npm(deps): bump redux from 4.2.1 to 5.0.1

[dependabot]

Bumps redux from 4.2.1 to 5.0.1.

Release notes

Sourced from redux's releases.

v5.0.1

This patch release adjusts the isPlainObject util to allow objects created via Object.create(null), and fixes a type issue which accidentally made the store state type non-nullable.

What's Changed

• fix(isPlainObject): support check Object.create(null) by @​zhe-he in reduxjs/redux#4633
• fix(types/store): Unexpectedly narrowed return type of function Store['getState'] by @​exuanbo in reduxjs/redux#4638

Full Changelog: reduxjs/redux@v5.0.0...v5.0.1

v5.0.0

This major release:

• Converts the codebase to TypeScript
• Updates the packaging for better ESM/CJS compatibility and modernizes the build output
• Requires that action.type must be a string
• Continues to mark createStore as deprecated
• Deprecates the AnyAction type in favor of an UnknownAction type that is used everywhere
• Removes the PreloadedState type in favor of a new generic argument for the Reducer type.

This release has breaking changes.

This release is part of a wave of major versions of all the Redux packages: Redux Toolkit 2.0, Redux core 5.0, React-Redux 9.0, Reselect 5.0, and Redux Thunk 3.0.

For full details on all of the breaking changes and other significant changes to all of those packages, see the "Migrating to RTK 2.0 and Redux 5.0" migration guide in the Redux docs.

[!NOTE] The Redux core, Reselect, and Redux Thunk packages are included as part of Redux Toolkit, and RTK users do not need to manually upgrade them - you'll get them as part of the upgrade to RTK 2.0. (If you're not using Redux Toolkit yet, please start migrating your existing legacy Redux code to use Redux Toolkit today!)

# RTK
npm install @reduxjs/toolkit
yarn add @reduxjs/toolkit
Standalone
npm install redux
yarn add redux

Changelog

ESM/CJS Package Compatibility

The biggest theme of the Redux v5 and RTK 2.0 releases is trying to get "true" ESM package publishing compatibility in place, while still supporting CJS in the published package.

The primary build artifact is now an ESM file, dist/redux.mjs. Most build tools should pick this up. There's also a CJS artifact, and a second copy of the ESM file named redux.legacy-esm.js to support Webpack 4 (which does not recognize the exports field in package.json). Additionally, all of the build artifacts now live under ./dist/ in the published package.

Modernized Build Output

We now publish modern JS syntax targeting ES2020, including optional chaining, object spread, and other modern syntax. If you need to

... (truncated)

Commits

• 50b0102 format isPlainObject.ts
• 66f955f 5.0.1
• ffb02eb Merge pull request #4644 from reduxjs/publish-ci
• d641945 add me to FUNDING.yml
• 7a2fa78 Add publish CI workflow
• fa2d899 Merge pull request #4638 from exuanbo/patch-1
• 9e8a320 add type test
• 105e389 Merge pull request #4643 from ziayanj/patch-1
• f259beb Update why-rtk-is-redux-today.md
• 3cd25e1 Merge pull request #4642 from factiondavid/patch-1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by phryneas, a new releaser for redux since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Assignees

The following users could not be added as assignees: Automattic/vip-plugins. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[GaryJones]

Review: Redux 4 → 5 Upgrade

This major version bump has breaking peer dependency conflicts that need to be addressed before merging.

Dependency Compatibility Analysis

Package	Current Version	Redux 5 Support	Required Action
react-redux	^8.1.0	✅ Yes (8.1+ supports ^4 || ^5)	None
redux-observable	^2.0.0	❌ No (>=4 <5)	Upgrade to 3.x (RC only)
redux-devtools-extension	^2.13.9	❌ No (^3.1.0 || ^4.0.0)	Replace with @redux-devtools/extension

Breaking Changes in Redux 5

From the migration guide:

1. Action type must be a string - ✅ Already compliant (using string constants in actionTypes.js)
2. createStore deprecated - ⚠️ We use createStore directly (not via Redux Toolkit)
3. ESM/CJS changes - Build output modernized, may affect bundling

Recommended Approach

Option A: Defer until dependencies are stable

• redux-observable 3.x is still in RC (3.0.0-rc.2)
• Wait for stable release before upgrading

Option B: Upgrade now with additional changes

1. Replace redux-devtools-extension with @redux-devtools/extension@^3.3.0
2. Update redux-observable to ^3.0.0-rc.2 (accepting RC risk)
3. Update store setup code for deprecated createStore warning
4. Test build output compatibility

My Recommendation

I suggest Option A - closing this PR and waiting for redux-observable to release a stable 3.x version. The current upgrade would introduce:

• An RC dependency in production
• Multiple package replacements beyond Dependabot's scope
• Potential build/bundling changes to verify

@dependabot ignore this major version

We can revisit this when redux-observable 3.0.0 is stable.

[dependabot]

OK, I won't notify you about version 5.x.x again, unless you re-open this PR.