Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump next from 14.2.3 to 14.2.10 #3402

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump next from 14.2.3 to 14.2.10 #3402

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 18, 2024

Bumps next from 14.2.3 to 14.2.10.

Release notes

Sourced from next's releases.

v14.2.10

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Credits

Huge thanks to @​huozhi and @​ijjk for helping!

v14.2.9

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Revert "Fix esm property def in flight loader (#66990)" (#69749)
  • Disable experimental.optimizeServer by default to fix failed server action (#69788)
  • Fix middleware fallback: false case (#69799)
  • Fix status code for /_not-found route (#64058) (#69808)
  • Fix metadata prop merging (#69807)
  • create-next-app: fix font file corruption when using import alias (#69806)

Credits

Huge thanks to @​huozhi, @​ztanner, @​ijjk, and @​lubieowoce for helping!

v14.2.8

What's Changed

[!NOTE]
This release is backporting bug fixes and minor improvements. It does not include all pending features/changes on canary.

Support esmExternals in app directory

  • Support esm externals in app router (#65041)
  • Turbopack: Allow client components from foreign code in app routes (#64751)
  • Turbopack: add support for esm externals in app dir (#64918)
  • other related PRs: #66990 #66727 #66286 #65519

Reading cookies set in middleware in components and actions

  • initialize ALS with cookies in middleware (#65008)
  • fix middleware cookie initialization (#65820)
  • ensure cookies set in middleware can be read in a server action (#67924)
  • fix: merged middleware cookies should preserve options (#67956)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump next from 14.2.3 to 14.2.10
833fcb3 
Bumps [next](https://github.com/vercel/next.js) from 14.2.3 to 14.2.10.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.3...v14.2.10)

---
updated-dependencies:
- dependency-name: next
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 18, 2024
@stacklok-cloud-staging Stacklok Cloud (Staging)
Copy link

Minder Vulnerability Report ✅

Minder analyzed this PR and found it does not add any new vulnerable dependencies.

Vulnerability scan of 833fcb3a:

  • 🐞 vulnerable packages: 0
  • 🛠 fixes available for: 0

@stacklok-cloud-staging Stacklok Cloud (Staging)
Copy link

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @next/env

Trusty Score: 0

Scoring details
Component Score
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Provenance verified_provenance_match
Trust-summary 8.8
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1895
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147300467

📦 Dependency: @next/swc-darwin-arm64

Trusty Score: 0

Scoring details
Component Score
Trust-summary 8.6
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Provenance verified_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1643
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299727

📦 Dependency: @next/swc-darwin-x64

Trusty Score: 0

Scoring details
Component Score
Provenance verified_provenance_match
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Trust-summary 8.6
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1639
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299729

📦 Dependency: @next/swc-linux-arm64-gnu

Trusty Score: 0

Scoring details
Component Score
Repository activity 10
From activity
Package activity 9.6
Provenance verified_provenance_match
Trust-summary 8.6
User activity 9.2
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1522
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299790

📦 Dependency: @next/swc-linux-arm64-musl

Trusty Score: 0

Scoring details
Component Score
Trust-summary 8.6
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Provenance verified_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1521
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299809

📦 Dependency: @next/swc-linux-x64-gnu

Trusty Score: 0

Scoring details
Component Score
Package activity 9.6
Trust-summary 8.6
Provenance verified_provenance_match
User activity 9.2
Repository activity 10
From activity
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1638
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299901

📦 Dependency: @next/swc-linux-x64-musl

Trusty Score: 0

Scoring details
Component Score
Trust-summary 8.6
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Provenance verified_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1507
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299924

📦 Dependency: @next/swc-win32-arm64-msvc

Trusty Score: 0

Scoring details
Component Score
Provenance verified_provenance_match
Trust-summary 8.4
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1520
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299998

📦 Dependency: @next/swc-win32-ia32-msvc

Trusty Score: 0

Scoring details
Component Score
Provenance verified_provenance_match
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Trust-summary 8.6
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1464
Number of git tags or releases 721
Versions matched to tags or releases 374

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=142737793

📦 Dependency: @next/swc-win32-x64-msvc

Trusty Score: 0

Scoring details
Component Score
Provenance verified_provenance_match
Trust-summary 8.6
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1636
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147300052

📦 Dependency: next

Trusty Score: 0

Scoring details
Component Score
From activity
Package activity 9.6
Provenance verified_provenance_match
Trust-summary 8.7
User activity 9.2
Repository activity 10
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 2836
Number of git tags or releases 748
Versions matched to tags or releases 403

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147300415

@stacklok-cloud-staging Stacklok Cloud (Staging)
Copy link

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @next/env

Trusty Score: 0

Scoring details
Component Score
From activity
Package activity 9.6
Provenance verified_provenance_match
Trust-summary 8.7
User activity 9.2
Repository activity 10
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1895
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147300467

📦 Dependency: @next/swc-darwin-arm64

Trusty Score: 0

Scoring details
Component Score
From activity
Package activity 9.6
Provenance verified_provenance_match
Trust-summary 8.7
User activity 9.2
Repository activity 10
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1643
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299727

📦 Dependency: @next/swc-darwin-x64

Trusty Score: 0

Scoring details
Component Score
From activity
Package activity 9.6
Trust-summary 8.7
Provenance verified_provenance_match
User activity 9.2
Repository activity 10
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1639
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299729

📦 Dependency: @next/swc-linux-arm64-gnu

Trusty Score: 0

Scoring details
Component Score
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Provenance verified_provenance_match
Trust-summary 8.7
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1522
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299790

📦 Dependency: @next/swc-linux-arm64-musl

Trusty Score: 0

Scoring details
Component Score
Package activity 9.6
Provenance verified_provenance_match
Trust-summary 8.7
User activity 9.2
Repository activity 10
From activity
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1521
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299809

📦 Dependency: @next/swc-linux-x64-gnu

Trusty Score: 0

Scoring details
Component Score
Package activity 9.6
Trust-summary 8.8
Provenance verified_provenance_match
User activity 9.2
Repository activity 10
From activity
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1638
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299901

📦 Dependency: @next/swc-linux-x64-musl

Trusty Score: 0

Scoring details
Component Score
Package activity 9.6
Provenance verified_provenance_match
Trust-summary 8.8
User activity 9.2
Repository activity 10
From activity
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1507
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299924

📦 Dependency: @next/swc-win32-arm64-msvc

Trusty Score: 0

Scoring details
Component Score
From activity
Package activity 9.6
Provenance verified_provenance_match
Trust-summary 8.7
User activity 9.2
Repository activity 10
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1520
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299998

📦 Dependency: @next/swc-win32-ia32-msvc

Trusty Score: 0

Scoring details
Component Score
From activity
Package activity 9.6
Trust-summary 8.5
Provenance verified_provenance_match
User activity 9.2
Repository activity 10
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1464
Number of git tags or releases 721
Versions matched to tags or releases 374

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=142737793

📦 Dependency: @next/swc-win32-x64-msvc

Trusty Score: 0

Scoring details
Component Score
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Provenance verified_provenance_match
Trust-summary 8.7
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1636
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147300052

📦 Dependency: next

Trusty Score: 0

Scoring details
Component Score
Trust-summary 8.9
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Provenance verified_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 2836
Number of git tags or releases 748
Versions matched to tags or releases 403

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147300415

@stacklok-cloud-staging Stacklok Cloud (Staging)
Copy link

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @next/env

Trusty Score: 0

Scoring details
Component Score
Provenance verified_provenance_match
Trust-summary 8.7
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1895
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147300467

📦 Dependency: @next/swc-darwin-arm64

Trusty Score: 0

Scoring details
Component Score
Trust-summary 8.7
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Provenance verified_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1643
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299727

📦 Dependency: @next/swc-darwin-x64

Trusty Score: 0

Scoring details
Component Score
Trust-summary 8.7
Provenance verified_provenance_match
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1639
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299729

📦 Dependency: @next/swc-linux-arm64-gnu

Trusty Score: 0

Scoring details
Component Score
From activity
Package activity 9.6
Provenance verified_provenance_match
Trust-summary 8.7
User activity 9.2
Repository activity 10
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1522
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299790

📦 Dependency: @next/swc-linux-arm64-musl

Trusty Score: 0

Scoring details
Component Score
Provenance verified_provenance_match
Trust-summary 8.7
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1521
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299809

📦 Dependency: @next/swc-linux-x64-gnu

Trusty Score: 0

Scoring details
Component Score
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Trust-summary 8.8
Provenance verified_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1638
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299901

📦 Dependency: @next/swc-linux-x64-musl

Trusty Score: 0

Scoring details
Component Score
Trust-summary 8.8
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Provenance verified_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1507
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299924

📦 Dependency: @next/swc-win32-arm64-msvc

Trusty Score: 0

Scoring details
Component Score
From activity
Package activity 9.6
Provenance verified_provenance_match
Trust-summary 8.7
User activity 9.2
Repository activity 10
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1520
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147299998

📦 Dependency: @next/swc-win32-ia32-msvc

Trusty Score: 0

Scoring details
Component Score
Repository activity 10
From activity
Package activity 9.6
Trust-summary 8.5
Provenance verified_provenance_match
User activity 9.2
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1464
Number of git tags or releases 721
Versions matched to tags or releases 374

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=142737793

📦 Dependency: @next/swc-win32-x64-msvc

Trusty Score: 0

Scoring details
Component Score
Repository activity 10
From activity
Package activity 9.6
Provenance verified_provenance_match
Trust-summary 8.7
User activity 9.2
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 1636
Number of git tags or releases 748
Versions matched to tags or releases 406

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147300052

📦 Dependency: next

Trusty Score: 0

Scoring details
Component Score
Trust-summary 8.9
User activity 9.2
Repository activity 10
From activity
Package activity 9.6
Provenance verified_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 2836
Number of git tags or releases 748
Versions matched to tags or releases 403

This package has been digitally signed using sigtore.
Source repository https://github.com/vercel/next.js
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/build_and_deploy.yml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=147300415

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants