chore(deps): bump zustand from 4.5.7 to 5.0.11 in /frontend#1309
chore(deps): bump zustand from 4.5.7 to 5.0.11 in /frontend#1309dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
dependabot
bot
added
dependencies
|
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Bumps [zustand](https://github.com/pmndrs/zustand) from 4.5.7 to 5.0.11. - [Release notes](https://github.com/pmndrs/zustand/releases) - [Commits](pmndrs/zustand@4.5.7...v5.0.11) --- updated-dependencies: - dependency-name: zustand dependency-version: 5.0.11 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/frontend/zustand-5.0.11
branch
from
c556fa1 to
95f5394
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| "yaml": "^2.8.1", | ||
| "zod": "^4.3.6", | ||
| "zustand": "^4.5.7" | ||
| "zustand": "^5.0.11" |
There was a problem hiding this comment.
Zustand v5 upgrade breaks selectors returning new objects
High Severity
Bumping zustand from v4 to v5 introduces infinite re-render loops. In v5, useStore uses React's useSyncExternalStore with Object.is comparison, so selectors returning new object literals (e.g., (state) => ({ a: state.a, b: state.b })) produce unstable references that trigger endless re-renders. This pattern is used extensively throughout the codebase — in InfiniteDataTable, useSelection, ColumnsMenu, EvalColumnsMenu, EvaluationDatapointsTableContent, and many callers of useAdvancedSearchContext, useChartBuilderStoreContext, and useDashboardEditorStoreContext. Each needs wrapping with useShallow or refactoring to select individual values.
|
Superseded by #1483. |
dependabot
bot
deleted the
dependabot/npm_and_yarn/frontend/zustand-5.0.11
branch
1 participant
Bumps zustand from 4.5.7 to 5.0.11.
Release notes
Sourced from zustand's releases.
... (truncated)
Commits
99379a65.0.11c81b4ebchore(deps): update dev dependencies (#3375)3871d53fix(immer): Proper typing for immer middleware in combination with slices (#...9b505acfix(persist): use window.localStorage as default storage reference (#3367)267a57cUpdate code block in tutorial-tic-tac-toe.md (#3373)6813f7bdocs: remove stray Russian comment in beginner-typescript guide (#3369)d9ea330docs(testing): fix undefined counterStoreRef variable (#3368)6e026d7chore: improve typing in devtools middleware (#3362)e7d4593Revert "chore(deps): bump pmndrs/docs/.github/workflows/build.yml from 2 to 3...0f49ad8chore(deps): bump pmndrs/docs/.github/workflows/build.yml from 2 to 3 (#3364)Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for zustand since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Note
Medium Risk
Major upgrade of
zustandcould introduce subtle runtime/typing changes across multiple client-side stores (includingpersist/shallowusage), despite no app code changes. Lockfile churn also updates a few transitive packages, which could affect builds in edge environments.Overview
Bumps the frontend state-management dependency
zustandfrom4.5.7to5.0.11.Updates
pnpm-lock.yamlaccordingly, including the newzustandpeer dependency onuse-sync-external-storeand incidental transitive version bumps (e.g.,@codemirror/*,@types/node,semver,isexe).Written by Cursor Bugbot for commit 95f5394. This will update automatically on new commits. Configure here.