fix(deps): update dependency @shopify/shopify-app-remix to v4

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@shopify/shopify-app-remix (source)	^3.4.0 → ^4.0.0

---

Release Notes

Shopify/shopify-app-js (@​shopify/shopify-app-remix)

v4.1.0

Minor Changes

• f4beba1: We are introducing support for expiring offline access tokens. This feature improves security by limiting the lifespan of offline access tokens and automatically refreshing them using refresh tokens.

  • New Future Flag: Added expiringOfflineAccessTokens (boolean) to the future configuration in shopifyApp. When enabled, the library will start using expiring offline tokens and automatically check if it is expired or nearing expiration. If expired/expiring, it attempts to refresh the access token using the stored refresh token. Defaults to false for backward compatibility.
  • Automatic Token Refresh: Integrated token refresh logic into authentication flows (flow, fulfillmentService, appProxy, webhooks) and unauthenticated contexts (admin, storefront). When a session is loaded and found to be expired (or expiring within 5 minutes), and the feature is enabled, the library transparently refreshes the token and persists the new session data. This behavior applies to both offline and online tokens.

  To enable expiring offline access tokens in your app, you must ensure your session storage can persist refresh tokens. For now, this will only work if you are using the Prisma Session Storage package. We're starting with Prisma since this is what the majority of our developers use. If you're using a different session storage adapter and would like support for expiring offline tokens, we'd love to hear from you! If you are using Prisma, follow these steps:

  1. Update your @shopify/shopify-api and @shopify/shopify-app-session-storage-prisma packages to the latest version.
  2. Update your Prisma schema to include the refreshToken and refreshTokenExpires fields in the Session model:

  model Session {
    // ...
    refreshToken        String?
    refreshTokenExpires DateTime?
  }

  3. Run a migration to update your database:

  npx prisma migrate dev

  4. Update the generated types to include the new fields:

  npx prisma generate

  5. Enable the future flag in your app configuration:

  const shopify = shopifyApp({
    // ... other config
    future: {
      expiringOfflineAccessTokens: true,
    },
  });

  When enabled, calls to shopify.authenticate.admin, shopify.authenticate.flow, etc., will automatically handle token refreshing for offline sessions.

Patch Changes

• Updated dependencies [a6a13bf]
• Updated dependencies [f1af47e]
  • @​shopify/shopify-api@​12.2.0
  • @​shopify/shopify-app-session-storage@​4.0.4

v4.0.6

Patch Changes

• Updated dependencies [98f1be9]
  • @​shopify/shopify-api@​12.1.2
  • @​shopify/shopify-app-session-storage@​4.0.3

v4.0.5

Patch Changes

• Updated dependencies [b3716f8]
  • @​shopify/shopify-api@​12.1.1
  • @​shopify/shopify-app-session-storage@​4.0.2

v4.0.4

Patch Changes

• Updated dependencies [a6c4fed]
  • @​shopify/shopify-api@​12.1.0
  • @​shopify/shopify-app-session-storage@​4.0.1

v4.0.3

Patch Changes

• e9e5736: Test Release

v4.0.2

Patch Changes

• aad39bd: Make it clear that you should use @shopify/shopify-app-react-router

  Only use @shopify/shopify-app-remix if you have an existing Remix app and have not yet upgraded.

  If you are building a new Shopify app you should use React Router and not Remix. Please see the Quick start guide for React Router.

  If you already have a Remix app, you should upgrade to React Router. Please see the Upgrading to React Router guide.

v4.0.1

Patch Changes

• 7488abc: [AppProvider] - automatically handle the "shopify:navigate" event for Remix apps using Polaris Web Components. If using Polars React, this has no effect.

v4.0.0

Major Changes

• dc41d09: Require Node >= v20.10.0. Remove crypto dependency in favor of globalThis.crypto

  If you are using Node, make sure you are using Node version 20 or above

  If you are using setCrypto from '@​shopify/shopify-api' you can remove this code.

• d7bd799: Remove REST entirely.

  9 months ago in version 3.5.0 we signalled our intent to remove REST (Shopify is all-in on GraphQL). At that time we added the removeRest flag to allow the small percentage of Remix apps that use REST to gradually migrate to GraphQL in preparation for this version.

  The time has now come to remove REST entirely from the Remix package. As such, you will need to migrate any remaining REST queries to GraphQL.

  If you previously adopted the removeRest flag, you'll need to remove that flag.

  BEFORE:

  import {shopifyApp} from '@​shopify/shopify-app-remix/server';
  
  const shopify = shopifyApp({
    future: {
      unstable_newEmbeddedAuthStrategy: true,
      removeRest: true,
    },
    // ...etc
  });

  AFTER:

  import {shopifyApp} from '@​shopify/shopify-app-remix/server';
  
  const shopify = shopifyApp({
    future: {
      unstable_newEmbeddedAuthStrategy: true,
    },
    // ...etc
  });

  If you have any REST queries in your app, you'll need to migrate those to GraphQL.

  BEFORE:

  import {json} from '@​remix-run/node';
  import {authenticate} from '../shopify.server';
  
  export const loader = async ({request}) => {
    const {admin} = await authenticate.admin(request);
  
    const response = await admin.rest.get({
      path: '/customers/count.json',
    });
    const customers = await response.json();
  
    return json({customers});
  };

  AFTER:

  import {json} from '@​remix-run/node';
  import {authenticate} from '../shopify.server';
  
  export const loader = async ({request}) => {
    const {admin} = await authenticate.admin(request);
  
    const response = await admin.graphql(QUERY);
    const customers = await response.json();
  
    return json({customers});
  };

  Please see the REST to GraphQL Migration guide for more detailed REST to GraphQL examples.

• 762224d: The LATEST_API_VERSION and RELEASE_CANDIDATE_API_VERSION constants have been removed from the package. The apiVersion parameter is now required in the shopifyApp configuration.

  We are making this change to ensure the API versions do not change without the developer explicitly opting into the new version. This removes the potential for apps to break unexpectedly and should reduce overall maintenance.

Migration Steps

Step 1: Update Your Imports

Before:

import {
  LATEST_API_VERSION,
  shopifyApp,
} from '@​shopify/shopify-app-remix/server';
// or
import {
  RELEASE_CANDIDATE_API_VERSION,
  shopifyApp,
} from '@​shopify/shopify-app-remix/server';

After:

import {ApiVersion, shopifyApp} from '@​shopify/shopify-app-remix/server';

Step 2: Update Your Configuration

Before:

const shopify = shopifyApp({
  apiKey: process.env.SHOPIFY_API_KEY!,
  apiSecretKey: process.env.SHOPIFY_API_SECRET!,
  scopes: process.env.SCOPES?.split(',')!,
  appUrl: process.env.SHOPIFY_APP_URL!,
  apiVersion: LATEST_API_VERSION, // or omitted entirely
});

After:

const shopify = shopifyApp({
  apiKey: process.env.SHOPIFY_API_KEY!,
  apiSecretKey: process.env.SHOPIFY_API_SECRET!,
  scopes: process.env.SCOPES?.split(',')!,
  appUrl: process.env.SHOPIFY_APP_URL!,
  apiVersion: ApiVersion.July25, // Now required - choose your desired version
});

Patch Changes

• 79b2fbe: Swap semver package for compare-versions package. Compare versions is a lighter weight and suits the packages needs just fine
• Updated dependencies [dc41d09]
• Updated dependencies [c3005a6]
• Updated dependencies [dc41d09]
• Updated dependencies [a5be0d0]
• Updated dependencies [6606d39]
• Updated dependencies [48d3631]
• Updated dependencies [7d8aa81]
• Updated dependencies [089f4fd]
• Updated dependencies [dc41d09]
  • @​shopify/shopify-api@​12.0.0
  • @​shopify/shopify-app-session-storage@​4.0.0

---

Configuration

📅 Schedule: Branch creation - "on monday before 8am" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: examples/shopify-integration/package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm.
npm warn Unknown project config "auto-install-peers". This will stop working in the next major version of npm.
npm warn Unknown project config "shamefully-hoist". This will stop working in the next major version of npm.
npm warn Unknown project config "enable-pre-post-scripts". This will stop working in the next major version of npm.
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: @remix-run/dev@2.17.1
npm error Found: vite@7.1.7
npm error node_modules/vite
npm error   dev vite@"^7.0.0" from the root project
npm error   vite@"^5.0.0 || ^6.0.0 || ^7.0.0-0" from vite-node@3.2.4
npm error   node_modules/@remix-run/dev/node_modules/vite-node
npm error     vite-node@"^3.1.3" from @remix-run/dev@2.17.1
npm error     node_modules/@remix-run/dev
npm error       @remix-run/dev@"^2.7.1" from the root project
npm error       2 more (@remix-run/fs-routes, @remix-run/route-config)
npm error   1 more (vite-tsconfig-paths)
npm error
npm error Could not resolve dependency:
npm error peerOptional vite@"^5.1.0 || ^6.0.0" from @remix-run/dev@2.17.1
npm error node_modules/@remix-run/dev
npm error   @remix-run/dev@"^2.7.1" from the root project
npm error   peer @remix-run/dev@"^2.17.0" from @remix-run/fs-routes@2.17.1
npm error   node_modules/@remix-run/fs-routes
npm error     @remix-run/fs-routes@"^2.15.0" from the root project
npm error   1 more (@remix-run/route-config)
npm error
npm error Conflicting peer dependency: vite@6.4.1
npm error node_modules/vite
npm error   peerOptional vite@"^5.1.0 || ^6.0.0" from @remix-run/dev@2.17.1
npm error   node_modules/@remix-run/dev
npm error     @remix-run/dev@"^2.7.1" from the root project
npm error     peer @remix-run/dev@"^2.17.0" from @remix-run/fs-routes@2.17.1
npm error     node_modules/@remix-run/fs-routes
npm error       @remix-run/fs-routes@"^2.15.0" from the root project
npm error     1 more (@remix-run/route-config)
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2026-01-08T17_11_16_622Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2026-01-08T17_11_16_622Z-debug-0.log