chore(deps): bump redux-thunk from 2.4.2 to 3.1.0 in /superset-frontend

[dependabot]

User description

Bumps redux-thunk from 2.4.2 to 3.1.0.

Release notes

Sourced from redux-thunk's releases.

v3.1.0

This major release:

• Updates the packaging for better ESM/CJS compatibility
• Changes the package to use named exports instead of a default export

This release has breaking changes. (Note: this actually points to v3.1.0, which includes a hotfix that was meant for 3.0.0.)

This release is part of a wave of major versions of all the Redux packages: Redux Toolkit 2.0, Redux core 5.0, React-Redux 9.0, Reselect 5.0, and Redux Thunk 3.0.

For full details on all of the breaking changes and other significant changes to all of those packages, see the "Migrating to RTK 2.0 and Redux 5.0" migration guide in the Redux docs.

[!NOTE] The Redux core, Reselect, and Redux Thunk packages are included as part of Redux Toolkit, and RTK users do not need to manually upgrade them - you'll get them as part of the upgrade to RTK 2.0. (If you're not using Redux Toolkit yet, please start migrating your existing legacy Redux code to use Redux Toolkit today!)

# RTK
npm install @reduxjs/toolkit
yarn add @reduxjs/toolkit
Standalone
npm install redux-thunk
yarn add redux-thunk

Changelog

Named Exports Instead of Default Exports

The redux-thunk package previously used a single default export that was the thunk middleware, with an attached field named withExtraArgument that allowed customization.

The default export has been removed. There are now two named exports: thunk (the basic middleware) and withExtraArgument.

If you are using Redux Toolkit, this should have no effect, as RTK already handles this inside of configureStore.

ESM/CJS Package Compatibility

The biggest theme of the Redux v5 and RTK 2.0 releases is trying to get "true" ESM package publishing compatibility in place, while still supporting CJS in the published package.

The primary build artifact is now an ESM file, dist/redux-thunk.mjs. Most build tools should pick this up. There's also a CJS artifact, and a second copy of the ESM file named redux-thunk.legacy-esm.js to support Webpack 4 (which does not recognize the exports field in package.json).

Build Tooling

We're now building the package using https://github.com/egoist/tsup. We also now include sourcemaps for the ESM and CJS artifacts.

The repo has been updated to use Yarn 3 for dependencies and Vitest for running tests.

Dropping UMD Builds

Redux has always shipped with UMD build artifacts. These are primarily meant for direct import as script tags, such as in a CodePen or a no-bundler build environment.

... (truncated)

Commits

• 88008ea Release 3.1.0
• 1de2476 Merge pull request #357 from reduxjs/feature/remove-extend
• c8d4878 Drop the extend-redux addition
• 3da59d0 Release 3.0.1
• d4909d3 Kill the bindActionCreators overload for now
• ece6c25 Release 3.0.0
• b419ba6 Bump Redux dep
• 72db9a6 Release 3.0.0-rc.0
• 0ad3af1 Merge pull request #356 from reduxjs/feature/3.0-bump-deps-rc
• 8863682 Remove old attw matrix entry
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

CodeAnt-AI Description

Upgrade redux-thunk to 3.1.0 (switches to named exports, requires Redux 5)

What Changed

• The frontend dependency redux-thunk was bumped from 2.4.2 to 3.1.0.
• The package now exposes the middleware via named exports instead of a default export — existing default-imports will fail at build or runtime and must be replaced with named imports.
• The redux-thunk package now declares a peer dependency on Redux 5; the project currently uses Redux 4, so builds or runtime may break until Redux is upgraded or a compatible thunk instance is provided.
• Packaging was updated for better ESM/CJS compatibility, reducing module-resolution issues in modern bundlers.

Impact

✅ Fewer ESM/CJS bundling errors in modern builds
✅ Clearer middleware import API (named imports required)
✅ Requires Redux 5 upgrade to avoid build or runtime failures

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai-for-open-source]

CodeAnt AI is reviewing your PR.

[bito-code-review]

Bito Automatic Review Skipped - Files Excluded

Bito didn't auto-review this change because all changed files are in the exclusion list for automatic reviews. No action is needed if you didn't intend for the agent to review it. Otherwise, to manually trigger a review, type /review in a comment and save.
You can change the excluded files settings here, or contact your Bito workspace admin at evan@preset.io.

[codeant-ai-for-open-source]

CodeAnt AI finished reviewing your PR.

[codeant-ai-for-open-source]

💡 Enhance Your PR Reviews

We noticed that 3 feature(s) are not configured for this repository. Enabling these features can help improve your code quality and workflow:

🚦 Quality Gates

Status: Quality Gates are not enabled at the organization level
Learn more about Quality Gates

🎫 Jira Ticket Compliance

Status: Jira credentials file not found. Please configure Jira integration in your settings
Learn more about Jira Integration

⚙️ Custom Rules

Status: No custom rules configured. Add rules via organization settings or .codeant/review.json in your repository
Learn more about Custom Rules

---

Want to enable these features? Contact your organization admin or check our documentation for setup instructions.

[rusackas]

This upgrade requires Redux 5.x (currently on 4.x) which is a significant dependency chain upgrade. Labeling for manual attention.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.