Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade next from 13.5.6 to 14.1.1 #1501

Merged
merged 3 commits into from May 10, 2024
Merged

[Snyk] Security upgrade next from 13.5.6 to 14.1.1 #1501

merged 3 commits into from May 10, 2024

Conversation

wordshaker
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Server-Side Request Forgery (SSRF)
SNYK-JS-NEXT-6828457		 Yes No Known Exploit
Commit messages
Package name: next The new version differs by 250 commits.
  • 5f59ee5 v14.1.1
  • f48b90b even more
  • 7f789f4 more timeout
  • ab71c4c update timeout
  • 75f60d9 update trigger release workflow
  • 74b3f0f Server Action tests (#62655)
  • a6946b6 Backport metadata fixes (#62663)
  • 4002f4b Fix draft mode invariant (#62121)
  • 7dbf6f8 fix: babel usage with next/image (#61835)
  • 3efc842 Fix next/server apit push alias for ESM pkg (#61721)
  • 179d14e Replace image optimizer IPC call with request handler (#61471)
  • f8fe70d chore: refactor image optimization to separate external/internal urls (#61172)
  • 5a5f178 fix(image): warn when animated image is missing `unoptimized` prop (#61045)
  • b0474c8 fix(build-output): show stack during CSR bailout warning (#62594)
  • 1bee5b6 Fix extra swc optimizer applied to node_modules in browser layer (#62051)
  • b747e08 fix(next-swc): Detect `exports.foo` from `cjs_finder` (#61795)
  • af47328 Fix attempted import error for react (#61791)
  • 181e7d5 Add stack trace to client rendering bailout error (#61200)
  • 06f01e5 Merge branch 'next-14-1' of github.com:vercel/next.js into next-14-1
  • c1edac7 update chunking tests
  • 6aee03d fix router crash on revalidate + popstate (#62383)
  • 8fd3d7e fix loading issue when navigating to page with async metadata (#61687)
  • 05b972b revert changes to process default routes at build (#61241)
  • 7026eb2 fix parallel route top-level catch-all normalization logic to support nested explicit (non-catchall) slot routes (#60776)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-Side Request Forgery (SSRF)

@wordshaker wordshaker requested review from a team as code owners May 10, 2024 12:28
@github-actions GitHub Actions
Copy link
Contributor

Unit Test Results

12 tests  ±0   12 ✅ ±0   2s ⏱️ ±0s
 8 suites ±0    0 💤 ±0 
 1 files   ±0    0 ❌ ±0 

Results for commit dd1c796. ± Comparison against base commit 7ac8eea.

@wordshaker wordshaker merged commit 2f6f876 into main May 10, 2024
6 checks passed
@wordshaker wordshaker deleted the snyk-fix-b3086845027b319000ada9bfde4a598f branch May 10, 2024 15:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@wordshaker @snyk-bot