Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade zustand from 5.0.0-rc.2 to 5.0.0 #79

Merged
merged 1 commit into from
Feb 2, 2025
Merged

[Snyk] Upgrade zustand from 5.0.0-rc.2 to 5.0.0 #79

merged 1 commit into from
Feb 2, 2025

Conversation

welllucky
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade zustand from 5.0.0-rc.2 to 5.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.

  • The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Cross-site Scripting (XSS)
SNYK-JS-ROLLUP-8073097		 108 Proof of Concept
Release notes
Package name: zustand
  • 5.0.0 - 2024-10-14

    🎉🎉🎉 Zustand v5 🐻🐻🐻

    TL;DR

    • No new features
    • Drop many old things
    • Migration from v4 should be smooth.

    Changes in v5

    • Drop default exports
    • Drop deprecated features
    • Make React 18 the minimum required version
    • Make use-sync-external-store a peer dependency (required for createWithEqualityFn and useStoreWithEqualityFn in zustand/traditional)
    • Make TypeScript 4.5 the minimum required version
    • Drop UMD/SystemJS support
    • Organize entry points in the package.json
    • Drop ES5 support
    • Stricter types when setState's replace flag is set
    • Persist middleware behavioral change
    • Other small improvements (technically breaking changes)

    Migration Guide

    Read the migration guide carefully:
    https://github.com/pmndrs/zustand/blob/main/docs/migrations/migrating-to-v5.md

    Frequently Reported Issue

    During the RC period, some users encountered the following infinite loop error:

    Uncaught Error: Maximum update depth exceeded. This can happen when a component repeatedly calls setState inside componentWillUpdate or componentDidUpdate. React limits the number of nested updates to prevent infinite loops.

    This case was already a non-ideal behavior in v4 but appears more explicitly as an error in v5. While there are several ways to resolve this, using useShallow often fixes the problem.

    What's Changed

    New Contributors

    Full Changelog: v4.5.5...v5.0.0

  • 5.0.0-rc.2 - 2024-09-15

    Hopefully, this will be the last RC, unless we have serious bug reports in #2741.

    What's Changed

    New Contributors

    Full Changelog: v5.0.0-rc.1...v5.0.0-rc.2

from zustand GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@welllucky welllucky force-pushed the dev branch 4 times, most recently from d52b02c to fce7a20 Compare November 27, 2024 08:56
@welllucky welllucky force-pushed the dev branch 9 times, most recently from 282b34c to f323af2 Compare December 6, 2024 22:42
@welllucky welllucky force-pushed the dev branch 7 times, most recently from 61a97f3 to c50b855 Compare January 10, 2025 01:43
@welllucky welllucky force-pushed the dev branch 9 times, most recently from aa5e27a to 0e6a8d7 Compare February 1, 2025 07:36
@welllucky welllucky force-pushed the dev branch 4 times, most recently from 9d6ca8a to 7f86d7a Compare February 1, 2025 21:16
@snyk-bot @welllucky
fix: upgrade zustand from 5.0.0-rc.2 to 5.0.0
42595b4 
Snyk has created this PR to upgrade zustand from 5.0.0-rc.2 to 5.0.0.

See this package in npm:
zustand

See this project in Snyk:
https://app.snyk.io/org/welllucky/project/2e202115-f34e-4c6e-8f6d-ce7ecac5cd1d?utm_source=github&utm_medium=referral&page=upgrade-pr
@welllucky welllucky force-pushed the snyk-upgrade-314149422cdc789354ca1abb8e11bac1 branch from cb46295 to 42595b4 Compare February 2, 2025 22:14
@github-actions github-actions bot added dependencies Pull requests that update a dependency file refactor source labels Feb 2, 2025
@welllucky welllucky enabled auto-merge (rebase) February 2, 2025 22:15
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Feb 2, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@welllucky welllucky disabled auto-merge February 2, 2025 22:27
@welllucky welllucky merged commit 5d7cbe9 into dev Feb 2, 2025
8 checks passed
@welllucky welllucky deleted the snyk-upgrade-314149422cdc789354ca1abb8e11bac1 branch February 2, 2025 22:27
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file refactor source
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@welllucky @snyk-bot