[Snyk] Upgrade react-redux from 7.2.7 to 8.0.5 #117
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade react-redux from 7.2.7 to 8.0.5.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Warning: This is a major version upgrade, and may be a breaking change.
Release notes
Package name: react-redux
This release fixes a few minor TS issues.
What's Changed
Provider
: pass state (S
) generic through toProviderProps
by @ OliverJAsh in #1960equalityFn
type inNoInfer
by @ phryneas in #1965Full Changelog: v8.0.4...v8.0.5
This patch release fixes some minor TS types issues, and updates the rarely-used
areStatesEqual
option forconnect
to now pass throughownProps
for additional use in determining which pieces of state to compare if desired.Changelog
TS Fixes
We've fixed an import of
React
that caused issues with theallowSyntheticDefaultImports
TS compiler flag in user projects.connect
already accepted a custom context instance asprops.context
, and had runtime checks in case users were passing through a real value with app data asprops.context
instead. However, the TS types did not handle that case, and this would fail to compile. If your own component expectsprops.context
with actual data,connect
's types now use that type instead.The
ConnectedProps<T>
type had a mismatch with React's built-inReact.ComponentProps<Component>
type, and that should now work correctly.Other Changes
The
areStatesEqual
option toconnect
now receivesownProps
as well, in case you need to make a more specific comparison with certain sections of state.The new signature is:
What's Changed
ComponentProps
from older@ types/react
by @ Andarist in #1956Full Changelog: v8.0.2...v8.0.4
This release was accidentally published without an intended fix - please use v8.0.4 instead
This patch release tweaks the behavior of
connect
to print a one-time warning when the obsoletepure
option is passed in, rather than throwing an error. This fixes crashes caused by libraries such asreact-beautiful-dnd
continuing to pass in that option (unnecessarily) to React-Redux v8.What's Changed
Full Changelog: v8.0.1...v8.0.2
This release fixes an incorrect internal import of our
Subscription
type, which was causing TS compilation errors in some user projects. We've also listed@ types/react-dom
as an optional peerDep. There are no runtime changes in this release.What's Changed
Subscription
causesnoImplicitAny
error by @ vicrep in #1910Full Changelog: v8.0.0...v8.0.1
Read more
This release candidate updates our peer deps to accept all React versions with hooks (16.8+, 17+, and 18+), as well as React Native (0.59+). (The code already worked, but the peer deps needed to be updated to match behavior and install correctly.)
At this point, React-Redux v8 is feature-complete and stable. We still really want users to try this out and give us feedback before the final release! Barring any reported issues, we plan to release 8.0 as final within the next few days.
What's Changed
peerDependencies
by @ kyletsang in #1893Full Changelog: v8.0.0-rc.0...v8.0.0-rc.1
This release candidate removes the
DefaultRootState
type left over from the@ types/react-redux
package. Additionally, we now have tests that exercise theserverState
SSR behavior added in a previous beta.At this point, React-Redux v8 is feature-complete and stable. We still really want users to try this out and give us feedback before the final release! Barring any reported issues, we plan to release 8.0 as final within the next few days.
Changelog
Removal of the
DefaultRootState
typeThe
@ types/react-redux
package, which has always been maintained by the community, included aDefaultRootState
interface that was intended for use with TS's "module augmentation" capability. Bothconnect
anduseSelector
used this as a fallback if no state generic was provided. When we migrated React-Redux to TS, we copied over all of the types from that package as a starting point.However, the Redux team specifically considers use of a globally augmented state type to be an anti-pattern. Instead, we direct users to extract the
RootState
andAppDispatch
types from the store setup, and create pre-typed versions of the React-Redux hooks for use in the app.Now that React-Redux itself is written in TS, we've opted to remove the
DefaultRootState
type entirely. State generics now default tounknown
instead.Technically the module augmentation approach can still be done in userland, but we discourage this practice.
SSR Tests
We added a
serverState
prop to<Provider>
in beta.2 to resolve hydration mismatch issues, but had only done some quick hands-on testing locally. We now have tests that cover that use case.What's Changed
DefaultRootState
type by @ markerikson in #1887serverState
behavior by @ markerikson in #1888Full Changelog: v8.0.0-beta.4...v8.0.0-rc.0
This beta release switches the default entry point to use the
useSyncExternalStore
shim for compatibility with React 16.8+, and switches to a"/next"
alternate entry point without the shim.At this point, React-Redux v8 is feature-complete and stable. We still really want users to try this out and give us feedback before the final release! We'd also like to add some additional tests around SSR behavior.
We would like to release v8 as final within the next couple weeks now that React 18 is available.
Changelog
useSyncExternalStore
Shim UsageReact 18 adds the new
useSyncExternalStore
API. In previous betas, the plan was that React-Redux v8 would have a hard requirement on React 18. As a fallback, the betas provided a"/compat"
entry point that included theuSES
"shim", a userland implementation from the React team that provided compatibility with earlier React versions back to 16.8. That adds a few hundred bytes to the bundle size, so we wanted to keep the default size smaller.However, React Native will not support React 18 until the "New Architecture" is done. So, release React-Redux v8 with a hard React 18 requirement would immediately start breaking RN usage.
After discussion with the React team, we've flipped the default behavior in v8. Now, the default entry point does rely on the
uSES
shim. This increases final bundle size slightly (about 600b minified compared to v7.x). However, this ensures that React-Redux v8 is compatible with React 16.8+/17 out of the box, enabling users to upgrade to v8 right away even if they aren't using React 18. It also ensures continued RN compatibility.For users who would like to strip out the shim, this release switches to having a
"/next"
entry point that directly importsuseSyncExternalStore
from React, with no shim. You can alias"react-redux": "react-redux/next"
in your bundler to use that instead.What's Changed
useSyncExternalStore
shim behavior and update React deps by @ markerikson in #1884Full Changelog: v8.0.0-beta.3...v8.0.0-beta.4
This patch release updates the rarely-used
areStatesEqual
option forconnect
to now pass throughownProps
for additional use in determining which pieces of state to compare if desired.The new signature is:
What's Changed
Full Changelog: v7.2.8...v7.2.9
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs