[Snyk] Upgrade react-redux from 8.0.5 to 8.1.3 #126
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade react-redux from 8.0.5 to 8.1.3. See this package in npm: react-redux See this project in Snyk: https://app.snyk.io/org/dmgcoder/project/3c51af6e-6290-4959-95d3-7908d4e13201?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade react-redux from 8.0.5 to 8.1.3.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 6 versions ahead of your current version.
The recommended version was released a year ago.
Issues fixed by the recommended upgrade:
SNYK-JS-MICROMATCH-6838728
SNYK-JS-HTTPPROXYMIDDLEWARE-8229906
SNYK-JS-LOADERUTILS-3043105
SNYK-JS-SEMVER-3247795
SNYK-JS-WEBPACK-3358798
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555
SNYK-JS-WS-7266574
SNYK-JS-SEMVER-3247795
SNYK-JS-SEMVER-3247795
SNYK-JS-SEMVER-3247795
SNYK-JS-BODYPARSER-7926860
SNYK-JS-BRACES-6838727
SNYK-JS-CROSSSPAWN-8303230
SNYK-JS-SOCKJS-548397
SNYK-JS-EXPRESS-6474509
SNYK-JS-MINIMATCH-3050818
SNYK-JS-EXPRESS-7926867
SNYK-JS-NANOID-8492085
SNYK-JS-PATHTOREGEXP-7925106
SNYK-JS-PATHTOREGEXP-8482416
SNYK-JS-JSON5-3182856
SNYK-JS-LOADERUTILS-3042992
SNYK-JS-LOADERUTILS-3105943
SNYK-JS-ROLLUP-8073097
SNYK-JS-LOADERUTILS-3042992
SNYK-JS-LOADERUTILS-3105943
SNYK-JS-WEBPACK-7840298
npm:node-uuid:20111130
npm:node-uuid:20160328
SNYK-JS-AXIOS-6671926
SNYK-JS-CONNECT-5846225
npm:connect:20120107
npm:connect:20130701
SNYK-JS-EJS-6689533
SNYK-JS-SOCKJS-575261
SNYK-JS-WORDWRAP-3149973
SNYK-JS-SEND-7926862
SNYK-JS-SERVESTATIC-7926865
Release notes
Package name: react-redux
-
8.1.3 - 2023-10-01
- Add stack to dev mode checks by @ EskiMojo14 in #2064
- Fix useSelector() in combination with lazy loaded components breaks with react v18 (#1977) by @ jeroenpx in #2068
-
8.1.2 - 2023-07-29
- The behaviour of the "React Context Singletons" from 8.1.1 has been adjusted to also work if you have multiple React instances of the same version (those will now be separated) and if you are in an environment without
- We do no longer use Proxies, which should help with some very outdated consumers, e.g. smart TVs, that cannot even polyfill Proxies.
-
8.1.1 - 2023-06-21
- fix: fix typescript error on non exported type by @ luzzif in #2034
- create singleton context by React version by @ phryneas in #2039
- remove RTK peerDep by @ markerikson in 44fc725
-
8.1.0 - 2023-06-13
- Selectors will be called twice with the same inputs, and
- check for Provider even when using custom context by @ EskiMojo14 in #1990
- Add a stability check, to see if selector returns stable result when called with same parameters. by @ EskiMojo14 in #2000
- Add an E2E-ish test that verifies behavior when imported into RSCs by @ markerikson in #2030
- lazily create Context for RSC compat by @ phryneas in #2025
- Add warning for selectors that return the entire state by @ EskiMojo14 in #2022
-
8.0.7 - 2023-05-31
- Bump Redux peer deps to accept 5.0 betas, and bump RTK dev dep by @ markerikson in #2017
- d45204f : Fix broken RTK peer dep
-
8.0.6 - 2023-05-30
- Bump Redux peer deps to accept 5.0 betas, and bump RTK dev dep by @ markerikson in #2017
-
8.0.5 - 2022-11-04
- wrap
- Fix wrapped component prop types when passing nullish mapDispatchToProps by @ marconi1992 in #1928
from react-redux GitHub release notesThis bugfix release fixes an issue with subscriptions being lost when lazy-loaded components are used with React Suspense, and includes stack traces in
useSelectorusage warnings .What's Changed
Full Changelog: v8.1.2...v8.1.3
This version changes imports from the React package to namespace imports so the package can safely be imported in React Server Components as long as you don't actually use it - this is for example important if you want to use the React-specifc
createApifunction from Redux Toolkit.Some other changes:
globalThis(in this case it will fall back to the previous behaviour).Full Changelog: v8.1.1...v8.1.2
This bugfix release tweaks the recent lazy context setup logic to ensure a single React context instance per React version, and removes the recently added RTK peerdep to fix an issue with Yarn workspaces.
Changelog
React Context Singletons
React Context has always relied on reference identity. If you have two different copies of React or a library in a page, that can cause multiple versions of a context instance to be created, leading to problems like the infamous "Could not find react-redux context" error.
In v8.1.0, we reworked the internals to lazily create our single
ReactReduxContextinstance to avoid issues in a React Server Components environment.This release further tweaks that to stash a single context instance per React version found in the page, thus hopefully avoiding the "multiple copies of the same context" error in the future.
What's Changed
Full Changelog: v8.1.0...v8.1.1
This feature release adds new development-mode safety checks for common errors (like poorly-written selectors), adds a workaround to fix crash errors when React-Redux hooks are imported into React Server Component files, and updates our hooks API docs page with improved explanations and updated links.
Changelog
Development Mode Checks for
useSelectorWe've had a number of users tell us over time that it's common to accidentally write selectors that have bad behavior and cause performance issues. The most common causes of this are either selectors that unconditionally return a new reference (such as
state => state.todos.map()without any memoization ), or selectors that actually return the entire root state (state => state).We've updated
useSelectorto add safety checks in development mode that warn if these incorrect behaviors are detected:useSelectorwill warn if the results are different referencesuseSelectorwill warn if the selector result is actually the entire rootstateBy default, these checks only run once the first time
useSelectoris called. This should provide a good balance between detecting possible issues, and keeping development mode execution performant without adding many unnecessary extra selector calls.If you want, you can configure this behavior globally by passing the enum flags directly to
<Provider>, or on a per-useSelectorbasis by passing an options object as the second argument:This goes along with the similar safety checks we've added to Reselect v5 alpha as well.
Context Changes
We're still trying to work out how to properly use Redux and React Server Components together. One possibility is using RTK Query's
createApito define data fetching endpoints, and using the generated thunks to fetch data in RSCs, but it's still an open question.However, users have reported that merely importing any React-Redux API in an RSC file causes a crash, because
React.createContextis not defined in RSC files. RTKQ's React-specificcreateApientry point imports React-Redux, so it's been unusable in RSCs.This release adds a workaround to fix that issue, by using a proxy wrapper around our singleton
ReactReduxContextinstance and lazily creating that instance on demand. In testing, this appears to both continue to work in all unit tests, and fixes the import error in an RSC environment. We'd appreciate further feedback in case this change does cause any issues for anyone!We've also tweaked the internals of the hooks to do checks for correct
<Provider>usage when using a custom context, same as the default context checks.Docs Updates
We've cleaned up some of the Hooks API reference page, and updated links to the React docs.
What's Changed
Full Changelog: v8.0.7...v8.1.0
This release updates the peer dependencies to accept Redux Toolkit, and accept the ongoing RTK and Redux core betas as valid peer deps.
What's Changed
Full Changelog: v8.0.5...v8.0.7
This release updates the peer dependencies to accept Redux Toolkit, and accept the ongoing RTK and Redux core betas as valid peer deps.This release has a peer deps typo that breaks installation - please use 8.0.7 instead !
What's Changed
Full Changelog: v8.0.5...v8.0.6
This release fixes a few minor TS issues.
What's Changed
Provider: pass state (S) generic through toProviderPropsby @ OliverJAsh in #1960equalityFntype inNoInferby @ phryneas in #1965Full Changelog: v8.0.4...v8.0.5
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: