fix(deps): update dependency next to v13.5.0 [security] - autoclosed #48

renovate · 2024-06-17T13:59:47Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
next (source)	`13.1.6` -> `13.5.0`

GitHub Vulnerability Alerts

CVE-2023-46298

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets.

Release Notes

vercel/next.js (next)

`v13.5.0`

Compare Source

`v13.4.19`

Compare Source

Core Changes

fix: invalid module transform for @headlessui/react: #54206
chore: remove unnecessary type cast in dev-build-watcher: #54221
fix process.env not being available in standalone mode: #54203
Fix missing devPageFiles collection: #54224
Add Route and LinkProps stub generics: #54226
Use createClientModuleProxy from Flight Server: #54232
Add default not found to loader tree of group routes root layer: #54228
feat(image): add support for custom loaderFile when loader: default: #53417
Fix renamed export of Server Actions: #54241
Ensures App Router Link respects scroll-behavior: smooth when only hash is changed.: #54243

Misc Changes

Update dd-trace used for internal tools: #54214
(Fix)Broken upgrading.mdx link : #54234
chore: skip CI run on forks: #54219
chore(ci): bump [email protected]: #54246

Credits

Huge thanks to @opnay, @styfle, @timneutkens, @ztanner, @shuding, @huozhi, @vinaykulk621, @balazsorban44, @goguda, and @coreyleelarson for helping!

`v13.4.18`

Compare Source

Core Changes

refactor: remove edge condition for module proxy path: #54167
Remove unused variables: #54149
chore: improve ts types for position in dev-build-watcher: #54124
Turbopack: Strip relative path prefix when generating PageLoaderAsset: #54040
Add size property to ReadonlySearchParams: #53144
Assign default not-found boundary if custom not-found is not present for root layer only: #54185
Allow range version for eslint config: #53751
Automatically modularizeImports for the popular @headlessui/react library: #54188
fix bfcache restoration behavior: #54198

Misc Changes

Update rust toolchain: #54130

Credits

Huge thanks to @huozhi, @shuding, @styfle, @jridgewell, @bencmbrook, @cramforce, and @ztanner for helping!

`v13.4.17`

Compare Source

Core Changes

fix(next/image): empty blur image when animated #54028
Do not output pages 404 in tree view if app not-found is used: #54051
Fix scroll bailout logic when targeting fixed/sticky elements: #53873
Debug tracing: add updated modules and page to HMR span: #53698
fix(next-swc): coerce mdxrs default options: #54068
fix: don't add forceConsistentCasingInFileNames to tsconfig when ts version >= 5.0: #51564
fix(47299): allow testing pages with metadata in jsdom test environment: #53578
upgrade edge-runtime dependency: #54117
Fix root not-found page tree loader structure: #54080
chore: remove as any type cast: #54074
chore: refactor to use fs.promises.rm(): #54076
Refactor layout router creation in app-render: #54126
chore(image): remove apple silicon workaround for versions older than [email protected]: #54125
fix routing bug when bfcache is hit following an mpa navigation: #54081
Tracing: add opt-in flag to send a subset of development traces to url: #53880
fix(edge): override init when cloning with NextRequest: #54108
OpenTel: remove the internal (ipc) fetched from traces in a non-verbose mode: #54083
cleanup: remove unnecessary effect dep: #54134
Next build: use exported handle_issues from turbopack: #52972
node-web-streams: remove tee shim, use ReadableStream.tee: #54079
fix: cookies().has() breaks in app-route: #54112
Revert "fix(47299): allow testing pages with metadata in jsdom test environment": #54160

Documentation Changes

fix missing ' in data-fetching/fetching-caching-and-revalidating: #54058

Example Changes

Update Docker example to remove HOSTNAME: #54102

Misc Changes

chore: hide "same on new version" without link: #54048
chore(ci): small notes for the build steps: #54073
chore: update lock bot wording: #54099
Update swc_core to v0.79.59: #54082
install-native.mjs: include packageManager field: #54132

Credits

Huge thanks to @balazsorban44, @huozhi, @ztanner, @williamli, @wbinnssmith, @kwonoj, @stefanprobst, @feugy, @timneutkens, @kdy1, @Kikobeats, @styfle, @dvoytenko, @MaxLeiter, and @devjiwonchoi for helping!

`v13.4.16`

Compare Source

Core Changes

Concept: test mode for Playwright and similar integration tools: #52520
Turbopack: fix hiding node_modules warnings in error overlay.: #54022
ci(next-swc): print glibc version when build: #54026
Adjust internal action proxy export: #54004

Documentation Changes

Update 05-client-side-rendering.mdx with latest tanstack query version: #54009
Open Graph Image font declaration moved to correct place: #53998
Update opengraph-image.mdx: Fix typo: #54020

Misc Changes

Remove extra label from runner: #54002
add standalone testcase for ipv6 hostnames: #53999
release: add release log generation script: #54006
test(ci): refine test suite name unique: #54013
Leverage previous swc build images: #54027
chore: mark build folder indexable: #54029
Move turbo outside of build for docker swc builds: #54035

Credits

Huge thanks to @ijjk, @ztanner, @huozhi, @lacymorrow, @dvoytenko, @kylemcd, @kwonoj, @tibi1220, @wbinnssmith, and @shuding for helping!

`v13.4.15`

Compare Source

Core Changes

Fix action failures due to state tree encoding: #53655
Initial HMR Nexturbo API implementation: #52950
Turbopack: add edge app routes : #53387
Turbopack: Hide Turbo Engine internals: #53007
add unit test case for next.rs api: #53679
Fix not-found rendering in production with edge: #53687
fix(next/image): don't call ReactDOM.preload if missing, such as jest: #53443
Add docs page for uncaught DynamicServerErrors: #53402
Consolidate Server and Routing process into one process: #53523
fix: Update outdated transform imports lucide-react: #53697
Update font data: #53759
Add warnings for static generation bail outs: #53761
Sort root entries per pageExtensions config for consistency: #53769
improve error message for conflicting parallel segments: #53803
Add changeFrequency and priority attributes to sitemaps: #48484
Ensure we set cache-control: no-cache for actions: #53824
Reuse RenderWorker type: #53782
fix: normalize backslash in getStaticPaths() for windows: #53876
Delete errorneous empty content length header: #53843
Turbopack: more tests and bugfixes for next.rs api: #53809
Add @heroicons/react to modularizeImports: #53902
Turbopack: Fix debugging in napi for next-api: #53889
Fix/match resource: #53796
Use summary_large_image as twitter card if images present by default: #53919
Turbopack: Emit whether server or client assets changed: #53879
Limit sharp's concurrency: #53385
enable @vercel/og support for turbopack: #53917
feat(image): DataURL placeholder support for : #53442
Recover not found errors from flight data to render with proper boundary: #53703
Update React to 18.3.0-canary-1a001dac6-20230812: #53881
add "expect" to list of forbidden IPC headers: #53947
Update swc runners config: #53939
Better IPv6 support for next-server: #53131

Documentation Changes

Update 11-middleware.mdx: Added Switcher: #53977
Fix doc grammatical errors: #53672
Fix a link in incrementalCacheHandlerPath.mdx: #53718
Fix typo in data fetching documentation: #53772
Docs: Add option for fetching data using route handlers - from the client: #53793
docs: Add more information about Server Actions: #53805
docs: document cache tagging mechanism: #53806
chore(docs): add missing "try it out": #53815
docs: Opting out of scrolling with next/link and useRouter.: #53804
chore(docs): note cache-control header for preview/draft mode: #53825
Include instructions for bun package manager: #53590
Docs: Update confusing wording in intercepting routes: #53854
(docs) Fixes Server Actions example: #53920
fix typo: #53908
Docs: fix pnpm command for saving dev deps (#53937): #53938
The extra word 'the' has been deleted: #53951

Example Changes

[Examples] Update Example Prepr CMS: #49224
Update to with-supertokens example app: #53434
docs(with-stripe-typescript): Update README demo link: #53662
(example) update github-pages example: #52168
chore: add light/dark mode theme detection to image component example: #53760

Misc Changes

Remove tsconfig extending for @next/thrid-parties package: #53991
Make next as dependency of @next/third-parties package: #53996
update eslint config: #53637
enable more test cases for next.rs api: #53670
fix(node): pnpm 8.6 needs node 16.14: #53677
fix(create-next-app): fix CI defaults (default to typescript): #53686
fix azure test cases: #53692
Adding GoogleMaps and Youtube embed components: #52909
Update env variable for fonts data workflow: #53701
Move next-rs API tests from unit to e2e: #53771
test(turbo): allow to run test with --experimental-turbo: #53396
chore(actions): exclude drafts from PR notificiation: #53669
Update runner labels: #53925
Update swc_core to v0.79.55: #53831
[chore] Upgrade playwright to 1.35.1: #53875
Update turbo env handling: #53970

Credits

Huge thanks to @iamarpitpatidar, @pythagoras-yamamoto, @alexkirsz, @sokra, @jsteele-stripe, @tknickman, @gaojude, @styfle, @janicklas-ralph, @huozhi, @ijjk, @vinaykulk621, @balazsorban44, @ztanner, @timneutkens, @ericfennis, @JohnAdib, @MiLk, @kwonoj, @delbaoliveira, @leerob, @LuudJanssen, @lucasconstantino, @davecarlson, @colinhacks, @shuding, @jridgewell, @jantimon, @Banbarashik, @ForsakenHarmony, @kdy1, @dvoytenko, @arturbien, @gnoff, @hsrvms, and @DuCanhGH, @tim-hanssen, @Aryan9592, and @rishabhpoddar for helping!

`v13.4.13`

Compare Source

Core Changes

Improve internal web stream utils: #53004
fix: Add Next-Url to http vary in consideration of intercept routes.: #52746
update Turbopack: #53098
Add app, error, and document entrypoints: #53013
Turbopack: use edge environment in server-side rendering of client components too: #53099
refactor(codemod): replace chalk with picocolors: #53115
move webpack specific logic into a separate file: #53114
feat(turbopack): emit MODULE_FEATURE telemetry from turbopack: #52356
Fix not found hangs the build with overridden node env: #53106
chore: update warning message from yarn add sharp to npm i sharp: #53130
fix(edge): allow Request cloning via NextRequest: #53157
chore: extract common get-validated-args: #53165
Fix minimal basePath handling: #53174
Updates @typescript-eslint/parser to 6.1.0: #52848
fix(next/image): washed out blur placeholder: #52583
Handle basePath app-dir minimal case: #53189

Documentation Changes

(Docs) add missing import.: #52992
Fix formData code snippet in route handler docs: #52532
docs: remove unneeded good to know section during installation: #53078
docs: fix typo in 08-parallel-routes.mdx: #53069
chore(docs): Extend the options for custom server init: #52851
(Docs) Add missing import for useRef(): #53015
(Docs) Remove FormData type on formData defined in .js file: #53014
docs: fix codeblock for redirect: #53120
chore(docs): client-side data fetching loading state: #53164

Example Changes

feat: remove unused global variable: #51767

Misc Changes

chore(ci): always run validate-docs-links action: #53022
update install-native postinstall to use pnpm: #53080
chore(ci): make validate-docs-links required: #53123
chore(test): fix flaky tsconfig.json test: #53132
chore(ci): fix validate-docs-links for non-PR: #53129
Temporarily skip flakey action revalidate: #53134

Credits

Huge thanks to @vinaykulk621, @Lantianyou, @styfle, @shuding, @joulev, @AkifumiSato, @trigaten, @HurSungYun, @DevLab2425, @sokra, @alexkirsz, @ztanner, @leerob, @SukkaW, @kwonoj, @huozhi, @ijjk, @balazsorban44, @daniel-web-developer, @ky1ejs, and @arturbien for helping!

`v13.4.12`

Compare Source

Core Changes

Separate routing code from render servers: #52492
Move Pages API rendering into bundle: #52149
update Turbopack: #52986
Turbopack: Refactoring module references: #52930
Increase timeout for 404 tests: #52998
Reland "Refine the not-found rendering process for app router": #52985
Revert "Separate routing code from render servers (#52492)": #53016

Documentation Changes

"Clarify the 'Existing Projects' section of the TypeScript docs:: #52944
Update 02-dynamic-routes.mdx: #52975
chore(docs): fix broken link: #53021

Misc Changes

Update to latest version of turborepo: #52979
Update swc_core to v0.79.22: #52945
chore(ci): add pnpm workspace for github actions: #52976
Changed package manager for install-native.mjs to pnpm: #52971
update CODEOWNERS config: #53017

Credits

Huge thanks to @ijjk, @wyattjoh, @sokra, @kdy1, @alexkirsz, @styfle, @ShaunFerris, @syedtaqi95, @Heidar-An, @huozhi, and @ztanner for helping!

`v13.4.11`

Compare Source

Core Changes

fix: add missing <preload> for next/image in App Router: #52425
Support metadata exports for server components not-found: #52678
feat(next-swc): try to fallback native bindings with MODULE_NOT_FOUND: #52667
Turbopack: Vc and Turbo Engine type system improvements : #51792
Fix runtime edge not-found handling: #52754
fix: forward NavigateOptions in adaptForAppRouterInstance: #52498
fix(output): do not slice pathname unless ends with .txt: #52640
Fix tagsManifest initialization check: #52776
Turbopack: Experimental dev app pages support: #52680
Turbopack: move Asset::ident to more specific traits: #52683
Fix tracking of ContextModule: #52795
Set process.title for router and render workers: #52779
fix Remove unnecessary await: #52800
Revert "perf: improve URL validation performance": #52818
Refactor the client entry plugin: #52798
Turbopack: Add manifest generation to pages: #52793
Turbopack: move references() to specific traits: #52822
Update default moduleResolution in tsconfig.json from node to bundler: #51957
Turbopack: Next.rs API improvements: #52856
update turbopack: #52899
Update vendor @vercel/og: #52897
Fixed:#52853 Lacking 'color' attribute in IconDescriptor Metadata: #52902
Support basePath with edge runtime for Custom App Routes: #52910
improve error DX on pages with RSC build errors: #52843
fix: allow smooth scrolling if only hash changes (pages & app): #52915
add edge support for next.rs API: #52885
Allow general language codes in the Metadata API: #52920
Fix client reference manifest for interception routes: #52961
Refine the not-found rendering process for app router: #52790
app-router: prefetching tweaks: #52949
Revert "Refine the not-found rendering process for app router": #52977

Documentation Changes

Update mention of route handlers for forms: #52781
(Docs) add missing js version for generateMetadata.: #52763
docs : fix typo in React cache example: #52787
chore(docs): Add mentioning of HOSTNAME env variable for standalone output: #52804
Fix typo in docs: #52815
Update 02-edge-and-nodejs-runtimes.mdx: #52888
chore(docs): add Typescript statically typed links mention in link doc: #52847
chore(docs): fix typo in generate metadata docs: #52904
fix example component in MDX documentation: #52753
wrong content for next.config.mjs for MDX Plugins: #52738
Update 06-lazy-loading.mdx: Incorrect filename in Example on "Importing Named Imports": #52932
Change "publically" to "publicly" in the routing docs: #52966

Example Changes

examples: export force-dynamic from all dynamic routes: #52916

Misc Changes

chore: add "please simplify reproduction" comment: #52631
update job concurrency: #52788
Lock node version to 18.16: #52894
Update runs-on tags
chore: add GitHub Action to manage "+1" comments: #52866

Credits

Huge thanks to @styfle, @huozhi, @balazsorban44, @kwonoj, @alexkirsz, @ijjk, @Jeffrey-Zutt, @timneutkens, @vinaykulk621, @Ryan-Dia, @sokra, @shuding, @steppefox, @hiro0218, @rjsdnql123, @feedthejim, @fgiuliani, @steven-tey, @AntoineBourin, @adamrhunter, @darshanjain-entrepreneur, @s0h311, @wyattjoh, @ztanner, @djreillo, @dijonmusters, and @cassidoo for helping!

`v13.4.10`

Compare Source

Core Changes

Fix trailing slash with locale domain: #52343
perf: use fs.readdirSync with withFileTypes: #52340
Make get_client_chunking_context independent of context: #51928
perf: use fs.opendir for better resource usage: #52341
fix: metadatabase warning message: #52363
perf: simplify getShortDynamicParamType on app-render: #52355
fix: prevent infinite dev refresh on nested parallel routes: #52362
turbopack: add incremental cache for node.js app rendering: #52172
Refactor metadata og and twitter title to be always presented: #52320
perf: reduce system calls on eslint plugin: #52359
Turbopack: Use a different chunking context for web entry: #52404
Temporarily revert change to pages render: #52407
Remove integration tests now in vercel/turbo: #52413
Update Rust nightly toolchain: #51757
Cache concurrent ensurePage requests for the same page: #52360
[turbopack]: Remove skipped integration tests: #52421
Fix metadata layer webpack rule for server-only: #52403
Override file based images with social images property: #52416
Split the client reference manifest file to be generated per-entry: #52450
fix(standalone): fixed output: "standalone" crashing build when there is no app/ page: #51993
fix: add aws packages to default serverComponentsExternalPackages: #52388
refactor: avoid unnecessary async scopes in eslint: #52418
Ensure useParams return array for catch-all routes: #52494
turbopack: Module Trait: #52401
Fix tracking of client reference manifest: #52505
perf: create an experimental bundled version of the next server: #52206
Chore: Remove redundant intersection type: #52453
perf: Refactor recursiveReadDirSync: #52517
add version to function config manifest: #52507
Turbopack: Source trait: #52511
Update id handling for fonts: #52559
feat(turbopack): support swc transform plugins : #50401
feat(babel-loader): provide migration help message for babel config: #52565
Support global-error for ssr fallback: #52573
Fix ISR case with bot requests: #52581
fix(next/jest): jest can not load server-only code: #52393
Turbopack: App Router build POC: #52036
Avoid loading Next.js config again in render workers: #52587
Add more extensions to next-types-plugin for Node16/NodeNext: #52562
feat(next-swc): report native bindings load err code: #52570
Move App Pages rendering into bundle: #52290
feat(turbopack): support native webp: #52285
Set sizes prop to any for svg icons: #52609
Turbopack: OutputAsset trait: #52606
chore(deps): bump [email protected]: #52649
Ensure root layout only render once per request: #52589
Fix bundle path normalization for /index routes: #52650
Turobpack: Next.rs API (part 1): #52259
Clean up promises after resolving: #52656
Catch layout error in global-error: #52654
Fix per-entry client reference manifest for grouped and named segments: #52664

Documentation Changes

chore(docs): fix link to useSearchParams: #52348
docs: Clarify create-next-app requires public GitHub URLs.: #52367
remove unnecessary dot.: #52387
fix metadata-related typo in MDX documentation: #52446
docs: Simplify message in React essentials section.: #52469
docs: Improve error handling docs for server-side errors.: #52302
docs: Add Playwright/Cypress Discord links: #52084
docs: Add Kuma to CSS-in-JS supported list.: #52438
docs: clarify fetch request de-duplication: #52100
docs: Update TypeScript plugin section for VS Code prompt: #52111
docs: Improve hydration mismatch error guide.: #52481
docs: add Supabase loader for next/image: #52480
docs: fix the incrementalCacheHandlerPath: #52124
fixed error #52486 fetchUsers to fetchUser: #52487
Update 08-parallel-routes.mdx: #52419
docs: Add formData example for Route Handlers: #52358
chore(docs): Typesafe metadata object: #52252
docs: Update _app and _document: #52479
docs: add CDN optimization as possible hydration error cause: #52489
docs: correct TypeScript spelling on the home page: #52500
chore(docs): fix a few typos in image loader docs: #52508
docs: fix grammar on Server Actions: #52556
Fixed grammar in 03-react-essentials.mdx: #52597
docs: fix typo in CSS Modules Description: #52599
docs: Fix typo in generate-static-params.mdx: #52595
docs: move MUI to supported list: #52584
docs: Add missing closing tag for react hydration error message.: #52607

Example Changes

examples: Update Convex to latest version (0.19): #52473
Update examples: counter.tsx - Don't need empty space: #52576

Misc Changes

Update swc_core to v0.79.13: #52371
chore(ci): fix turbo input path globs: #52414
fix(create-next-app): click event blockage under 1024px by adjusting z-index: #52074
chore: add label to locked threads: #52497
fix: not-found.tsx with output: export: #52526
use npm pack instead of yarn pack: #52563
ci: skip build-native for docs only change: #52571
Remove unnecessary body-parser: #52580

Credits

Huge thanks to @ijjk, @anonrig, @alexkirsz, @gfgabrielfranca, @styfle, @ztanner, @leerob, @sokra, @huozhi, @Bitbbot, @wyattjoh, @kdy1, @wbinnssmith, @shuding, @jridgewell, @BrennanColberg, @Nick-Mazuk, @delbaoliveira, @thomasballinger, @lucgagan, @nroland013, @SonMooSans, @jenewland1999, @thorwebdev, @jyunhanlin, @darshanjain-entrepreneur, @DuCanhGH, @Gnadhi, @yagogmaisp, @carlos-menezes, @balazsorban44, @ryo-manba, @timneutkens, @feedthejim, @vamcs, @matepapp, @SleeplessOne1917, @ecklf, @djreillo, @kwonoj, @gnoff, @feugy, @karlhorky, @starunaway, @FernandVEYRIER, @Ryan-Dia, @Terro216, @anthonyshew, and @suhaotian for helping!

`v13.4.9`

Compare Source

Core Changes

Reland "ReverseTopological -> AdjacencyMap"": #52142
Change the Server Actions feature flag to be validated at compile time: #52147
Fix modularizeImports transform of antd: #52148
fix: next.config.js with unstable_getImgProps(): #52153
update tests list to include all passing tests: #52026
Support scroll: false for Link component for app router: #51869
Memoize useRouter from next/navigation when used in Pages Router: #52177
chore(deps): bump react 18.3.0-canary-1fdacbefd-20230630: #52005
fix: infinite dev reloads when parallel route is treated a page entry: #52061
disable flaky test cases: #52184
Revert "chore(deps): bump react 18.3.0-canary-1fdacbefd-20230630": #52192
update turbopack: #52186
Update CustomModuleType import: #52133
Skip build-time dynamic code checks for specific polyfills in the Edge runtime: #52009
Update Turbopack: #52198
Use base36 for the RSC query: #52204
Fix dynamicParams check in TS plugin: #52211
Fix tree shaking for image generation module: #51950
fix env reloading for turbopack: #52194
Remove zod from require-hook: #52197
Optimize watch ignore: #52238
Remove the outdated error for find page dir: #52274
Disable flakey turbopack env test: #52295
skip hot reload sync event for applying hmr updates: #52270
Handle 409s in fetch cache: #51652
chore: remove experimental appDir: true from tests: #52291
fix: correct modularizeImports for antd & ant-design/icons: #52169
Update checksum algorithm to SHA1: #52102
chore(deps): bump react to 7118f5d: #52282
Update eslint-plugin-react-hooks to 5.0.0-canary-7118f5dd7-20230705: #52275
Named page chunks: #51921
chore: fix next dev turbopack benchmark: #52328
Fix to use keep-alive in standalone mode: #50221
Use 127.0.0.1 as the default host for the standalone server #52283

Documentation Changes

Update generate-image-metadata.mdx: #52230
docs(mdx): Add clearer instructions on the storage location of mdx-components files.: #52187
docs: Improve some of the error messages pages.: #52271
fix wrong Link import: #52298
Document redirect parameters: #51987
Add manual installation instructions for pages: #51995
Update 10-router-handlers.mdx: #52098
Add app router example: #52066
doc: update typo in instrumentation page: #52311

Example Changes

Remove legacy head.js in examples: #52292

Misc Changes

Update test result step: #52154
Update result job condition: #52155
fix workflow needs: #52180
chore: update issue template option to "App Router": #52287
msic: disable otel esm test: #52325
Test Progressive Enhancement of Server Actions: #52062
fix(create-next-app): add missing metadata type: #52299

Credits

Huge thanks to @huozhi, @shuding, @ijjk, @styfle, @sokra, @timneutkens, @ztanner, @alexkirsz, @simonswiss, @feikerwu, @lubakravche, @leerob, [@masn

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2024-06-17T13:59:48Z

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

! Corepack is about to download https://repo.yarnpkg.com/3.7.0/packages/yarnpkg-cli/bin/yarn.js

sonarcloud · 2024-06-17T14:00:14Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

socket-security · 2024-06-17T14:00:36Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/[email protected]	None	`+6`	254 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+2`	81.4 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+3`	92.2 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	70.5 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+2`	41.7 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+2`	25.1 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.48 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.11 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.5 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	2.74 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	6.26 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	5.06 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.73 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	83.6 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+5`	137 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	21.6 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	81.5 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.13 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	17.5 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	14.8 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.68 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.04 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.28 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	44.6 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.68 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	64.1 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.16 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	5.26 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	81.8 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.96 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	26.7 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	6.24 kB	nicolo-ribaudo
npm/@date-io/[email protected]	None	`0`	9.25 kB	dmtr.kovalenko
npm/@graphql-codegen/[email protected]	Transitive: environment, eval, filesystem, network, shell	`+23`	5.59 MB	dotansimha
npm/@graphql-tools/[email protected]	None	`+3`	422 kB	ardatan
npm/@graphql-tools/[email protected]	None	`0`	57.6 kB	ardatan
npm/@graphql-tools/[email protected]	None	`0`	94.5 kB	ardatan
npm/@graphql-tools/[email protected]	None	`0`	69.7 kB	ardatan
npm/@mui/[email protected]	environment	`+1`	736 kB	michaldudak
npm/@next/[email protected]	environment, filesystem	`0`	7.52 kB	vercel-release-bot
npm/@next/[email protected]	None	`0`	23.9 MB	vercel-release-bot
npm/@next/[email protected]	None	`0`	41.6 MB	vercel-release-bot
npm/@next/[email protected]	None	`0`	39.5 MB	vercel-release-bot
npm/@next/[email protected]	None	`0`	43.1 MB	vercel-release-bot
npm/@next/[email protected]	None	`0`	53.3 MB	vercel-release-bot
npm/@next/[email protected]	None	`0`	33 MB	vercel-release-bot
npm/@next/[email protected]	None	`0`	41.5 MB	vercel-release-bot
npm/@next/[email protected]	None	`0`	40.4 MB	vercel-release-bot
npm/@next/[email protected]	None	`0`	47.2 MB	vercel-release-bot
npm/@next/[email protected]	None	`0`	46.4 MB	vercel-release-bot
npm/@next/[email protected]	None	`0`	43.8 MB	vercel-release-bot
npm/@next/[email protected]	None	`0`	38.4 MB	vercel-release-bot
npm/@next/[email protected]	None	`0`	55.2 MB	vercel-release-bot
npm/@peculiar/[email protected]	None	`+1`	195 kB	microshine
npm/@repeaterjs/[email protected]	None	`0`	105 kB	brainkim
npm/@storybook/[email protected]	Transitive: environment, eval	`+6`	442 kB	shilman
npm/@storybook/[email protected]	network Transitive: environment, eval	`+8`	1.08 MB	shilman
npm/@storybook/[email protected]	None	`+1`	19.9 kB	shilman
npm/@storybook/[email protected]	environment, eval	`+2`	6.18 MB	shilman
npm/@storybook/[email protected]	None	`0`	20.5 kB	shilman
npm/@storybook/[email protected]	None	`+1`	110 kB	shilman
npm/@storybook/[email protected]	environment	`+1`	1.56 MB	shilman
npm/@swc/[email protected]	None	`0`	148 kB	kdy1
npm/@testing-library/[email protected]	environment	`+1`	2.93 MB	testing-library-bot
npm/@types/[email protected]	None	`0`	111 kB	types
npm/[email protected]	None	`0`	17 kB	sindresorhus
npm/[email protected]	None	`+1`	327 kB	microshine
npm/[email protected]	Transitive: filesystem	`+3`	113 kB	jonschlinkert
npm/[email protected]	None	`0`	1.93 MB	caniuse-lite
npm/[email protected]	None	`0`	51.8 kB	speedytwenty
npm/[email protected]	None	`0`	5.67 kB	lukeed
npm/[email protected]	None	`0`	656 kB	zloirock
npm/[email protected]	environment, eval, filesystem	`0`	1.12 MB	zloirock
npm/[email protected]	None	`0`	257 kB	eps1lon
npm/[email protected]	None	`0`	8.61 kB	phated
npm/[email protected]	Transitive: filesystem	`+4`	26.1 kB	sindresorhus
npm/[email protected]	Transitive: filesystem	`+2`	22.5 kB	sindresorhus
npm/[email protected]	filesystem	`+3`	123 kB	sindresorhus
npm/[email protected]	None	`0`	4.04 kB	heineiuo
npm/[email protected]	None	`+3`	125 kB	simenb
npm/[email protected]	None	`0`	405 kB	vitaly
npm/[email protected]	filesystem	`0`	9.2 kB	sindresorhus
npm/[email protected]	None	`0`	55.9 kB	jonschlinkert
npm/[email protected]	None	`0`	34.9 kB	isaacs
npm/[email protected]	network	`0`	162 kB	node-fetch-bot
npm/[email protected]	None	`0`	7.75 kB	sindresorhus
npm/[email protected]	None	`0`	229 kB	ljharb
npm/[email protected]	None	`0`	8.46 kB	jonschlinkert
npm/[email protected]	environment, filesystem	`0`	146 kB	ljharb
npm/[email protected]	None	`0`	66.2 kB	evilebottnawi
npm/[email protected]	filesystem	`0`	85.2 kB	linusu
npm/[email protected]	None	`0`	30.5 kB	remarkablemark
npm/[email protected]	eval Transitive: environment, shell	`+1`	142 kB	evilebottnawi
npm/[email protected]	None	`+1`	23.4 kB	jonschlinkert
npm/[email protected]	None	`0`	9.27 kB	wooorm
npm/[email protected]	None	`0`	10.6 kB	wooorm
npm/[email protected]	None	`0`	30.2 kB	yaacovcr
npm/[email protected]	environment, filesystem	`0`	56.9 kB	sokra
npm/[email protected]	environment, filesystem, unsafe	`+9`	1.69 MB	sokra
npm/[email protected]	environment Transitive: filesystem	`+1`	20.9 kB	isaacs
npm/[email protected]	environment, network	`0`	137 kB	lpinca

View full report↗︎

socket-security · 2024-06-17T14:00:42Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/[email protected]	Install script: postinstall Source: `node -e "try{require('./postinstall')}catch(e){}"`	`package.json`
Install scripts	npm/[email protected]	Install script: postinstall Source: `node -e "try{require('./postinstall')}catch(e){}"`	Source
Install scripts	npm/@sentry/[email protected]	Install script: install Source: `node ./scripts/install.js`	`package.json`

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/@sentry/[email protected]

fix(deps): update dependency next to v13.5.0 [security]

00c35da

renovate bot added the dependencies Pull requests that update a dependency file label Jun 17, 2024

renovate bot changed the title ~~fix(deps): update dependency next to v13.5.0 [security]~~ fix(deps): update dependency next to v13.5.0 [security] - autoclosed Aug 6, 2024

renovate bot closed this Aug 6, 2024

renovate bot deleted the renovate/npm-next-vulnerability branch August 6, 2024 07:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update dependency next to v13.5.0 [security] - autoclosed #48

fix(deps): update dependency next to v13.5.0 [security] - autoclosed #48

renovate bot commented Jun 17, 2024 •

edited

Loading

renovate bot commented Jun 17, 2024

sonarcloud bot commented Jun 17, 2024

socket-security bot commented Jun 17, 2024

socket-security bot commented Jun 17, 2024

fix(deps): update dependency next to v13.5.0 [security] - autoclosed #48

fix(deps): update dependency next to v13.5.0 [security] - autoclosed #48

Conversation

renovate bot commented Jun 17, 2024 • edited Loading

GitHub Vulnerability Alerts

Release Notes

Core Changes

Misc Changes

Credits

Core Changes

Misc Changes

Credits

Core Changes

Documentation Changes

Example Changes

Misc Changes

Credits

Core Changes

Documentation Changes

Misc Changes

Credits

Core Changes

Documentation Changes

Example Changes

Misc Changes

Credits

Core Changes

Documentation Changes

Example Changes

Misc Changes

Credits

Core Changes

Documentation Changes

Misc Changes

Credits

Core Changes

Documentation Changes

Example Changes

Misc Changes

Credits

Core Changes

Documentation Changes

Example Changes

Misc Changes

Credits

Core Changes

Documentation Changes

Example Changes

Misc Changes

Credits

Configuration

renovate bot commented Jun 17, 2024

⚠️ Artifact update problem

File name: yarn.lock

sonarcloud bot commented Jun 17, 2024

Quality Gate passed

socket-security bot commented Jun 17, 2024

socket-security bot commented Jun 17, 2024

Next steps

renovate bot commented Jun 17, 2024 •

edited

Loading