Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency next to v14 [security] #5377

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency next to v14 [security] #5377

wants to merge 1 commit into from
+47 −60

Conversation

zemnmez-renovate-bot
Copy link
Collaborator

@zemnmez-renovate-bot zemnmez-renovate-bot commented May 10, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
next (source) devDependencies major 13.4.10 -> 14.1.1

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2023-46298

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets.

CVE-2024-34350

Impact

Inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions.

For a request to be exploitable, the affected route also had to be making use of the rewrites feature in Next.js.

Patches

The vulnerability is resolved in Next.js 13.5.1 and newer. This includes Next.js 14.x.

Workarounds

There are no official workarounds for this vulnerability. We recommend that you upgrade to a safe version.

References

https://portswigger.net/web-security/request-smuggling/advanced/response-queue-poisoning

CVE-2024-34351

Impact

A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the Host header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.

Prerequisites

  • Next.js (<14.1.1) is running in a self-hosted* manner.
  • The Next.js application makes use of Server Actions.
  • The Server Action performs a redirect to a relative path which starts with a /.

* Many hosting providers (including Vercel) route requests based on the Host header, so we do not believe that this vulnerability affects any Next.js applications where routing is done in this manner.

Patches

This vulnerability was patched in #​62561 and fixed in Next.js 14.1.1.

Workarounds

There are no official workarounds for this vulnerability. We recommend upgrading to Next.js 14.1.1.

Credit

Vercel and the Next.js team thank Assetnote for responsibly disclosing this issue to us, and for working with us to verify the fix. Thanks to:

Adam Kues - Assetnote
Shubham Shah - Assetnote

CVE-2024-47831

Impact

The image optimization feature of Next.js contained a vulnerability which allowed for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption.

Not affected:

  • The next.config.js file is configured with images.unoptimized set to true or images.loader set to a non-default value.
  • The Next.js application is hosted on Vercel.

Patches

This issue was fully patched in Next.js 14.2.7. We recommend that users upgrade to at least this version.

Workarounds

Ensure that the next.config.js file has either images.unoptimized, images.loader or images.loaderFile assigned.

Credits

Brandon Dahler (brandondahler), AWS
Dimitrios Vlastaras

CVE-2024-39693

Impact

A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server.

This vulnerability can affect all Next.js deployments on the affected versions.

Patches

This vulnerability was resolved in Next.js 13.5 and later. We recommend that users upgrade to a safe version.

Workarounds

There are no official workarounds for this vulnerability.

Credit

  • Thai Vu of flyseccorp.com
  • Aonan Guan (@​0dd), Senior Cloud Security Engineer

Release Notes

vercel/next.js (next)

v14.1.1

Compare Source

Note: this is a backport release for critical bug fixes -- this does not include all pending features/changes on canary

Core Changes
Credits

Huge thanks to @​huozhi, @​shuding, @​Ethan-Arrowood, @​styfle, @​ijjk, @​ztanner, @​balazsorban44, @​kdy1, and @​williamli for helping!

v14.1.0

Compare Source

Core Changes
  • Turbopack: switch to a single client components entrypoint: #​59352
  • Update swc_core to v0.86.98 and turbopack: #​59393
  • Fix cases for the optimize_server_react transform: #​59390
  • Use new JSX transform: #​56294
  • loading.tsx should have no effect on partial rendering when PPR is enabled: #​59196
  • Update font data: #​59426
  • Remove CacheNode.status field: #​59472
  • Rename CacheNode.data → .lazyData : #​59473
  • Generate Params Cleanup: #​59431
  • Fix webpack chunks handling in traces: #​59498
  • Rename CacheNode.subTreeData -> .rsc : #​59491
  • fix NODE_OPTIONS=inspect: #​59530
  • Add CacheNode.prefetchRsc field: #​59537
  • allow passing wildcard domains in serverActions.allowedDomains: #​59428
  • Page Info Cleanup: #​59430
  • Fix force-static and fetch no-store cases: #​59549
  • Should not show no index for client rendering bailout: #​59531
  • Enable build worker by default: #​59405
  • Fork navigateReducer into PPR and non-PPR versions: #​59538
  • cleanup magic segment strings: #​59552
  • chore: update Turbopack: #​59589
  • Fix another magic segment string constant: #​59591
  • Make CacheNodeSeedData match FlightRouterState more closely: #​59590
  • transpilePackages should override default settings for external packages: #​59385
  • move segment constants to separate file: #​59587
  • Revert "Page Info Cleanup (#​59430)": #​59592
  • Fix useOptimistic in server components bug. Add tests for invalid React server APIs: #​59621
  • Partial Pre Rendering Headers: #​59447
  • Add tests for invalid React server APIs: #​59622
  • Refactor setup-dev-bundler to make Turbopack/Webpack split clearer: #​59650
  • refactor and simplify app dynamic components: #​59658
  • Change manifestPath to pagesManifestPath: #​59657
  • Fix issue with outputFileTracingExcludes and pages/api edge runtime: #​59157
  • Update font data: #​59722
  • Remove path normalization logic when uploading .next/trace traces: #​59305
  • LayoutRouter: Support segment value of Promise to asynchronously bail out and trigger a server patch: #​59724
  • fix: Allow start turbopack dev server for a project using middleware: #​59759
  • fix: gracefully shutdown server: #​59551
  • Revert "fix: gracefully shutdown server (#​59551)": #​59792
  • Optionally bundle legacy react-dom/server APIs based on usage: #​59737
  • fix default handling in route groups that handle interception: #​59752
  • Transpile all code on app browser layer: #​59569
  • Initial implementation of PPR client navigations: #​59725
  • fix(turbopack): prevent edge entrypoint from becoming an async module: #​59818
  • Ensure we validate revalidate configs properly: #​59822
  • Update error check in validateRevalidate: #​59826
  • Rename confusing loaders: #​59827
  • Upgrade og dependencies: #​59541
  • [PPR Navs] Bugfix: Dynamic data never streams in if prefetch entry is stale: #​59833
  • fix parallel catch-all route normalization: #​59791
  • fix router prefetch cache key to work with route interception: #​59861
  • Alias nextjs api entry to esm version for app router: #​59852
  • Remove duplicate standalone check: #​60085
  • Remove return on void function: #​60087
  • Ensure NextBuildContext is only used during build: #​60099
  • Add PageExtensions type: #​60108
  • Ensure instrumentation file does not affect middleware count: #​60102
  • Use WebpackError type instead of any: #​60105
  • Remove root parameter: #​60112
  • Remove extra duplicate pages warning: #​60113
  • Add MappedPages type: #​60106
  • Always call createPagesMapping for root paths: #​60107
  • Fix path issues on linux machines when build created on windows: #​60116
  • fix: Fix wrong cjs detection of auto-cjs pass: #​60118
  • chore: update Copyright time from 2023 to 2024: #​60071
  • Filter out duplicate paths in build output: #​59858
  • chore: align webpack config node version: #​59862
  • gracefully handle client router segment mismatches: #​60141
  • Fix start build log being overwritten by logs from page: #​60122
  • Allow using ESM pkg with custom incremental cache: #​59863
  • Fix emitting ESM swc helpers for 3rd parties CJS libs in bundle: #​60169
  • Move cacheDir logic to getCacheDir: #​60133
  • Refactor to unify writeFile, readFile, and add readManifest: #​60137
  • chore: bump @vercel/[email protected]: #​60172
  • fix: <Script> with beforeInteractive strategy ignores additional attributes in App Router: #​59779
  • Fix invalid comment: #​60182
  • Refactor: Separate RSC renderer from SSR wrapping component: #​59676
  • fix: cache next font during development to avoid FOUC: #​60175
  • Add writeManifest: #​60138
  • Add writePrerenderManifest: #​60158
  • Add writeStandaloneDirectory: #​60162
  • Always write FunctionsConfigManifest: #​60163
  • Upgrade @​vercel/og: #​60205
  • Improve consistency of issues and diagnostics for napi calls: #​60198
  • Change server actions cache default to no-store: #​60170
  • Allow undefined environment variables in config: #​58247
  • Add writeFullyStaticExport: #​60200
  • fix: Mark file as ESM if it has an export from auto-cjs pass: #​60216
  • log a dev warning when a missing parallel slot results in a 404: #​60186
  • Fix: Throw an error for empty array return in generateStaticParams with output:export: #​57053
  • Ensure appPathsManifest variable is inside if block: #​60210
  • Remove NEXT_TURBO_FILTER_PAGES internal variable: #​60217
  • fix: add node-web-audio-api to server-external-packages.json: #​60243
  • Disable 2mb limit for custom incrementalCacheHandler: #​59976
  • [PPR Nav] Fix: Page data should always be applied: #​60242
  • Add writeImagesManifest: #​60209
  • feat(next-core): apply rsc transform in turbopack: #​59629
  • Move buildId logic to getBuildId: #​60132
  • fix catch-all route normalization for default parallel routes: #​60240
  • micro fix of the cache limit check: #​60249
  • parallel routes: fix @​children slots: #​60288
  • Bump webpack-bundle-analyzer: #​58442
  • docs: Add docs for next dev --experimental-https: #​60357
  • Update React from 0cdfef1 to f1039be: #​60368
  • Simplify if condition: #​60250
  • Fix dynamic sitemap detection: #​60356
  • chore(font): enable minification: #​60319
  • chore(precompile): remove obsolete precompiled assets : #​60316
  • refactor: simplify the call in lib.picocolors: #​60386
  • chore(precompile): re-add watchpack to the precompile: #​60309
  • refactor(dev-overlay): remove chalk: #​60317
  • Fix: HMR in multi-zone handling 🌱: #​59471
  • HMR development stats: include updatedModules for App Router and Turbopack changes: #​59785
  • Change color of output bundle size: #​60385
  • Fix TypeError when using params in RootLayout with parallel routes: #​60401
  • Fix missing source code display for some jsx errors: #​60390
  • Refactor unstable_cache implementation: #​60403
  • Missing Postpone Detection Fix: #​59891
  • refactor(next/core): reorganize next.js custom transforms for next-swc/turbopack: #​60400
  • Fix custom cache handler importing on windows: #​60312
  • Display original failed fetch trace: #​60274
  • feat(app-router): introduce experimental.missingSuspenseWithCSRBailout flag: #​57642
  • update turbopack: #​60208
  • update turbopack: #​60478
  • feat(turbopack): support named client references properly: #​59578
  • Fix intercepted segments with basepath: #​60485
  • parallel routes: fix client reference manifest grouping for catch-all segments: #​60482
  • Group small chunks in shared js section of output: #​60479
  • filter default segments from prerender manifest: #​60499
  • Add experimental options for more parallelization in webpack builds: #​60177
  • move custom allocator flag and add rustls-tls comment: #​60128
  • fix: redirect logic missing basePath in App Render: #​60184
  • Revert "feat(app-router): introduce experimental.missingSuspenseWithCSRBailout flag": #​60508
  • add retry logic to loadClientReferenceManifest: #​56518
  • Turbopack hmr: record forwarded client spans: #​60500
  • chore(turbopack): check for unsupported next config options instead of supported ones: #​58781
  • Handle non server action post requests safely: #​60526
  • Fix global-error for nested routes: #​60539
  • chore(examples): use default prettier for examples/templates: #​60530
  • Update default error rate for client filter: #​60542
  • Enable windowHistorySupport by default: #​60557
  • Fix logging order of build jobs: #​60564
  • propagate notFound errors past a segment's error boundary: #​60567
  • Tracing: attach Turbopack session value to root span: #​60576
  • [PPR Nav] Fix flash of loading state during back/forward: #​60578
  • Fix react-refresh for transpiled packages: #​60563
  • Ensure client filter with basePath is correct: #​60580
  • Update React from f1039be to 60a927d: #​60619
  • Add cache reason for using fetch with noStore: #​60630
  • chore: remove unused export: #​60647
  • remove next build turbopack version: #​60655
  • fix breakpoints on reload: #​60507
  • Fix hmr updates with rebuilding for build errors: #​60676
  • graceful shutdown: #​60059
  • refactor(next-swc): remove unused crashreporter: #​60593
  • chore(eslint-plugin-next): upgrade glob dependency: #​60732
  • Fix client reference keys of barrel-optimized files: #​60685
  • Fix recursive ignoring case in build traces: #​60740
  • Telemetry: allow disabling of fetch tracing: #​60588
  • chore: typo, responseCookes to responseCookies: #​60654
  • Telemetry code load: #​60594
  • allow to pass available chunk items when creating a chunk group: #​60554
  • separate chunking per layout parts: #​60569
  • feat(next-core): port remaining next.js custom transforms: #​60498
  • Reapply "feat(app-router): introduce experimental.missingSuspenseWithCSRBailout flag" (#​60508): #​60751
  • Skip postcss config location resolving in node_modules: #​60697
  • apply page transforms only on pages: #​60779
  • fix layout segment key to match up with manifest: #​60783
  • Fix locale domain public files check: #​60749
  • Stabilize custom cache handlers and changing memory size.: #​57953
  • feat: stabilize unstable_getImgProps() => getImageProps(): #​60739
  • Fix Server Actions compiler bug: #​60794
  • Dev Server: Preserve globals overwrites in the initialization hook: #​60796
  • add missing function call to normalize-catchall-routes test case: #​60777
  • Use snapshots for component-stack tests: #​60768
  • Support next/og usage in ESM nextjs app: #​60818
  • fix(ts): auto-complete next/headers: #​60817
  • Remove the warning for build worker when custom webpack present: #​60820
  • chore(deps): update browserslist and caniuse-lite: #​60827
  • feat: support custom image loaders in turbopack: #​60736
  • Ensure request specific caches for revalidate are reset: #​60810
  • Add metrics names for unstable_cache: #​60802
  • Fix: respect init.cache if fetch input is request instance: #​60821
  • Revert "Fix: Throw an error for empty array return in generateStaticParams with output:export": #​60831
  • turbopack: rename custom cache handler configs: #​60828
  • dx: warn the deprecated cache configs are used: #​60836
  • Enable missing suspense bailout by default: #​60840
Documentation Changes
  • Docs: Update Server Actions Docs: #​59080
  • Docs: Polish Server Actions Page 💅🏼 : #​59400
  • Update 10-route-handlers.mdx: #​59443
  • docs: remove broken link: #​59487
  • Docs: Add App Router Testing Guides and update /examples: #​59268
  • docs: fix bad closed tag: #​59575
  • Fix closing tags for jest docs: #​59579
  • Docs: Fix formatting in testing docs and update examples dependencies: #​59572
  • Docs: Add missing closing tag: #​59581
  • Docs: Review and update getServerSideProps page: #​59545
  • docs: add note for environment variables on Vercel deployment: #​59237
  • docs(accessibility): updates WCAG version to 2.2: #​59646
  • docs: small tweaks: #​59638
  • docs: fix broken backtick for link: #​59717
  • Docs: Document generateSitemaps: #​59626
  • Docs: Polish testing section: #​59618
  • docs: improve docs around geolocation and IP headers: #​59719
  • Docs: Review and Typo Fix - getServerSideProps: #​59616
  • docs: fix vitest example link in testing with vitest: #​59659
  • docs: fix grammar issue in 03-get-server-side-props.mdx: #​59670
  • Includes section to @next/third-parties documentation for Google Analytics: #​59671
  • Change file extension to .tsx: #​59763
  • docs: clarify data fetching pattern: #​59602
  • change 'themeColor' to 'viewport' in the viewport section: #​59764
  • docs: add missing comma to sitemap.mdx: #​59788
  • Chore docs fix runon and definition of trailing slash redirect: #​59889
  • Minor grammar edits: #​59887
  • Introduce cache version history in cache API: #​59799
  • docs: correct type in sitemap.mdx: #​59787
  • chore(docs): Remove typesafe-i18n from thrid-party i18n options: #​59624
  • docs: Add Chakra UI setup guide: #​59275
  • Update not-found.mdx: #​59478
  • Updates references for styled-components configuration in next.config.js: #​59495
  • Update 05-mdx.mdx: #​57988
  • Mention remark-mdx-frontmatter in frontmatter docs: #​59238
  • Docs: Rename React Query to TanStack Query: #​59004
  • Add cwd to VSCode debugging setup steps: #​58689
  • [Docs]: fix tiny typo: #​59897
  • [docs] Add sensible name for Cookie deleting functions: #​57893
  • Update generate-viewport.mdx: #​57701
  • Update opengraph-image.mdx: #​57810
  • [docs] Update example links.: #​57891
  • docs: clarify setting and reading cookies from Route Handlers: #​59915
  • docs: add Sirv loader for next/image: #​57102
  • docs: fix prettier lint: #​59918
  • docs: Add media example for icon metadata: #​56141
  • Fix typo in generate-sitemaps.mdx docs: #​59964
  • Update 02-server-actions-and-mutations.mdx: #​59935
  • Update 08-parallel-routes.mdx: #​59966
  • Updates "No Before Interactive" error message for App router: #​56033
  • docs: Update Middleware docs on ignoring prefetches: #​56799
  • docs: add note that contentlayer is unmaintained: #​59927
  • docs: small changes to linking docs: #​59982
  • docs: opengraph / twitter image needs absolute URL: #​59985
  • docs: fix typo for useFormState: #​60010
  • docs: clarify using redirect with client components: #​60056
  • Update documentation to reflect added support for 'userScalable' field in 'viewport': #​60033
  • docs: Add section for CSP without nonces: #​60067
  • docs: update install count: #​60072
  • docs: fix version history order in sitemap.mdx: #​60054
  • docs: clarify generateStaticParams and dynamicParams: #​60083
  • docs: update maxDuration info: #​60086
  • docs: ⌘+Enter for forms: #​60090
  • Clarify measurement ID in Optimizing: Third Party Libraries: #​60136
  • Update 03-css-in-js.mdx : fix typo: #​60114
  • docs: small wording fix for 03-linking-and-navigating.mdx: #​60089
  • Docs: If revalidatePath's path has dynamic segment path, type must be page.: #​59149
  • docs: improve grammar: #​60149
  • Fix config code in the CSS-in-JS chapter: #​60164
  • Updating example with required content type in header: #​59990
  • Adds a section to Optimizing: Third Party Libraries on tracking pageviews for Google Analytics: #​60176
  • Update route-segment-config.mdx: #​60179
  • docs: Fix typo on generate-sitemaps.mdx: #​60188
  • small correction in 11-middleware.mdx: #​60189
  • docs(trailingSlashes): add note for SSG generation: #​57628
  • docs: fix typos and broken links in the image.mdx: #​60221
  • Docs: Fix revalidate type annotation: #​60230
  • Update 02-server-actions-and-mutations.mdx: #​60222
  • fix(docs): add missing docs on external packages: #​60244
  • Docs: Add "Going to production" page for App Router: #​59304
  • Docs: Update compression docs: #​60264
  • Docs: Clarify useSearchParams behavior: #​60257
  • Docs: Add more clarification about compress : #​60268
  • Clarify searchParams is not passed to Layouts: #​60277
  • docs(testing): add bun command to running your tests section: #​60281
  • chore(docs): add section for Custom Type Declarations: #​60282
  • docs: small corrections to bundle analyzer docs: #​60285
  • docs: typo fix in compression page: #​60318
  • docs: add example of webhooks with App Router: #​60276
  • docs: add optional catch-all segments typescript example: #​60237
  • Update use-search-params.mdx: #​55357
  • docs: address a few open issues: #​60329
  • docs: next/head: Document error cases with head/body-tags; add subheadings: #​56412
  • Fix bundle analyzer NPM package name in documentation: #​60339
  • [doc] Update 03-linking-and-navigating.mdx: #​60345
  • add missing types: #​60346
  • docs: update docs for remotePatterns to mention what happens when prop is omitted: #​60387
  • Docs: Update note on @next/third-parties being experimental: #​60372
  • chore(docs): fix 14 upgrade guide mentioning export: #​60429
  • chore(docs/errors): Improve documentation grammar: #​60452
  • Docs: Address Community Feedback: #​60476
  • for #​59178 - addition to robots.mdx - Customize user-agent rules: #​60361
  • Docs: Document windowHistorySupport flag, and add pushState/replaceState examples: #​60374
  • docs: correct windowHistorySupport title: #​60503
  • chore: correct subject-verb conjugation in Client Components doc: #​60538
  • Add "Redirecting" page in the Routing section: #​60435
  • docs: small fix in Redirecting page: #​60583
  • fix(mdx): update word order, fix typo: #​60466
  • Add documentation for client router filter: #​60585
  • docs: Update Google Analytics error doc: #​60612
  • docs: remove Next 13 mention for App Router: #​60632
  • Fix Typo in Testing Documentation Description: #​60601
  • chore: remove duplicate package name: #​60652
  • chore(docs): add docs for .svg unoptimized behavior: #​60735
  • add authentication docs page: #​60388
  • chore(docs): fix example documentation for Art Direction: #​60823
  • docs: add build worker optout error back with upgrade advice: #​60826
  • Docs: Use JS comment for MDX: #​60825
  • Fix error from the auth docs.: #​60829
Example Changes
  • Updates the with-vitest example. Unlocks the tests passing with server-only usage: #​58902
  • Add text-wrap: balance to CNA template for card descriptions: #​59384
  • fix: Invalid next version tag name in with-cypress example: #​59647
  • Fix: Add matcher for middleware: #​59651
  • examples: Add new NextAuth.js example: #​56914
  • examples: add required env vars to auth example.: #​59901
  • examples: update Redis to App Router: #​59311
  • examples: remove broken deploy button: #​58794
  • examples: progressive enhancement for Redis example: #​59937
  • Update .env.local.example of with-firebase example: #​59954
  • Upgrade with-algolia-react-instantsearch example to latest major version and use app router: #​59961
  • Rename .env.local.example to .env.example: #​59984
  • Update Convex Example: #​59789
  • examples: Update next-forms example: #​60052
  • chore(cms-contentfu): fix contentful instructions: #​60050
  • examples: improve typings for i18n app dir: #​60160
  • chore(examples): migrate image-component example to App Router: #​60289
  • fix(#​58695): improve zustand example: #​58696
  • examples: add allow-unauthenticated option to cloud run deploy: #​58792
  • fixed import path in with-jest template.: #​60332
  • chore(examples): fix image-component example viewsource paths, shimmer page filename: #​60451
  • Update cache-handler-redis example dependencies: #​59458
  • examples: Update hello world: #​60502
  • chore: Fix typo s/desireable/desirable/: #​60518
  • chore: Fix multiple typos: #​60531
  • examples: Update redis example with useOptimistic: #​60596
  • Update README.md: #​60595
  • chore(example): update storybook: #​60737
Misc Changes
  • Revert "Skip latest commit check for stable release": #​59401
  • ci(workflow): restore publish wasm binary: #​59414
  • ci: only run release commit check on canary releases: #​59423
  • test(runner): preserve browser tracing if test fails: #​59469
  • Adding Google analytics to next/third-parties: #​58418
  • ci(test): upload playwright artifacts seperately: #​59496
  • fix integration test workflow: #​59508
  • Fix third party typings: #​59503
  • test(fixture): try to include sources in the snapshot: #​59499
  • chore: bump typescript-eslint to 6.14: #​59514
  • Update Deployment Testing: #​59448
  • fix(playwright): teardown when global quit force terminates browser: #​59548
  • chore(create-next-app): bump prompts to v2.4.2: #​59006
  • types: cover the tests with root tsconfig.json: #​59550
  • Fix test/tsconfig.json alias for internal test utils: #​59570
  • test(integration): adjust fixture to work with turbopack: #​59595
  • Add test for importing client components from server actions: #​59615
  • chore: extends from shared base tsconfig: #​59776
  • Update Turbopack test manifest: #​59798
  • Fix CI: Skip test in PPR dev mode, too: #​59817
  • Add unstable_cache validate test case: #​59828
  • Update swc_core to v0.87.10: #​59834
  • chore: add github bug report item type module resolution: #​60121
  • chore: add myself to created-by: Next.js team: #​60144
  • chore: include required Next.js stages to issue template: #​60142
  • searchParameters test for PPR: #​59678
  • Getting rid of a few TypeScript anys.: #​60017
  • fix responsiveness in starter templates: #​60140
  • fix(generators): update errors gen: #​60233
  • chore: test against latest sharp: #​60226
  • style: enforce prop immutability in new next app: #​58845
  • Update flakey test from port re-use: #​60291
  • chore: update pnpm to the latest (v8.14.0): #​60295
  • docs: update broken link in UPGRADING.md: #​60342
  • Update Turbopack test manifest: #​60306
  • Update Turbopack test manifest: #​60371
  • Update swc_core to v0.87.16: #​60192
  • Add replay.io test suite dependencies: #​60381
  • chore: update turbo to the latest: #​60294
  • Update Turbopack test manifest: #​60413
  • Update testing contributor guide: #​60421
  • chore: skip flaky turbopack navigation test: #​60431
  • ci: skip cron workflows on forks: #​60422
  • Add reproduction for HMR moving / renaming files.: #​57230
  • add tests for incremental-cache: #​60331
  • chore: fix postinstall when using tarball: #​60443
  • test: use replay jest runner to add current test name to recording: #​60438
  • misc: Skip cron workflows on forks: #​60487
  • Handle pages double render for useParams in tests: #​60486
  • Transition some check calls in tests to retry: #​60489
  • Use next.config.mjs for CNA templates: #​60494
  • Update Turbopack test manifest: #​60504
  • run tests from test suite that are not listed in the manifest: #​58401
  • Add --ci to jest tests in CI: #​60432
  • Ensure aliased variable is used in test: #​60428
  • Update Turbopack test manifest: #​60506
  • Skip webpack loader test in Turbopack: #​60509
  • Revert "Skip webpack loader test in Turbopack": #​60513
  • Revert "Revert "Skip webpack loader test in Turbopack"": #​60514
  • Remove unused target: es5 from tsconfig.json in create-next-app: #​60521
  • refactor(cna): make create-next-app even smaller and faster: #​58030
  • Expand hydration error test to check recovery: [#​60423](https://redirect.githu

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@zemnmez-renovate-bot zemnmez-renovate-bot force-pushed the renovate/npm-next-vulnerability branch 28 times, most recently from e3fc156 to 51547c1 Compare May 13, 2024 17:02
@zemnmez-renovate-bot zemnmez-renovate-bot force-pushed the renovate/npm-next-vulnerability branch 28 times, most recently from 5570dc8 to a9a71e2 Compare December 5, 2024 00:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Zemnmez Zemnmez Awaiting requested review from Zemnmez Zemnmez is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zemnmez-renovate-bot @Zemnmez