[Snyk] Upgrade redux-saga from 1.2.1 to 1.4.2

[nejidevelops]

Snyk has created this PR to upgrade redux-saga from 1.2.1 to 1.4.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 6 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIME-10044504	452	Proof of Concept

Release notes

Package name: redux-saga

• 1.4.2 - 2025-10-21
  

  Patch Changes

  • Updated dependencies [d24e5e0]:
    • @ redux-saga/[email protected]
• 1.4.1 - 2025-10-21
  

  Patch Changes

  • #2714 1f10ddd Thanks @ Andarist! - Fixed TS types compatibility with "moduleResolution": "node".

  • Updated dependencies [1f10ddd]:

    • @ redux-saga/[email protected]
• 1.4.0 - 2025-10-21
  

  Minor Changes

  • #2416 6707228 Thanks @ Andarist! - exports field has been added to the package.json manifest. It limits what files can be imported from a package but we've tried our best to allow importing all the files that were considered to be a part of the public API.

  Patch Changes

  • Updated dependencies [6707228]:
    • @ redux-saga/[email protected]
• 1.3.0 - 2024-01-02
  

  Minor Changes

  • #2416 6707228 Thanks @ Andarist! - exports field has been added to the package.json manifest. It limits what files can be imported from a package but we've tried our best to allow importing all the files that were considered to be a part of the public API.
• 1.2.3 - 2023-03-17
• 1.2.2 - 2022-12-09
• 1.2.1 - 2022-08-20
  

  Patch Changes

  • #2714 1f10ddd Thanks @ Andarist! - Fixed TS types compatibility with "moduleResolution": "node".

  • Updated dependencies [1f10ddd]:

    • @ redux-saga/[email protected]
    • @ redux-saga/[email protected]

from redux-saga GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[gemini-code-assist]

Summary of Changes

Hello @nejidevelops, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request, automatically generated by Snyk, updates the redux-saga dependency to its latest stable version, 1.4.2. This upgrade is crucial for maintaining security and stability, as it resolves a known Regular Expression Denial of Service (ReDoS) vulnerability. Beyond the security patch, the update also brings improvements to TypeScript type compatibility and modernizes module resolution within the redux-saga ecosystem.

Highlights

• Dependency Upgrade: The redux-saga package has been upgraded from version 1.2.1 to 1.4.2 to ensure the application uses the latest stable release.
• Security Vulnerability Fix: This upgrade addresses a 'Regular Expression Denial of Service (ReDoS)' vulnerability (SNYK-JS-BABELRUNTIME-10044504) with a medium severity score, enhancing the application's security posture.
• Transitive Dependency Updates: Several related @redux-saga/* packages and @babel/runtime have been updated as part of the main redux-saga upgrade, ensuring compatibility and leveraging improvements across the ecosystem.
• TypeScript Type Compatibility: The updated versions include fixes for TypeScript types compatibility, improving the developer experience and type safety for projects using TypeScript.
• Module Resolution Enhancement: The exports field has been added to the package.json manifest in some updated dependencies, which helps in modernizing module resolution and defining public API boundaries.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request is an automated dependency upgrade for redux-saga from version 1.2.1 to 1.4.2, generated by Snyk to address a security vulnerability. The changes in package.json and package-lock.json are correct and effectively apply the upgrade.

I've reviewed the implications of this minor version bump. The most significant change in the new redux-saga versions is the addition of an exports field in package.json. This can sometimes cause issues with module resolution, but based on your project's usage (import ... from 'redux-saga/effects'), it is not expected to cause any problems. The upgrade appears safe to merge.

While the PR itself is sound, a review of the surrounding code context revealed several opportunities for improvement that you might want to address in a separate effort to enhance code quality:

• Critical Bug in Routing: In react-app/src/App.js, the catch-all route <Route exact path="**" ... /> on line 26 is incorrect for React Router v5. It will not function as a 404 page. This should be corrected to <Route path="*" ... /> or simply <Route ... /> as the last item in the <Switch>.
• Code Maintainability:
  • Naming: There are inconsistencies in resource naming (e.g., product.saga.js vs productsReducer). Standardizing on plural naming would improve consistency.
  • Typo: A typo exists in react-app/src/store/product.saga.js (lines 12, 14): productes should be products.
  • Redundancy: An unnecessary array copy [...data] is performed in the saga, which is then copied again in the reducer. The copy in the saga can be removed.

These points do not block the current security upgrade, but addressing them will improve the robustness and maintainability of your application.