build(deps): bump zustand from 4.5.7 to 5.0.12 in /frontend#1483
build(deps): bump zustand from 4.5.7 to 5.0.12 in /frontend#1483dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [zustand](https://github.com/pmndrs/zustand) from 4.5.7 to 5.0.12. - [Release notes](https://github.com/pmndrs/zustand/releases) - [Commits](pmndrs/zustand@4.5.7...v5.0.12) --- updated-dependencies: - dependency-name: zustand dependency-version: 5.0.12 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
|
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| "yaml": "^2.8.1", | ||
| "zod": "^4.3.6", | ||
| "zustand": "^4.5.7" | ||
| "zustand": "^5.0.12" |
There was a problem hiding this comment.
Zustand v5 drops useStore equality function third argument
High Severity
Bumping zustand from v4 to v5 breaks useSignalStoreContext in frontend/components/signal/store.tsx, which passes an equalityFn as the third argument to useStore(store, selector, equalityFn). In zustand v5, useStore no longer accepts an equality function — that parameter is silently ignored at runtime. Multiple callers (in cluster-breadcrumbs.tsx, cluster-list/index.tsx, clusters-section/index.tsx, events-table/index.tsx) pass shallow as the equality function, but since it's now ignored, selectors returning new array/object references will trigger re-renders on every state change, causing potential performance degradation or render loops. The fix is to use useStoreWithEqualityFn from zustand/traditional or wrap selectors with useShallow.
1 participant
Bumps zustand from 4.5.7 to 5.0.12.
Release notes
Sourced from zustand's releases.
... (truncated)
Commits
206012d5.0.12d714065chore(deps): update dev dependencies (#3427)89ebcd7fix(devtools): correct redux devtools config type extension (#3414)6213fc1fix(persist): use latest state in post-rehydration callback (#3391)a3869cadocs: fix broken links in beginner TypeScript guide (#3423)c49df38Hotfix section linking (#3410)5561e9bFix indentation for actions in index.md (#3406)4966a15fix(readme) : comparison documentaion link (#3405)da381c3Fix README internal links for GitHub rendering (#3403)0d250b3fix persist documentation link (#3401)Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for zustand since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Note
Medium Risk
Major-version upgrade of the app’s primary client-side state library (
zustand) could introduce subtle runtime/typing behavior changes in stores and middleware (e.g.,persist,devtools), despite no code changes beyond dependency resolution.Overview
Updates
frontendto usezustandv5.0.12 (from v4.5.7) and refreshespnpm-lock.yamlaccordingly, including the newuse-sync-external-storepeer dependency wiring.Lockfile churn also bumps a few transitive build/editor dependencies (e.g., CodeMirror,
enhanced-resolve,tapable,terser-webpack-plugin).Written by Cursor Bugbot for commit 62784a2. This will update automatically on new commits. Configure here.