Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: axios, next, react-hook-form #9

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade: axios, next, react-hook-form #9

wants to merge 1 commit into from

Conversation

SanteriMertakorpi
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

axios
from 1.7.3 to 1.7.5 | 2 versions ahead of your current version | a month ago
on 2024-08-23
next
from 14.2.5 to 14.2.7 | 2 versions ahead of your current version | 24 days ago
on 2024-08-27
react-hook-form
from 7.52.2 to 7.53.0 | 1 version ahead of your current version | a month ago
on 2024-08-24

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-7361793		 761 Proof of Concept
Release notes
Package name: axios from axios GitHub release notes
Package name: next
  • 14.2.7 - 2024-08-27

    Note

    This release is backporting bug fixes. It does not include all pending features/changes on canary.

    Core Changes

    • Revert "chore: externalize undici for bundling" (#65727)
    • Refactor internal routing headers to use request meta (#66987)
    • fix(next): add cross origin in react dom preload (#67423)
    • build: upgrade edge-runtime (#67565)
    • GTM dataLayer parameter should take an object, not an array of strings (#66339)
    • fix: properly patch lockfile against swc bindings (#66515)
    • Add deployment id header for rsc payload if present (#67255)
    • Update font data (#68639)
    • fix i18n data pathname resolving (#68947)
    • pages router: ensure x-middleware-cache is respected (#67734)
    • Fix bad modRequest in flight entry manifest #68888
    • Reject next image urls in image optimizer #68628
    • Fix hmr assetPrefix escaping and reuse logic from other files #67983

    Credits

    Huge thanks to @ kjugi, @ huozhi, @ ztanner, @ SukkaW, @ marlier, @ Kikobeats, @ syi0808, @ ijjk, and @ samcx for helping!

  • 14.2.6 - 2024-08-21
  • 14.2.5 - 2024-07-10
from next GitHub release notes
Package name: react-hook-form
  • 7.53.0 - 2024-08-24

    🌫️ feat: #12148 support isValid when mode is set to onBlur (#12194)

    // update formstate isValid with onBlur event
const { formState: { isValid } } = useForm({
  mode: 'onBlur'
})

    🐞 fix #12021 issue with disable prop not reflecting on re-render without trigger by useEffect (#12193)
    👩‍🌾 close #12168 optimise re-render with validating fields subscription (#12192)
    🐞 fix #12127 issue with compare object value changed with object input (#12185)
    🎲 improve : break out of recursive loops on first focus (#11827)
    📖 fix example of ObjectKeys type (#11965)

    thanks to @ suke & @ DPflasterer

  • 7.52.2 - 2024-08-03

    👍 close #12108 useController should subscribe to exact field name of form's state (#12109)
    👍 chore: upgrade app deps
    🩻 fix: add useCallback for ref callback (#12078)
    🚀 fix: skip call executeBuiltInValidation if no sub-fields left (#12054)

    thanks to @ newsiberian, @ Wendystraite and @ abnud11

from react-hook-form GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade multiple dependencies with Snyk
e147acf 
Snyk has created this PR to upgrade:
  - axios from 1.7.3 to 1.7.5.
    See this package in npm: https://www.npmjs.com/package/axios
  - next from 14.2.5 to 14.2.7.
    See this package in npm: https://www.npmjs.com/package/next
  - react-hook-form from 7.52.2 to 7.53.0.
    See this package in npm: https://www.npmjs.com/package/react-hook-form

See this project in Snyk:
https://app.snyk.io/org/santerimertakorpi/project/53944bd0-d5fd-48db-a37d-ed015072a84d?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@SanteriMertakorpi @snyk-bot