Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade reselect from 4.0.0 to 4.1.8 #2

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

apiiro-snyk
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade reselect from 4.0.0 to 4.1.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 15 versions ahead of your current version.

  • The recommended version was released on a year ago.

Release notes
Package name: reselect
  • 4.1.8 - 2023-04-16

    This release updates our build tooling, tweaks the MergeParameters type to better handle spread values, and fixes an erroneous .clearCache() method included on the resultFunc.

    What's Changed

    • fix types on resultFunc (#591) by @ bdwain in #592
    • Port 5.0 build tooling changes from main by @ markerikson in #606
    • Infer correct state when input selectors are a mix of explicit and rest syntax in createSelector by @ PeterBul in #602

    Full Changelog: v4.1.7...v4.1.8

  • 4.1.7 - 2022-11-04

    This release updates the TS types to work correctly with TS 4.9, which made a change that broke the existing MergeParameters type implementation. Happily, the TS team provided a better (and simpler!) MergeParameters implementation. Since that only works with TS 4.7+, we've reworked the internals to handle providing the old implementation to TS 4.2..4.6, and the new implementation to TS 4.7 and greater.

    As a user, there should be no visible change - just update to 4.1.7.

    What's Changed

    Full Changelog: v4.1.6...v4.1.7

  • 4.1.6 - 2022-06-07

    This release updates the TS types to better handle cases with default parameters, or any/unknown types.

    What's Changed

    Full Changelog: v4.1.5...v4.1.6

  • 4.1.5 - 2021-11-24

    This release updates the TS types to correctly infer selector parameters when input selectors have undefined or null as a parameter type or have optional parameters, and exports the CreateSelectorFunction type to fix uses of createStructuredSelector.

    (The types fixes feel like playing whack-a-mole, but they keep getting better!

    What's Changed

    Full Changelog: v4.1.4...v4.1.5

  • 4.1.4 - 2021-11-17

    This release has (you guessed it) more fixes to the TS types: a change to parameter merging that fixes breakage with selectors and RTK Query's API state, a simplification of the OutputSelectorFields type to improve selector variable readability, another update to parameter merging to flag nested never fields as compile errors, and a fix to createStructuredSelector parameters to resolve a lib compilation problem.

    Changelog

    More TS Fixes

    The parameter merging fixes in 4.1.3 tried to "unwrap/expand" the parameter types to make them more readable, such as showing intersected objects as {a, b, c} instead of {a} & {b} & {c}. This was done with a recursive expansion type. That turned out to break with the complex state types used by RTK Query. We've updated the type expansion to only be a single level instead, which fixes the compilation issue.

    The OutputSelectorFields type previously took two generics: the Combiner function, and a Result type. This led to extra values being shown in hover previews for selectors. By inferring Result = ReturnType<Combiner>, we were able to drop the second generic and cut down on the amount of types shown in previews.

    A user noted that intersected objects with top-level incompatible fields (like {a: string} & {a: number}) resulted in empty objects, but no compile error. We've updated the parameter merging to flag those as never and catch the problem at compile time. Deeper nested incompatible fields should already be caught by TS.

    The previous fix to createStructuredSelector missed a step in the spreading process, which has now been fixed.

    What's Changed

    Full Changelog: v4.1.3...v4.1.4

  • 4.1.3 - 2021-11-16

    This release rewrites the TS type inference of input selector parameters for correctness, fixes inference of createStructuredSelector inputs, and fixes an issue with the OutputSelectorFields type not being exported.

    Changelog

    Input Selector Parameter Inference Improvements

    Reselect's types have always been extremely tricky, because it involves passing multiple input selectors with potentially heterogeneous, and then nested function composition of multiple selectors. Additionally, the input selectors can be passed as individual arguments or a single array of input selectors.

    The 4.0.0 typedefs dealt with this by hand-writing dozens of overloads, which was absolutely impossible to maintain.

    In 4.1, we took advantage of TS's improved abilities to infer array/tuple types to consolidate the typedefs.

    One of the issues that happened as a result was that arguments at the same input parameter index were being "unioned" together, rather than "intersectioned". For example, in this complex selector:

    const input1 = (
    _: StateA,
    { testNumber }: { testNumber: number },
    c: number,
    d: string
    ) => testNumber

    const input2 = (
    _: StateA,
    { testString }: { testString: string },
    c: number | string
    ) => testString

    const input3 = (
    _: StateA,
    { testBoolean }: { testBoolean: boolean },
    c: number | string,
    d: string
    ) => testBoolean

    const input4 = (_: StateA, { testString2 }: { testString2: string }) =>
    testString2

    const testSelector = createSelector(
    input1,
    input2,
    input3,
    input4,
    (testNumber, testString, testBoolean) => testNumber + testString
    )

    The second arg should end up as an object like {testNumber: number, testString: string, testBoolean: boolean, testString2: string}. However, it was ending up as four separate one-field objects. Similarly, the combination of number and number | string should be narrowed down to just number as an acceptable value.

    We've rewritten the types to successfully accomplish that (although it took a lot of collective effort and headbanging to actually pull this off!) This should now give much more correct results when determining the final parameters that can be passed to a selector.

    createStructuredSelector Fixes

    Similarly, createStructuredSelector wasn't always inferring its arguments properly. We were able to reuse the parameter inference work here as well.

    OutputSelectorFields Exported

    The public OutputSelector type depended on an internal OutputSelectorFields type, but since OSF wasn't being exported, TS would throw errors when trying to generate declaration files that exported selectors. That is now public as well.

    What's Changed

    • Rewrite function parameter type inference to fix assorted issues by @ markerikson in #549

    Full Changelog: v4.1.2...v4.1.3

  • 4.1.2 - 2021-11-04

    This release updates the TS types to avoid TypeScript recursion limitations and improve backwards compatibility, adds doc comments to most of the TS types and field declarations, and fixes a bug with the behavior of the resultEqualityCheck option in defaultMemoize.

    Changelog

    TypeScript Updates

    We saw cases where composition of selectors past 8-9 levels of nesting would cause TS to fail with a "Type instantiation is excessively deep and possibly infinite" error.

    We've updated the types to allow additional recursion up to about 15 levels of nested selectors. Hopefully this is enough for most usages :)

    The OutputSelector generic arguments had been swapped during the rewrite for 4.1, which made it incompatible with other code that attempted to import and use that type. We've reverted the generic arguments to their previous order to fix compatibility.

    defaultMemoize adds a .clearCache() field to its return value. While the real caching is done by the memoizedResultFunc function, the actual returned selector has also been run through the memoizer and thus also has a .clearCache() field attached, but that wasn't captured in the types. We've updated the types to reflect that.

    We've also added doc comments to almost all of the internal types for clarity, as well as comments to the returned fields on selectors.

    resultEqualityCheck Behavior

    The resultEqualityCheck option wasn't saving the result if there was a cache hit, which is now fixed.

    What's Changed

    • Update defaultMemoize cache even if resultEqualityCheck is a hit by @ tetslee in #535
    • Make OutputSelector backwards compatible w/ < 4.1.0 version by @ eXamadeus in #536
    • Clarify description of createSelector by @ acrollet in #539
    • Clean up OutputSelector typing and fix bug with memoize function types by @ eXamadeus in #537

    New Contributors

    Full Changelog: v4.1.1...v4.1.2

  • 4.1.1 - 2021-10-26

    This releases fixes several TS issues and one runtime issue that were reported with the release of 4.1.0.

    Changelog

    TypeScript Fixes

    All these reported issues should now be fixed:

    • createSelector calls with 12 or more input selectors were causing TS to fail with a "Type instantiation is excessively deep" error. After this update, createSelector should now support up to 29 input selectors before TS has type issues. (and if you've got more than 29 input selectors.... what are you doing? :) )
    • Passing multiple input selectors with mismatched argument types should have been failing to compile, but was being silently accepted (ie (a: number) => 42, (b: string) => 123)
    • The OutputParametricSelector type, which is re-exported by Redux Toolkit, was inadvertently left out of the list of Reselect type exports during the rewrite and caused RTK builds to fail
    • Input selectors that were typed to return SomeType | undefined were causing the entire selector to be typed as possibly returning undefined

    Caching Undefined Values

    The previous internal cache logic had a couple of if (foundValue !== undefined) checks inside, but that broke cases where a selector intentionally wanted to return undefined as the actual result.

    The cache logic has been updated to use an internal sentinel value as the NOT_FOUND result instead, allowing undefined to be correctly cached and returned.

    What's Changed

    • Split out optional last argument (memoizeOptions) into it's own overload by @ eXamadeus in #530
    • increase subselector number by @ phryneas in #528
    • build intersection type instead of union type in GetStateFromSelectors by @ phryneas in #529
    • Update cache to support storing a value of undefined by @ markerikson in #532

    New Contributors

    Full Changelog: v4.1.0...v4.1.1

  • 4.1.0 - 2021-10-26

    This long-overdue release updates defaultMemoize to accept new options for cache size > 1 and a result equality check, updates createSelector to accept an options object containing options for the provided memoize function, makes major improvements to the TypeScript types (targeting TS 4.2+), converts the codebase to TS, improves some error messages, and adds memoizedResultFunc and lastResult to the fields attached to the selector,

    This should be a drop-in update - the only expected backwards compatibility issues are with incorrect or very outdated TypeScript usage patterns.

    Update: see https://github.com/reduxjs/reselect/releases/tag/v4.1.1 for fixes to several TS and other issues that were reported with the 4.1.0 release

    interface DefaultMemoizeOptions {
    equalityCheck?: EqualityFn
    resultEqualityCheck?: EqualityFn
    maxSize?: number
    }

    // defaultMemoize now supports a configurable cache size with LRU behavior,
    // and optional comparison of the result value with existing values
    export function defaultMemoize<F extends (...args: any[]) => any>(
    func: F,
    equalityCheckOrOptions?: EqualityFn | DefaultMemoizeOptions
    ): F

    In other words, you can still pass equalityCheck as its one additional arg, or you may pass an object containing several possible options.

    If the maxSize value is greater than 1, defaultMemoize will now use an LRU cache based on https://github.com/erikras/lru-memoize internally.

    If resultEqualityCheck is provided, it will be used to compare the newly-generated value from func against all other values in the cache, in LRU order. If a cached value is found to be equal, that value will be returned. This addresses the common todos.map(todo => todo.id) use case, where a change to any field in any todo object creates a new todos array and thus causes the output to be recalculated, but the generated IDs array is still shallow-equal to the last result. You can now pass an equality function like shallowEqual as the resultEqualityCheck argument, and it will reuse the old IDs array instead.

    createSelector Options

    Previously, the only way to customize behavior of createSelector was to generate a customized version with createSelectorCreator. By far the most common use case was customizing the equalityCheck option used with defaultMemoize, or using a different memoizer entirely. This usually looked like:

    const createShallowEqualSelector = createSelectorCreator(defaultMemoize, shallowEqual)
    const createDeepEqualSelector = createSelectorCreator(defaultMemoize, _.isEqual)
    const createCustomComparisonSelector = createSelector(_.memoize, hashFn)

    createSelectorCreator also accepted additional positional parameters, and forwarded all of them to the provided memoize function, so defaultMemoize ultimately gets called internally as defaultMemoize(actualFunction, shallowEqual).

    This added an annoying level of indirection to common customization use cases.

    createSelector now accepts an options object as its last argument, after the output selector. Currently, that object only includes one field: memoizeOptions:

    interface CreateSelectorOptions<MemoizeOptions extends unknown[]> {
      memoizeOptions: MemoizeOptions[0] | MemoizeOptions
    }

    Similar to how createSelectorCreator accepts additional "options args" that get forwarded to the memoization function, the memoizeOptions field accepts an array of those "options args" as well. If provided, these override what was given to createSelectorCreator.

    That means that you can now customize memoization behavior with direct options to createSelector. And, because defaultMemoize now accepts more options, you can directly customize defaultMemoize's behavior without using createSelectorCreator.

    Additionally, because it's very common to only need to pass one options arg to the memoization function, memoizeOptions may also be just that first options arg by itself, without any array.

    Example usages of this look like:

    const createSelectorAcceptsArgsAsArray = createSelector(
    (state: StateAB) => state.a,
    (state: StateAB) => state.b,
    (a, b) => a + b,
    {
    // Pass equalityCheck, the first options arg of defaultMemoize, in an array
    memoizeOptions: [(a, b) => a === b]
    }
    )

    const createSelectorFirstArgDirectly = createSelector(
    (state: StateAB) => state.a,
    (state: StateAB) => state.b,
    (a, b) => a + b,
    {
    // Pass equalityCheck, the first options arg of defaultMemoize, directly
    memoizeOptions: (a, b) => a === b
    }
    )

    const defaultMemoizeAcceptsFirstArgAsObject = createSelector(
    (state: StateAB) => state.a,
    (state: StateAB) => state.b,
    (a, b) => a + b,
    {
    // Pass options, the alternate first arg of defaultMemoize, directly
    memoizeOptions: {
    equalityCheck: (a, b) => a === b,
    maxSize: 10,
    resultEqualityCheck: shallowEqual
    }
    }
    )

    // Can still create custom selectors by passing args to createSelectorCreator
    const customSelectorCreatorMicroMemoize = createSelectorCreator(
    microMemoize,
    {
    maxSize: 42
    }
    )

    This should make it much easier to customize behavior.

    All of this is fully TypeScript-typed, and the possible values for memoizeOptions should be fully inferred from the provided memoize function.

    Additionally, defaultMemoize now supports clearing the cache inside a memoized function (regardless of cache size). The memoized function returned from defaultMemoize will now have a .clearCache() method attached that will clear the cache.

    When using createSelector, this can be accessed using selector.memoizedResultFunc.clearCache().

    TypeScript Improvements

    The Reselect types were written several years ago and originally targeted TS 2.x versions. As a result, the typedefs requires dozens of overloads to handle varying numbers of arguments (see the legacy typedefs file for examples).

    We've converted the codebase to be written in TypeScript, and as part of that process we've completely rewritten the TS typedefs to use modern TS syntax like mapped types. This drastically shrinks the size of the typedefs (from 1000 lines to about 115), and also improves the actual type inference overall. Assuming the input selectors are correctly and consistently typed, TS will now fully infer the return values of all input selectors, the arguments to the output selector, and the exact type of the memoized function.

    The updated types do require use of TS 4.2+. We've attempted to keep the final public type names and usage the same, but there may also be some types breakage. We'd appreciate feedback on any meaningful breakage issues so we can make further tweaks if needed.

    Given the intent of the improvements, that they're all type-only changes, the attempts to retain backwards compatibility, and TS's own versioning scheme, we're considering this to be a minor version change rather than a major.

    In pre-release testing, the main issues we saw were:

    • Input selectors that did not declare the type of the state arg. Fix: explicitly add a type to state
    • Selectors that explicitly declare all the generic type arguments, which no longer exist because they will be inferred. Fix: just delete the <A, B, C, D> generics from the createSelector() call.

    The legacy types are still included, and should automatically be used if you are using TS 4.1 and earlier. Note that the legacy types do not include the definitions for the new defaultMemoize options - you'll need to be on TS 4.2+ to use those with TS.

    Additional Tweaks

    We've improved the error messages thrown when invalid selectors are provided.

    Generated selectors now include selector.memoizedResultFunc and selector.lastResult for later access if needed.

    Changes

    The early alphas contained code from several outstanding PRs, pulled together:

    Additional work included:

    Full Changelog: v4.0.0...v4.1.0

  • 4.1.0-beta.2 - 2021-10-24

    This release fixes an issue with the typesVersions package field so that TS 4.1 and earlier correctly pick up the legacy type definitions - no other code changes.

  • 4.1.0-beta.1 - 2021-10-21
  • 4.1.0-beta.0 - 2021-10-21
  • 4.1.0-alpha.2 - 2021-10-20
  • 4.1.0-alpha.1 - 2021-10-17
  • 4.1.0-alpha.0 - 2021-10-16
  • 4.0.0 - 2018-09-30
from reselect GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade reselect from 4.0.0 to 4.1.8.

See this package in npm:
reselect

See this project in Snyk:
https://app.snyk.io/org/apiiro-snyk/project/9d63a225-8e75-4a6e-99f6-325952ac8a39?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Type inference issues caused by default param values or any/unknown type (v4.1.5)
2 participants