[Snyk] Upgrade knockout from 3.4.0 to 3.5.1 #166
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade knockout from 3.4.0 to 3.5.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
npm:knockout:20180213
Release notes
Package name: knockout
This release fixes a few regression bugs in 3.5.0:
if
option throws an error #2446value
binding on<select>
when the options are generated via aforeach
binding #2452arrayChange
notifications when using deferred updates #2454<script>
template contents #24843.5.1 also fixes some issues with and expands 3.5.0's TypeScript definitions.
Knockout 3.5.0 includes a few new bindings and new ways to interact with observables and bindings. The full list is detailed under 3.5.0 Beta, 3.5.0 RC, and 3.5.0 RC2.
The final 3.5.0 release includes fixes for a few regressions in the pre-production releases:
if
bindings (#2414)foreach
andbeforeRemove
(#2419)foreach
and Punches plugin (#2433)foreach
andif
(#2439)This release includes a number of fixes for regressions in the previous 3.5.0 release candidate. Given the time since the RC, we also decided to include a few small improvements.
foreach
binding.style
binding to correctly appendpx
.ko.contextFor
when used afterko.applyBindingsToNode
.ko.utils
to use native array methods.createChildContextWithAs
option and addnoChildContext
binding option. The default behavior foras
matches previous releases.descendantsComplete
andif
/ifnot
/with
bindings.if
/ifnot
/with
bindings:completeOn: "render"
will have the binding wait to triggerdescendantsComplete
until it is rendered.ko.applyBindings
throws an error if a non-Node is given as the second parameter.options
objects as a parameter tocreateChildContext
.method
parameter to therateLimit
extender.style
binding.foreach
.Changes since 3.5.0 Beta:
descendantsComplete
to include bindings other thancomponent
, such asif
,with
, etc.ko.when
will return a Promise if called without a callback function.Knockout 3.5.0 beta release notes
Full list of issues: https://github.com/knockout/knockout/milestone/9?closed=1
Important: This release includes some minor breaking changes to the
foreach
binding to improve performance and clarify features. These changes can be turned off using global options.When using the
as
option with theforeach
binding, Knockout will set the named value for each item in the array but won't create a child context. In other words, when usingas
, you will have to use the named value in bindings:text: item.property
rather thantext: property
. This can be controlled by settingko.options.createChildContextWithAs = true
. (See #907)To improve performance when array changes are from a known, single operation, such as
push
, theforeach
binding no longer filters out destroyed items by default. To turn this off and filter out destroyed items, you can setincludeDestroyed: false
in theforeach
binding or setko.options.foreachHidesDestroyed = true
to use the previous behavior by default. (See #2324)Other enhancements
if
andwith
using the newchildrenComplete
binding or subscribing to thechildrenComplete
binding event.(See #2310)
koDescendantsComplete
method in the component viewmodel or subscribing to thedescendantsComplete
binding event. (See #2319)sorted
andreversed
methods that return a modified copy of the array. This is in contrast tosort
andreverse
that modify the array itself.class
binding supports dynamic class strings. This allows you to use thecss
andclass
bindings together to support both methods of setting CSS classes.using
binding, similarly towith
, binds its descendant elements in the context of the child viewmodel. Unlikewith
, which re-renders its contents when the viewmodel changes,using
will just trigger each descendant binding to update.hidden
binding works oppositely tovisible
.let
binding allows you to set values that can be used in all descendant element bindings, regardless of context.let
, you can set such values at the root context by providing a function as the third parameter toko.applyBindings
. (See #2024)spectate
event whenever their value changes. Unlike the standardchange
event, this new event isn't necessarily delayed by rate-limiting or deferred updates. You can subscribe to the event without waking a sleeping pure computed; the computed will notify the event if it is accessed with a new value.getDependencies
method that returns an array of the observables that the computed is currently watching.attr
binding supports namespaced attributes such asxlink:href
insvg
elements.ko.when
function allows you to run code once when an observable or condition becomes true.ko.isObservableArray
function can be used to check if something is ako.observableArray
.style
binding will usejQuery
if present. Even without jQuery, the binding now supports standard style names, such asbackground-color
, and automatically appendspx
if needed to styles that expect it.<!--/ko-->
).Fixes
30 or so separate fixes are included in this release,
This release fixes a number of bugs related to deferred updates and computed observables.
Fixed:
pureComputed
sometimes doesn't pick up a change in a dependency (#1975 and #1992)arrayChange
events (#1973 and #1974)$rawData
withinwith
bindings and rendered templates (#1415)computed._latestValue
in debug mode (b3f24b1)New features and bug fixes
ko.tasks
).ko.onError
handler, if defined, for errors from asynchronous code.ko.options.useOnlyNativeEvents
can be set to tell Knockout to use only native (not jQuery) events.ko.isPureComputed()
.The 3.4.0 RC release notes has the full list of issues and pull requests included in this release. The final release fixes two regression bugs found in the RC:
beforeRemove
behavior can break retained items.ko.computed
.Possible compatibility issues
setTimeout
. Since microtasks are run before the browser repaints the page, all loaded components will be initialized and displayed in a single repaint. Although this reduces the overall time needed to display components, it could result in a longer delay before anything is displayed.ko.observable
andko.computed
no longer use a closure when defining their methods, such asdispose
andvalueHasMutated
. These functions expectthis
to be set correctly and so can't be used directly as a callback. Instead you'll need to usebind
, such asobs.dispose.bind(obs)
.Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs