Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade next from 10.0.3 to 10.2.3 #2018

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Tanver-Hasan
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade next from 10.0.3 to 10.2.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 140 versions ahead of your current version.

  • The recommended version was released on 3 years ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
589 No Known Exploit
high severity Prototype Pollution
SNYK-JS-UNSETVALUE-2400660
589 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970
589 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ES5EXT-6095076
589 Proof of Concept
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
589 Proof of Concept
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
589 Proof of Concept
high severity Improper Verification of Cryptographic Signature
SNYK-JS-BROWSERIFYSIGN-6037026
589 No Known Exploit
high severity Information Exposure
SNYK-JS-SIMPLEGET-2361683
589 Proof of Concept
high severity Information Exposure
SNYK-JS-SIMPLEGET-2361683
589 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392
589 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818
589 No Known Exploit
medium severity Denial of Service
SNYK-JS-NODEFETCH-674311
589 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595
589 Proof of Concept
medium severity Remote Code Execution (RCE)
SNYK-JS-SHARP-2848109
589 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595
589 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
589 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595
589 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
589 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-COLORSTRING-1082939
589 Proof of Concept
medium severity Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899
589 No Known Exploit
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577916
589 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577917
589 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577918
589 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194
589 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
589 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
589 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194
589 Proof of Concept
critical severity Heap-based Buffer Overflow
SNYK-JS-SHARP-5922108
589 Mature
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
589 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595
589 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
589 Proof of Concept
medium severity Information Exposure
SNYK-JS-NANOID-2332193
589 Proof of Concept
Release notes
Package name: next
  • 10.2.3 - 2021-05-24

    Core Changes

    • lazy load postcss plugins: #25317
    • Add missing i18n types in gip context: #25363
    • Ensure externals are correct for mini-css-extract-plugin: #25340
    • Update beforeFiles rewrites to continue: #25418

    Documentation Changes

    • Update docs to show how to typecheck next.config.js: #25240
    • docs: typo in rewrites page: #25377

    Example Changes

    • Fix PatternFly 4 example: #25356
    • Update package.json blog-starter-typescript: #25361
    • New kontent UI screenshots: #25387

    Misc Changes

    Credits

    Huge thanks to @ alexbrazier, @ jamsinclair, @ sokra, @ fabianishere, @ rokinsky, @ ijjk, @ msidqi, @ rubensdemelo, and @ Simply007 for helping!

  • 10.2.3-canary.1 - 2021-05-24

    Core Changes

    • Update beforeFiles rewrites to continue: #25418

    Example Changes

    • New kontent UI screenshots: #25387

    Credits

    Huge thanks to @ Simply007 for helping!

  • 10.2.3-canary.0 - 2021-05-24

    Core Changes

    • lazy load postcss plugins: #25317
    • Add missing i18n types in gip context: #25363
    • Ensure externals are correct for mini-css-extract-plugin: #25340

    Documentation Changes

    • Update docs to show how to typecheck next.config.js: #25240
    • docs: typo in rewrites page: #25377

    Example Changes

    • Fix PatternFly 4 example: #25356
    • Update package.json blog-starter-typescript: #25361

    Misc Changes

    Credits

    Huge thanks to @ alexbrazier, @ jamsinclair, @ sokra, @ fabianishere, @ rokinsky, @ ijjk, @ msidqi, and @ rubensdemelo for helping!

  • 10.2.2 - 2021-05-20

    Core Changes

    • server doesn't need to be contenthashing at all: #25251
    • Update postcss-loader to 4.3.0: #25197
    • restore webpack defaults for managed/immutablePaths: #25250
    • react-loadable-plugin. Handle undefined opts.caller: #25264

    Documentation Changes

    • doc(typescript.md) Mention incremental type checking: #25268

    Misc Changes

    • Ensure CNA install succeeds with npm and example flags: #25267
    • Update output size test to handle version change: #25275
    • Update the text for eslint/no-page-custom-font rule: #25117

    Credits

    Huge thanks to @ sokra, @ bradlc, @ SinimaWath, and @ rgabs for helping!

  • 10.2.2-canary.1 - 2021-05-19

    Misc Changes

    • Update output size test to handle version change: #25275
    • Update the text for eslint/no-page-custom-font rule: #25117

    Credits

    Huge thanks to @ rgabs for helping!

  • 10.2.2-canary.0 - 2021-05-19

    Core Changes

    • server doesn't need to be contenthashing at all: #25251
    • Update postcss-loader to 4.3.0: #25197
    • restore webpack defaults for managed/immutablePaths: #25250
    • react-loadable-plugin. Handle undefined opts.caller: #25264

    Documentation Changes

    • doc(typescript.md) Mention incremental type checking: #25268

    Misc Changes

    • Ensure CNA install succeeds with npm and example flags: #25267

    Credits

    Huge thanks to @ sokra, @ bradlc, and @ SinimaWath for helping!

  • 10.2.1 - 2021-05-19

    Core Changes

    • Remove unnecessary optimizeFonts key from type: #24563
    • Fix Image compatibility issue when using sizes: #24569
    • Replace regex lexer with minimal regex for named groups: #24604
    • Remove un-used lib files: #24625
    • Adds ESLint with default rule-set: #23702
    • Don't swallow MODULE_NOT_FOUND error: #24577
    • Fix/link router 24075 take asPath instead of pathName in router: #24199
    • Add experimental blurry placeholder to image component: #24153
    • update webpack to 5.36.2, use dependOn: #24656
    • Add type checking events: #24595
    • fix memory leak in require.cache: #24282
    • Don't throw 500 error when Content-type is invalid: #24818
    • Land - Font optimizations - Adobe Fonts / Typekit support : #24834
    • updated zustand example : #24884
    • feat(build): Log whether type checking is actually performed: #24440
    • webpack 5 externals fixes: #24603
    • Remove experimental babel flag: #24776
    • cache typechecking with incremental compilation: #24559
    • Ensure next/dynamic transpiles for tests: #24751
    • fix: handle compression for custom-server render calls (#16378): #18891
    • Refactor experimental-script component : #24940
    • Fix: Non-writable pages/_app breaks build : #24849
    • I18n context initial props: #21930
    • update webpack to 5.37.0: #24954
    • Ensure webpack cache is invalidated for alias change: #24956

    Documentation Changes

    • Add documentation on Font Optimization.: #24572
    • Clarify whether router.pathname includes basePath: #24675
    • Update font optimization docs to mention opting out.: #24756
    • Bumps version of supertokens dependencies and updates its README: #24571
    • docs(response-helpers): Update res.json definition: #24782
    • docs(next/router): Update router.push api: #24833
    • docs(config intro): Fix github link hash: #24838
    • Add version note for has property: #24836
    • Remove old docs sections: #24853
    • Add additional reason for the Prerender Error when running next export: #24828
    • feat(create-next-app): add --ts, --typescript support: #24655
    • ESLint Plugin: Disallow <title> in Head from next/document: #24868
    • Clarify rewrites and other docs cleanup.: #24890
    • ESLint Plugin: Google Font rules: #24766
    • ESLint Plugin: passHref is not assigned: #24670
    • ESLint Plugin: Custom Font at page-level rule: #24789
    • ESLint Plugin: Prevent bad imports of next/document and next/head: #24832

    Example Changes

    • Fix: with-passport example dependency issue: #24567
    • demo serving storybook static build with serve: #24812
    • Update signin/signup form samples: #24524
    • react-hook-form example: #21245
    • Update example with-sentry: #24819
    • Update custom server examples: #24814
    • Remove outdated/deprecated/unmainted examples: #24945
    • Fix build in blog-starter-typescript example: #24695
    • Update with-three-js example: #24857
    • Update with-mdx-remote example: #24973

    Misc Changes

    • fix(next-storybook): make rules an array in webpack config: #22125
    • Fix rewrite shape in Storybook: #24827
    • Match last PR mention in commit message for release notes
    • Add label for chrome automatically to PR

    Credits

    Huge thanks to @ darshkpatel, @ leerob, @ sumanthratna, @ shuding, @ housseindjirdeh, @ PepijnSenders, @ prophet1996, @ Joonpark13, @ tremby, @ sokra, @ stefanprobst, @ dopt, @ rishabhpoddar, @ aydinkn, @ ErfanMirzapour, @ vitalybaev, @ ijjk, @ tubbo, @ frontendtony, @ eric-burel, @ ctjlewis, @ Munawwar, @ iker-barriocanal, @ eps1lon, @ janicklas-ralph, @ Gigiz, @ MPLIS, @ HaNdTriX, and @ jigsawye for helping!

  • 10.2.1-canary.12 - 2021-05-19

    Core Changes

    • Fix font optimization failing on some builds: #25071

    Documentation Changes

    • Remove snippet that is not recommended.: #25220

    Misc Changes

    • test(create-next-app): assert for typescript template dependencies: #25214

    Credits

    Huge thanks to @ jamesgeorge007, @ timneutkens, and @ janicklas-ralph for helping!

  • 10.2.1-canary.11 - 2021-05-18

    Core Changes

    • Fix typo in dev-build-watcher.js: #25196
    • Ensure default params are detected after rewrite:

Snyk has created this PR to upgrade next from 10.0.3 to 10.2.3.

See this package in npm:
next

See this project in Snyk:
https://app.snyk.io/org/tanver-hasan/project/6e934631-b657-40d6-bf89-59ee9faa0c93?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants