Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade redux from 3.0.4 to 3.7.2 #4

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

andrewbrereton
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade redux from 3.0.4 to 3.7.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 22 versions ahead of your current version.

  • The recommended version was released on 7 years ago.

Release notes
Package name: redux
  • 3.7.2 - 2017-07-13

    Changes

  • 3.7.1 - 2017-06-26

    This reverts the console.error on bindActionCreators() coming from #2279.

    While well-intentioned, when star importing all exports from a module (import * as actions from './actions'), transpilation by Babel defaults to adding a default and __esModule property to the import, which are not functions. While it can be disabled, this isn't common to do and leads to a lot of confusion. So, we're reverting the change.

    Thanks for the feedback from everyone and the civility and healthy discourse on the issue!

  • 3.7.0 - 2017-06-17

    Another long break!

    Oh, hey! I didn't see you sitting there. You look bored. How about a Redux release to spice things up?

    Not a huge set of changes to report here. The biggest change, and the reason for the minor bump, is the UMD build is now done via Rollup. One big advantage is more readable code in the bundle. Rollup does "scope hoisting", which is a fancy term for putting every module at the top level of the file. Other than a surrounding IIFE, all of the code in Redux all lives together. You can compare the two here:

    Rollup UMD build
    vs
    Webpack UMD build

    There is also a cost savings of 30,811 vs 26,880 bytes, and 6,999 vs 5,995 bytes minified. Redux is already a small library, and this helps shave some extra bytes for our UMD users.

    One thing to note is that Webpack has introduced it's own scope hoisting feature in 3.0 beta. So, this isn't intended as an indictment of Webpack. You should continue to use it in your own apps. The adage of "Webpack is for apps, Rollup is for libraries" definitely holds true. It still has a superior developer experience with hot module reloading and webpack-dev-server. But use whatever makes sense for your project, not just whatever we use. 😄

    We're also looking at applying this to the NPM bundle. The main motivation is again more readable code in your bundles. Instead of transpilation oddities from Babel, you will end up with a single clean file, which should be easier to read through and debug. It's currently scheduled for the big, mythical 4.0 release and you can follow along in #2358

    Changes

  • 3.6.0 - 2016-09-04

    Hey, it's been a while!

    How's everyone doing? Enjoying your summer (or winter for the Southern Hemisphere folks)?

    This is a bugfix release for Redux. We're working towards a 4.0 with more substantial changes. Please see #1342 to pitch in!

    Dan also ported all the examples (except the universal one) in #1883 to use the excellent Create React App. This means the changes in #1800 have been lost. If you'd like to help out, we would love PRs on the examples to modernize and clean them up.

    Changes

    • Updated symbol-observable to 1.0.2 (#1663 and #1877)
    • Added a Redux logo (#1671)
    • Replace es3ify with Babel ES3 transforms (#1688)
    • Run tests on Node 6 (#1673)
    • Optimize one function case in compose (#1701)
    • Check ES3 syntax compatibility (#1720)
    • TypeScript: preloadedState is optional (#1806)
    • Add a warning for undefined properties passed to combineReducers (#1789)
    • Add module entry point for webpack 2 (#1871)
    • TypeScript: Improve typings for compose function (#1868)
  • 3.5.2 - 2016-04-24
    • Enforces a newer version of symbol-observable that works in IE8 (#1659)
  • 3.5.1 - 2016-04-20
    • Fixes a regression introduced in 3.5.0 that caused dispatch to not be available while middleware is initializing. (#1644, #1647)
  • 3.5.0 - 2016-04-20
    • Adds interop with observable libraries (#1632)
  • 3.4.0 - 2016-04-08
  • 3.3.1 - 2016-02-06
    • ES Modules build now uses the ES Modules build of Lodash. This makes vanilla Redux code include zero CommonJS interop for Rollup users. (#1372)
  • 3.3.0 - 2016-02-05
    • Fixes jsnext:main to point to a Rollup-friendly ES Modules build in redux/es. It still depends on Lodash so you can’t use without rollup-plugin-commonjs, but importing individual functions like import { createStore } from 'redux' should now work, and you shouldn’t be getting an error when you use npm({ jsnext: true }) anymore due to a broken jsnext:main. (#1369, #1042, #1327)
  • 3.2.1 - 2016-02-02
  • 3.2.0 - 2016-02-01
  • 3.1.7 - 2016-01-31
  • 3.1.6 - 2016-01-31
  • 3.1.5 - 2016-01-30
  • 3.1.4 - 2016-01-29
  • 3.1.3 - 2016-01-29
  • 3.1.2 - 2016-01-28
  • 3.1.1 - 2016-01-28
  • 3.1.0 - 2016-01-28
  • 3.0.6 - 2016-01-25
  • 3.0.5 - 2015-12-12
  • 3.0.4 - 2015-10-23
from redux GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade redux from 3.0.4 to 3.7.2.

See this package in npm:
redux

See this project in Snyk:
https://app.snyk.io/org/andrewbrereton/project/ac2f925e-1d58-4aa5-a3da-c6b452ff23de?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants