Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade redux-thunk from 2.3.0 to 3.1.0 #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade redux-thunk from 2.3.0 to 3.1.0 #5

wants to merge 1 commit into from

Conversation

Stanislav1975
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade redux-thunk from 2.3.0 to 3.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 12 versions ahead of your current version.

  • The recommended version was released on 8 months ago.

Release notes
Package name: redux-thunk
  • 3.1.0 - 2023-12-04

    This major release:

    • Updates the packaging for better ESM/CJS compatibility
    • Changes the package to use named exports instead of a default export

    This release has breaking changes. (Note: this actually points to v3.1.0, which includes a hotfix that was meant for 3.0.0.)

    This release is part of a wave of major versions of all the Redux packages: Redux Toolkit 2.0, Redux core 5.0, React-Redux 9.0, Reselect 5.0, and Redux Thunk 3.0.

    For full details on all of the breaking changes and other significant changes to all of those packages, see the "Migrating to RTK 2.0 and Redux 5.0" migration guide in the Redux docs.

    Note

    The Redux core, Reselect, and Redux Thunk packages are included as part of Redux Toolkit, and RTK users do not need to manually upgrade them - you'll get them as part of the upgrade to RTK 2.0. (If you're not using Redux Toolkit yet, please start migrating your existing legacy Redux code to use Redux Toolkit today!)

    # RTK
    npm install @ reduxjs/toolkit
    yarn add @ reduxjs/toolkit

    # Standalone
    npm install redux-thunk
    yarn add redux-thunk

    Changelog

    Named Exports Instead of Default Exports

    The redux-thunk package previously used a single default export that was the thunk middleware, with an attached field named withExtraArgument that allowed customization.

    The default export has been removed. There are now two named exports: thunk (the basic middleware) and withExtraArgument.

    If you are using Redux Toolkit, this should have no effect, as RTK already handles this inside of configureStore.

    ESM/CJS Package Compatibility

    The biggest theme of the Redux v5 and RTK 2.0 releases is trying to get "true" ESM package publishing compatibility in place, while still supporting CJS in the published package.

    The primary build artifact is now an ESM file, dist/redux-thunk.mjs. Most build tools should pick this up. There's also a CJS artifact, and a second copy of the ESM file named redux-thunk.legacy-esm.js to support Webpack 4 (which does not recognize the exports field in package.json).

    Build Tooling

    We're now building the package using https://github.com/egoist/tsup. We also now include sourcemaps for the ESM and CJS artifacts.

    The repo has been updated to use Yarn 3 for dependencies and Vitest for running tests.

    Dropping UMD Builds

    Redux has always shipped with UMD build artifacts. These are primarily meant for direct import as script tags, such as in a CodePen or a no-bundler build environment.

    For now, we're dropping those build artifacts from the published package, on the grounds that the use cases seem pretty rare today.

    Since the code is so simple, the ESM artifact can be used directly in the browser via Unpkg.

    If you have strong use cases for us continuing to include UMD build artifacts, please let us know!

    extend-redux Typedefs Removed

    Redux Thunk 2.x included a redux-thunk/extend-redux TS-only entry point, which extended the types of dispatch and bindActionCreators to globally give them knowledge of the thunk types. We feel that global overrides from a library are an anti-pattern, and we've removed this entry point. (Note: this ended up being released in 3.1.0, as it was missed in the original 3.0.0 release.)

    Please follow our TS setup guidelines to infer the correct type of dispatch for your store.

    What's Changed

    Full Changelog: v2.4.2...v3.1.0

  • 3.0.1 - 2023-12-04

    Release 3.0.1

  • 3.0.0 - 2023-12-04

    Release 3.0.0

  • 3.0.0-rc.0 - 2023-11-16

    This release candidate has no actual source code changes since the previous v3.0.0-beta.0 release.

    Note that we hope to release Redux Toolkit 2.0, Redux core 5.0, and React-Redux 9.0 by the start of December! (If we don't hit that, we'll aim for January, after the holidays.)

    See the preview Redux Toolkit 2.0 + Redux core 5.0 Migration Guide for an overview of breaking changes in RTK 2.0 and Redux core.

    @ markerikson in #356

Full Changelog: v3.0.0-beta.0...v3.0.0-rc.0

  • 3.0.0-beta.0 - 2023-08-26

    This beta release updates the TS types and tests to match the exports, and adds Redux 5.0.0-beta.0 as a valid peer dep.

    What's Changed

    Full Changelog: v3.0.0-alpha.3...v3.0.0-beta.0

  • 3.0.0-alpha.3 - 2023-04-03

    This is an alpha release for Redux-Thunk 3.0. This release has many changes to our build setup and published package contents.

    Also see the release notes for redux@5.0.0-alpha.4.

    Changelog

    ESM/CJS Package Compatibility

    The biggest theme of the Redux v5 and RTK 2.0 releases is trying to get "true" ESM package publishing compatibility in place, while still supporting CJS in the published package.

    Earlier alphas made changes to the package.json contents and published build artifacts in an attempt to get ESM+CJS compat working correctly, but those alphas had several varying compat issues.

    We've set up a battery of example applications in the RTK repo that use a variety of build tools (currently CRA4, CRA5, Next 13, and Vite, Node CJS mode, and Node ESM mode), to verify that Redux and Redux Toolkit compile, import, and run correctly with both TS and various bundlers. We've also set up a check using a custom CLI wrapper around https://arethetypeswrong.github.io to check for potential packaging incompatibilities.

    This release changes the names and contents of the published build artifacts, and the various exports/module/main fields in package.json to point to those.

    The primary build artifact is now an ESM file, dist/redux-thunk.mjs. Most build tools should pick this up. There's also a CJS artifact, and a second copy of the ESM file named redux-thunk.legacy-esm.js to support Webpack 4 (which does not recognize the exports field in package.json).

    As of this release, we think we have ESM+CJS compat working correctly, but we ask that the community try out the alphas in your apps and let us know of any compat problems!

    Note: The one known potential issue is that TypeScript's new moduleResolution: "node16" mode may see a mismatch between the ESM artifacts and the TS typedefs when imported in a Node CJS environment, and [that may allow hypothetically-incorrect import usage. (See ongoing discussion in https://github.com/arethetypeswrong/arethetypeswrong.github.io/issues/21 .) In practice, we think that probably won't be a concern, and we'll do further investigation before a final release.

    Build Tooling

    We're now building the package using https://github.com/egoist/tsup . It looks like the output is effectively equivalent, but please let us know if there's any issues.

    We also now include sourcemaps for the ESM and CJS artifacts.

    The repo has been updated to use Yarn 3 for dependencies and Vitest for running tests.

    Dropping UMD Builds

    Redux has always shipped with UMD build artifacts. These are primarily meant for direct import as script tags, such as in a CodePen or a no-bundler build environment.

    For now, we're dropping those build artifacts from the published package, on the grounds that the use cases seem pretty rare today.

    Since the code is so simple, the ESM artifact can be used directly in the browser via Unpkg.

    If you have strong use cases for us continuing to include UMD build artifacts, please let us know!

    What's Changed

    Full Changelog: v3.0.0-alpha.1...v3.0.0-alpha.3

  • 3.0.0-alpha.2 - 2023-04-03

    Release 3.0.0-alpha.2

  • 3.0.0-alpha.1 - 2023-01-18

    This is the initial alpha release for Redux Thunk 3.0. This release has breaking changes.

    Changelog

    ESM Migration

    In conjunction with the Redux Toolkit 2.0 alpha development work, we've migrated the package definition to be a full {type: "module"} ESM package (with CJS still included for compatibility purposes).

    Default Export Converted to Named Exports

    As part of that ESM migration, we've dropped the existing default export in favor of named exports. Migration of user code should be straightforward:

    // Previously: a default export that has `withExtraArgument` attached
- import thunk from 'redux-thunk'
// Now: separate named exports, no default export
+ import { thunk, withExtraArgument } from 'redux-thunk'

    That said, users really should be using configureStore from Redux Toolkit instead, which already automatically adds the thunk middleware to the Redux store.

  • 3.0.0-alpha.0 - 2023-01-17

    Release 3.0.0-alpha.0

  • 2.4.2 - 2022-11-04

    This release removes an unused TS type that caused errors when users were type-checking libraries in node_modules.

    What's Changed

    Full Changelog: v2.4.1...v2.4.2

  • 2.4.1 - 2021-11-26
  • 2.4.0 - 2021-10-26
  • 2.3.0 - 2018-05-28
    • from redux-thunk GitHub release notes

    Important

    • Warning: This PR contains a major version upgrade, and may be a breaking change.
    • Check the changes in this PR to ensure they won't cause issues with your project.
    • This PR was automatically created by Snyk using the credentials of a real user.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

    For more information:

    @snyk-bot
    feat: upgrade redux-thunk from 2.3.0 to 3.1.0
    2f821c5 
    Snyk has created this PR to upgrade redux-thunk from 2.3.0 to 3.1.0.

See this package in npm:
redux-thunk

See this project in Snyk:
https://app.snyk.io/org/stanislav1975/project/a48733f5-b6cd-4151-8d18-d9d22866236a?utm_source=github&utm_medium=referral&page=upgrade-pr
    @codesandbox-ci CodeSandbox CI
    Copy link

    codesandbox-ci bot commented Aug 9, 2024

    This pull request is automatically built and testable in CodeSandbox.

    To see build info of the built libraries, click here or the icon next to each commit SHA.

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers
    No reviews
    Assignees
    No one assigned
    Labels
    None yet
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.
    2 participants
    @Stanislav1975 @snyk-bot