[Snyk] Upgrade redux-saga from 1.1.3 to 1.3.0 #60

Security-Test-Account · 2024-03-28T15:16:57Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade redux-saga from 1.1.3 to 1.3.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 5 versions ahead of your current version.
The recommended version was released 3 months ago, on 2024-01-02.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ASYNCVALIDATOR-2311201	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Open Redirect SNYK-JS-EXPRESS-6474509	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: redux-saga

1.3.0 - 2024-01-02
Minor Changes
- #2402 3867c02 Thanks @ Andarist! - Removed a dependency on Redux to decouple the project from the exact Redux version. This should fix the compatibility with recently released Redux 5.
Patch Changes
- Updated dependencies [9c59ac9, 3867c02]:
  - @ redux-saga/[email protected]
1.2.3 - 2023-03-17
Patch Changes
- #2372 2cccf48 Thanks @ neurosnap! - Added a channel property to the SagaMiddlewareOptions to reflect its runtime support.
- Updated dependencies [2cccf48]:
  - @ redux-saga/[email protected]
1.2.2 - 2022-12-09
Patch Changes
- #2340 345b828 Thanks @ neurosnap! - throttle now accepts a channel as originally intended
- Updated dependencies [345b828]:
  - @ redux-saga/[email protected]
1.2.1 - 2022-08-20
Patch Changes
- #2324 2466c79 Thanks @ neurosnap! - Add LICENSE file
- Updated dependencies [2466c79]:
  - @ redux-saga/[email protected]
1.2.0 - 2022-08-13
1.1.3 - 2019-11-05
Patch Changes
- #2324 2466c79 Thanks @ neurosnap! - Add LICENSE file

from redux-saga GitHub release notes

Commit messages

Package name: redux-saga

9ec63ef Version Packages (#2387)
3867c02 Inline what was being imported from `redux` (#2402)
b93a536 Add `SECURITY.md`
9c59ac9 #2385: fixed put/putResolve typings for thunk actions (#2386)
9c2af0c Fixed typo in `configureStore` function (#2375)
5640e42 Version Packages (#2373)
2cccf48 Update saga middleware options to reflect implementation (#2372)
daf805c chore: change start example scripts (#2368)
ac8ef76 docs(readme): add discord link (#2365)
e9ab0a6 chore: deploy docs website automatically (#2364)
761461a Contributing doc update (#2355)
fa8bc3b Update effects.d.ts code docs to reflect puts error bubbling behavior (#2360)
38ac71b Snippet (#2333)
4ebb593 Version Packages (#2347)
01f425c Update `prettier` and format all code (#2341)
345b828 Fixed `throttle` to accept a channel as originally intended (#2340)
478fa6f Correctly test the actual and not the expected value in one of the tests (#2344)
29a1ec3 Version Packages (#2325)
2466c79 Add LICENSE files (#2324)
bb056d2 Version Packages (#2322)
6f07fca Replace all references to the `master` branch with `main`
1b71552 Use `onlyUpdatePeerDependentsWhenOutOfRange`
38903ba Upgrade Changesets and some CI setups (#2321)
979b8b4 Add changeset about `exports` field being added to the `package.json` manifests

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade redux-saga from 1.1.3 to 1.3.0. See this package in npm: https://www.npmjs.com/package/redux-saga See this project in Snyk: https://app.snyk.io/org/david.guevara/project/16eafa73-088a-473f-8813-7905aa57bb36?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade redux-saga from 1.1.3 to 1.3.0 #60

[Snyk] Upgrade redux-saga from 1.1.3 to 1.3.0 #60

Uh oh!

Security-Test-Account commented Mar 28, 2024

Minor Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

[Snyk] Upgrade redux-saga from 1.1.3 to 1.3.0 #60

Are you sure you want to change the base?

[Snyk] Upgrade redux-saga from 1.1.3 to 1.3.0 #60

Uh oh!

Conversation

Security-Test-Account commented Mar 28, 2024

Snyk has created this PR to upgrade redux-saga from 1.1.3 to 1.3.0.

Minor Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants