skeleton@2026.4.1

Patch Changes

• Fix set-cookie-parser and cookie resolution warnings during dev by using Vite's nested dependency syntax (react-router > dep). These are CJS transitive dependencies of react-router that weren't resolvable by bare name with strict package managers like pnpm. (#3698) by @fredericoo

• Updated dependencies [f84ab400c62d89827574d0fa65ba310a2e75f36f]:

  • @Shopify/hydrogen@2026.4.1

@shopify/remix-oxygen@3.0.3

Patch Changes

• Deprecated @shopify/remix-oxygen. This package is a pass-through layer — all types and utilities it re-exports are available directly from react-router. For createRequestHandler, use @shopify/hydrogen/oxygen instead. For getStorefrontHeaders, use @shopify/hydrogen. (#3621) by @fredericoo

@shopify/hydrogen@2026.4.1

Patch Changes

• Fix cart operations failing on stores without VisitorConsent type (#3720) by @itsjustriley

  Cart operations (like cart.setMetafields()) were unconditionally including the visitorConsent parameter in GraphQL operations, even when not being used. This caused failures on stores whose Storefront API schema doesn't include the VisitorConsent type (older API versions or certain store configurations).

  The visitorConsent parameter is now only included in cart GraphQL operations when explicitly provided. This restores compatibility with stores that don't support the VisitorConsent type while preserving the feature for users who need it.

• Updated dependencies [f84ab400c62d89827574d0fa65ba310a2e75f36f]:

  • @shopify/hydrogen-react@2026.4.1

@shopify/hydrogen-react@2026.4.1

Patch Changes

• Fix cart operations failing on stores without VisitorConsent type (#3720) by @itsjustriley

  Cart operations (like cart.setMetafields()) were unconditionally including the visitorConsent parameter in GraphQL operations, even when not being used. This caused failures on stores whose Storefront API schema doesn't include the VisitorConsent type (older API versions or certain store configurations).

  The visitorConsent parameter is now only included in cart GraphQL operations when explicitly provided. This restores compatibility with stores that don't support the VisitorConsent type while preserving the feature for users who need it.

@shopify/create-hydrogen@5.0.35

Patch Changes

• Updated route scaffolding and JS transpilation to import from react-router instead of the deprecated @shopify/remix-oxygen. (#3621) by @fredericoo

• Fix set-cookie-parser and cookie resolution warnings during dev by using Vite's nested dependency syntax (react-router > dep). These are CJS transitive dependencies of react-router that weren't resolvable by bare name with strict package managers like pnpm. (#3698) by @fredericoo

@shopify/cli-hydrogen@11.1.16

Patch Changes

• Updated route scaffolding and JS transpilation to import from react-router instead of the deprecated @shopify/remix-oxygen. (#3621) by @fredericoo

• Fix set-cookie-parser and cookie resolution warnings during dev by using Vite's nested dependency syntax (react-router > dep). These are CJS transitive dependencies of react-router that weren't resolvable by bare name with strict package managers like pnpm. (#3698) by @fredericoo

@shopify/create-hydrogen@5.0.34

Patch Changes

• Update skeleton template to use @shopify/cli 3.93.2 (#3699) by @itsjustriley

@shopify/cli-hydrogen@11.1.15

Patch Changes

• Update skeleton template to use @shopify/cli 3.93.2 (#3699) by @itsjustriley

skeleton@2026.4.0

Major Changes

• Update Storefront API and Customer Account API from 2026-01 to 2026-04. (#3651) by @itsjustriley

  Breaking changes

  JSON metafield values limited to 128KB: When using API version 2026-04 or later, the Storefront API limits JSON type metafield writes to 128KB. This limit applies at the API level - Hydrogen passes through to the Storefront API without additional restriction. Apps that used JSON metafields before April 1, 2026 are grandfathered at the existing 2MB limit. Large metafield values continue to be readable by all API versions.

  New features

  New MERCHANDISE_LINE_TRANSFORMERS_RUN_ERROR cart error code: Cart operations (cartCreate, cartLinesAdd, etc.) now return a specific MERCHANDISE_LINE_TRANSFORMERS_RUN_ERROR error code when a Cart Transform Function fails at runtime, instead of the previous generic INVALID error code. If you handle cart errors in your storefront code, you may want to add handling for this new code.

  Changelog links

  • Storefront API 2026-04 changelog
  • Customer Account API 2026-04 changelog

Patch Changes

• Updated dependencies [e7215ed0d7a74cacfa8c935f414c1cf32fc2ccd0, 92ab8e8b59807bbdb5dbecaa18629292d5566135, b0caa5c013380c7837f049f48da089a1671e2c6d]:
  • @Shopify/hydrogen@2026.4.0

skeleton@2026.1.4

Patch Changes

• Remove redundant Storefront API proxy route from skeleton template. The server now automatically proxies requests to /api/:version/graphql.json via createRequestHandler with proxyStandardRoutes: true (enabled by default since December 2025). (#3572) by @itsjustriley

  Developers no longer need a manual route file for the tokenless Storefront API. Existing apps with this route can safely delete it - the server-level proxy provides the same functionality with better cookie forwarding and analytics integration.

• Updated dependencies [b0a75c1d759706931876f056662de2497cb3e688, a44ee3566b9bb9a7f43f05dfaae6f1f2ab1d548f]:

  • @Shopify/hydrogen@2026.1.4