Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade @reduxjs/toolkit from 1.6.2 to 1.9.7 #48

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

NOUIY
Copy link
Owner

@NOUIY NOUIY commented May 24, 2024

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade @reduxjs/toolkit from 1.6.2 to 1.9.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 28 versions ahead of your current version.

  • The recommended version was released on 8 months ago.

Release notes
Package name: @reduxjs/toolkit
  • 1.9.7 - 2023-10-04

    This bugfix release rewrites the RTKQ hook TS types to significantly improve TS perf.

    Changelog

    RTKQ TS Perf

    A number of users had reported that Intellisense for RTKQ API objects was extremely slow (multiple seconds) - see discussion in #3214 . We did some perf investigation on user-provided examples, and concluded that the biggest factor to slow RTKQ TS perf was the calculation of hook names like useGetPokemonQuery, which was generating a large TS union of types.

    We've rewritten that hook names type calculation to use mapped types and a couple of intersections. In a specific user-provided stress test repo, it dropped TS calculation time by 60% (2600ms to 1000ms).

    There's more potential work we can do to improve things, but this seems like a major perf improvement worth shipping now.

    What's Changed

    Full Changelog: v1.9.6...v1.9.7

  • 1.9.6 - 2023-09-24

    This bugfix release adds a new dev-mode middleware to catch accidentally dispatching an action creator, adds a new listener middleware option around waiting for forks, adds a new option to update provided tags when updateQueryData is used, reworks internal types to better handle uses with TS declaration output, and fixes a variety of small issues.

    Changelog

    Action Creator Dev Check Middleware

    RTK already includes dev-mode middleware that check for the common mistakes of accidentally mutating state and putting non-serializable values into state or actions.

    Over the years we've also seen a semi-frequent error where users accidentally pass an action creator reference to dispatch, instead of calling it and dispatching the action it returns.

    We've added another dev-mode middleware that specifically catches this error and warns about it.

    Additional Options

    The listener middleware's listenerApi.fork() method now has an optional autoJoin flag that can be used to keep the effect from finishing until all active forked tasks have completed.

    updateQueryData now has an updateProvidedTags option that will force a recalculation of that endpoint's provided tags. It currently defaults to false, and we'll likely turn that to true in the next major.

    Other Fixes

    The builder.addCase method now throws an error if a type string is empty.

    fetchBaseQuery now uses an alternate method to clone the original Request in order to work around an obscure Chrome bug.

    The immutability middleware logic was tweaked to avoid a potential stack overflow.

    Types Changes

    The internal type imports have been reworked to try to fix "type portability" issues when used in combination with TS declaration outputs.

    A couple additional types were exported to help with wrapping createAsyncThunk.

    What's Changed

    Full Changelog: v1.9.5...v1.9.6

  • 1.9.5 - 2023-04-18

    This bugfix release includes notable improvements to TS type inference when using the enhancers option in configureStore, and updates the listener middleware to only check predicates if the dispatched value is truly an action object.

    What's Changed

    • update to latest remark-typescript-tools by @ EskiMojo14 in #3311
    • add isAction helper function, and ensure listener middleware only runs for actions by @ EskiMojo14 in #3372
    • Allow inference of enhancer state extensions, and fix inference when using callback form by @ EskiMojo14 in #3207

    Full Changelog: v1.9.4...v1.9.5

  • 1.9.4 - 2023-04-17

    This bugfix release includes tweaks to RTKQ options handling, tweaks for perf updates, dependency updates, and updates to our CI tooling.

    Also, please check out our ongoing RTK 2.0 alpha releases! They have significant improvements to bundle size, ESM/CJS compatibility, TS typings, and reducer update performance. We're looking for real-world feedback on behavior, performance, and any issues you might run into.

    Changelog

    RTK Query Options Updates

    Passing transformResponse as part of enhanceEndpoints can now override the TS type of the original data.

    fetchBaseQuery now properly checks for a global responseHandler option.

    Performance and Internals

    RTK Query now uses Immer's original() to do comparisons inside of copyWithStructuralSharing, which should significantly speed up performance when applying changes from re-fetched data.

    RTKQ's internal subscriptionUpdated action is now marked as batchable.

    We've updated dependencies to Immer 9.0.21, Reselect 4.1.8, and Redux 4.2.1.

    CI Updates

    We've added a suite of example apps built with different frameworks such as CRA 4, CRA 5, Next, and Vite, as well as examples that check for compatibility in Node with CJS and ESM modes and with various TS module resolution modes.

    What's Changed

    Full Changelog: v1.9.3...v1.9.4

  • 1.9.3 - 2023-02-21
  • 1.9.2 - 2023-01-28
  • 1.9.1 - 2022-11-30
  • 1.9.0 - 2022-11-04
  • 1.9.0-rc.1 - 2022-11-02
  • 1.9.0-rc.0 - 2022-10-30
  • 1.9.0-beta.0 - 2022-10-19
  • 1.9.0-alpha.2 - 2022-10-09
  • 1.9.0-alpha.1 - 2022-08-28
  • 1.9.0-alpha.0 - 2022-08-19
  • 1.8.6 - 2022-10-09
  • 1.8.5 - 2022-08-19
  • 1.8.4 - 2022-08-11
  • 1.8.3 - 2022-06-30
  • 1.8.2 - 2022-05-25
  • 1.8.1 - 2022-03-31
  • 1.8.0 - 2022-02-27
  • 1.8.0-rc.0 - 2022-02-27
  • 1.7.2 - 2022-02-03
  • 1.7.1 - 2021-12-16
  • 1.7.0 - 2021-12-10
  • 1.7.0-rc.0 - 2021-11-26
  • 1.7.0-beta.1 - 2021-11-05
  • 1.7.0-beta.0 - 2021-10-29
  • 1.6.2 - 2021-10-05
from @reduxjs/toolkit GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade @reduxjs/toolkit from 1.6.2 to 1.9.7.

See this package in npm:
@reduxjs/toolkit

See this project in Snyk:
https://app.snyk.io/org/nexuscompute/project/249eb2c7-6d51-42d3-9c82-2d4eda091e8a?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

guardrails bot commented May 24, 2024

⚠️ We detected 2 security issues in this pull request:

Vulnerable Libraries (2)
Severity Details
High pkg:npm/[email protected] (t) upgrade to: > 0.1.42
High pkg:npm/@testing-library/[email protected] (t) upgrade to: > 9.5.0

More info on how to fix Vulnerable Libraries in JavaScript.


👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants