Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade redux from 3.5.2 to 3.7.2 #68

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Apr 7, 2020

Snyk has created this PR to upgrade redux from 3.5.2 to 3.7.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 4 versions ahead of your current version.
  • The recommended version was released 3 years ago, on 2017-07-13.
Release notes
Package name: redux
  • 3.7.2 - 2017-07-13

    Changes

  • 3.7.1 - 2017-06-26

    This reverts the console.error on bindActionCreators() coming from #2279.

    While well-intentioned, when star importing all exports from a module (import * as actions from './actions'), transpilation by Babel defaults to adding a default and __esModule property to the import, which are not functions. While it can be disabled, this isn't common to do and leads to a lot of confusion. So, we're reverting the change.

    Thanks for the feedback from everyone and the civility and healthy discourse on the issue!

  • 3.7.0 - 2017-06-17

    Another long break!

    Oh, hey! I didn't see you sitting there. You look bored. How about a Redux release to spice things up?

    Not a huge set of changes to report here. The biggest change, and the reason for the minor bump, is the UMD build is now done via Rollup. One big advantage is more readable code in the bundle. Rollup does "scope hoisting", which is a fancy term for putting every module at the top level of the file. Other than a surrounding IIFE, all of the code in Redux all lives together. You can compare the two here:

    Rollup UMD build
    vs
    Webpack UMD build

    There is also a cost savings of 30,811 vs 26,880 bytes, and 6,999 vs 5,995 bytes minified. Redux is already a small library, and this helps shave some extra bytes for our UMD users.

    One thing to note is that Webpack has introduced it's own scope hoisting feature in 3.0 beta. So, this isn't intended as an indictment of Webpack. You should continue to use it in your own apps. The adage of "Webpack is for apps, Rollup is for libraries" definitely holds true. It still has a superior developer experience with hot module reloading and webpack-dev-server. But use whatever makes sense for your project, not just whatever we use. 😄

    We're also looking at applying this to the NPM bundle. The main motivation is again more readable code in your bundles. Instead of transpilation oddities from Babel, you will end up with a single clean file, which should be easier to read through and debug. It's currently scheduled for the big, mythical 4.0 release and you can follow along in #2358

    Changes

  • 3.6.0 - 2016-09-04

    Hey, it's been a while!

    How's everyone doing? Enjoying your summer (or winter for the Southern Hemisphere folks)?

    This is a bugfix release for Redux. We're working towards a 4.0 with more substantial changes. Please see #1342 to pitch in!

    Dan also ported all the examples (except the universal one) in #1883 to use the excellent Create React App. This means the changes in #1800 have been lost. If you'd like to help out, we would love PRs on the examples to modernize and clean them up.

    Changes

    • Updated symbol-observable to 1.0.2 (#1663 and #1877)
    • Added a Redux logo (#1671)
    • Replace es3ify with Babel ES3 transforms (#1688)
    • Run tests on Node 6 (#1673)
    • Optimize one function case in compose (#1701)
    • Check ES3 syntax compatibility (#1720)
    • TypeScript: preloadedState is optional (#1806)
    • Add a warning for undefined properties passed to combineReducers (#1789)
    • Add module entry point for webpack 2 (#1871)
    • TypeScript: Improve typings for compose function (#1868)
  • 3.5.2 - 2016-04-24
    • Enforces a newer version of symbol-observable that works in IE8 (#1659)
from redux GitHub release notes
Commit messages
Package name: redux
  • 8f60ba3 3.7.2
  • f4c908b Add new discussion links to Performance (#2500)
  • b8cf8aa writing tests for middleware example changed (#2496)
  • 7c68f34 Add new links to Code Structure (#2494)
  • d019f11 Fix a typo (#2497)
  • e9067e6 Add link to Full Stack React article
  • c1953b0 Add sandboxes to the examples in the docs (#2487)
  • 6ca30fb Add Sandboxes for almost all examples (#2486)
  • 0de7e5b Fixed the definition of 'Reducer' for TypeScript 2.4. (#2467)
  • 6eed34d Switch prepublish to prepare script for npm 5 warning
  • 7fbddd6 3.7.1
  • 2bdcf66 Revert "Add warning when bindActionCreators encounters non-function property (#2279)" (#2473)
  • 6c7fe8e Merge pull request #2472 from jimmyhmiller/fix-dot
  • cb493d5 Merge pull request #2471 from BeLi4L/patch-1
  • ec5b9c7 removed extra dot
  • c5bfb97 docs: fix wrong parameters
  • 9e5feb2 Moved propTypes checking, fixed undefined error (#2464)
  • 689c800 Merge pull request #2463 from taehwanno/docs-change-array-reduce
  • 4155297 Change Array.reduce to Array.prototype.reduce
  • 2d229f0 3.7.0
  • f3bba96 Removing the browser field for now
  • f4d9e55 Upgrade all example deps, including the universal example to Webpack 2
  • 2bc8f84 Upgrade some other deps
  • 070b838 Upgrades and remove check-es3-syntax since Rollup breaks it always

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant