New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade redux-thunk from 2.2.0 to 2.3.0 #14

Merged

DavidKindler merged 1 commit into master from snyk-upgrade-f0e00f47cfcd37283a06f7e38b385741

Apr 28, 2020

Contributor

snyk-bot commented Apr 27, 2020

Snyk has created this PR to upgrade redux-thunk from 2.2.0 to 2.3.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 1 version ahead of your current version.
The recommended version was released 2 years ago, on 2018-05-28.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-450202	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-73638	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:ua-parser-js:20180227	Proof of Concept
	Prototype Pollution npm:lodash:20180130	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No Known Exploit

Release notes

Package name: redux-thunk

2.3.0 - 2018-05-28
Hello! There's a new sheriff in town...

This is only an update to the TypeScript typings for Redux 4.0 compatibility. After some discussion on the issues/PRs, we're going to be removing the typings completely in a 3.0 release soon. They will instead live in DefinitelyTyped, where they can be updated to match newer version of TypeScript and Redux at whatever pace they want to take. Farewell, typings! 🖖
- Updated TypeScript typings for Redux 4.0 (#180 by @Cryrivers)
2.2.0 - 2017-01-18
- Adds TypeScript definitions (#77)

from redux-thunk GitHub release notes

Commit messages

Package name: redux-thunk

cb8f88e 2.3.0
82142b8 Clean up infrastructure a bit.
c2a4e74 Lock the deps
8bcd7c7 Merge pull request #150 from dthree/patch-1
cd4db90 Merge pull request #182 from andreyst/patch-1
b35957b Future-proof license
cc451e3 Merge pull request #93 from npmcdn-to-unpkg-bot/npmcdn-to-unpkg
ba74505 Merge pull request #192 from mshaaban088/patch-1
e98836b Merge pull request #79 from Gaafar/patch-1
285c7aa Merge pull request #195 from Wildhoney/add-module-entry
5b2fb41 Merge pull request #180 from Cryrivers/master
67ebdc9 Added 'module' entry for module file
edcadd1 Remove this Code settings file.
be1265d Replace deprecated lifecycle method in README
b595343 export ThunkDispatch
01df0b0 update redux to 4.0.0, fix test cases
68917a1 Fix broken links to Redux website
f86bd3f Fix typings and test cases
196df61 WIP: Refine test cases
4eb7404 Remove unnecessary default values for some generic types
b9d9000 Update type definition, Fix test cases
9d5899c Upgrade TypeScript to ~2.4.0, Fix test cases
086802a Make TypeScript definition support 4.0.0-beta.2
6776450 Upgrade redux to 4.0.0-beta.2

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs


          fix: upgrade redux-thunk from 2.2.0 to 2.3.0

30769c7

Snyk has created this PR to upgrade redux-thunk from 2.2.0 to 2.3.0.

See this package in NPM:
https://www.npmjs.com/package/redux-thunk

See this project in Snyk:
https://app.snyk.io/org/davidkindler/project/16e4dae1-0136-488c-b362-2a36df007c77?utm_source=github&utm_medium=upgrade-pr

DavidKindler merged commit daa3dd8 into master

DavidKindler deleted the snyk-upgrade-f0e00f47cfcd37283a06f7e38b385741 branch

April 28, 2020 14:50

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet