-
-
Notifications
You must be signed in to change notification settings - Fork 31.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump next to v14.1.1 [SECURITY] #42188
Open
renovate
wants to merge
1
commit into
next
Choose a base branch
from
renovate/npm-next-vulnerability
base: next
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Netlify deploy previewhttps://deploy-preview-42188--material-ui.netlify.app/ Bundle size reportBundle size will be reported once CircleCI build #708476 finishes. |
github-actions
bot
added
the
PR: out-of-date
The pull request has merge conflicts and can't be merged
label
May 14, 2024
renovate
bot
force-pushed
the
renovate/npm-next-vulnerability
branch
from
May 14, 2024 08:55
a3b03e8
to
81024a2
Compare
github-actions
bot
added
PR: out-of-date
The pull request has merge conflicts and can't be merged
and removed
PR: out-of-date
The pull request has merge conflicts and can't be merged
labels
May 14, 2024
renovate
bot
force-pushed
the
renovate/npm-next-vulnerability
branch
from
May 20, 2024 07:53
81024a2
to
cf3f1ca
Compare
github-actions
bot
added
PR: out-of-date
The pull request has merge conflicts and can't be merged
and removed
PR: out-of-date
The pull request has merge conflicts and can't be merged
labels
May 20, 2024
renovate
bot
force-pushed
the
renovate/npm-next-vulnerability
branch
2 times, most recently
from
May 27, 2024 07:08
ef5b723
to
a28b611
Compare
github-actions
bot
removed
the
PR: out-of-date
The pull request has merge conflicts and can't be merged
label
May 27, 2024
github-actions
bot
added
the
PR: out-of-date
The pull request has merge conflicts and can't be merged
label
Jun 7, 2024
renovate
bot
force-pushed
the
renovate/npm-next-vulnerability
branch
from
June 7, 2024 07:55
a28b611
to
29edeb3
Compare
github-actions
bot
added
PR: out-of-date
The pull request has merge conflicts and can't be merged
and removed
PR: out-of-date
The pull request has merge conflicts and can't be merged
labels
Jun 7, 2024
renovate
bot
force-pushed
the
renovate/npm-next-vulnerability
branch
from
June 8, 2024 07:12
29edeb3
to
1f27653
Compare
github-actions
bot
added
PR: out-of-date
The pull request has merge conflicts and can't be merged
and removed
PR: out-of-date
The pull request has merge conflicts and can't be merged
labels
Jun 8, 2024
renovate
bot
force-pushed
the
renovate/npm-next-vulnerability
branch
from
June 8, 2024 12:50
1f27653
to
bc88b07
Compare
github-actions
bot
added
PR: out-of-date
The pull request has merge conflicts and can't be merged
and removed
PR: out-of-date
The pull request has merge conflicts and can't be merged
labels
Jun 8, 2024
renovate
bot
force-pushed
the
renovate/npm-next-vulnerability
branch
from
June 10, 2024 08:01
bc88b07
to
922e762
Compare
github-actions
bot
removed
the
PR: out-of-date
The pull request has merge conflicts and can't be merged
label
Jun 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
13.5.1
->14.1.1
^13.4.19
->^14.0.0
^13.5.1
->^14.0.0
GitHub Vulnerability Alerts
CVE-2024-34351
Impact
A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the
Host
header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.Prerequisites
<14.1.1
) is running in a self-hosted* manner./
.* Many hosting providers (including Vercel) route requests based on the Host header, so we do not believe that this vulnerability affects any Next.js applications where routing is done in this manner.
Patches
This vulnerability was patched in #62561 and fixed in Next.js
14.1.1
.Workarounds
There are no official workarounds for this vulnerability. We recommend upgrading to Next.js
14.1.1
.Credit
Vercel and the Next.js team thank Assetnote for responsibly disclosing this issue to us, and for working with us to verify the fix. Thanks to:
Adam Kues - Assetnote
Shubham Shah - Assetnote
Release Notes
vercel/next.js (next)
v14.1.1
Compare Source
Note: this is a backport release for critical bug fixes -- this does not include all pending features/changes on canary
Core Changes
Credits
Huge thanks to @huozhi, @shuding, @Ethan-Arrowood, @styfle, @ijjk, @ztanner, @balazsorban44, @kdy1, and @williamli for helping!
v14.1.0
Compare Source
v14.0.4
Compare Source
v14.0.3
Compare Source
v14.0.2
Compare Source
v14.0.1
Compare Source
Core Changes
8c8ee9e
to0c63487
and types: #57772Documentation Changes
Example Changes
with-youtube-embed
example: #57367with-google-maps-embed
example: #57365Misc Changes
create-next-app
: #57262Credits
Huge thanks to @dijonmusters, @sokra, @philwolstenholme, @IgorKowalczyk, @housseindjirdeh, @Zoe-Bot, @HanCiHu, @JackHowa, @goncy, @hirotomoyamada, @pveyes, @yeskunall, @vinaykulk621, @ChendayUP, @leerob, @dvoytenko, @mknichel, @ijjk, @hmaesta, @ajz003, @its-kunal, @joelhooks, @blurrah, @tariknh, @Vinlock, @Nayeem-XTREME, @aziyatali, @aspehler, @huozhi, @ztanner, @ForsakenHarmony, @moka-ayumu, and @gnoff for helping!
v14.0.0
Compare Source
v13.5.6
Compare Source
Core Changes
Credits
Huge thanks to @ijjk @huozhi @gnoff for helping!
v13.5.5
Compare Source
v13.5.4
Compare Source
Core Changes
beta.nextjs.org
Links: #55924config.experimental.workerThreads
: #55257swc_core
tov0.83.26
: #55780swc_core
tov0.83.26
": #56077permanentRedirect
return 308 in route handlers: #56065boolean
instead offalse
for experimental logging config: #56110postcss
: #56225Documentation Changes
not-found
to file conventions page: #55944extension
option tocreateMDX()
: #55967.bind
method: #56164Response.json
overNextResponse.json
: #56173Example Changes
with-jest
: #56152with-jest
types: #56193with-stripe-typescript
example: #56274Misc Changes
swc_core
tov0.83.28
: #56134Credits
Huge thanks to @balazsorban44, @sdkdeepa, @aayman997, @mayank1513, @timneutkens, @2XG-DEV, @eliot-akira, @hi-matthew, @riobits, @wbinnssmith, @ijjk, @sokra, @dvoytenko, @rishabhpoddar, @manovotny, @A7med3bdulBaset, @huozhi, @jridgewell, @joulev, @SukkaW, @kdy1, @feedthejim, @Fredkiss3, @styfle, @MildTomato, @ForsakenHarmony, @walfly, @bzhn, @shuding, @boylett, @Loki899899, @devrsi0n, @ImBIOS, @vinaykulk621, @ztanner, @sdaigo, @hamirmahal, @blurrah, @omarmciver, and @alexBaizeau for helping!
v13.5.3
Compare Source
v13.5.2
Compare Source
Core Changes
d6dcad6
to2807d78
: #55590@vercel/og
andsatori
: #55654named_import
transform: #55664Documentation Changes
create-next-app
templates: Changebun run dev
commands tobun dev
: #55603Example Changes
Misc Changes
Credits
Huge thanks to @padmaia, @mayank1513, @jakeboone02, @balazsorban44, @kwonoj, @huozhi, @Yovach, @ztanner, @wyattjoh, @GabenGar, @timneutkens, and @shuding for helping!
Configuration
📅 Schedule: Branch creation - "" in timezone UTC, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by Mend Renovate. View repository job log here.