Redux hooks for Vue

Overview

vue-redux-hooks codecov

Install

npm i redux vue-redux-hooks
yarn add redux vue-redux-hooks

API

ReduxStore

// store.ts
import { createStore, AnyAction } from 'redux'

function todos(state: string[] = [], action: AnyAction) {
  switch (action.type) {
    case 'ADD_TODO':
      return state.concat([action.text])
    default:
      return state
  }
}

export const store = createStore(todos, ['Use Redux'])

// after augmenting ComponentCustomProperties all other typings are not required
declare module 'vue' {
  interface ComponentCustomProperties {
    $redux: { store: typeof store; state: ReturnType<typeof store.getState> }
  }
}
// main.ts
import { createApp } from 'vue'
import { install } from 'vue-redux-hooks'
import { store } from './store'

createApp(App).use(install(store)).mount('#app')

Options

mapState

// App.vue
import { mapState } from 'vue-redux-hooks'

export default {
  data() {
    return {
      search: 'Today',
    }
  },
  computed: {
    ...mapState<{ search: string }>()({
      filteredTodos(todos: State) {
        return todos.filter((todo) => todo.includes(this.search))
      },
    }),
    // or
    filteredTodos() {
      return this.$redux.state.filter((todo) => todo.includes(this.search))
    },
  },
}

mapDispatch

// App.vue
import { mapDispatch } from 'vue-redux-hooks'

export default {
  methods: {
    ...mapDispatch()({
      addTodo: (text: string) => ({
        type: 'ADD_TODO',
        text,
      }),
    }),
    // or
    addTodo(text: string) {
      return this.$redux.store.dispatch({
        type: 'ADD_TODO',
        text,
      })
    },
  },
}

Hooks

useStore

// App.vue
import { useStore } from 'vue-redux-hooks'

export default {
  setup() {
    const store = useStore<Store>()

    const initialState = store.getState()

    return { initialState }
  },
}

useSelector

// App.vue
import { useSelector } from 'vue-redux-hooks'

export default {
  setup() {
    const search = ref('Today')

    const filteredTodos = useSelector((todos: State) =>
      todos.filter((todo) => todo.includes(search.value)),
    )

    return { filteredTodos }
  },
}

useDispatch

// App.vue
import { useDispatch } from 'vue-redux-hooks'

export default {
  setup() {
    const dispatch = useDispatch<Dispatch>()

    const addTodo = (text: string) =>
      dispatch({
        type: 'ADD_TODO',
        text,
      })

    return { addTodo }
  },
}

RTK Query

createApi

// pokemonApi.ts

// Need to use the Vue-specific entry point to allow generating Vue hooks
import { createApi } from 'vue-redux-hooks'
import { fetchBaseQuery } from '@reduxjs/toolkit/query'
import type { Pokemon } from './types'

// Define a service using a base URL and expected endpoints
export const pokemonApi = createApi({
  reducerPath: 'pokemonApi',
  baseQuery: fetchBaseQuery({ baseUrl: 'https://pokeapi.co/api/v2/' }),
  endpoints: (builder) => ({
    getPokemonByName: builder.query<Pokemon, string>({
      query: (name) => `pokemon/${name}`,
    }),
  }),
})

// Export hooks for usage in function components, which are
// auto-generated based on the defined endpoints
export const { useGetPokemonByNameQuery } = pokemonApi
// App.vue
import { toRefs, ref } from 'vue'
import { useGetPokemonByNameQuery } from './pokemonApi'

export default {
  setup() {
    const name = ref('Pikachu')

    const skip = ref(false)

    const query = useGetPokemonByNameQuery(name, {
      refetchOnReconnect: true,
      skip,
    })

    return { name, skip, ...query }
  },
}
Comments
  • chore(deps-dev): bump @typescript-eslint/parser from 2.23.0 to 2.25.0

    chore(deps-dev): bump @typescript-eslint/parser from 2.23.0 to 2.25.0

    Bumps @typescript-eslint/parser from 2.23.0 to 2.25.0.

    Release notes

    Sourced from @typescript-eslint/parser's releases.

    v2.25.0

    2.25.0 (2020-03-23)

    Bug Fixes

    • only run publish_canary_version on master (3814d4e)
    • eslint-plugin: [quotes] false positive with backtick in import equals statement (#1769) (199863d)
    • eslint-plugin: fix message of no-base-to-string (#1755) (6646959)
    • eslint-plugin-tslint: fix tslintConfig memoization key (#1719) (abf1a2f), closes typescript-eslint#1692
    • typescript-estree: export * regression from 133f622f (#1751) (09d8afc)

    Features

    • eslint-plugin: [no-unnec-type-assertion] allow const assertions (#1741) (f76a1b3)
    • eslint-plugin: [no-unnecessary-condition] ignore basic array indexing false positives (#1534) (2b9603d)
    • eslint-plugin: add class-literal-property-style rule (#1582) (b2dbd89)
    • experimental-utils: expose ast utility functions (#1670) (3eb5d45)

    v2.24.0

    2.24.0 (2020-03-16)

    Bug Fixes

    • typescript-estree: unnecessary program updates by removing timeout methods (#1693) (2ccd66b)

    Features

    • typescript-estree: support 3.8 export * as ns (#1698) (133f622)
    Changelog

    Sourced from @typescript-eslint/parser's changelog.

    2.25.0 (2020-03-23)

    Note: Version bump only for package @typescript-eslint/parser

    2.24.0 (2020-03-16)

    Features

    • typescript-estree: support 3.8 export * as ns (#1698) (133f622)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 2
  • chore(deps-dev): bump prettier from 1.19.1 to 2.0.2

    chore(deps-dev): bump prettier from 1.19.1 to 2.0.2

    Bumps prettier from 1.19.1 to 2.0.2.

    Release notes

    Sourced from prettier's releases.

    2.0.2

    🔗 Changelog

    2.0.1

    🔗 Changelog

    2.0.0

    diff

    🔗 Release Notes

    Changelog

    Sourced from prettier's changelog.

    2.0.2

    diff

    2.0 regressions

    JavaScript: Fix formatting of pseudo-elements and pseudo-classes in styled-components template literals (#7842 by @thorn0)

    // Input
    const Foo = styled.div`
      ${media.smallDown}::before {}
    `;
    

    // Prettier 2.0.0 const Foo = styled.div${media.smallDown}: : before{ };

    // Prettier 2.0.2 const Foo = styled.div${media.smallDown}::before { };

    TypeScript: Avoid trailing commas on index signatures with only one parameter (#7836 by @bakkot)

    TypeScript index signatures technically allow multiple parameters and trailing commas, but it's an error to have multiple parameters there, and Babel's TypeScript parser does not accept them. So Prettier now avoids putting a trailing comma there when you have only one parameter.

    // Input
    export type A = {
      a?: {
        [
          x: string
        ]: typeof SomeLongLongLongTypeName[keyof typeof SomeLongLongLongTypeName];
      } | null;
    };
    

    // Prettier 2.0.0 export type A = { a?: { [ x: string, ]: typeof SomeLongLongLongTypeName[keyof typeof SomeLongLongLongTypeName]; } | null; </tr></table> ... (truncated)

    Commits
    • 607afd7 Release 2.0.2
    • cfb6166 update stable docs wrt npx
    • 58ac3b0 Revert "markdown: fix redundant leading spaces in markdown list" (#7847)
    • 8ec7bc2 fix formatting of pseudo-elements and pseudo-classes in styled-components (#7...
    • fac9ce0 mention npx in install docs
    • f0780f5 Bump eslint-config-prettier from 6.10.0 to 6.10.1 (#7840)
    • e0b65c3 Bump @babel/parser from 7.9.2 to 7.9.3 (#7839)
    • 91e81a1 [Security] Bump minimist from 1.2.0 to 1.2.5 in /website (#7838)
    • 34115cb Remove azure pipelines (#7824)
    • 54f907d Followup work on setup github actions (#7431)
    • Additional commits viewable in compare view
    Maintainer changes

    This version was pushed to npm by thorn0, a new releaser for prettier since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 2
  • chore(deps-dev): bump @typescript-eslint/eslint-plugin from 2.23.0 to 2.25.0

    chore(deps-dev): bump @typescript-eslint/eslint-plugin from 2.23.0 to 2.25.0

    Bumps @typescript-eslint/eslint-plugin from 2.23.0 to 2.25.0.

    Release notes

    Sourced from @typescript-eslint/eslint-plugin's releases.

    v2.25.0

    2.25.0 (2020-03-23)

    Bug Fixes

    • only run publish_canary_version on master (3814d4e)
    • eslint-plugin: [quotes] false positive with backtick in import equals statement (#1769) (199863d)
    • eslint-plugin: fix message of no-base-to-string (#1755) (6646959)
    • eslint-plugin-tslint: fix tslintConfig memoization key (#1719) (abf1a2f), closes typescript-eslint#1692
    • typescript-estree: export * regression from 133f622f (#1751) (09d8afc)

    Features

    • eslint-plugin: [no-unnec-type-assertion] allow const assertions (#1741) (f76a1b3)
    • eslint-plugin: [no-unnecessary-condition] ignore basic array indexing false positives (#1534) (2b9603d)
    • eslint-plugin: add class-literal-property-style rule (#1582) (b2dbd89)
    • experimental-utils: expose ast utility functions (#1670) (3eb5d45)

    v2.24.0

    2.24.0 (2020-03-16)

    Bug Fixes

    • typescript-estree: unnecessary program updates by removing timeout methods (#1693) (2ccd66b)

    Features

    • typescript-estree: support 3.8 export * as ns (#1698) (133f622)
    Changelog

    Sourced from @typescript-eslint/eslint-plugin's changelog.

    2.25.0 (2020-03-23)

    Bug Fixes

    • eslint-plugin: [quotes] false positive with backtick in import equals statement (#1769) (199863d)
    • eslint-plugin: fix message of no-base-to-string (#1755) (6646959)

    Features

    • eslint-plugin: [no-unnec-type-assertion] allow const assertions (#1741) (f76a1b3)
    • eslint-plugin: [no-unnecessary-condition] ignore basic array indexing false positives (#1534) (2b9603d)
    • eslint-plugin: add class-literal-property-style rule (#1582) (b2dbd89)
    • experimental-utils: expose ast utility functions (#1670) (3eb5d45)

    2.24.0 (2020-03-16)

    Note: Version bump only for package @typescript-eslint/eslint-plugin

    Commits
    • 9cd3e4f chore: publish v2.25.0
    • b2dbd89 feat(eslint-plugin): add class-literal-property-style rule (#1582)
    • 3eb5d45 feat(experimental-utils): expose ast utility functions (#1670)
    • 2b9603d feat(eslint-plugin): [no-unnecessary-condition] ignore basic array indexing f...
    • 199863d fix(eslint-plugin): [quotes] false positive with backtick in import equals st...
    • 6646959 fix(eslint-plugin): fix message of no-base-to-string (#1755)
    • f76a1b3 feat(eslint-plugin): [no-unnec-type-assertion] allow const assertions (#1741)
    • 56e1e16 chore: publish v2.24.0
    • 4ab3bf0 docs(eslint-plugin): typo in no-unsafe-member-access (#1720)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 2
  • chore(deps-dev): bump prettier from 1.19.1 to 2.0.1

    chore(deps-dev): bump prettier from 1.19.1 to 2.0.1

    Bumps prettier from 1.19.1 to 2.0.1.

    Release notes

    Sourced from prettier's releases.

    2.0.1

    🔗 Changelog

    2.0.0

    diff

    🔗 Release Notes

    Changelog

    Sourced from prettier's changelog.

    2.0.1

    diff

    API: Fix build script to not corrupt import-fresh module (#7820 by @thorn0)

    2.0.0

    diff

    🔗 Release Notes

    Commits
    Maintainer changes

    This version was pushed to npm by thorn0, a new releaser for prettier since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 2
  • chore(deps-dev): bump eslint-config-prettier from 6.10.0 to 6.10.1

    chore(deps-dev): bump eslint-config-prettier from 6.10.0 to 6.10.1

    Bumps eslint-config-prettier from 6.10.0 to 6.10.1.

    Changelog

    Sourced from eslint-config-prettier's changelog.

    Version 6.10.1 (2020-03-22)

    • Improved: Recommend using npx when running the CLI helper tool.
    • Updated: Mention that eslint-config-prettier has been tested with Prettier 2.0 and the latest versions of plugins.
    Commits
    • a188a3c eslint-config-prettier v6.10.1
    • a5b25ac Fix Windows tests
    • 8126c58 Update readme
    • a91a6a5 Update versions in readme
    • 2a7fa6a Use proseWrap: never for better git diffs
    • b76e316 Recommend running the CLI helper tool using npx
    • 4366d25 Add empty .prettierrc to help editor extensions
    • 538dbb5 Use less of eslint-plugin-prettier
    • 7dffee0 Format markdown files with Prettier
    • 2a5b854 Update npm packages, including Prettier 2.0 changes
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 2
  • chore(deps-dev): bump @types/node from 13.9.1 to 13.9.2

    chore(deps-dev): bump @types/node from 13.9.1 to 13.9.2

    Bumps @types/node from 13.9.1 to 13.9.2.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 2
  • chore(deps): bump ini from 1.3.5 to 1.3.8

    chore(deps): bump ini from 1.3.5 to 1.3.8

    Bumps ini from 1.3.5 to 1.3.8.

    Commits
    • a2c5da8 1.3.8
    • af5c6bb Do not use Object.create(null)
    • 8b648a1 don't test where our devdeps don't even work
    • c74c8af 1.3.7
    • 024b8b5 update deps, add linting
    • 032fbaf Use Object.create(null) to avoid default object property hazards
    • 2da9039 1.3.6
    • cfea636 better git push script, before publish instead of after
    • 56d2805 do not allow invalid hazardous string as section name
    • See full diff in compare view
    Maintainer changes

    This version was pushed to npm by isaacs, a new releaser for ini since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • chore(deps): [security] bump ini from 1.3.5 to 1.3.7

    chore(deps): [security] bump ini from 1.3.5 to 1.3.7

    Bumps ini from 1.3.5 to 1.3.7. This update includes a security fix.

    Vulnerabilities fixed

    Sourced from The GitHub Security Advisory Database.

    Prototype Pollution

    Overview

    The ini npm package before version 1.3.6 has a Prototype Pollution vulnerability.

    If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.

    Patches

    This has been patched in 1.3.6

    Steps to reproduce

    payload.ini

    [__proto__]
    polluted = "polluted"
    

    poc.js:

    var fs = require('fs')
    </tr></table> ... (truncated)
    

    Affected versions: < 1.3.6

    Commits
    • c74c8af 1.3.7
    • 024b8b5 update deps, add linting
    • 032fbaf Use Object.create(null) to avoid default object property hazards
    • 2da9039 1.3.6
    • cfea636 better git push script, before publish instead of after
    • 56d2805 do not allow invalid hazardous string as section name
    • See full diff in compare view
    Maintainer changes

    This version was pushed to npm by isaacs, a new releaser for ini since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies security 
    opened by dependabot-preview[bot] 1
  • chore(deps): [security] bump dot-prop from 4.2.0 to 4.2.1

    chore(deps): [security] bump dot-prop from 4.2.0 to 4.2.1

    Bumps dot-prop from 4.2.0 to 4.2.1. This update includes a security fix.

    Vulnerabilities fixed

    Sourced from The GitHub Security Advisory Database.

    Prototype Pollution in dot-prop Prototype pollution vulnerability in dot-prop npm package before versions 4.2.1 and 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

    Affected versions: < 4.2.1

    Release notes

    Sourced from dot-prop's releases.

    v4.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies security 
    opened by dependabot-preview[bot] 1
  • chore(deps): [security] bump lodash from 4.17.15 to 4.17.20

    chore(deps): [security] bump lodash from 4.17.15 to 4.17.20

    Bumps lodash from 4.17.15 to 4.17.20. This update includes security fixes.

    Vulnerabilities fixed

    Sourced from The GitHub Security Advisory Database.

    Prototype Pollution in lodash Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The function zipObjectDeep allows a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires zipping objects based on user-provided property arrays.

    This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.

    Affected versions: < 4.17.19

    Sourced from The GitHub Security Advisory Database.

    Prototype Pollution in lodash Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The function zipObjectDeep allows a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires zipping objects based on user-provided property arrays.

    This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.

    Affected versions: < 4.17.19

    Sourced from The Node Security Working Group.

    Allocation of Resources Without Limits or Throttling Prototype pollution attack (lodash)

    Affected versions: >=4.17.15 <4.17.19

    Commits
    Maintainer changes

    This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies security 
    opened by dependabot-preview[bot] 1
  • chore(deps): [security] bump node-fetch from 2.6.0 to 2.6.1

    chore(deps): [security] bump node-fetch from 2.6.0 to 2.6.1

    Bumps node-fetch from 2.6.0 to 2.6.1. This update includes a security fix.

    Vulnerabilities fixed

    Sourced from The GitHub Security Advisory Database.

    The size option isn't honored after following a redirect in node-fetch

    Impact

    Node Fetch did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure.

    For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.

    Patches

    We released patched versions for both stable and beta channels:

    • For v2: 2.6.1
    • For v3: 3.0.0-beta.9

    Workarounds

    None, it is strongly recommended to update as soon as possible.

    For more information

    If you have any questions or comments about this advisory:

    Affected versions: < 2.6.1

    Release notes

    Sourced from node-fetch's releases.

    v2.6.1

    This is an important security release. It is strongly recommended to update as soon as possible.

    See CHANGELOG for details.

    Changelog

    Sourced from node-fetch's changelog.

    v2.6.1

    This is an important security release. It is strongly recommended to update as soon as possible.

    • Fix: honor the size option after following a redirect.
    Commits
    • b5e2e41 update version number
    • 2358a6c Honor the size option after following a redirect and revert data uri support
    • 8c197f8 docs: Fix typos and grammatical errors in README.md (#686)
    • 1e99050 fix: Change error message thrown with redirect mode set to error (#653)
    • 244e6f6 docs: Show backers in README
    • 6a5d192 fix: Properly parse meta tag when parameters are reversed (#682)
    • 47a24a0 chore: Add opencollective badge
    • 7b13662 chore: Add funding link
    • 5535c2e fix: Check for global.fetch before binding it (#674)
    • 1d5778a docs: Add Discord badge
    • Additional commits viewable in compare view
    Maintainer changes

    This version was pushed to npm by akepinski, a new releaser for node-fetch since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies security 
    opened by dependabot-preview[bot] 1
Owner
Patryk Wałach
Patryk Wałach
A tiny Vue plugin that connects Vue Router with Redux

redux-first-vue-routing A tiny Vue plugin that connects Vue Router with Redux, an implementation of redux-first-routing. New to Redux? Start Here Achi

Kai Johnson 4 Apr 27, 2022
Binding Solutions for Vue & Redux

vuedeux Full Documentation https://vueduex.gitbooks.io/vuedeux-documentation/content/ Synopsis Vuedeux is a lightweight open-source utility layer for

null 70 Aug 28, 2022
Flexible binding between Vue and Redux

vuejs-redux Description Flexible binding between Vue and Redux, allowing use of multiple stores. It works, in the same way, like render props does in

Titouan CREACH 58 Nov 24, 2022
A tiny Vue plugin that connects components with Redux

redux-connect-vue **Note: redux-connect-vue v3 is compatible with Vue 3.x. If you are looking for a Vue 2.x compatible version, check out v2 A tiny Vu

Kai Johnson 3 May 23, 2022
Bryce Soghigian 1 May 18, 2021
Vuex plugin for redux-saga

vuex-coolstory Use redux-saga with Vuex. Overview redux-saga is an awesome library that aims to make side effects (i.e. asynchronous things like data

Nikita Lvov 23 Apr 2, 2022
🏖 A concise & flexible state model for Redux/MobX/Vuex, etc.

USM USM is a universal state modular library, supports Redux(4.x), MobX(6.x), Vuex(4.x) and Angular(2.0+). Support Libraries/Frameworks None Redux Mob

Michael Lin 281 Dec 4, 2022
Redux bindings for VueJS inspired by Vuex.

redux-vuex Redux bindings for VueJS inspired by Vuex. ?? For the old Vue 2 version check out the legacy branch ?? First things first Why don't you use

Alexander Heimbuch 39 Dec 14, 2022
Lightweight Redux Store based on RxJS

MiniRx Store 5 (alpha) MiniRx Store 5 (alpha) has been released (2023-01-23)! What's new? Component Store: Manage state independently of the global st

Florian Spier 120 Mar 14, 2023
Saving Quick Notes - Vue, Vuex, Vue Router, Vue Composition API

Saving Quick Notes - Vue Project setup yarn install Compiles and hot-reloads for development yarn run serve Compiles and minifies for production yar

Karol Fabjańczuk 5 Mar 31, 2022
Modular security for Vue, Vuex, Vue-Router and Nuxt

vue-kindergarten Introduction vue-kindergarten is a plugin for VueJS 2.0 that integrates kindergarten into your VueJS applications. It helps you to au

Jiří Chára 309 Dec 8, 2022
A vue boiler plate with state management, vuex, vue-router that can be backed by a laravel restful api using jwt auth

Laravel 6 (LTS) Vue.js Frontend Boilerplate A Vue.js Frontend starter project kit template/boilerplate with Laravel 6 Backend API support. Features Re

MUWONGE HASSAN 2 Oct 12, 2021
E-Store built with Vue's Composition api script setup, mocked a server, vuex, vue-router

Frontend Mentor - E-commerce product page solution This is a solution to the E-commerce product page challenge on Frontend Mentor. Frontend Mentor cha

_Chi_ 0 Apr 8, 2022
Simple Scrum App built with Vue 2.6( + Bootstrap-Vue + Vuex)

vuescrum Project setup npm install Compiles and hot-reloads for development npm run serve Compiles and minifies for production npm run build Lints

Marina Santana 0 Dec 31, 2021
🗃️ Centralized State Management for Vue.js.

Vuex ?? HEADS UP! You're currently looking at Vuex 3 branch. If you're looking for Vuex 4, please check out 4.0 branch. Vuex is a state management pat

vuejs 27.9k Dec 30, 2022
Sync and store vue state with browser URL params

vue-sync NOTE: Check out nuxt-url-sync to use it with SSR Sync Vue Component state with browser URL params Makes for easy bookmarking and sharing of v

Stefan Buhrmester 66 Nov 8, 2022
Elm-inspired Application State Management for Vue.js.

VuElm It's a Vue state management inspired by Elm architecture. Concepts There are basically four elements on Elm architecture: Model, Actions, Update

Keuller Magalhães 36 May 5, 2021
Yet Another simple stash storage for Vue

vue-ya-stash Yet Another simple stash storage for Vue TL;DR npm install vue-ya-stash export default { stash: ['user', 'ui'], mounted () { cons

null 17 Jul 30, 2020
Easily share reactive data between your Vue components.

vue-stash A Vue.js plugin that makes it easy to share reactive data between components. This plugin is best suited for the rapid development of protot

Cody Mercer 406 Dec 10, 2022