Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump dexie from 2.0.4 to 3.2.2 #351

Open
wants to merge 1 commit into
base: v3.0
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 23, 2022

Bumps dexie from 2.0.4 to 3.2.2.

Release notes

Sourced from dexie's releases.

Dexie v3.2.2

Security fix

Prohibit possible prototype pollution in Dexie.setByKeyPath() (dexie/Dexie.js@1d655a6)

Bugfix

Fix #1473 Cannot use Dexie in react-native

A corresponding release 4.0.0-alpha.3 contains the same fixes for 4.x.

Dexie v3.2.1

  • Workaround for issue #613: Automatically reopen IndexedDB connection in case it was unexpectedly closed, and redo the operation. When a transaction couldn't be created due to invalid state, Dexie will reopen the IndexedDB connection and retry creating the transaction.
  • Resolves #1439 and #1369 by extending the "exports" field to include "require" compliant version of dexie.

Dexie v3.2.1-beta.2

Should resolve #1439 and #1369 by extending the "exports" field to include "require" compliant version of dexie.

Dexie v3.2.1-beta.1

Contains a workaround for Chrome issue #613. Needs to be tested in the field a while before we can release this publicly.

Dexie v3.2.0

Dexie.js has become Reactive

After one year in alpha, beta and RC, Dexie.js with liveQuery() is now officially released. The main reason for this new feature is better integration with frontend libraries like React, Svelte, Vue and Angular.

Together with this release, the website https://dexie.org also got a face lift with tutorials for React, Svelte, Vue and Angular.

dexie.org

Take a look past the updated website. Old tutorials are replaced with modern relevant framework specific ones. We've added React, Svelte, Vue and Angular samples on the landing page.

All changes since 3.0.3 in chronological order

  • PR 1104: dbName follows dependencies.indexedDB (II)
  • Option {allKeys: true} to bulkPut() and bulkAdd() will be equally fast as not providing that option.
  • Code cleanup and optimizations.
  • Expose IDB 'close' event: dfahlander/Dexie.js#1212
  • BulkError: Possible to track individual errors. Add failuresByPos property: dfahlander/Dexie.js#1209
  • Dexie.getDatabaseNames(): Small optimization for our workaround for non-chromium browsers lacking the IDBFactory.databases(). commit.
  • Argument to on.ready() callback will get a special Dexie instance that is not blocked (vip Dexie). This was the case also before but then we had to rely on zone state. This change makes it possible to perform non-dexie operations in on.read() callback (such as fetch()), loosing the zone state (PSD) but still have VIP access to the Dexie instance. This makes the code in a on.ready() callback not having to deal with wrapping all non-Dexie calls with Promise.resolve().
  • Allow multiple calls to Version.upgrade() on the same version - will run all of them instead just of the latest registered.
  • Retiring old workaround for safari 8 bug not allowing array argument to IDBDatabase.transaction().
  • Dexie.delete() specifies an empty addons list to ensure no addons are involved when deleting a database using that static method.
  • Minor extended the DBCore interface to make it possible for Dexie Cloud to sync certain operations consistently. Specifically, middlewares that implement the DBCoreTable.mutate() endpoint now also gets information on the where-critera and the update specification when originating from Collection.modify() or Collection.delete().
  • Support for Chrome's transaction durability option in Dexie constructor. PR #1367
  • Official event Dexie.on('storagemutated')
  • Typings: Stop exporting Dexie as namespace. Enables VSCode's ergonomic auto-import feature for dexie. The namespace export was not even working as expected. The intent had been to support those that code Typescript without using modules. But even they must have been disappointed because the typings did not only reveal parts of the Dexie API.
  • Let liveQuery() be type-wise compable with RxJS (PR #1417)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [dexie](https://github.com/dfahlander/Dexie.js) from 2.0.4 to 3.2.2.
- [Release notes](https://github.com/dfahlander/Dexie.js/releases)
- [Commits](dexie/Dexie.js@v2.0.4...v3.2.2)

---
updated-dependencies:
- dependency-name: dexie
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label May 23, 2022
@agenaille
Copy link

Bumping this. We would like to see this merged to fix the high security finding in dexie 2.0.4

@iamchrismiller
Copy link

Any updates here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants