[Snyk] Upgrade redux from 3.7.2 to 5.0.1

[q1blue]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade redux from 3.7.2 to 5.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 28 versions ahead of your current version.
• The recommended version was released 4 months ago, on 2023-12-23.

Release notes

Package name: redux

• 5.0.1 - 2023-12-23
  

  This patch release adjusts the isPlainObject util to allow objects created via Object.create(null), and fixes a type issue which accidentally made the store state type non-nullable.

  What's Changed

  • fix(isPlainObject): support check Object.create(null) by @ zhe-he in #4633
  • fix(types/store): Unexpectedly narrowed return type of function Store['getState'] by @ exuanbo in #4638

  Full Changelog: v5.0.0...v5.0.1

• 5.0.0 - 2023-12-04
  

  This major release:

  • Converts the codebase to TypeScript
  • Updates the packaging for better ESM/CJS compatibility and modernizes the build output
  • Requires that action.type must be a string
  • Continues to mark createStore as deprecated
  • Deprecates the AnyAction type in favor of an UnknownAction type that is used everywhere
  • Removes the PreloadedState type in favor of a new generic argument for the Reducer type.

  This release has breaking changes.

  This release is part of a wave of major versions of all the Redux packages: Redux Toolkit 2.0, Redux core 5.0, React-Redux 9.0, Reselect 5.0, and Redux Thunk 3.0.

  For full details on all of the breaking changes and other significant changes to all of those packages, see the "Migrating to RTK 2.0 and Redux 5.0" migration guide in the Redux docs.

  Note

  The Redux core, Reselect, and Redux Thunk packages are included as part of Redux Toolkit, and RTK users do not need to manually upgrade them - you'll get them as part of the upgrade to RTK 2.0. (If you're not using Redux Toolkit yet, please start migrating your existing legacy Redux code to use Redux Toolkit today!)

  # RTK
  npm install @ reduxjs/toolkit
  yarn add @ reduxjs/toolkit

  # Standalone
  npm install redux
  yarn add redux

  Changelog

  ESM/CJS Package Compatibility

  The biggest theme of the Redux v5 and RTK 2.0 releases is trying to get "true" ESM package publishing compatibility in place, while still supporting CJS in the published package.

  The primary build artifact is now an ESM file, dist/redux.mjs. Most build tools should pick this up. There's also a CJS artifact, and a second copy of the ESM file named redux.legacy-esm.js to support Webpack 4 (which does not recognize the exports field in package.json). Additionally, all of the build artifacts now live under ./dist/ in the published package.

  Modernized Build Output

  We now publish modern JS syntax targeting ES2020, including optional chaining, object spread, and other modern syntax. If you need to

  Build Tooling

  We're now building the package using https://github.com/egoist/tsup. We also now include sourcemaps for the ESM and CJS artifacts.

  Dropping UMD Builds

  Redux has always shipped with UMD build artifacts. These are primarily meant for direct import as script tags, such as in a CodePen or a no-bundler build environment.

  We've dropped those build artifacts from the published package, on the grounds that the use cases seem pretty rare today.

  There's now a redux.browser.mjs file in the package that can be loaded from a CDN like Unpkg.

  If you have strong use cases for us continuing to include UMD build artifacts, please let us know!

  createStore Marked Deprecated

  In Redux 4.2.0, we marked the original createStore method as @ deprecated. Strictly speaking, this is not a breaking change, nor is it new in 5.0, but we're documenting it here for completeness.

  This deprecation is solely a visual indicator that is meant to encourage users to migrate their apps from legacy Redux patterns to use the modern Redux Toolkit APIs.

  The deprecation results in a visual strikethrough when imported and used, like createStore, but with no runtime errors or warnings.

  createStore will continue to work indefinitely, and will not ever be removed. But, today we want all Redux users to be using Redux Toolkit for all of their Redux logic.

  To fix this, there are three options:

  • Follow our strong suggestion to switch over to Redux Toolkit and configureStore
  • Do nothing. It's just a visual strikethrough, and it doesn't affect how your code behaves. Ignore it.
  • Switch to using the legacy_createStore API that is now exported, which is the exact same function but with no @ deprecated tag. The simplest option is to do an aliased import rename, like import { legacy_createStore as createStore } from 'redux'

  Action types must be strings

  We've always specifically told our users that actions and state must be serializable, and that action.type should be a string. This is both to ensure that actions are serializable, and to help provide a readable action history in the Redux DevTools.

  store.dispatch(action) now specifically enforces that action.type must be a string and will throw an error if not, in the same way it throws an error if the action is not a plain object.

  In practice, this was already true 99.99% of the time and shouldn't have any effect on users (especially those using Redux Toolkit and createSlice), but there may be some legacy Redux codebases that opted to use Symbols as action types.

  TypeScript Changes

  We've dropped support for TS 4.6 and earlier, and our support matrix is now TS 4.7+.

  Typescript rewrite

  In 2019, we began a community-powered conversion of the Redux codebase to TypeScript. The original effort was discussed in #3500: Port to TypeScript, and the work was integrated in PR #3536: Convert to TypeScript.

  However, the TS-converted code sat around in the repo for several years, unused and unpublished, due to concerns about possible compatibility issues with the existing ecosystem (as well as general inertia on our part).

  Redux core v5 is now built from that TS-converted source code. In theory, this should be almost identical in both runtime behavior and types to the 4.x build, but it's very likely that some of the changes may cause types issues.

  Please report any unexpected compatibility issues!!

  AnyAction deprecated in favour of UnknownAction

  The Redux TS types have always exported an AnyAction type, which is defined to have {type: string} and treat any other field as any. This makes it easy to write uses like console.log(action.whatever), but unfortunately does not provide any meaningful type safety.

  We now export an UnknownAction type, which treats all fields other than action.type as unknown. This encourages users to write type guards that check the action object and assert its specific TS type. Inside of those checks, you can access a field with better type safety.

  UnknownAction is now the default any place in the Redux source that expects an action object.

  AnyAction still exists for compatibility, but has been marked as deprecated.

  Note that Redux Toolkit's action creators have a .match() method that acts as a useful type guard:

  if (todoAdded.match(someUnknownAction)) {
    // action is now typed as a PayloadAction<Todo>
  }

  You can also use the new isAction util to check if an unknown value is some kind of action object.

  Middleware type changed - Middleware action and next are typed as unknown

  Previously, the next parameter is typed as the D type parameter passed, and action is typed as the Action extracted from the dispatch type. Neither of these are a safe assumption:

  • next would be typed to have all of the dispatch extensions, including the ones earlier in the chain that would no longer apply.
    • Technically it would be mostly safe to type next as the default Dispatch implemented by the base redux store, however this would cause next(action) to error (as we cannot promise action is actually an Action) - and it wouldn't account for any following middlewares that return anything other than the action they're given when they see a specific action.
  • action is not necessarily a known action, it can be literally anything - for example a thunk would be a function with no .type property (so AnyAction would be inaccurate)

  We've changed next to be (action: unknown) => unknown (which is accurate, we have no idea what next expects or will return), and changed the action parameter to be unknown (which as above, is accurate).

  In order to safely interact with values or access fields inside of the action argument, you must first do a type guard check to narrow the type, such as isAction(action) or someActionCreator.match(action).

  This new type is incompatible with the v4 Middleware type, so if a package's middleware is saying it's incompatible, check which version of Redux it's getting its types from!

  PreloadedState type removed in favour of Reducer generic

  We've made tweaks to the TS types to improve type safety and behavior.

  First, the Reducer type now has a PreloadedState possible generic:

  type Reducer<S, A extends Action, PreloadedState = S> = (
    state: S | PreloadedState | undefined,
    action: A
  ) => S

  Per the explanation in #4491:

  Why the need for this change? When the store is first created by createStore/configureStore, the initial state is set to whatever is passed as the preloadedState argument (or undefined if nothing is passed). That means that the first time that the reducer is called, it is called with the preloadedState. After the first call, the reducer is always passed the current state (which is S).

  For most normal reducers, S | undefined accurately describes what can be passed in for the preloadedState. However the combineReducers function allows for a preloaded state of Partial<S> | undefined.

  The solution is to have a separate generic that represents what the reducer accepts for its preloaded state. That way createStore can then use that generic for its preloadedState argument.

  Previously, this was handled by a $CombinedState type, but that complicated things and led to some user-reported issues. This removes the need for $CombinedState altogether.

  This change does include some breaking changes, but overall should not have a huge impact on users upgrading in user-land:

  • The Reducer, ReducersMapObject, and createStore/configureStore types/function take an additional PreloadedState generic which defaults to S.
  • The overloads for combineReducers are removed in favor of a single function definition that takes the ReducersMapObject as its generic parameter. Removing the overloads was necessary with these changes, since sometimes it was choosing the wrong overload.
  • Enhancers that explicitly list the generics for the reducer will need to add the third generic.

  Other Changes

  Internal Listener Implementation

  The Redux store has always used an array to track listener callbacks, and used listeners.findIndex to remove listeners on unsubscribe. As we found in React-Redux, that can have perf issues when many listeners are unsubscribing at once.

  In React-Redux, we fixed that with a more sophisticated linked list approach. Here, we've updated the listeners to be stored in a Map instead, which has better delete performance than an array.

  In practice this shouldn't have any real effect, because React-Redux sets up a subscription in <Provider>, and all nested components subscribe to that. But, nice to fix it here as well.

  isAction Predicate

  We recently added an isAction predicate to RTK, then realized it's better suited for the Redux core. This can be used anywhere you have a value that could be a Redux action object, and you need to check if it is actually an action. This is specifically useful for use with the updated Redux middleware TS types, where the default value is now unknown and you need to use a type guard to tell TS that the current value is actually an action:

  We've also exported the isPlainObject util that's been in the Redux codebase for years as well.

  What's Changed

  Entirely too many PRs to list here, as it's been a few years since 4.2 was released :) See the diff below.

  Full Changelog: v4.2.1...v5.0.0

• 5.0.0-rc.1 - 2023-11-23
  

  This release candidate adds a new isAction predicate that can be used as a TS type guard, and exports the existing internal isPlainObject util.

  Note that we hope to release Redux Toolkit 2.0, Redux core 5.0, and React-Redux 9.0 by the start of December! (If we don't hit that, we'll aim for January, after the holidays.)

  See the preview Redux Toolkit 2.0 + Redux core 5.0 Migration Guide for an overview of breaking changes in RTK 2.0 and Redux core.

  @ EskiMojo14 in #4620
• export isPlainObject by @ EskiMojo14 in #4621
• Update build tooling for 5.0 by @ markerikson in #4623

Full Changelog: v5.0.0-rc.0...v5.0.0-rc.1

5.0.0-rc.0 - 2023-11-16

This release candidate has no actual source code changes since the previous v5.0.0-beta.0 release.

Note that we hope to release Redux Toolkit 2.0, Redux core 5.0, and React-Redux 9.0 by the start of December! (If we don't hit that, we'll aim for January, after the holidays.)

See the preview Redux Toolkit 2.0 + Redux core 5.0 Migration Guide for an overview of breaking changes in RTK 2.0 and Redux core.

v5.0.0-beta.0...v5.0.0-rc.0

5.0.0-beta.0 - 2023-05-30
Read more

5.0.0-alpha.6 - 2023-05-14
Read more

5.0.0-alpha.5 - 2023-04-16
Read more

5.0.0-alpha.4 - 2023-04-03
Read more

5.0.0-alpha.3 - 2023-04-03

Release 5.0.0-alpha.3

5.0.0-alpha.2 - 2023-02-13
Read more

5.0.0-alpha.1 - 2023-01-29

5.0.0-alpha.0 - 2021-10-30

4.2.1 - 2023-01-28

4.2.0 - 2022-04-18

4.2.0-alpha.0 - 2021-10-30

4.1.2 - 2021-10-28

4.1.1 - 2021-08-03

4.1.0 - 2021-04-24

4.1.0-alpha.0 - 2021-04-04

4.0.5 - 2019-12-24

4.0.4 - 2019-07-10

4.0.3 - 2019-07-09

4.0.2 - 2019-07-09

4.0.1 - 2018-10-13

4.0.0 - 2018-04-17

4.0.0-rc.1 - 2018-04-10

4.0.0-beta.2 - 2018-02-15

4.0.0-beta.1 - 2017-11-16

3.7.2 - 2017-07-13

from redux GitHub release notes

Commit messages

Package name: redux

• 50b0102 format isPlainObject.ts
• 66f955f 5.0.1
• ffb02eb Merge pull request #4644 from reduxjs/publish-ci
• d641945 add me to FUNDING.yml
• 7a2fa78 Add publish CI workflow
• fa2d899 Merge pull request #4638 from exuanbo/patch-1
• 9e8a320 add type test
• 105e389 Merge pull request #4643 from ziayanj/patch-1
• f259beb Update why-rtk-is-redux-today.md
• 3cd25e1 Merge pull request #4642 from factiondavid/patch-1
• 30b6668 Update docs/usage/UsageWithTypescript.md
• 966621c Update UsageWithTypescript.md
• e025f32 Merge pull request #4639 from reduxjs/override-section
• 7972534 copy over override migration section from RTK docs
• 3e9e484 revert(types/store): revert type changes to `StoreEnhancerStoreCreator`
• 2b74703 fix(types/store): widen `StateExt` as type arguments
• ba980dd fix(types/store): default type parameter `StateExt` in `Store`
• 7876f8e Merge pull request #4635 from santimendoza/remove-decembersoft-no-longer-valid-link
• 27171b1 Remove link to DecemberSoft post no longer valid.
• 4bdb8ac Merge pull request #4634 from reduxjs/preloaded-state-partial
• ebbb4fc replace PreloadedState with Partial
• cfc3145 fix(isPlainObject): support check Object.create(null) (#4633)
• 0e8a7b0 Merge pull request #4631 from DmitryScaletta/patch-1
• d96799a Fix markdown links on Next.js page

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs