Update dependency next to v13 [SECURITY] - autoclosed #534
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
11.1.4
->13.5.0
GitHub Vulnerability Alerts
CVE-2023-46298
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets.
CVE-2022-23646
Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the
next.config.js
file must have animages.domains
array assigned and the image host assigned inimages.domains
must allow user-provided SVG. If thenext.config.js
file hasimages.loader
assigned to something other than default, the instance is not affected. Version 12.1.0 contains a patch for this issue. As a workaround, changenext.config.js
to use a differentloader configuration
other than the default.Impact
next.config.js
file has images.domains array assignednext.config.js
file has images.loader assigned to something other than defaultPatches
Next.js 12.1.0
Workarounds
Change
next.config.js
to use a different loader configuration other than the default, for example:Or if you want to use the
loader
prop on the component, you can usecustom
:Release Notes
vercel/next.js (next)
v13.5.0
Compare Source
v13.4.19
Compare Source
Core Changes
@headlessui/react
: #54206devPageFiles
collection: #54224Route
andLinkProps
stub generics: #54226createClientModuleProxy
from Flight Server: #54232loaderFile
whenloader: default
: #53417Misc Changes
upgrading.mdx
link : #54234cancel-workflow-action@0.11.0
: #54246Credits
Huge thanks to @opnay, @styfle, @timneutkens, @ztanner, @shuding, @huozhi, @vinaykulk621, @balazsorban44, @goguda, and @coreyleelarson for helping!
v13.4.18
Compare Source
Core Changes
position
indev-build-watcher
: #54124size
property toReadonlySearchParams
: #53144Misc Changes
Credits
Huge thanks to @huozhi, @shuding, @styfle, @jridgewell, @bencmbrook, @cramforce, and @ztanner for helping!
v13.4.17
Compare Source
Core Changes
as any
type cast: #54074fs.promises.rm()
: #54076node@16.5.0
: #54125NextRequest
: #54108handle_issues
from turbopack: #52972cookies().has()
breaks in app-route: #54112Documentation Changes
'
in data-fetching/fetching-caching-and-revalidating: #54058Example Changes
Misc Changes
swc_core
tov0.79.59
: #54082packageManager
field: #54132Credits
Huge thanks to @balazsorban44, @huozhi, @ztanner, @williamli, @wbinnssmith, @kwonoj, @stefanprobst, @feugy, @timneutkens, @kdy1, @Kikobeats, @styfle, @dvoytenko, @MaxLeiter, and @devjiwonchoi for helping!
v13.4.16
Compare Source
Core Changes
Documentation Changes
Misc Changes
Credits
Huge thanks to @ijjk, @ztanner, @huozhi, @lacymorrow, @dvoytenko, @kylemcd, @kwonoj, @tibi1220, @wbinnssmith, and @shuding for helping!
v13.4.15
Compare Source
Core Changes
changeFrequency
andpriority
attributes to sitemaps: #48484getStaticPaths()
for windows: #53876@heroicons/react
tomodularizeImports
: #5390218.3.0-canary-1a001dac6-20230812
: #53881next-server
: #53131Documentation Changes
next/link
anduseRouter
.: #53804bun
package manager: #53590Example Changes
Misc Changes
@next/third-parties
package: #53996swc_core
tov0.79.55
: #53831Credits
Huge thanks to @iamarpitpatidar, @pythagoras-yamamoto, @alexkirsz, @sokra, @jsteele-stripe, @tknickman, @gaojude, @styfle, @janicklas-ralph, @huozhi, @ijjk, @vinaykulk621, @balazsorban44, @ztanner, @timneutkens, @ericfennis, @JohnAdib, @MiLk, @kwonoj, @delbaoliveira, @leerob, @LuudJanssen, @lucasconstantino, @davecarlson, @colinhacks, @shuding, @jridgewell, @jantimon, @Banbarashik, @ForsakenHarmony, @kdy1, @dvoytenko, @arturbien, @gnoff, @hsrvms, and @DuCanhGH, @tim-hanssen, @Aryan9592, and @rishabhpoddar for helping!
v13.4.13
Compare Source
Core Changes
Next-Url
to http vary in consideration of intercept routes.: #52746yarn add sharp
tonpm i sharp
: #53130Request
cloning viaNextRequest
: #53157Documentation Changes
08-parallel-routes.mdx
: #53069useRef()
: #53015FormData
type onformData
defined in.js
file: #53014Example Changes
Misc Changes
validate-docs-links
required: #53123Credits
Huge thanks to @vinaykulk621, @Lantianyou, @styfle, @shuding, @joulev, @AkifumiSato, @trigaten, @HurSungYun, @DevLab2425, @sokra, @alexkirsz, @ztanner, @leerob, @SukkaW, @kwonoj, @huozhi, @ijjk, @balazsorban44, @daniel-web-developer, @ky1ejs, and @arturbien for helping!
v13.4.12
Compare Source
Core Changes
Documentation Changes
Misc Changes
swc_core
tov0.79.22
: #52945Credits
Huge thanks to @ijjk, @wyattjoh, @sokra, @kdy1, @alexkirsz, @styfle, @ShaunFerris, @syedtaqi95, @Heidar-An, @huozhi, and @ztanner for helping!
v13.4.11
Compare Source
Core Changes
<preload>
fornext/image
in App Router: #52425.txt
: #52640moduleResolution
intsconfig.json
fromnode
tobundler
: #51957Documentation Changes
js
version forgenerateMetadata
.: #52763Example Changes
force-dynamic
from all dynamic routes: #52916Misc Changes
Credits
Huge thanks to @styfle, @huozhi, @balazsorban44, @kwonoj, @alexkirsz, @ijjk, @Jeffrey-Zutt, @timneutkens, @vinaykulk621, @Ryan-Dia, @sokra, @shuding, @steppefox, @hiro0218, @rjsdnql123, @feedthejim, @fgiuliani, @steven-tey, @AntoineBourin, @adamrhunter, @darshanjain-entrepreneur, @s0h311, @wyattjoh, @ztanner, @djreillo, @dijonmusters, and @cassidoo for helping!
v13.4.10
Compare Source
Core Changes
get_client_chunking_context
independent of context: #51928ensurePage
requests for the same page: #52360output: "standalone"
crashing build when there is noapp/
page: #51993serverComponentsExternalPackages
: #52388next-types-plugin
forNode16
/NodeNext
: #52562react@18.3.0-canary-9377e1010-20230712
: #52649Documentation Changes
useSearchParams
: #52348create-next-app
requires public GitHub URLs.: #52367fetch
request de-duplication: #52100next/image
: #52480formData
example for Route Handlers: #52358metadata
object: #52252_app
and_document
: #52479Example Changes
0.19
): #52473Misc Changes
v0.79.13
: #52371not-found.tsx
withoutput: export
: #52526npm pack
instead ofyarn pack
: #52563body-parser
: #52580Credits
Huge thanks to @ijjk, @anonrig, @alexkirsz, @gfgabrielfranca, @styfle, @ztanner, @leerob, @sokra, @huozhi, @Bitbbot, @wyattjoh, @kdy1, @wbinnssmith, @shuding, @jridgewell, @BrennanColberg, @Nick-Mazuk, @delbaoliveira, @thomasballinger, @lucgagan, @nroland013, @SonMooSans, @jenewland1999, @thorwebdev, @jyunhanlin, @darshanjain-entrepreneur, @DuCanhGH, @Gnadhi, @yagogmaisp, @carlos-menezes, @balazsorban44, @ryo-manba, @timneutkens, @feedthejim, @vamcs, @matepapp, @SleeplessOne1917, @ecklf, @djreillo, @kwonoj, @gnoff, @feugy, @karlhorky, @starunaway, @FernandVEYRIER, @Ryan-Dia, @Terro216, @anthonyshew, and @suhaotian for helping!
v13.4.9
Compare Source
Core Changes
modularizeImports
transform ofantd
: #52148unstable_getImgProps()
: #5215318.3.0-canary-1fdacbefd-20230630
: #5200518.3.0-canary-1fdacbefd-20230630
": #52192dynamicParams
check in TS plugin: #52211appDir: true
from tests: #52291modularizeImports
for antd & ant-design/icons: #521697118f5d
: #52282Documentation Changes
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.