[Snyk] Upgrade @reduxjs/toolkit from 1.3.0 to 1.3.4 #22
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade @reduxjs/toolkit from 1.3.0 to 1.3.4.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.Release notes
Package name: @reduxjs/toolkit
This release updates our internal
nanoid
implementation, and exports it for general usage.Changes
Export
nanoid
The new
createAsyncThunk
API we added in v1.3.0 auto-generates a unique request ID every time it's called, so that your reducers can distinguish between separate calls if necessary. To do this, we inlined a copy of thenanoid/non-secure
API into RTK.The
nanoid
library just released a new version, so we've updated our inlined copy to match the implementation ofnanoid/non-secure
as of 3.0.2.Since the API is already in the codebase, we've exported it publicly in case it's useful. Usage:
Changelog
v1.3.3...v1.3.4
This release improves serializability checking in actions, and exports additional types.
Changes
Action Serializability Checks
The serializability check middleware checks the contents of all dispatched actions. When we added
createAsyncThunk
in 1.3, we tried to exclude themeta.args
path from those checks, because users may want to pass non-serializable values to their thunks, and the args are automatically added to the actions without the user explicitly putting them there.However, the field name was changed from
meta.args
tometa.arg
late in development, and the middleware wasn't updated to match, leading to some false positive warnings. We've fixed that, and added additional middleware options for ignoring paths in actions.Type Exports
Per request, we've exported
ThunkDispatch
from Redux Thunk, and the rest of the internal typedefs related to entities.Changelog
v1.3.2...v1.3.3
When we inlined the immutability check middleware in 1.3.0, we documented the
createImmutableInvariantMiddleware
API, but forgot to export it. That's been fixed.Changelog
v1.3.1...v1.3.2
This release adds additional argument types for some
createEntityAdapter
CRUD methods.Changes
createEntityAdapter
Insertion APIscreateEntityAdapter
generates three methods that can insert entity objects:setAll
,addMany
, andupsertMany
. All three of them accept an array of entities.We expect that a common use case will be to pre-normalize an API response using
normalizr
, put the parsed entities into an action, and then handleaction.payload.articles
in a reducer. However, in that case,action.payload.articles
is a pre-normalized object, not an array. While you could doarticlesAdapter.addMany(state, Object.values(action.payload.articles))
, we decided to make those three methods accept a normalized object in addition to an array, allowingarticlesAdapter.addMany(state, action.payload.articles)
to work correctly.createEntityAdapter
Usage Guide DocsWe've also added usage guide examples for
createEntityAdapter
as well.Changelog
v1.3.0...v1.3.1
This release adds two new APIs:
createEntityAdapter
to help manage normalized state, andcreateAsyncThunk
to abstract common data fetching behavior.It also improves bundle size by inlining some of our prior dependencies and fixing cases where dev APIs were accidentally being included in production, as well as using a new version of Immer that tree-shakes better.
Finally, we've improved the developer experience by tweaking our TS typings for better inference and updating the dev check middleware to warn if checks are taking too much time.
New APIs
One of the primary goals for Redux Toolkit has always been to simplify common use cases and reduce "boilerplate" by providing APIs that can replace code you were previously writing out by hand.
To that end, v1.3.0 adds two new APIs for the common use cases of async data fetching and managing normalized data in the store.
createAsyncThunk
The Redux docs have taught that async logic should typically dispatch "three-phase async actions" while doing data fetching: a "start" action before the request is made so that loading UI can be displayed, and then a "success" or "failure" action to handle loading the data or showing an error message. Writing these extra action types is tedious, as is writing thunks that dispatch these actions and differ only by what the async request is.
Given that this is a very common pattern, we've added a
createAsyncThunk
API that abstracts this out. It accepts a base action type string and a callback function that returns a Promise, which is primarily intended to be a function that does a data fetch and returns a Promise containing the results. It then auto-generates the request lifecycle action types / creators, and generates a thunk that dispatches those lifecycle actions and runs the fetching callback.From there, you can listen for those generated action types in your reducers, and handle loading state as desired.
createEntityAdapter
The Redux docs have also advised storing data in a "normalized" state shape, which typically means keeping each type of item in a structure that looks like
{ids: [], entities: {} }
. However, the Redux core provides no APIs to help manage storing and updating your data using this approach. Many community libraries exist, with varying tradeoffs, but so far we haven't officially recommended any of them.Caching data is a hard problem, and not one that we are interested in trying to solve ourselves. However, given that we do recommend this specific pattern, and that Redux Toolkit is intended to help simplify common use cases, we want to provide a minimal set of functionality to help users manage normalized state.
To help solve this, we've specifically ported the
@ngrx/entity
library to work with Redux Toolkit, with some modifications.The core API function is
createEntityAdapter
. It generates a set of reducer functions and selectors that know how to work with data that has been stored in that normalized{ids: [], entities: {} }
format, and can be customized by passing in a function that returns the ID field for a given item. If you want to keep the item IDs in a sorted order, a comparison function can also be passed in.The returned
EntityAdapter
object contains generated CRUD functions for manipulating items within that state, and generated selector functions that know how to read from that state. You can then use the generated CRUD functions and selectors within your own code.There is one very important difference between RTK's implementation and the original
@ngrx/entity
implementation. With@ngrx/entity
, methods likeaddOne(item, state)
accept the data argument first and the state second. With RTK, the argument order has been flipped, so that the methods look likeaddOne(state, item)
, and the methods can also accept a standard Redux ToolkitPayloadAction
containing the data as the second argument. This allows them to be used as Redux case reducers directly, such as passing them in thereducers
argument forcreateSlice
. They can also be used as "mutating" helper functions insidecreateReducer
andcreateSlice
as well, thanks to use of Immer internally.Documentation
We've added new API reference and usage guide sections to the Redux Toolkit docs to cover these new APIs:
createAsyncThunk
createEntityAdapter
Bundle Size Improvements and Dependency Updates
Immer 6.0
Immer has always been the largest chunk of code added to your bundle from using RTK. Until now, RTK specifically depended on Immer 4.x, since 5.x added support for handling
Map
s andSet
s (which aren't useful in a Redux app) and that support added to its bundle size.Immer's code was written in a way that kept it from tree-shaking properly. Fortunately, Immer author Michel Weststrate put in some amazing work refactoring the code to better support tree-shaking, and his efforts are now available as Immer 6.0.
Per the Immer documentation on customizing Immer's capabilities, Immer now uses a plugin architecture internally, and additional functionality has to be explicitly enabled as an opt-in. There are currently three Immer plugins that can be enabled: ES5 support (for environments without ES6 Proxies),
Map/Set
support, and JSON Patch support.Redux Toolkit force-enables ES5 support. This is because we expect RTK to be used in multiple environments that do not support Proxies, such as Internet Explorer and React Native. It's also how Immer previously behaved, so we want to keep that behavior consistent and not break code given that this is a minor release of RTK. (In a hypothetical future major release, we may stop force-enabling the ES5 plugin and ask you to do it if necessary.)
Overall, this should drop a couple KB off your app's minified bundle size.
You may choose to enable the other plugins in your app code if that functionality is desired.
Store Configuration Dependencies
Since its creation, RTK has depended on
leoasis/redux-immutable-state-invariant
to throw errors if accidental mutations are detected, and thezalmoxisus/redux-devtools-extension
NPM package to handle setup and configuration of the Redux DevTools Extension as the store is created.Unfortunately, neither of these dependencies is currently published as ES Modules, and we recently found out that the immutable middleware was actually being included in production bundles despite our attempts to ensure it is excluded.
Given that the repo for the immutable middleware has had no activity in the last 3 years, we've opted to fork the package and include the code directly inside Redux Toolkit. We've also inlined the
tiny-invariant
andjson-stringify-safe
packages that the immutable middleware depended on.The DevTools setup package, while tiny, suffers from the same issue, and so we've forked it as well.
Based on tests locally, these changes should reduce your production bundle sizes by roughly 2.5K minified.
During the development process, we found that the serializable invariant middleware was partly being included in production. We've decided that both the immutable and serializable middleware should always be no-ops in prod if they're ever included, both to ensure minimum bundle size, and to eliminate any unwanted slowdowns.
Other Changes
Type Inference Improvements
Users reported that it was possible to pass an entity adapter update method as a case reducer even if the slice state type didn't match what the update method expected (#434 ). We've updated the TS types to prevent that from being possible.
We've also had a number of cases where users had issues with the typings for action payloads depending on whether
strictNullChecks: false
was set. We've altered our action creator types to improve that behavior.Dev Check Middleware Timings
The immutability and serializability dev check middleware both do deep checks of state on every dispatch in dev mode. With a large state tree, this can sometimes noticeably slow down the app, and it's not immediately clear that the dev check middleware are responsible for this.
We've updated both middleware to record how much time is spent actually performing the state checks, and they will now log warning messages if the checks take too long to give you a heads-up that you might want to alter the middleware settings or disable them entirely. The delay is configurable, and defaults to 32ms (two UI frames).
In addition, the serializable middleware now ignores
meta.args
in every action by default. This is becausecreateAsyncThunk
automatically takes any arguments to its payload creator function and inserts them into dispatched actions. Since a user may be reasonably passing non-serializable values as arguments, and they're not intentionally inserting those into actions themselves, it seems sensible to ignore any potential non-serializable values in that field.TypeScript Support
We've dropped support for TS versions earlier than 3.5. Given that 3.8 is out, this shouldn't be a major problem for users.
Meanwhile, we've also re-exported the TS types from Reselect for convenience.
Example Usage
This example demonstrates the typical intended usage of both
createEntityAdapter
andcreateAsyncThunk
.Thanks
We'd like to thank the many people who contributed and made this release possible:
createAsyncThunk
that we based our implementation on@ngrx/entity
and allowing us to port it to Redux ToolkitcreateAsyncThunk
implementationcreateAsyncThunk
Changelog
For the complete set of code changes, see:
and this diff:
v1.2.5...v1.3.0
For the iterative changes as this release was developed, see the Releases page for the individual release notes.
Commit messages
Package name: @reduxjs/toolkit
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs