[Snyk] Upgrade redux from 3.0.4 to 3.7.2 #4
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)
Snyk has created this PR to upgrade redux from 3.0.4 to 3.7.2.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 22 versions ahead of your current version.
The recommended version was released on 7 years ago.
Release notes
Package name: redux
Changes
This reverts the
console.error
onbindActionCreators()
coming from #2279.While well-intentioned, when star importing all exports from a module (
import * as actions from './actions'
), transpilation by Babel defaults to adding adefault
and__esModule
property to the import, which are not functions. While it can be disabled, this isn't common to do and leads to a lot of confusion. So, we're reverting the change.Thanks for the feedback from everyone and the civility and healthy discourse on the issue!
Another long break!
Oh, hey! I didn't see you sitting there. You look bored. How about a Redux release to spice things up?
Not a huge set of changes to report here. The biggest change, and the reason for the minor bump, is the UMD build is now done via Rollup. One big advantage is more readable code in the bundle. Rollup does "scope hoisting", which is a fancy term for putting every module at the top level of the file. Other than a surrounding IIFE, all of the code in Redux all lives together. You can compare the two here:
Rollup UMD build
vs
Webpack UMD build
There is also a cost savings of 30,811 vs 26,880 bytes, and 6,999 vs 5,995 bytes minified. Redux is already a small library, and this helps shave some extra bytes for our UMD users.
One thing to note is that Webpack has introduced it's own scope hoisting feature in 3.0 beta. So, this isn't intended as an indictment of Webpack. You should continue to use it in your own apps. The adage of "Webpack is for apps, Rollup is for libraries" definitely holds true. It still has a superior developer experience with hot module reloading and webpack-dev-server. But use whatever makes sense for your project, not just whatever we use. 😄
We're also looking at applying this to the NPM bundle. The main motivation is again more readable code in your bundles. Instead of transpilation oddities from Babel, you will end up with a single clean file, which should be easier to read through and debug. It's currently scheduled for the big, mythical 4.0 release and you can follow along in #2358
Changes
Hey, it's been a while!
How's everyone doing? Enjoying your summer (or winter for the Southern Hemisphere folks)?
This is a bugfix release for Redux. We're working towards a 4.0 with more substantial changes. Please see #1342 to pitch in!
Dan also ported all the examples (except the universal one) in #1883 to use the excellent Create React App. This means the changes in #1800 have been lost. If you'd like to help out, we would love PRs on the examples to modernize and clean them up.
Changes
symbol-observable
that works in IE8 (#1659)dispatch
to not be available while middleware is initializing. (#1644, #1647)jsnext:main
to point to a Rollup-friendly ES Modules build inredux/es
. It still depends on Lodash so you can’t use withoutrollup-plugin-commonjs
, but importing individual functions likeimport { createStore } from 'redux'
should now work, and you shouldn’t be getting an error when you usenpm({ jsnext: true })
anymore due to a brokenjsnext:main
. (#1369, #1042, #1327)Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: