[Snyk] Upgrade react-redux from 5.0.7 to 9.1.2 #28
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade react-redux from 5.0.7 to 9.1.2.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 73 versions ahead of your current version.
The recommended version was released on 5 months ago.
Release notes
Package name: react-redux
This bugfix release removes the no-longer-necessary peer dependency on
react-native
, and tweaks a few TS types for compat with the upcoming React 19 release.Changes
React Native Peer Dependency Removed
We've always had an awkward peer dependency on both ReactDOM and React Native, because of the need to import the
unstable_batchedUpdates
API directly from each reconciler. That's part of what led to the sequence of 9.x patch releases to deal with RN compat.As of 9.0.3, we dropped the batching imports completely, since React 18 now batches by default. That means we didn't even have any remaining imports from
react-native
.Meanwhile, React 18.3 just came out, but so did React Native 0.74. RN 0.74 still requires React 18.2.
This caused NPM users to have installation failures when trying to use React-Redux:
We no longer need to list RN as a peer dep, and dropping that also fixes the NPM installation issues as well.
What's Changed
useRef
usages to be called with an explicit argument ofundefined
. by @ aryaemami59 in #2164JSX
global namespace withReact.JSX
by @ aryaemami59 in #2163Full Changelog: v9.1.1...v9.1.2
This bugfix release fixes an issue with
connect
and React Native caused by changes to our bundling setup in v9. Nestedconnect
calls should work correctly now.What's Changed
Equals
constraint into an intersection type. by @ DanielRosenwasser in #2123useIsomorphicLayoutEffect
usage in React Native environments by @ aryaemami59 in #2156Full Changelog: v9.1.0...v9.1.1
This minor release adds a new syntax for pre-typing hooks.
.withTypes
Previously, the approach for "pre-typing" hooks with your app settings was a little varied. The result would look something like the below:
import { useDispatch, useSelector, useStore } from "react-redux"
import type { AppDispatch, AppStore, RootState } from "./store"
export const useAppDispatch: () => AppDispatch = useDispatch
export const useAppSelector: TypedUseSelectorHook<RootState> = useSelector
export const useAppStore = useStore as () => AppStore
React Redux v9.1.0 adds a new
.withTypes
method to each of these hooks, analogous to the.withTypes
method found on Redux Toolkit'screateAsyncThunk
.The setup now becomes:
import type { AppDispatch, AppStore, RootState } from "./store"
export const useAppDispatch = useDispatch.withTypes<AppDispatch>()
export const useAppSelector = useSelector.withTypes<RootState>()
export const useAppStore = useStore.withTypes<AppStore>()
What's Changed
hook.withTypes<RootState>()
method by @ aryaemami59 in #2114New Contributors
Full Changelog: v9.0.4...v9.1.0
This bugfix release updates the React Native peer dependency to be
>= 0.69
, to better reflect the need for React 18 compat and (hopefully) resolve issues with thenpm
package manager throwing peer dep errors on install.What's Changed
Full Changelog: v9.0.3...v9.0.4
This bugfix release drops the ReactDOM / React Native specific use of render batching, as React 18 now automatically batches, and updates the React types dependencies
Changelog
Batching Dependency Updates
React-Redux has long depended on React's
unstable_batchedUpdates
API to help batch renders queued by Redux updates. It also re-exported that method as a util namedbatch
.However, React 18 now auto-batches all queued renders in the same event loop tick, so
unstable_batchedUpdates
is effectively a no-op.Using
unstable_batchedUpdates
has always been a pain point, because it's exported by the renderer package (ReactDOM or React Native), rather than the corereact
package. Our prior implementation relied on having separatebatch.ts
andbatch.native.ts
files in the codebase, and expecting React Native's bundler to find the right transpiled file at app build time. Now that we're pre-bundling artifacts in React-Redux v9, that approach has become a problem.Given that React 18 already batches by default, there's no further need to continue using
unstable_batchedUpdates
internally, so we've removed our use of that and simplified the internals.We still export a
batch
method, but it's effectively a no-op that just immediately runs the given callback, and we've marked it as@ deprecated
.We've also updated the build artifacts and packaging, as there's no longer a need for an
alternate-renderers
entry point that omits batching, or a separate artifact that imports from"react-native"
.What's Changed
batch
by @ markerikson in #2104@ types/react-dom
and lower@ types/react
to min needed by @ markerikson in #2105Full Changelog: v9.0.2...v9.0.3
This bugfix release makes additional tweaks to the React Native artifact filename to help resolve import and bundling issues with RN projects.
What's Changed
.mjs
to.js
by @ aryaemami59 in #2102Full Changelog: v9.0.1...v9.0.2
This bugfix release updates the package to include a new
react-redux.react-native.js
bundle that specifically imports React Native, and consolidates all of the'react'
imports into one file to save on bundle size (and enable some tricky React Native import handling).What's Changed
Full Changelog: v9.0.0...v9.0.1
This major release:
useSelector
This release has breaking changes.
This release is part of a wave of major versions of all the Redux packages: Redux Toolkit 2.0, Redux core 5.0, React-Redux 9.0, Reselect 5.0, and Redux Thunk 3.0.
For full details on all of the breaking changes and other significant changes to all of those packages, see the "Migrating to RTK 2.0 and Redux 5.0" migration guide in the Redux docs.
Note
The Redux core, Reselect, and Redux Thunk packages are included as part of Redux Toolkit, and RTK users do not need to manually upgrade them - you'll get them as part of the upgrade to RTK 2.0. (If you're not using Redux Toolkit yet, please start migrating your existing legacy Redux code to use Redux Toolkit today!)
React-Redux is a separate, package, but we expect you'll be upgrading them together.
npm install react-redux
yarn add react-redux
# RTK
npm install @ reduxjs/toolkit
yarn add @ reduxjs/toolkit
# Standalone Redux core
npm install redux
yarn add redux
Changelog
React 18 and RTK 2 / Redux core 5 Are Required
React-Redux 7.x and 8.x worked with all versions of React that had hooks (16.8+, 17.x, 18.x). However, React-Redux v8 used React 18's new
useSyncExternalStore
hook. In order to maintain backwards compatibility with older React versions, we used theuse-sync-external-store
"shim" package that provided an official userland implementation of theuseSyncExternalStore
hook when used with React 16 or 17. This meant that if you were using React 18, there were a few hundred extra bytes of shim code being imported even though it wasn't needed.For React-Redux v9, we're switching so that React 18 is now required! This both simplifies the maintenance burden on our side (fewer versions of React to test against), and also lets us drop the extra bytes because we can import
useSyncExternalStore
directly.React 18 has been out for a year and a half, and other libraries like React Query are also switching to require React 18 in their next major version. This seems like a reasonable time to make that switch.
Similarly, React-Redux now depends on Redux core v5 for updated TS types (but not runtime behavior). We strongly encourage all Redux users to be using Redux Toolkit, which already includes the Redux core. Redux Toolkit 2.0 comes with Redux core 5.0 built in.
ESM/CJS Package Compatibility
The biggest theme of the Redux v5 and RTK 2.0 releases is trying to get "true" ESM package publishing compatibility in place, while still supporting CJS in the published package.
The primary build artifact is now an ESM file,
dist/react-redux.mjs
. Most build tools should pick this up. There's also a CJS artifact, and a second copy of the ESM file namedreact-redux.legacy-esm.js
to support Webpack 4 (which does not recognize theexports
field inpackage.json
). There's also two special-case artifacts: an "alternate renderers" artifact that should be used for any renderer other than ReactDOM or React Native (such as theink
React CLI renderer), and a React Server Components artifact that throws when any import is used (since using hooks or context would error anyway in an RSC environment). Additionally, all of the build artifacts now live under./dist/
in the published package.Previous releases actually shipped separate individual transpiled source files - the build artifacts are now pre-bundled, same as the rest of the Redux libraries.
Modernized Build Output
We now publish modern JS syntax targeting ES2020, including optional chaining, object spread, and other modern syntax. If you need to . If you need to target older browsers, please transpile the packages yourself (or use the
legacy-esm
build artifact for ES2017).Build Tooling
We're now building the package using https://github.com/egoist/tsup. We also now include sourcemaps for the ESM and CJS artifacts.
Dropping UMD Builds
Redux has always shipped with UMD build artifacts. These are primarily meant for direct import as script tags, such as in a CodePen or a no-bundler build environment.
We've dropped those build artifacts from the published package, on the grounds that the use cases seem pretty rare today.
There's now a
react-redux.browser.mjs
file in the package that can be loaded from a CDN like Unpkg.If you have strong use cases for us continuing to include UMD build artifacts, please let us know!
React Server Components Behavior
Per Mark's post "My Experience Modernizing Packages to ESM", one of the recent pain points has been the rollout of React Server Components and the limits the Next.js + React teams have added to RSCs. We see many users try to import and use React-Redux APIs in React Server Component files, then get confused why things aren't working right.
To address that, we've added a new entry point with a
"react-server"
condition. Every export in that file will throw an error as soon as it's called, to help catch this mistake earlier.Dev Mode Checks Updated
In v8.1.0, we updated
useSelector
to accept an options object containing options to check for selectors that always calculate new values, or that always return the root state.We've renamed the
noopCheck
option toidentityFunctionCheck
for clarity. We've also changed the structure of the options object to be:export interface UseSelectorOptions<Selected = unknown> {
equalityFn?: EqualityFn<Selected>
devModeChecks?: {
stabilityCheck?: DevModeCheckFrequency
identityFunctionCheck?: DevModeCheckFrequency
}
}
hoist-non-react-statics
andreact-is
Deps InlinedHigher Order Components have been discouraged in the React ecosystem over the last few years. However, we still include the
connect
API. It's now in maintenance mode and not in active development.As described in the React legacy docs on HOCs, one quirk of HOCs is needing to copy over static methods to the wrapper component. The
hoist-non-react-statics
package has been the standard tool to do that.We've inlined a copy of
hoist-non-react-statics
and removed the package dep, and confirmed that this improves tree-shaking.We've also done the same with the
react-is
package as well, which was also only used byconnect
.This should have no user-facing effects.
TypeScript Support
We've dropped support for TS 4.6 and earlier, and our support matrix is now TS 4.7+.
What's Changed
uSES
imports and run against RTK CI examples by @ markerikson in #2070sideEffects: "false"
topackage.json
in v9 by @ markerikson in #2079react-is
utils to fix tree-shaking in 9.0 by @ markerikson in #2085noopCheck
toidentityFunctionCheck
by @ aryaemami59 in #2091Full Changelog: v8.1.2...v9.0.0
This release candidate improves tree-shaking behavior in v9 to account for changes in bundling setup.
Note that we hope to release Redux Toolkit 2.0, Redux core 5.0, and React-Redux 9.0 by the start of December! (If we don't hit that, we'll aim for January, after the holidays.)
See the preview Redux Toolkit 2.0 + Redux core 5.0 Migration Guide for an overview of breaking changes in RTK 2.0 and Redux core.
package.json
in v9 by @ markerikson in #2079react-is
utils to fix tree-shaking in 9.0 by @ markerikson in #2085Full Changelog: v9.0.0-beta.0...v9.0.0-rc.0
This beta release fixes the imports of
use-sync-external-store
when used in an ESM environment, and includes the fixes in v8.1.3.What's Changed
uSES
imports and run against RTK CI examples by @ markerikson in #2070Full Changelog: v9.0.0-alpha.1...v9.0.0-beta.0
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: