New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade next
and node-sass
to the latest version
#1705
Comments
Just a heads-up, if this takes too many cycles. This trim-newlines vulnerability doesn't actually affect us. If the benefits of upgrading cc: @maniarathi |
@tihuan Do you think it makes sense to drop to P1 then given Seve's note? |
Thanks so much for the headsup, @seve ! @maniarathi : Yeah I think dropping to P1 sounds great, and we can just upgrade Github Issue: vercel/next.js#30802 Thanks both! |
Can do this sometime in Q2 2022. |
Since |
Turned out that Next only included the patch in v12: |
I think we've waited long enough for Next 12 to be stable, so maybe I can help upgrade to 12 this week? @maniarathi thank you! |
Context:
We have a vuln related to
node-sass
: https://github.com/chanzuckerberg/single-cell-data-portal/pull/1248/filesSolution:
next
first at least to latest v12, since they have fixed theirnode-sass
deps herenode-sass
!next
11.1.3 upgrade alert: https://github.com/chanzuckerberg/single-cell-data-portal/security/dependabot/frontend/package-lock.json/next/openThe text was updated successfully, but these errors were encountered: