Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update next.js to v14.1.2 #348

Merged
merged 1 commit into from
Mar 5, 2024
Merged

fix(deps): update next.js to v14.1.2 #348

merged 1 commit into from
Mar 5, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 4, 2024
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@next/bundle-analyzer (source) 14.1.0 -> 14.1.2 age adoption passing confidence
eslint-config-next (source) 14.1.0 -> 14.1.2 age adoption passing confidence
next (source) 14.1.0 -> 14.1.2 age adoption passing confidence

Release Notes

vercel/next.js (@​next/bundle-analyzer)

v14.1.2

Compare Source

Note: this is a backport release for critical bug fixes -- this does not include all pending features/changes on canary

Core Changes
  • Fix sitemap generateSitemaps support for string id (#​61088)
  • Fix: generateSitemaps in production giving 404 (#​62212)
  • Fix redirect under suspense boundary with basePath (#​62597)
  • Fix: Add stricter check for "use server" exports (#​62821)
  • ensure server action errors notify rejection handlers (#​61588)
  • make router restore action resilient to a missing tree (#​62098)
  • build: remove sentry from the externals list #​61194
  • Reduce memory/cache overhead from over loader processing #​62005
Credits

Huge thanks to @​huozhi, @​shuding, @​Ethan-Arrowood, @​styfle, @​ijjk, @​ztanner, @​balazsorban44, @​kdy1, and @​williamli for helping!

v14.1.1

Compare Source

Note: this is a backport release for critical bug fixes -- this does not include all pending features/changes on canary

Core Changes
Credits

Huge thanks to @​huozhi, @​shuding, @​Ethan-Arrowood, @​styfle, @​ijjk, @​ztanner, @​balazsorban44, @​kdy1, and @​williamli for helping!

vercel/next.js (eslint-config-next)

v14.1.2

Compare Source

v14.1.1

Compare Source

Core Changes
Credits

Huge thanks to @​huozhi, @​shuding, @​Ethan-Arrowood, @​styfle, @​ijjk, @​ztanner, @​balazsorban44, @​kdy1, and @​williamli for helping!

vercel/next.js (next)

v14.1.2

Compare Source

v14.1.1

Compare Source

Note: this is a backport release for critical bug fixes -- this does not include all pending features/changes on canary

Core Changes
Credits

Huge thanks to @​huozhi, @​shuding, @​Ethan-Arrowood, @​styfle, @​ijjk, @​ztanner, @​balazsorban44, @​kdy1, and @​williamli for helping!

Configuration

📅 Schedule: Branch creation - "before 4am on Monday,before 4am on Thursday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot requested a review from JoeKarow as a code owner March 4, 2024 00:23
@renovate renovate bot added automerge Enable Kodiak auto-merge dependencies Change in project dependencies. labels Mar 4, 2024
@vercel Vercel
Copy link

vercel bot commented Mar 4, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
glaad ✅ Ready (Inspect) Visit Preview 💬 Add feedback Mar 5, 2024 1:54am

@socket-security Socket Security
Copy link

socket-security bot commented Mar 4, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@storybook/[email protected] None +3 2.5 MB shilman
npm/@storybook/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +186 43.1 MB shilman
npm/@storybook/[email protected] Transitive: environment, filesystem +28 11.2 MB shilman
npm/@storybook/[email protected] environment, eval +2 379 kB shilman
npm/@storybook/[email protected] None 0 16.5 kB shilman
npm/@storybook/[email protected] eval Transitive: environment, filesystem, network, shell, unsafe +117 28.4 MB shilman
npm/@storybook/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +294 36.1 MB alexandrebodin, amalik2, dandean, ...23 more
npm/@storybook/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +81 20.4 MB shilman
npm/@storybook/[email protected] Transitive: environment, eval +34 4.83 MB yannbf
npm/@tabler/[email protected] None +1 194 MB codecalm
npm/@tanstack/[email protected] environment +3 5.46 MB tannerlinsley
npm/@tanstack/[email protected] environment +1 3.6 MB tannerlinsley
npm/@tomfreudenberg/[email protected] None 0 34 kB tom-freudenberg
npm/@trpc/[email protected] network Transitive: environment +1 966 kB katt
npm/@trpc/[email protected] Transitive: environment, network +5 4.97 MB katt
npm/@trpc/[email protected] Transitive: environment, network +4 4.86 MB katt
npm/@trpc/[email protected] environment 0 713 kB katt
npm/@types/[email protected] None 0 120 kB types
npm/@types/[email protected] None 0 4 MB types
npm/@types/[email protected] None 0 49.8 kB types
npm/@types/[email protected] None +4 1.71 MB types
npm/@types/[email protected] None +3 1.68 MB types
npm/@types/[email protected] None 0 3.14 kB types
npm/@types/[email protected] None +1 4.02 MB types
npm/@typescript-eslint/[email protected] Transitive: environment, eval, filesystem, shell, unsafe +58 13.5 MB jameshenry
npm/@typescript-eslint/[email protected] Transitive: environment, eval, filesystem, shell, unsafe +53 10.5 MB jameshenry
npm/@vercel/[email protected] None 0 190 kB chriswdmr, ijjk, matheuss, ...6 more
npm/@vercel/[email protected] None 0 272 kB vercel-release-bot
npm/[email protected] None +4 93.9 kB sindresorhus
npm/[email protected] None 0 4.3 MB andrewortwein, cdedreuille, codykaup, ...9 more
npm/[email protected] None +1 407 kB davidjerleke
npm/[email protected] None +1 409 kB davidjerleke
npm/[email protected] environment Transitive: eval, filesystem, network, shell, unsafe +76 15.1 MB alisowski
npm/[email protected] environment, filesystem, shell Transitive: eval, unsafe +102 30.7 MB mmkale
npm/[email protected] None 0 67.3 kB edvardchen
npm/[email protected] filesystem Transitive: environment, eval, shell, unsafe +47 9.74 MB mysticatea
npm/[email protected] environment, eval, filesystem, shell Transitive: unsafe +45 9.44 MB turbobot
npm/[email protected] environment, filesystem, shell 0 3.61 kB typicode
npm/[email protected] None +1 337 kB adrai
npm/[email protected] network +1 201 kB adrai
npm/[email protected] None +1 882 kB adrai, jamuhl

🚮 Removed packages: npm/@next/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 4, 2024
edited
Loading

📦 Next.js Bundle Analysis for @weareinreach/glaad

This analysis was generated by the Next.js Bundle Analysis action. 🤖

This PR introduced no changes to the JavaScript bundle! 🙌

@renovate
fix(deps): update next.js to v14.1.2
4c6da37 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/next.js branch from 3735d4e to 4c6da37 Compare March 5, 2024 01:52
@renovate renovate bot changed the title fix(deps): update next.js to v14.1.1 fix(deps): update next.js to v14.1.2 Mar 5, 2024
@socket-security Socket Security
Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Install scripts npm/[email protected]
  • Install script: postinstall
  • Source: node -e "try{require('./postinstall')}catch(e){}"
Install scripts npm/[email protected]
  • Install script: postinstall
  • Source: node -e "try{require('./postinstall')}catch(e){}"
Install scripts npm/@vercel/[email protected]
  • Install script: postinstall
  • Source: node scripts/postinstall.mjs
Install scripts npm/@swc/[email protected]
  • Install script: postinstall
  • Source: node postinstall.js

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@kodiakhq kodiakhq bot merged commit bd82f99 into dev Mar 5, 2024
18 of 19 checks passed
@kodiakhq kodiakhq bot deleted the renovate/next.js branch March 5, 2024 18:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoeKarow JoeKarow JoeKarow approved these changes

Assignees
No one assigned
Labels
automerge Enable Kodiak auto-merge dependencies Change in project dependencies.
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@JoeKarow