpolated arguments are not appended to the query string. This means m.request({url: "/api/user/:id/get", params: {id: user.id}}) would result in a request like GET /api/user/1/get, not one like GET /api/user/1/get?id=1. If you really need it in both places, pass the same value via two separate parameters with the non-query-string parameter renamed, like in m.request({url: "/api/user/:urlID/get", params: {id: user.id, urlID: user.id}}). (#2361)
• route, request: m.route.set, m.request, and m.jsonp all use the same path template syntax now, and vary only in how they receive their parameters. Furthermore, declared routes in m.route shares the same syntax and semantics, but acts in reverse as if via pattern matching. (#2361)
• request: options.responseType now defaults to "json" if extract is absent, and deserialize receives the parsed response, not the raw string. If you want the old behavior, use responseType: "text". (#2335)
• request: set Content-Type: application/json; charset=utf-8 for all XHR methods by default, provided they have a body that's != null (#2361, #2421)
  • This can cause CORS issues when issuing GET with bodies, but you can address them through configuring CORS appropriately.
  • Previously, it was only set for all non-GET methods and only when useBody: true was passed (the default), and it was always set for them. Now it's automatically omitted when no body is present, so the hole is slightly broadened.
• route: query parameters in hash strings are no longer supported (#2448 @isiahmeadows)
  • It's technically invalid in hashes, so I'd rather push people to keep in line with spec.
• render: validate all elements are either keyed or unkeyed, and treat null/undefined/booleans as strictly unkeyed (#2452 @isiahmeadows)
  • Gives a nice little perf boost with keyed fragments.
  • Minor, but imperceptible impact (within the margin of error) with unkeyed fragments.
  • Also makes the model a lot more consistent - all values are either keyed or unkeyed.
• vnodes: normalize boolean children to null/undefined at the vnode level, always stringify non-object children that aren't holes (#2452 @isiahmeadows)
  • Previously, true was equivalent to "true" and false was equivalent to "".
  • Previously, numeric children weren't coerced. Now, they are.
  • Unlikely to break most components, but it could break some users.
  • This increases consistency with how booleans are handled with children, so it should be more intuitive.

News

• Mithril now only officially supports IE11, Firefox ESR, and the last two versions of Chrome/FF/Edge/Safari. (#2296)
• API: Introduction of m.redraw.sync() (#1592)
• API: Event handlers may also be objects with handleEvent methods (#1949, #2222).
• API: m.route.link accepts an optional options object (#1930)
• API: m.request better error message on JSON parse error - (#2195, @codeclown)
• API: m.request supports timeout as attr - (#1966)
• API: m.request supports responseType as attr - (#2193)
• Mocks: add limited support for the DOMParser API (#2097)
• API: add support for raw SVG in m.trust() string (#2097)
• render/core: remove the DOM nodes recycling pool (#2122)
• render/core: revamp the core diff engine, and introduce a longest-increasing-subsequence-based logic to minimize DOM operations when re-ordering keyed nodes.
• docs: Emphasize Closure Components for stateful components, use them for all stateful component examples.
• API: ES module bundles are now available for mithril and mithril/stream (#2194 @porsager).
  • All of the m.* properties from mithril are re-exported as named exports in addition to being attached to m.
  • m() itself from mithril is exported as the default export.
  • mithril/stream's primary export is exported as the default export.
• fragments: allow same attrs/children overloading logic as hyperscript (#2328)
• route: Declared routes may check against path names with query strings. (#2361)
• route: Declared routes in m.route now support - and . as delimiters for path segments. This means you can have a route like "/edit/:file.:ext". (#2361)
  • Previously, this was possible to do in m.route.set, m.request, and m.jsonp, but it was wholly untested for and also undocumented.
• API: m.buildPathname and `m.pars...

v2.0.0-rc.6

Note: this is a pure bug fix update. It includes #2421, but is otherwise basically the same as v2.0.0-rc.5.

Breaking changes

• API: Component vnode children are not normalized into vnodes on ingestion; normalization only happens if and when they are ingested by the view (#2155 (thanks to @magikstm for related optimization #2064))
• API: m.redraw() is always asynchronous (#1592)
• API: m.mount() will only render its own root when called, it will not trigger a redraw() (#1592)
• API: Assigning to vnode.state (as in vnode.state = ...) is no longer supported. Instead, an error is thrown if vnode.state changes upon the invocation of a lifecycle hook.
• API: m.request will no longer reject the Promise on server errors (eg. status >= 400) if the caller supplies an extract callback. This gives applications more control over handling server responses.
• hyperscript: when attributes have a null or undefined value, they are treated as if they were absent. #1773 (#2174)
• API: m.request errors no longer copy response fields to the error, but instead assign the parsed JSON response to error.response and the HTTP status code error.code.
• hyperscript: when an attribute is defined on both the first and second argument (as a CSS selector and an attrs field, respectively), the latter takes precedence, except for class attributes that are still added together. #2172 (#2174)
• render: Align custom elements to work like normal elements, minus all the HTML-specific magic. (#2221)
• cast className using toString (#2309)
• render: call attrs' hooks first, with express exception of onbeforeupdate to allow attrs to block components from even diffing (#2297)
• API: m.withAttr removed. (#2317)
• request: data has now been split to params and body and useBody has been removed in favor of just using body. (#2361)
• route, request: Interpolated arguments are URL-escaped (and for declared routes, URL-unescaped) automatically. If you want to use a raw route parameter, use a variadic parameter like in /asset/:path.../view. This was previously only available in m.route route definitions, but it's now usable in both that and where paths are accepted. (#2361)
• route, request: Interpolated arguments are not appended to the query string. This means m.request({url: "/api/user/:id/get", params: {id: user.id}}) would result in a request like GET /api/user/1/get, not one like GET /api/user/1/get?id=1. If you really need it in both places, pass the same value via two separate parameters with the non-query-string parameter renamed, like in m.request({url: "/api/user/:urlID/get", params: {id: user.id, urlID: user.id}}). (#2361)
• route, request: m.route.set, m.request, and m.jsonp all use the same path template syntax now, and vary only in how they receive their parameters. Furthermore, declared routes in m.route shares the same syntax and semantics, but acts in reverse as if via pattern matching. (#2361)
• request: options.responseType now defaults to "json" if extract is absent, and deserialize receives the parsed response, not the raw string. If you want the old behavior, use responseType: "text". (#2335)
• request: set Content-Type: application/json; charset=utf-8 for all XHR methods by default, provided they have a body that's != null (#2361, #2421)
  • This can cause CORS issues when issuing GET with bodies, but you can address them through configuring CORS appropriately.
  • Previously, it was only set for all non-GET methods and only when useBody: true was passed (the default), and it was always set for them. Now it's automatically omitted when no body is present, so the hole is slightly broadened.

News

• Mithril now only officially supports IE11, Firefox ESR, and the last two versions of Chrome/FF/Edge/Safari. (#2296)
• API: Introduction of m.redraw.sync() (#1592)
• API: Event handlers may also be objects with handleEvent methods (#1949, #2222).
• API: m.route.link accepts an optional options object (#1930)
• API: m.request better error message on JSON parse error - (#2195, @codeclown)
• API: m.request supports timeout as attr - (#1966)
• API: m.request supports responseType as attr - (#2193)
• Mocks: add limited support for the DOMParser API (#2097)
• API: add support for raw SVG in m.trust() string (#2097)
• render/core: remove the DOM nodes recycling pool (#2122)
• render/core: revamp the core diff engine, and introduce a longest-increasing-subsequence-based logic to minimize DOM operations when re-ordering keyed nodes.
• docs: Emphasize Closure Components for stateful components, use them for all stateful component examples.
• API: ES module bundles are now available for mithril and mithril/stream (#2194 @porsager).
  • All of the m.* properties from mithril are re-exported as named exports in addition to being attached to m.
  • m() itself from mithril is exported as the default export.
  • mithril/stream's primary export is exported as the default export.
• fragments: allow same attrs/children overloading logic as hyperscript (#2328)
• route: Declared routes may check against path names with query strings. (#2361)
• route: Declared routes in m.route now support - and . as delimiters for path segments. This means you can have a route like "/edit/:file.:ext". (#2361)
  • Previously, this was possible to do in m.route.set, m.request, and m.jsonp, but it was wholly untested for and also undocumented.
• API: m.buildPathname and m.parsePathname added. (#2361)

Bug fixes

• API: m.route.set() causes all mount points to be redrawn (#1592)
• render/attrs: Using style objects in hyperscript calls will now properly diff style properties from one render to another as opposed to re-writing all element style properties every render.
• render/attrs All vnodes attributes are properly removed when absent or set to null or undefined #1804 #2082 (#1865, #2130)
• render/core: Render state correctly on select change event #1916 (#1918 @robinchew, #2052)
• render/core: fix various updateNodes/removeNodes issues when the pool and fragments are involved #1990, #1991, #2003, #2021
• render/core: fix crashes when the keyed vnodes with the same key had different tag values #2128 @JacksonJN (#2130)
• render/core: fix cached nodes behavior in some keyed diff scenarios #2132 (#2130)
• render/events: addEventListener and removeEventListener are always used to manage event subscriptions, preventing external interference.
• render/events: Event listeners allocate less memory, swap at low cost, and are properly diffed now when rendered via m.mount()/m.redraw().
• render/events: Object.prototype properties can no longer interfere with event listener calls.
• render/events: Event handlers, when set to literally undefined (or any non-function), are now correctly removed.
• render/hooks: fixed an ommission that ...

v2.0.0-rc.5

PSA: ESM builds have been dropped from v2.0 as of #2366. Please update your scripts accordingly, as only CommonJS is supported until we can figure out a way to enable ES module support in a way that doesn't break everyone. (I've had to help troubleshoot way too many Webpack issues to feel comfortable with side-by-side support.)

If all goes well with this release candidate, it will go stable as you see it now.

Breaking changes

• API: Component vnode children are not normalized into vnodes on ingestion; normalization only happens if and when they are ingested by the view (#2155 (thanks to @magikstm for related optimization #2064))
• API: m.redraw() is always asynchronous (#1592)
• API: m.mount() will only render its own root when called, it will not trigger a redraw() (#1592)
• API: Assigning to vnode.state (as in vnode.state = ...) is no longer supported. Instead, an error is thrown if vnode.state changes upon the invocation of a lifecycle hook.
• API: m.request will no longer reject the Promise on server errors (eg. status >= 400) if the caller supplies an extract callback. This gives applications more control over handling server responses.
• hyperscript: when attributes have a null or undefined value, they are treated as if they were absent. #1773 (#2174)
• API: m.request errors no longer copy response fields to the error, but instead assign the parsed JSON response to error.response and the HTTP status code error.code.
• hyperscript: when an attribute is defined on both the first and second argument (as a CSS selector and an attrs field, respectively), the latter takes precedence, except for class attributes that are still added together. #2172 (#2174)
• render: Align custom elements to work like normal elements, minus all the HTML-specific magic. (#2221)
• cast className using toString (#2309)
• render: call attrs' hooks first, with express exception of onbeforeupdate to allow attrs to block components from even diffing (#2297)
• API: m.withAttr removed. (#2317)
• request: data has now been split to params and body and useBody has been removed in favor of just using body. (#2361)
• route, request: Interpolated arguments are URL-escaped (and for declared routes, URL-unescaped) automatically. If you want to use a raw route parameter, use a variadic parameter like in /asset/:path.../view. This was previously only available in m.route route definitions, but it's now usable in both that and where paths are accepted. (#2361)
• route, request: Interpolated arguments are not appended to the query string. This means m.request({url: "/api/user/:id/get", params: {id: user.id}}) would result in a request like GET /api/user/1/get, not one like GET /api/user/1/get?id=1. If you really need it in both places, pass the same value via two separate parameters with the non-query-string parameter renamed, like in m.request({url: "/api/user/:urlID/get", params: {id: user.id, urlID: user.id}}). (#2361)
• route, request: m.route.set, m.request, and m.jsonp all use the same path template syntax now, and vary only in how they receive their parameters. Furthermore, declared routes in m.route shares the same syntax and semantics, but acts in reverse as if via pattern matching. (#2361)
• request: options.responseType now defaults to "json" if extract is absent, and deserialize receives the parsed response, not the raw string. If you want the old behavior, use responseType: "text". (#2335)

News

• Mithril now only officially supports IE11, Firefox ESR, and the last two versions of Chrome/FF/Edge/Safari. (#2296)
• API: Introduction of m.redraw.sync() (#1592)
• API: Event handlers may also be objects with handleEvent methods (#1949, #2222).
• API: m.route.link accepts an optional options object (#1930)
• API: m.request better error message on JSON parse error - (#2195, @codeclown)
• API: m.request supports timeout as attr - (#1966)
• API: m.request supports responseType as attr - (#2193)
• Mocks: add limited support for the DOMParser API (#2097)
• API: add support for raw SVG in m.trust() string (#2097)
• render/core: remove the DOM nodes recycling pool (#2122)
• render/core: revamp the core diff engine, and introduce a longest-increasing-subsequence-based logic to minimize DOM operations when re-ordering keyed nodes.
• docs: Emphasize Closure Components for stateful components, use them for all stateful component examples.
• API: ES module bundles are now available for mithril and mithril/stream (#2194 @porsager).
  • All of the m.* properties from mithril are re-exported as named exports in addition to being attached to m.
  • m() itself from mithril is exported as the default export.
  • mithril/stream's primary export is exported as the default export.
• fragments: allow same attrs/children overloading logic as hyperscript (#2328)
• route: Declared routes may check against path names with query strings. (#2361)
• route: Declared routes in m.route now support - and . as delimiters for path segments. This means you can have a route like "/edit/:file.:ext". (#2361)
  • Previously, this was possible to do in m.route.set, m.request, and m.jsonp, but it was wholly untested for and also undocumented.
• API: m.buildPathname and m.parsePathname added. (#2361)

Bug fixes

• API: m.route.set() causes all mount points to be redrawn (#1592)
• render/attrs: Using style objects in hyperscript calls will now properly diff style properties from one render to another as opposed to re-writing all element style properties every render.
• render/attrs All vnodes attributes are properly removed when absent or set to null or undefined #1804 #2082 (#1865, #2130)
• render/core: Render state correctly on select change event #1916 (#1918 @robinchew, #2052)
• render/core: fix various updateNodes/removeNodes issues when the pool and fragments are involved #1990, #1991, #2003, #2021
• render/core: fix crashes when the keyed vnodes with the same key had different tag values #2128 @JacksonJN (#2130)
• render/core: fix cached nodes behavior in some keyed diff scenarios #2132 (#2130)
• render/events: addEventListener and removeEventListener are always used to manage event subscriptions, preventing external interference.
• render/events: Event listeners allocate less memory, swap at low cost, and are properly diffed now when rendered via m.mount()/m.redraw().
• render/events: Object.prototype properties can no longer interfere with event listener calls.
• render/events: Event handlers, when set to literally undefined (or any non-function), are now correctly removed.
• render/hooks: fixed an ommission that caused oninit to be called unnecessarily in some cases #1992
• docs: tweaks: (#2104 @mikeyb, [#2205](https://github.com/MithrilJ...