[Snyk] Upgrade redux-saga from 1.3.0 to 1.4.2

[nejidevelops]

Snyk has created this PR to upgrade redux-saga from 1.3.0 to 1.4.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIME-10044504	452	Proof of Concept

Release notes

Package name: redux-saga

• 1.4.2 - 2025-10-21
  

  Patch Changes

  • Updated dependencies [d24e5e0]:
    • @ redux-saga/core@1.4.2
• 1.4.1 - 2025-10-21
  

  Patch Changes

  • #2714 1f10ddd Thanks @ Andarist! - Fixed TS types compatibility with "moduleResolution": "node".

  • Updated dependencies [1f10ddd]:

    • @ redux-saga/core@1.4.1
• 1.4.0 - 2025-10-21
  

  Minor Changes

  • #2416 6707228 Thanks @ Andarist! - exports field has been added to the package.json manifest. It limits what files can be imported from a package but we've tried our best to allow importing all the files that were considered to be a part of the public API.

  Patch Changes

  • Updated dependencies [6707228]:
    • @ redux-saga/core@1.4.0
• 1.3.0 - 2024-01-02
  

  Minor Changes

  • #2416 6707228 Thanks @ Andarist! - exports field has been added to the package.json manifest. It limits what files can be imported from a package but we've tried our best to allow importing all the files that were considered to be a part of the public API.

from redux-saga GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[gemini-code-assist]

Summary of Changes

Hello @nejidevelops, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request, automatically generated by Snyk, updates the redux-saga dependency to version 1.4.2. The primary motivation for this upgrade is to mitigate a known Regular Expression Denial of Service (ReDoS) vulnerability found in a transitive dependency, @babel/runtime. Beyond the security enhancement, this update also brings in recent improvements to redux-saga, such as better TypeScript type compatibility and modernized module export configurations. The changes involve updates to package.json and package-lock.json to reflect the new dependency versions and their associated transitive updates.

Highlights

• Dependency Upgrade: The redux-saga package has been upgraded from version 1.3.0 to 1.4.2.
• Security Fix: This upgrade addresses a 'Regular Expression Denial of Service (ReDoS)' vulnerability (SNYK-JS-BABELRUNTIME-10044504) with a medium severity score, found in a transitive dependency.
• Transitive Dependency Updates: Numerous transitive dependencies, including @babel/runtime and various ESLint-related packages, have been updated or added as part of this upgrade, reflecting a broader ecosystem update.
• New Features/Fixes in Redux-Saga: The new versions of redux-saga include fixes for TypeScript types compatibility and the addition of an exports field to package.json for better module resolution.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request, automatically generated by Snyk, upgrades redux-saga from version 1.3.0 to 1.4.2. This is an important update as it resolves a Regular Expression Denial of Service (ReDoS) vulnerability in a transitive dependency (@babel/runtime). The upgrade is a minor version bump, and based on the release notes and the project's usage of redux-saga, it should not introduce any breaking changes.

During the review of the package-lock.json changes, I noticed that the project uses node-sass, which is a deprecated package. I've added a comment with a recommendation to migrate to sass to avoid future maintenance and security issues.

Overall, the PR is good to merge to ensure the project's dependencies are secure.

[gemini-code-assist]

This PR's changes to package-lock.json highlight that node-sass is a dependency, which is deprecated and no longer maintained. The log message here also indicates this. node-sass can cause installation issues and will not receive security updates. It is highly recommended to migrate to sass (Dart Sass), which is the primary implementation of Sass and is actively maintained. You can do this by running npm uninstall node-sass and npm install sass.