From c7faa3e2c96481a9207ac68f2220ec9f1daa93f5 Mon Sep 17 00:00:00 2001
From: Matt Rothenberg <mattrothenberg@users.noreply.github.com>
Date: Tue, 8 Feb 2022 15:08:19 -0500
Subject: [PATCH 1/2] security: bump immer (#24)

---
 package.json |  4 ++--
 src/store.ts | 41 ++++++++++++++++++++++++++++++++++++-----
 yarn.lock    | 16 ++++++++--------
 3 files changed, 46 insertions(+), 15 deletions(-)

diff --git a/package.json b/package.json
index 43261bf..1871768 100644
--- a/package.json
+++ b/package.json
@@ -106,7 +106,7 @@
     "date-fns": "^2.19.0",
     "dompurify": "^2.2.9",
     "downshift": "^6.1.1",
-    "immer": "^8.0.2",
+    "immer": "^9.0.12",
     "lodash": "^4.17.21",
     "lodash-es": "^4.17.21",
     "match-sorter": "^6.3.0",
@@ -115,6 +115,6 @@
     "react-virtualized-auto-sizer": "^1.0.5",
     "react-window": "^1.8.6",
     "twin.macro": "^2.6.2",
-    "zustand": "^3.3.3"
+    "zustand": "^3.6.9"
   }
 }
diff --git a/src/store.ts b/src/store.ts
index bf9e54f..070febd 100644
--- a/src/store.ts
+++ b/src/store.ts
@@ -1,6 +1,13 @@
 import tw from 'twin.macro';
-import create, { StateCreator } from 'zustand';
+import create, {
+  GetState,
+  SetState,
+  State,
+  StateCreator,
+  StoreApi,
+} from 'zustand';
 import produce from 'immer';
+import type { Draft } from 'immer';
 import {
   format as d3Format,
   timeFormat,
@@ -29,10 +36,34 @@ import { StringFilter } from './components/filters/string';
 import { CategoryFilter } from './components/filters/category';
 import { RangeFilter } from './components/filters/range';
 
-export const immer = <T extends {}>(
-  config: StateCreator<T, (fn: (draft: T) => void) => void>
-): StateCreator<T> => (set, get, api) =>
-  config((fn) => set(produce(fn) as (state: T) => T), get, api);
+const immer = <
+  T extends State,
+  CustomSetState extends SetState<T>,
+  CustomGetState extends GetState<T>,
+  CustomStoreApi extends StoreApi<T>
+>(
+  config: StateCreator<
+    T,
+    (partial: ((draft: Draft<T>) => void) | T, replace?: boolean) => void,
+    CustomGetState,
+    CustomStoreApi
+  >
+): StateCreator<T, CustomSetState, CustomGetState, CustomStoreApi> => (
+  set,
+  get,
+  api
+) =>
+  config(
+    (partial, replace) => {
+      const nextState =
+        typeof partial === 'function'
+          ? produce(partial as (state: Draft<T>) => T)
+          : (partial as T);
+      return set(nextState, replace);
+    },
+    get,
+    api
+  );
 
 export type GridState = {
   data: any[];
diff --git a/yarn.lock b/yarn.lock
index 4a33c5a..527bcc3 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -8398,10 +8398,10 @@ immer@8.0.1:
   resolved "https://registry.yarnpkg.com/immer/-/immer-8.0.1.tgz#9c73db683e2b3975c424fb0572af5889877ae656"
   integrity sha512-aqXhGP7//Gui2+UrEtvxZxSquQVXTpZ7KDxfCcKAF3Vysvw0CViVaW9RZ1j1xlIYqaaaipBoqdqeibkc18PNvA==
 
-immer@^8.0.2:
-  version "8.0.4"
-  resolved "https://registry.yarnpkg.com/immer/-/immer-8.0.4.tgz#3a21605a4e2dded852fb2afd208ad50969737b7a"
-  integrity sha512-jMfL18P+/6P6epANRvRk6q8t+3gGhqsJ9EuJ25AXE+9bNTYtssvzeYbEd0mXRYWCmmXSIbnlpz6vd6iJlmGGGQ==
+immer@^9.0.12:
+  version "9.0.12"
+  resolved "https://registry.yarnpkg.com/immer/-/immer-9.0.12.tgz#2d33ddf3ee1d247deab9d707ca472c8c942a0f20"
+  integrity sha512-lk7UNmSbAukB5B6dh9fnh5D0bJTOFKxVg2cyJWTYrWRfhLrLMBquONcUs3aFq507hNoIZEDDh8lb8UtOizSMhA==
 
 import-cwd@^3.0.0:
   version "3.0.0"
@@ -15567,10 +15567,10 @@ yocto-queue@^0.1.0:
   resolved "https://registry.yarnpkg.com/yocto-queue/-/yocto-queue-0.1.0.tgz#0294eb3dee05028d31ee1a5fa2c556a6aaf10a1b"
   integrity sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==
 
-zustand@^3.3.3:
-  version "3.5.6"
-  resolved "https://registry.yarnpkg.com/zustand/-/zustand-3.5.6.tgz#c28cfbdfdd999d26d1a94ea105a6fd1da56ed38a"
-  integrity sha512-8XrpRO5scF8MSxeAlu7vFupmLG+5MTWhT+6+3QNsihs0QZfOjaArFyvenUgrk30WdZVGVHLHXBhbqC2/QzLeMA==
+zustand@^3.6.9:
+  version "3.6.9"
+  resolved "https://registry.yarnpkg.com/zustand/-/zustand-3.6.9.tgz#f61a756ddea9f95c7ee7cfd3af2f88c10078afbc"
+  integrity sha512-OvDNu/jEWpRnEC7k8xh8GKjqYog7td6FZrLMuHs/IeI8WhrCwV+FngVuwMIFhp5kysZXr6emaeReMqjLGaldAQ==
 
 zwitch@^1.0.0:
   version "1.0.5"

From 5bbba37df6424cb82255eee269a96c4d0d2902fa Mon Sep 17 00:00:00 2001
From: Matt Rothenberg <mattrothenberg@github.com>
Date: Tue, 8 Feb 2022 15:10:45 -0500
Subject: [PATCH 2/2] v0.13.4

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 1871768..2221477 100644
--- a/package.json
+++ b/package.json
@@ -1,5 +1,5 @@
 {
-  "version": "0.13.3",
+  "version": "0.13.4",
   "license": "MIT",
   "main": "dist/index.js",
   "typings": "dist/index.d.ts",