Skip to content

Update Next.js dependency #36755

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
SarahFrench merged 1 commit into from
Mar 25, 2025
Merged

Update Next.js dependency #36755

SarahFrench merged 1 commit into from
Mar 25, 2025

Conversation

@SarahFrench
Copy link
Member

@SarahFrench SarahFrench commented Mar 24, 2025
edited
Loading

Addresses https://nvd.nist.gov/vuln/detail/CVE-2025-29927

I updated to this new version based on guidance in https://github.com/hashicorp/terraform/security/code-scanning/927

Before and after for npm audit:
48 vulnerabilities (36 moderate, 11 high, 1 critical)
47 vulnerabilities (36 moderate, 11 high)

Target Release

1.12.x

CHANGELOG entry

  • This change is user-facing and I added a changelog entry.
  • This change is not user-facing.

@SarahFrench
npm i next@14.2.25
9bd7bf6 
Before and after for npm audit:
48 vulnerabilities (36 moderate, 11 high, 1 critical)
47 vulnerabilities (36 moderate, 11 high)
@SarahFrench SarahFrench added 1.11-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged no-changelog-needed Add this to your PR if the change does not require a changelog entry labels Mar 24, 2025
@SarahFrench SarahFrench changed the title Update Next.js Update Next.js dependency Mar 24, 2025
@SarahFrench SarahFrench removed the 1.11-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged label Mar 24, 2025
@SarahFrench SarahFrench marked this pull request as ready for review March 24, 2025 20:06
@SarahFrench SarahFrench requested review from a team as code owners March 24, 2025 20:06
@SarahFrench SarahFrench requested a review from nandereck March 24, 2025 20:06
@SarahFrench SarahFrench merged commit 7b117e6 into main Mar 25, 2025
22 of 24 checks passed
@SarahFrench SarahFrench deleted the website-update-next-2 branch March 25, 2025 15:05
rkoron007 pushed a commit that referenced this pull request Mar 27, 2025
@SarahFrench @rkoron007
npm i next@14.2.25 (#36755)
24ad13f 
Before and after for npm audit:
48 vulnerabilities (36 moderate, 11 high, 1 critical)
47 vulnerabilities (36 moderate, 11 high)
@github-actions
Copy link
Contributor

github-actions bot commented Apr 25, 2025

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 25, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@xiehan xiehan xiehan approved these changes

@liamcervante liamcervante Awaiting requested review from liamcervante

@nandereck nandereck Awaiting requested review from nandereck nandereck was automatically assigned from hashicorp/web-presence

Assignees

No one assigned

Labels

no-changelog-needed Add this to your PR if the change does not require a changelog entry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SarahFrench @xiehan