Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade next from 12.3.3 to 15.0.0 #495

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade next from 12.3.3 to 15.0.0 #495

wants to merge 1 commit into from

Conversation

q1blue
Copy link
Collaborator

@q1blue q1blue commented Nov 11, 2024

snyk-top-banner

Snyk has created this PR to upgrade next from 12.3.3 to 15.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 1135 versions ahead of your current version.

  • The recommended version was released on 21 days ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Uncontrolled Recursion
SNYK-JS-NEXT-8186172		 147 No Known Exploit
medium severity Improper Input Validation
SNYK-JS-POSTCSS-5926692		 147 No Known Exploit
medium severity Resource Exhaustion
SNYK-JS-NEXT-6032387		 147 Proof of Concept
Release notes
Package name: next
  • 15.0.0 - 2024-10-21

    Core Changes

    • refactor: next-flight-client-module-loader return conditions: #64348
    • Fix Server Action error logs for unhandled POST requests: #64315
    • Shared Revalidate Timings: #64370
    • Freeze loaded manifests: #64313
    • test: skip turbopack build test: #64356
    • Fix: css in next/dynamic component in edge runtime: #64382
    • Fix more Turbopack build tests: #64384
    • use pathToFileUrl to make esm import()s work with absolute windows paths: #64386
    • Improve rendering performance: #64408
    • Fix the method prop case in Server Actions transform: #64398
    • fix(next-lint): update option --report-unused-disable-directives to --report-unused-disable-directives-severity: #64405
    • Revert "Fix: css in next/dynamic component in edge runtime": #64442
    • default fetchCache to no-store when force-dynamic is set: #64145
    • router restore should take priority over pending actions: #64449
    • Fix client boundary inheritance for barrel optimization: #64467
    • improve turborepo caching: #64493
    • Update font data: #64481
    • BREAKING CHANGE: remove deprecated analyticsId from config, and the corresponding performance-relayer files and tests: #64199
    • feat: strip traceparent header from cachekey: #64499
    • Fix typo in dynamic-rendering.ts: #64365
    • fix(next): global not-found not working on multi-root layouts: #63053
    • chore(next): add keywords on package.json: #64173
    • Fix DynamicServerError not being thrown in fetch: #64511
    • fix: lib/helpers/install.ts to better support pnpm and properly respect root argument: #64418
    • fix(next): Metadata.openGraph values not resolving basic values when type is set: #63620
    • disable production chunking in dev: #64488
    • update turbopack: #64501
    • Turbopack: Allow client components to be imported in app routes: #64520
    • refactor: remove always truthy flag: #64522
    • Turbopack: don’t show long internal stack traces on build errors: #64427
    • next/script: Correctly apply async and defer props: #52939
    • chore(next/font): update @ capsizecss/metrics package: #64528
    • feat: add information that revalidate interval is in seconds: #64229
    • Typo "Minifer" in config.ts: #64359
    • Enhance types for Node and Edge envionments: #64454
    • feat: Add a validation for postcss with useLightningcss: #64379
    • fix HMR for cases where chunking changes: #64367
    • perf: improve Pages Router server rendering performance: #64461
    • Fix cjs client components tree-shaking: #64558
    • fix refresh behavior for discarded actions: #64532
    • fix: filter out middleware requests in logging: #64549
    • chore: remove unused rust dependencies: #62176
    • fix(next-swc): correctly set wasm fallback for known target triples: #64567
    • memoize layout router context: #64575
    • fix incorrect refresh request when basePath is set: #64589
    • fix TypeError edge-case for parallel slots rendered multiple times: #64271
    • Fix ASL bundling for dynamic css: #64451
    • Revert "fix(next): global not-found not working on multi-root layouts": #64601
    • chore(test): run related E2E deploy tests on PRs: #63763
    • Improve top level await coverage: #64508
    • Upgrade typescript to 5.3: #64043
    • add pathname normalizer for actions: #64592
    • Fix experimental/testmode by removing console.log: #64670
    • Don't output .test.ts files in next/font: #63472
    • Fix reporting when performance.measure doesn't exist (Edge): #64669
    • Reduce amount of data passed to collectBuildTraces: #59665
    • fix(next-server): 'quiet' setting delegate for custom server: #64512
    • Revert "chore(test): run related E2E deploy tests on PRs": #64682
    • update turbopack: #64686
    • Fix: resolve mixed re-exports module as cjs: #64681
    • Revert "fix TypeError edge-case for parallel slots rendered multiple times": #64690
    • Fix typo: 'serverComponentsExtenalPackages' should be 'serverComponentsExternalPackages': #64705
    • prevent erroneous route interception during lazy fetch: #64692
    • Add @ appsignal/nodejs to the external packages list: #64503
    • fix root page revalidation when redirecting in a server action: #64730
    • Clean-up fetch metrics tracking: #64746
    • [actions] Enforce body limit using Transform stream: #64694
    • Turbopack: Don’t show stack traces for internal modules: #64228
    • Reapply "chore(test): run related E2E deploy tests on PRs" (#64682): #64712
    • fix(fetch-cache): fix typo: #64786
    • fix: remove traceparent from cachekey should not remove traceparent from original object: #64727
    • fix interception route rewrite regex not supporting hyphenated segments: #64805
    • Disable ncc cache instead of cache cleaning: #64804
    • Move next-swc Turborepo config to packages/next-swc: #64789
    • build: Update swc_core to v0.90.33: #64553
    • Enable loading source maps for Next Server and React: #64527
    • fix: mixing namespace import and named import client components: #64809
    • fext(next): extend next.config for mdxRs support options: #64801
    • skip test_e2e_deploy_related when triggered from a fork: #64893
    • fix(fetch-cache): fix additional typo, add type & data validation: #64799
    • feat(next-core): support parsing matcher config object: #64678
    • Fix mixed exports in server component with barrel optimization: #64894
    • fix: improve tsconfig extends checks: #61413
    • Fix next/image usage in mdx: #64875
    • fix dynamic route interception not working when deployed with middleware: #64923
    • feat(turbopack): Handle fragments in requests: #64232
    • feat(turbopack): Check for duplicate parallel routes: #64181
    • Speed up createNext test suite isolation: #64909
    • fix(rewrites): support external rewrite destination: #64943
    • Ensure edge prerender-manifest is minimal: #64946
    • remove special-cased prefetch kind in dev mode: #64941
    • feat: support import attributes: #59480
    • NextJS App router: add isolated-vm to server-external-packages.json: #64749
    • Add next experimental-test command: #64352
    • Revert "feat: support import attributes": #65001
    • NODE_OPTIONS updates: #65006
    • Update React from 14898b6a9 to c3048aab4: #64798
    • initialize ALS with cookies in middleware: #65008
    • feat(next/image)!: remove squoosh in favor of sharp as optional dependency: #63321
    • fix: Workaround acorn bug/version issue by using SWC: #65021
    • build: Update @ swc/core to v1.5.0: #65022
    • Ensure escaped string are parsed in NODE_OPTIONS: #65046
    • chore(fetch-cache): remove zod from fetch cache: #65079
    • support breadcrumb style catch-all parallel routes: #65063
    • Improve initial setup with new App Router TypeScript project: #64826
    • Add experimental trace file field: #65071
    • Fix playwright config merging for webServer property: #65090
    • chore(logging): Disable info logging of critters in production: #62776
    • [unstable_cache] Don't track dynamic fetches in an unstable_cache callback: #65010
    • fix(page-static-info): refine warning message to emit once: #65091
    • update redirect handling on forwarded action requests: #65097
    • Tracing: allow opt-in flag to send build traces to url: #65019
    • Turbopack: Allow client components from foreign code in app routes: #64751
    • fix node.js module warning in middleware: #65112
    • Fix: strip _rsc query for client navigation rsc request: #65084
    • fix unhandled runtime error when notFound() triggered in generateMetadata w/ parallel routes: #65102
    • Use vercel deployment url for metadataBase fallbacks: #65089
    • Fix next/dynamic with babel and src dir: #65177
    • update turbopack: #65191
    • Fix crypto import in edge runtime with Turbopack: #65171
    • Resolve global next Webpack alias last: #65123
    • Add oslo, @ node-rs/argon2, and @ node-rs/bcrypt to external packages: #65204
    • [trace] Reduce the size of .next/trace files: #65101
    • Remove extra suspense boundary for default next/dynamic: #64716
    • Only apply metadata manifest credentials for preview deployment: #64940
    • fix(next): add missing browser.major type: #65185
    • Turbopack: rename source map prefix: #64965
    • Use POST for invokeIpcMethod: #65238
    • fix redirect to url with semicolon: #65165
    • Provide non-dynamic segments to catch-all parallel routes: #65233
    • Fix an issue parsing catchall params: #65277
    • Enable preloading entries by default: #65289
    • Trace uploader: add worker spans to allowed events: #65255
    • Update font data: #65301
    • Update revalidateTag to batch tags in one request: #65296
    • Revert "Remove extra suspense boundary for default next/dynamic": #65309
    • Emit polyfill-nomodule.js into the build manifest polyfillFiles: #65223
    • Remove broken #[turbo_tasks::value(transparent)] attributes: #65336
    • Delete dead concatenate_output_assets function: #65337
    • Upgrade Turbopack: #65320
    • Pages router: Use attribute-based head children reconciler when strictNextHead is enabled: #65408
    • Revert "Implement Turbopack trace server bindings": #65419
    • use correct not-found component when triggered from a parallel route: #65343
    • Implement Turbopack trace server bindings: #65410
    • fix(next/image): bypass icns images: #65414
    • [PPR] Enable incremental adoption: #63847
    • fix: replace deprecated/removed functions in eslint-plugin-next: #64251
    • docs: update revalidatePath & fix cache debug logic: #65365
    • fix(next-core): mark turbopack embed fs to be internals: #65420
    • fix(next/image): add missing svg test and refactor missing types: #65345
    • build(edge): extract buildId into environment: #64521
    • Revert "build(edge): extract buildId into environment": #65425
    • fix(next/image): set max url length to 3072: #65457
    • Support React 19 in App and Pages router:

@snyk-bot
feat: upgrade next from 12.3.3 to 15.0.0
20d5b6d 
Snyk has created this PR to upgrade next from 12.3.3 to 15.0.0.

See this package in npm:
next

See this project in Snyk:
https://app.snyk.io/org/q1blue-rxw/project/a89a14b7-2ab6-4e53-832f-c2a7e5344805?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@q1blue @snyk-bot