Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade react-redux from 5.0.7 to 9.1.2 #28

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

q1blue
Copy link
Collaborator

@q1blue q1blue commented Sep 23, 2024

snyk-top-banner

Snyk has created this PR to upgrade react-redux from 5.0.7 to 9.1.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 73 versions ahead of your current version.

  • The recommended version was released on 5 months ago.

Release notes
Package name: react-redux
  • 9.1.2 - 2024-05-02

    This bugfix release removes the no-longer-necessary peer dependency on react-native, and tweaks a few TS types for compat with the upcoming React 19 release.

    Changes

    React Native Peer Dependency Removed

    We've always had an awkward peer dependency on both ReactDOM and React Native, because of the need to import the unstable_batchedUpdates API directly from each reconciler. That's part of what led to the sequence of 9.x patch releases to deal with RN compat.

    As of 9.0.3, we dropped the batching imports completely, since React 18 now batches by default. That means we didn't even have any remaining imports from react-native.

    Meanwhile, React 18.3 just came out, but so did React Native 0.74. RN 0.74 still requires React 18.2.

    This caused NPM users to have installation failures when trying to use React-Redux:

    • React-Redux has a peer dep on RN
    • RN has a peer dep on React 18.2
    • But the latest React, 18.3 would get installed in the app
    • NPM errors with a peer dep mismatch

    We no longer need to list RN as a peer dep, and dropping that also fixes the NPM installation issues as well.

    What's Changed

    Full Changelog: v9.1.1...v9.1.2

  • 9.1.1 - 2024-04-14

    This bugfix release fixes an issue with connect and React Native caused by changes to our bundling setup in v9. Nested connect calls should work correctly now.

    What's Changed

    Full Changelog: v9.1.0...v9.1.1

  • 9.1.0 - 2024-01-12

    This minor release adds a new syntax for pre-typing hooks.

    .withTypes

    Previously, the approach for "pre-typing" hooks with your app settings was a little varied. The result would look something like the below:

    import type { TypedUseSelectorHook } from "react-redux"
    import { useDispatch, useSelector, useStore } from "react-redux"
    import type { AppDispatch, AppStore, RootState } from "./store"

    export const useAppDispatch: () => AppDispatch = useDispatch
    export const useAppSelector: TypedUseSelectorHook<RootState> = useSelector
    export const useAppStore = useStore as () => AppStore

    React Redux v9.1.0 adds a new .withTypes method to each of these hooks, analogous to the .withTypes method found on Redux Toolkit's createAsyncThunk.

    The setup now becomes:

    import { useDispatch, useSelector, useStore } from "react-redux"
    import type { AppDispatch, AppStore, RootState } from "./store"

    export const useAppDispatch = useDispatch.withTypes<AppDispatch>()
    export const useAppSelector = useSelector.withTypes<RootState>()
    export const useAppStore = useStore.withTypes<AppStore>()

    What's Changed

    New Contributors

    Full Changelog: v9.0.4...v9.1.0

  • 9.0.4 - 2023-12-11

    This bugfix release updates the React Native peer dependency to be >= 0.69, to better reflect the need for React 18 compat and (hopefully) resolve issues with the npm package manager throwing peer dep errors on install.

    What's Changed

    • Allow react-native newer than 0.69 as peer dependency by @ R3DST0RM in #2107

    Full Changelog: v9.0.3...v9.0.4

  • 9.0.3 - 2023-12-10

    This bugfix release drops the ReactDOM / React Native specific use of render batching, as React 18 now automatically batches, and updates the React types dependencies

    Changelog

    Batching Dependency Updates

    React-Redux has long depended on React's unstable_batchedUpdates API to help batch renders queued by Redux updates. It also re-exported that method as a util named batch.

    However, React 18 now auto-batches all queued renders in the same event loop tick, so unstable_batchedUpdates is effectively a no-op.

    Using unstable_batchedUpdates has always been a pain point, because it's exported by the renderer package (ReactDOM or React Native), rather than the core react package. Our prior implementation relied on having separate batch.ts and batch.native.ts files in the codebase, and expecting React Native's bundler to find the right transpiled file at app build time. Now that we're pre-bundling artifacts in React-Redux v9, that approach has become a problem.

    Given that React 18 already batches by default, there's no further need to continue using unstable_batchedUpdates internally, so we've removed our use of that and simplified the internals.

    We still export a batch method, but it's effectively a no-op that just immediately runs the given callback, and we've marked it as @ deprecated.

    We've also updated the build artifacts and packaging, as there's no longer a need for an alternate-renderers entry point that omits batching, or a separate artifact that imports from "react-native".

    What's Changed

    Full Changelog: v9.0.2...v9.0.3

  • 9.0.2 - 2023-12-05

    This bugfix release makes additional tweaks to the React Native artifact filename to help resolve import and bundling issues with RN projects.

    What's Changed

    Full Changelog: v9.0.1...v9.0.2

  • 9.0.1 - 2023-12-04

    This bugfix release updates the package to include a new react-redux.react-native.js bundle that specifically imports React Native, and consolidates all of the 'react' imports into one file to save on bundle size (and enable some tricky React Native import handling).

    What's Changed

    Full Changelog: v9.0.0...v9.0.1

  • 9.0.0 - 2023-12-04

    This major release:

    • Switches to requiring React 18 and Redux Toolkit 2.0 / Redux 5.0
    • Updates the packaging for better ESM/CJS compatibility and modernizes the build output
    • Updates the options for dev mode checks in useSelector
    • Adds a new React Server Components artifact that throws on use, to better indicate compat issues

    This release has breaking changes.

    This release is part of a wave of major versions of all the Redux packages: Redux Toolkit 2.0, Redux core 5.0, React-Redux 9.0, Reselect 5.0, and Redux Thunk 3.0.

    For full details on all of the breaking changes and other significant changes to all of those packages, see the "Migrating to RTK 2.0 and Redux 5.0" migration guide in the Redux docs.

    Note

    The Redux core, Reselect, and Redux Thunk packages are included as part of Redux Toolkit, and RTK users do not need to manually upgrade them - you'll get them as part of the upgrade to RTK 2.0. (If you're not using Redux Toolkit yet, please start migrating your existing legacy Redux code to use Redux Toolkit today!)
    React-Redux is a separate, package, but we expect you'll be upgrading them together.

    # React-Redux
    npm install react-redux
    yarn add react-redux

    # RTK
    npm install @ reduxjs/toolkit
    yarn add @ reduxjs/toolkit

    # Standalone Redux core
    npm install redux
    yarn add redux

    Changelog

    React 18 and RTK 2 / Redux core 5 Are Required

    React-Redux 7.x and 8.x worked with all versions of React that had hooks (16.8+, 17.x, 18.x). However, React-Redux v8 used React 18's new useSyncExternalStore hook. In order to maintain backwards compatibility with older React versions, we used the use-sync-external-store "shim" package that provided an official userland implementation of the useSyncExternalStore hook when used with React 16 or 17. This meant that if you were using React 18, there were a few hundred extra bytes of shim code being imported even though it wasn't needed.

    For React-Redux v9, we're switching so that React 18 is now required! This both simplifies the maintenance burden on our side (fewer versions of React to test against), and also lets us drop the extra bytes because we can import useSyncExternalStore directly.

    React 18 has been out for a year and a half, and other libraries like React Query are also switching to require React 18 in their next major version. This seems like a reasonable time to make that switch.

    Similarly, React-Redux now depends on Redux core v5 for updated TS types (but not runtime behavior). We strongly encourage all Redux users to be using Redux Toolkit, which already includes the Redux core. Redux Toolkit 2.0 comes with Redux core 5.0 built in.

    ESM/CJS Package Compatibility

    The biggest theme of the Redux v5 and RTK 2.0 releases is trying to get "true" ESM package publishing compatibility in place, while still supporting CJS in the published package.

    The primary build artifact is now an ESM file, dist/react-redux.mjs. Most build tools should pick this up. There's also a CJS artifact, and a second copy of the ESM file named react-redux.legacy-esm.js to support Webpack 4 (which does not recognize the exports field in package.json). There's also two special-case artifacts: an "alternate renderers" artifact that should be used for any renderer other than ReactDOM or React Native (such as the ink React CLI renderer), and a React Server Components artifact that throws when any import is used (since using hooks or context would error anyway in an RSC environment). Additionally, all of the build artifacts now live under ./dist/ in the published package.

    Previous releases actually shipped separate individual transpiled source files - the build artifacts are now pre-bundled, same as the rest of the Redux libraries.

    Modernized Build Output

    We now publish modern JS syntax targeting ES2020, including optional chaining, object spread, and other modern syntax. If you need to . If you need to target older browsers, please transpile the packages yourself (or use the legacy-esm build artifact for ES2017).

    Build Tooling

    We're now building the package using https://github.com/egoist/tsup. We also now include sourcemaps for the ESM and CJS artifacts.

    Dropping UMD Builds

    Redux has always shipped with UMD build artifacts. These are primarily meant for direct import as script tags, such as in a CodePen or a no-bundler build environment.

    We've dropped those build artifacts from the published package, on the grounds that the use cases seem pretty rare today.

    There's now a react-redux.browser.mjs file in the package that can be loaded from a CDN like Unpkg.

    If you have strong use cases for us continuing to include UMD build artifacts, please let us know!

    React Server Components Behavior

    Per Mark's post "My Experience Modernizing Packages to ESM", one of the recent pain points has been the rollout of React Server Components and the limits the Next.js + React teams have added to RSCs. We see many users try to import and use React-Redux APIs in React Server Component files, then get confused why things aren't working right.

    To address that, we've added a new entry point with a "react-server" condition. Every export in that file will throw an error as soon as it's called, to help catch this mistake earlier.

    Dev Mode Checks Updated

    In v8.1.0, we updated useSelector to accept an options object containing options to check for selectors that always calculate new values, or that always return the root state.

    We've renamed the noopCheck option to identityFunctionCheck for clarity. We've also changed the structure of the options object to be:

    export type DevModeCheckFrequency = 'never' | 'once' | 'always'

    export interface UseSelectorOptions<Selected = unknown> {
    equalityFn?: EqualityFn<Selected>
    devModeChecks?: {
    stabilityCheck?: DevModeCheckFrequency
    identityFunctionCheck?: DevModeCheckFrequency
    }
    }

    hoist-non-react-statics and react-is Deps Inlined

    Higher Order Components have been discouraged in the React ecosystem over the last few years. However, we still include the connect API. It's now in maintenance mode and not in active development.

    As described in the React legacy docs on HOCs, one quirk of HOCs is needing to copy over static methods to the wrapper component. The hoist-non-react-statics package has been the standard tool to do that.

    We've inlined a copy of hoist-non-react-statics and removed the package dep, and confirmed that this improves tree-shaking.

    We've also done the same with the react-is package as well, which was also only used by connect.

    This should have no user-facing effects.

    TypeScript Support

    We've dropped support for TS 4.6 and earlier, and our support matrix is now TS 4.7+.

    What's Changed

    Full Changelog: v8.1.2...v9.0.0

  • 9.0.0-rc.0 - 2023-11-16

    This release candidate improves tree-shaking behavior in v9 to account for changes in bundling setup.

    Note that we hope to release Redux Toolkit 2.0, Redux core 5.0, and React-Redux 9.0 by the start of December! (If we don't hit that, we'll aim for January, after the holidays.)

    See the preview Redux Toolkit 2.0 + Redux core 5.0 Migration Guide for an overview of breaking changes in RTK 2.0 and Redux core.

    to package.json in v9 by @ markerikson in #2079
  • Inline react-is utils to fix tree-shaking in 9.0 by @ markerikson in #2085

Full Changelog: v9.0.0-beta.0...v9.0.0-rc.0

  • 9.0.0-beta.0 - 2023-10-01

    This beta release fixes the imports of use-sync-external-store when used in an ESM environment, and includes the fixes in v8.1.3.

    Redux Toolkit 2.0 release when it is ready.

    What's Changed

    Full Changelog: v9.0.0-alpha.1...v9.0.0-beta.0

  • 9.0.0-alpha.1 - 2023-08-26
  • 9.0.0-alpha.0 - 2023-08-23
  • 8.1.3 - 2023-10-01
  • 8.1.2 - 2023-07-29
  • 8.1.1 - 2023-06-21
  • 8.1.0 - 2023-06-13
  • 8.0.7 - 2023-05-31
  • 8.0.6 - 2023-05-30
  • 8.0.5 - 2022-11-04
  • 8.0.4 - 2022-09-23
  • 8.0.3 - 2022-09-23
  • 8.0.2 - 2022-05-22
  • 8.0.1 - 2022-04-20
  • 8.0.0 - 2022-04-16
  • 8.0.0-rc.1 - 2022-04-13
  • 8.0.0-rc.0 - 2022-04-10
  • 8.0.0-beta.4 - 2022-04-02
  • 8.0.0-beta.3 - 2022-02-06
  • 8.0.0-beta.2 - 2021-12-22
  • 8.0.0-beta.1 - 2021-11-20
  • 8.0.0-beta.0 - 2021-11-19
  • 8.0.0-alpha.1 - 2021-11-02
  • 8.0.0-alpha.0 - 2021-10-03
  • 7.2.9 - 2022-09-23
  • 7.2.8 - 2022-04-01
  • 7.2.7 - 2022-03-31
  • 7.2.6 - 2021-10-25
  • 7.2.5 - 2021-09-04
  • 7.2.4 - 2021-04-24
  • 7.2.3 - 2021-03-23
  • 7.2.2 - 2020-10-26
  • 7.2.1 - 2020-07-25
  • 7.2.0 - 2020-02-18
  • 7.1.3 - 2019-11-06
  • 7.1.2 - 2019-11-06
  • 7.1.2-alpha.0 - 2019-11-05
  • 7.1.1 - 2019-08-26
  • 7.1.0 - 2019-06-11
  • 7.1.0-rc.1 - 2019-05-30
  • 7.1.0-alpha.5 - 2019-05-20
  • 7.1.0-alpha.4 - 2019-05-01
  • 7.1.0-alpha.3 - 2019-04-28
  • 7.1.0-alpha.2 - 2019-04-28
  • 7.1.0-alpha.1 - 2019-04-22
  • 7.1.0-alpha.0 - 2019-04-22
  • 7.0.3 - 2019-04-28
  • 7.0.2 - 2019-04-12
  • 7.0.1 - 2019-04-09
  • 7.0.0 - 2019-04-09
  • 7.0.0-beta.1 - 2019-04-04
  • 7.0.0-beta.0 - 2019-03-22
  • 6.0.1 - 2019-02-20
  • 6.0.0 - 2018-12-05
  • 6.0.0-beta.3 - 2018-11-23
  • 6.0.0-beta.2 - 2018-11-06
  • 6.0.0-beta.1 - 2018-11-06
  • 6.0.0-alpha.ede6245 - 2018-09-20
  • 6.0.0-alpha.2a2f108 - 2018-09-20
  • 6.0.0-alpha.9210282 - 2018-09-20
  • 5.1.2 - 2019-10-08
  • 5.1.1 - 2018-11-10
  • 5.1.0 - 2018-10-25
  • 5.1.0-test.1 - 2018-06-21
  • 5.0.7 - 2018-02-16
  • from react-redux GitHub release notes

    Important

    • Warning: This PR contains a major version upgrade, and may be a breaking change.
    • Check the changes in this PR to ensure they won't cause issues with your project.
    • This PR was automatically created by Snyk using the credentials of a real user.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

    For more information:

    Snyk has created this PR to upgrade react-redux from 5.0.7 to 9.1.2.
    
    See this package in npm:
    react-redux
    
    See this project in Snyk:
    https://app.snyk.io/org/q1blue-rxw/project/bdbbf06a-6461-452e-8ca0-9cea9cf361b9?utm_source=github&utm_medium=referral&page=upgrade-pr
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    None yet
    Projects
    None yet
    Development

    Successfully merging this pull request may close these issues.

    2 participants