Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade react-redux from 7.2.7 to 8.0.5 #117

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented May 3, 2023

Snyk has created this PR to upgrade react-redux from 7.2.7 to 8.0.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 17 versions ahead of your current version.
  • The recommended version was released 6 months ago, on 2022-11-04.
Release notes
Package name: react-redux
  • 8.0.5 - 2022-11-04

    This release fixes a few minor TS issues.

    What's Changed

    Full Changelog: v8.0.4...v8.0.5

  • 8.0.4 - 2022-09-23

    This patch release fixes some minor TS types issues, and updates the rarely-used areStatesEqual option for connect to now pass through ownProps for additional use in determining which pieces of state to compare if desired.

    Note: 8.0.3 was accidentally published without one of these fixes. Use 8.0.4 instead.

    Changelog

    TS Fixes

    We've fixed an import of React that caused issues with the allowSyntheticDefaultImports TS compiler flag in user projects.

    connect already accepted a custom context instance as props.context, and had runtime checks in case users were passing through a real value with app data as props.context instead. However, the TS types did not handle that case, and this would fail to compile. If your own component expects props.context with actual data, connect's types now use that type instead.

    The ConnectedProps<T> type had a mismatch with React's built-in React.ComponentProps<Component> type, and that should now work correctly.

    Other Changes

    The areStatesEqual option to connect now receives ownProps as well, in case you need to make a more specific comparison with certain sections of state.

    The new signature is:

    {
      areStatesEqual?: (
        nextState: State,
        prevState: State,
        nextOwnProps: TOwnProps,
        prevOwnProps: TOwnProps
      ) => boolean
    }

    What's Changed

    • Don't require allowSyntheticDefaultImports: true by @ apepper in #1924
    • Fixed type issue with ComponentProps from older @ types/react by @ Andarist in #1956
    • connect: pass ownProps to areStatesEqual by @ jspurlin in #1951
    • Omit built-in context prop if user component props include context by @ markerikson in #1958

    Full Changelog: v8.0.2...v8.0.4

  • 8.0.3 - 2022-09-23

    This release was accidentally published without an intended fix - please use v8.0.4 instead

  • 8.0.2 - 2022-05-22

    This patch release tweaks the behavior of connect to print a one-time warning when the obsolete pure option is passed in, rather than throwing an error. This fixes crashes caused by libraries such as react-beautiful-dnd continuing to pass in that option (unnecessarily) to React-Redux v8.

    What's Changed

    • Show warning instead of throwing error that pure option has been removed by @ ApacheEx in #1922

    Full Changelog: v8.0.1...v8.0.2

  • 8.0.1 - 2022-04-20

    This release fixes an incorrect internal import of our Subscription type, which was causing TS compilation errors in some user projects. We've also listed @ types/react-dom as an optional peerDep. There are no runtime changes in this release.

    What's Changed

    • Add optional peer dependency on @ types/react-dom by @ Methuselah96 in #1904
    • fix(ts): incorrect import of Subscription causes noImplicitAny error by @ vicrep in #1910

    Full Changelog: v8.0.0...v8.0.1

  • 8.0.0 - 2022-04-16
    Read more
  • 8.0.0-rc.1 - 2022-04-13

    This release candidate updates our peer deps to accept all React versions with hooks (16.8+, 17+, and 18+), as well as React Native (0.59+). (The code already worked, but the peer deps needed to be updated to match behavior and install correctly.)

    At this point, React-Redux v8 is feature-complete and stable. We still really want users to try this out and give us feedback before the final release! Barring any reported issues, we plan to release 8.0 as final within the next few days.

    What's Changed

    Full Changelog: v8.0.0-rc.0...v8.0.0-rc.1

  • 8.0.0-rc.0 - 2022-04-10

    This release candidate removes the DefaultRootState type left over from the @ types/react-redux package. Additionally, we now have tests that exercise the serverState SSR behavior added in a previous beta.

    At this point, React-Redux v8 is feature-complete and stable. We still really want users to try this out and give us feedback before the final release! Barring any reported issues, we plan to release 8.0 as final within the next few days.

    Changelog

    Removal of the DefaultRootState type

    The @ types/react-redux package, which has always been maintained by the community, included a DefaultRootState interface that was intended for use with TS's "module augmentation" capability. Both connect and useSelector used this as a fallback if no state generic was provided. When we migrated React-Redux to TS, we copied over all of the types from that package as a starting point.

    However, the Redux team specifically considers use of a globally augmented state type to be an anti-pattern. Instead, we direct users to extract the RootState and AppDispatch types from the store setup, and create pre-typed versions of the React-Redux hooks for use in the app.

    Now that React-Redux itself is written in TS, we've opted to remove the DefaultRootState type entirely. State generics now default to unknown instead.

    Technically the module augmentation approach can still be done in userland, but we discourage this practice.

    SSR Tests

    We added a serverState prop to <Provider> in beta.2 to resolve hydration mismatch issues, but had only done some quick hands-on testing locally. We now have tests that cover that use case.

    What's Changed

    Full Changelog: v8.0.0-beta.4...v8.0.0-rc.0

  • 8.0.0-beta.4 - 2022-04-02

    This beta release switches the default entry point to use the useSyncExternalStore shim for compatibility with React 16.8+, and switches to a "/next" alternate entry point without the shim.

    At this point, React-Redux v8 is feature-complete and stable. We still really want users to try this out and give us feedback before the final release! We'd also like to add some additional tests around SSR behavior.

    We would like to release v8 as final within the next couple weeks now that React 18 is available.

    Changelog

    useSyncExternalStore Shim Usage

    React 18 adds the new useSyncExternalStore API. In previous betas, the plan was that React-Redux v8 would have a hard requirement on React 18. As a fallback, the betas provided a "/compat" entry point that included the uSES "shim", a userland implementation from the React team that provided compatibility with earlier React versions back to 16.8. That adds a few hundred bytes to the bundle size, so we wanted to keep the default size smaller.

    However, React Native will not support React 18 until the "New Architecture" is done. So, release React-Redux v8 with a hard React 18 requirement would immediately start breaking RN usage.

    After discussion with the React team, we've flipped the default behavior in v8. Now, the default entry point does rely on the uSES shim. This increases final bundle size slightly (about 600b minified compared to v7.x). However, this ensures that React-Redux v8 is compatible with React 16.8+/17 out of the box, enabling users to upgrade to v8 right away even if they aren't using React 18. It also ensures continued RN compatibility.

    For users who would like to strip out the shim, this release switches to having a "/next" entry point that directly imports useSyncExternalStore from React, with no shim. You can alias "react-redux": "react-redux/next" in your bundler to use that instead.

    What's Changed

    Full Changelog: v8.0.0-beta.3...v8.0.0-beta.4

  • 8.0.0-beta.3 - 2022-02-06
  • 8.0.0-beta.2 - 2021-12-22
  • 8.0.0-beta.1 - 2021-11-20
  • 8.0.0-beta.0 - 2021-11-19
  • 8.0.0-alpha.1 - 2021-11-02
  • 8.0.0-alpha.0 - 2021-10-03
  • 7.2.9 - 2022-09-23

    This patch release updates the rarely-used areStatesEqual option for connect to now pass through ownProps for additional use in determining which pieces of state to compare if desired.

    The new signature is:

    {
      areStatesEqual?: (
        nextState: State,
        prevState: State,
        nextOwnProps: TOwnProps,
        prevOwnProps: TOwnProps
      ) => boolean
    }

    What's Changed

    Full Changelog: v7.2.8...v7.2.9

  • 7.2.8 - 2022-04-01
  • 7.2.7 - 2022-03-31
from react-redux GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant