Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade @reduxjs/toolkit from 1.9.5 to 2.2.5 #78

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

WontonSam
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade @reduxjs/toolkit from 1.9.5 to 2.2.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 27 versions ahead of your current version.

  • The recommended version was released on 2 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ADOBECSSTOOLS-6096077
124 No Known Exploit
high severity Path Traversal
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555
124 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574
124 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574
124 Proof of Concept
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
124 Proof of Concept
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
124 Proof of Concept
high severity Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137
124 Proof of Concept
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
124 No Known Exploit
medium severity Improper Control of Dynamically-Managed Code Resources
SNYK-JS-EJS-6689533
124 No Known Exploit
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509
124 No Known Exploit
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610
124 Proof of Concept
Release notes
Package name: @reduxjs/toolkit
  • 2.2.5 - 2024-05-16

    This bugfix release fixes an issue in the recent createEntityAdapter sorting perf improvements that could (in specific cases) cause Immer to throw an error when trying to read a plain JS value instead of a proxy-wrapped value.

    What's Changed

    • Fix missed spot where use of current may fail if the value is not a draft by @ markerikson in #4412

    Full Changelog: v2.2.4...v2.2.5

  • 2.2.4 - 2024-05-09

    This bugfix release improves sorting performance in createEntityAdapter, shrinks the code size in matcher utilities, fixes assorted issues with query hooks, and makes several TS tweaks.

    Changelog

    Entity Adapter Sorting Performance

    Users reported in #4252 that the sorting performance of createEntityAdapter seemed abnormally bad - the provided comparison functions were being called far more times than expected.

    Upon investigation, we had a couple of problems. We were always starting from an array that was in insertion order, not the existing sorted order, and that would always require significant effort to re-sort even if there weren't any actual changes to the sorted results. Also, the sorting checks required frequent access to Immer's Proxy-wrapped values, even in cases where all we needed was the plain state values for comparison purposes.

    We've reworked the internal sorting logic to always start from the existing sorted array, do reads against a plain value to avoid the Proxy getter overhead where possible, and optimized inserts into existing sorted arrays. This should significantly speed up sorted entity adapter behavior.

    Matcher Code Size Optimization

    We've reworked the internals of the thunk-related matchers to deduplicate some of the logic, shaving a few bytes off the final bundle size.

    RTK Query Hook Updates

    defaultSerializeQueryArgs can now handle BigInt values safely.

    The isLoading flag logic was improved to handle errors when a query hook tries to subscribe.

    TS Updates

    create.asyncThunk's types were improved to avoid cases where it might infer any.

    We've made several internal types changes to work correctly with React 19's upcoming types.

    The retryCondition method now receives unknown as an argument, instead of always assuming the user is using fetchBaseQuery.

    Other Changes

    The Reselect dep has been bumped to 5.1.0 to match the expected internal usage of createSelector.withTypes().

    What's Changed

    Full Changelog: v2.2.3...v2.2.4

  • 2.2.3 - 2024-03-31

    This bugfix release fixes the types for functions that accept a React Context instance to match the changes in React Redux v9.

    What's Changed

    • Update React Redux dependency to v9, and update docs to use .withTypes by @ aryaemami59 in #4308

    Full Changelog: v2.2.2...v2.2.3

  • 2.2.2 - 2024-03-21

    This patch release fixes an incorrect build setting for the legacy-esm artifacts, and fixes an issue with RTKQ query hooks didn't always remove the cache entries if arguments were changed rapidly.

    Changes

    legacy-esm Artifact Transpilation

    The legacy-esm build artifacts are intended for use by Webpack 4. Those were supposed to be transpiled to target "es2017", but were in fact still set to target "esnext" - an oversight during the 2.0 development cycle. This release fixes that setting, so those artifacts are now correctly transpiled.

    Other Fixes

    RTKQ query hooks now handle additional actions around argument changes that should result in cache entries being removed.

    Additionally, 2.2.1 contained a fix to an incorrectly named type: TypedUseMutationTrigger is now TypedMutationTrigger.

    What's Changed

    Full Changelog: v2.2.0...v2.2.2

  • 2.2.1 - 2024-02-14

    Release 2.2.1

  • 2.2.0 - 2024-02-12

    This minor release:

    • Adds a second parameter to entityAdapter.getInitialState(additionalProps, entities) to allow prefilling state
      • Equivalent to entityAdapter.setAll(entityAdapter.getInitialState(additionalProps), entities)
      • First parameter can be undefined if no additional properties are desired
    • Allows initialising combineSlices with no static reducers
      • Previously const combinedReducer = combineSlices().withLazyLoadedSlices<LazyLoadedSlices>() would have thrown an error
      • Now returns a "no-op" reducer that just returns an empty object until first reducer injected
    • Allows a new 'throw' value for overrideExisting in injectEndpoints, which throws an error if a definition is injected with a name which is already used
    • Exports more type helpers for RTKQ hook and trigger types
    • Exports types related to overriding result types in enhanceEndpoints
    • Fixes state inference for injected slices when undeclared (i.e. not in LazyLoadedSlices)
    • Adds a action.meta.arg.isPrefetch value to query thunk actions when prefetched

    What's Changed

    New Contributors

    Full Changelog: v2.1.0...v2.2.0

  • 2.1.0 - 2024-01-24

    This minor release:

    • adds withTypes methods to listenerMiddleware and createDraftSafeSelector
    • adds a skipPollingIfUnfocused option to RTK Query
    • adds the ability to customise the createSelector instance used by RTK Query
    • reworks slice selector logic to avoid depending on this value
    • fixes the order and inference of create.asyncThunk type parameters
    • fixes requirements for meta fields returned from queryFns
    • marks promises that will never reject as safe, in preparation for typescript-eslint/typescript-eslint#7008

    What's Changed

Snyk has created this PR to upgrade @reduxjs/toolkit from 1.9.5 to 2.2.5.

See this package in npm:
@reduxjs/toolkit

See this project in Snyk:
https://app.snyk.io/org/cachiman/project/e20e5a5e-b901-42dc-b813-d723283841e8?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

google-cla bot commented Jul 16, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Upgrading from version 2.0.1 to 2.1.0 or 2.2.0 breaks vite build with TS (TS7006) errors
2 participants