fix(deps): update nextjs monorepo to v16#30
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
88a5429 to
36b48c7
Compare
36b48c7 to
2c54fc6
Compare
Micro-Learning Topic: Race condition (Detected by phrase)Matched on "race condition"A race condition is a flaw that produces an unexpected result when the timing of actions impact other actions. Try a challenge in Secure Code Warrior |
0337cf5 to
39f7cb5
Compare
39f7cb5 to
567d614
Compare
567d614 to
6dadb52
Compare
6dadb52 to
a5f85f8
Compare
a5f85f8 to
00cd866
Compare
00cd866 to
9f1e324
Compare
9f1e324 to
dbc4e35
Compare
dbc4e35 to
03ebb09
Compare
03ebb09 to
1030d8d
Compare
1030d8d to
245145e
Compare
245145e to
2b23f46
Compare
c555aed to
a9ce667
Compare
a9ce667 to
004c4cf
Compare
004c4cf to
5ae616a
Compare
5ae616a to
60b0143
Compare
60b0143 to
dec978d
Compare
dec978d to
6c5be20
Compare
6c5be20 to
9130a14
Compare
9130a14 to
037cf3e
Compare
037cf3e to
c613c99
Compare
c613c99 to
a044ee1
Compare
a044ee1 to
8981c5a
Compare
Micro-Learning Topic: Cross-site request forgery (Detected by phrase)Matched on "Csrf"Session-related but not session-based, this attack is based on the ability of an attacker to force an action on a user’s browser (commonly in the form of a POST request) to perform an unauthorized action on behalf of the user. This can often occur without the user even noticing it… or only noticing when it is too late. The root cause is that browsers automatically send session cookies with all requests to a given domain, regardless of where the source of the request came from, and the application server cannot differentiate between a request that came from pages it served or a request that came from an unrelated page. Try a challenge in Secure Code WarriorHelpful references
|
Micro-Learning Topic: Cross-site scripting (Detected by phrase)Matched on "XSs"Cross-site scripting vulnerabilities occur when unescaped input is rendered into a page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context. Try a challenge in Secure Code WarriorHelpful references
|
Micro-Learning Topic: External entity injection (Detected by phrase)Matched on "xXe"An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Try a challenge in Secure Code WarriorHelpful references
|
Micro-Learning Topic: Cross-site scripting (Detected by phrase)Matched on "Cross-site scripting"Cross-site scripting vulnerabilities occur when unescaped input is rendered into a page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context. Try a challenge in Secure Code WarriorHelpful references
Micro-Learning Topic: Denial of service (Detected by phrase)Matched on "Denial of Service"The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service Try a challenge in Secure Code WarriorMicro-Learning Topic: Server-side request forgery (Detected by phrase)Matched on "Server-side request forgery"Server-Side Request Forgery (SSRF) vulnerabilities are caused when an attacker can supply or modify a URL that reads or sends data to the server. The attacker can create a malicious request with a manipulated URL, when this request reaches the server, the server-side code executes the exploit URL causing the attacker to be able to read data from services that shouldn't be exposed. Try a challenge in Secure Code Warrior |
This PR contains the following updates:
13.4.12→16.2.1013.4.12→16.2.10Release Notes
vercel/next.js (eslint-config-next)
v16.2.10Compare Source
v16.2.9Compare Source
Empty release to ensure
next@latestpoints at a stable release. Next.js only allows publishing with Trusted Publishing enabled. In order to fix NPM dist-tags, we have to release a new version. Updating dist-tags is not possible with Trusted Publishing.v16.2.8Compare Source
Release with no changes in an attempt to fix
next@latestpointing at a prerelease version.v16.2.7Compare Source
Core Changes
playwright-coreto resolve_finishedPromiseonrequestFailed(#93920)router.querycorruption withbasePath+rewrites(#93917)FormDataentries (#94240)Credits
Huge thanks to @eps1lon, @icyJoseph, @unstubbable, @mischnic, @bgw, @timneutkens, and @lukesandberg for helping!
v16.2.6Compare Source
Security Fixes
The following advisories have been addressed:
High:
Moderate:
Low:
Core Changes
cacheHandlerskeys (#93453)v16.2.5Compare Source
Security Fixes
The following advisories have been addressed:
High:
Moderate:
Low:
Core Changes
cacheHandlerskeys (#93453)v16.2.4Compare Source
Core Changes
Credits
Huge thanks to @Badbird5907, @lukesandberg, @andrewimm, @sokra, and @mischnic for helping!
v16.2.3Compare Source
Core Changes
Credits
Huge thanks to @icyJoseph, @sokra, @wbinnssmith, @eps1lon and @ztanner for helping!
v16.2.2Compare Source
Core Changes
Credits
Huge thanks to @nextjs-bot, @icyJoseph, @ijjk, @gaojude, @wbinnssmith, @lukesandberg, and @bgw for helping!
v16.2.1Compare Source
Core Changes
cacheComponents(#91711){eval:true}in worker_threads constructors (#91666)Credits
Huge thanks to @icyJoseph, @abhishekmardiya, @ijjk, @mischnic, @unstubbable, @sokra, and @lukesandberg for helping!
v16.2.0Compare Source
Core Changes
f93b9fd4-20251217to65eec428-20251218: #87323experimental.strictRouteTypesconfig: #87378satisfieswhen validating page and route modules: #87398numberinconfig.api.bodyParser.sizeLimitwhen validating route: #87633images.maximumResponseBodyconfig: #88183'use cache'wrapper: #88219'use cache'function calls: #86920pending revalidates...debug log if applicable: #88221noUncheckedSideEffectImportsfor CSS imports: #88199/_next/routes: #8835365eec428-20251218to3e1abcc8-20260113: #88530interopDefault: #884863e1abcc8-20260113to4a3d993e-20260114: #885474a3d993e-20260114tobef88f7c-20260116: #88649--debug-build-pathsbracket escaping for glob patterns: #88660--debug-build-paths: #88654next start --inspect: #88744--debug-build-pathssupport to filter routes: #88655bef88f7c-20260116to41b3e9a6-20260119: #8875641b3e9a6-20260119tod2908752-20260119: #88774rewroteURLtorewrittenPathnamein request metadata: #88751getImplicitTagsto accept pathname instead of url object: #88753NEXT_DEPLOYMENT_IDglobal: #86738<html data-dpl-id>and don't inline it into JS anymore: #88761revalidatePathwith params and trailing slash when deployed: #88623d2908752-20260119tob546603b-20260121: #88860deploymentIdfrom App RouterRenderOptsPartial: #88866b546603b-20260121to24d8716e-20260123: #88963?dpl=to all asset urls returned by Turbopack: #88828useEffectEventto disallowed React APIs in Server Components: #88985renderOpts.nextExporttoisBuildTimePrerendering: #88951README.mds: #89022__turbopack_load_by_url__with query: #8889924d8716e-20260123to8c34556c-20260126: #89066baseline-browser-mappingwarnings: #89175.mdlicenses are included in vendored packages: #8920110680271-20260126to230772f9-20260128: #89250tarused to extract SWC binary : #89158browserslistdoesn't issue outdated warnings forbaseline-browser-mapping: #89287230772f9-20260128toda641178-20260129: #89301rules.*.typeconfig to allow changing the type of a module: #88788logging.serverFunctions: #89321'use cache'functions: #89408da641178-20260129toed4bd540-20260202: #89401ed4bd540-20260202tob1533b03-20260203: #89444b1533b03-20260203to3e00319b-20260203: #89449experimental.reportSystemEnvInliningfor Turbopack: #89304instant(): #89469cacheLifeon outer"use cache"when nesting short-lived caches: #894813e00319b-20260203to95ffd6cd-20260205: #89550discoverRoutes()API: #8897195ffd6cd-20260205to2dd9b7cf-20260208: #89681AggregateError.errorsin terminal output: #889992dd9b7cf-20260208to272441a9-20260209: #89722next dev: #89798type: "text"under a new experimental flag, following what webpack did: #89560use: #89793experimental.appNewScrollHandler: #83107272441a9-20260209to6066c782-20260212: #89923--debug-prerenderis set: #89834require.resolve()to get the installednextversion: #89166prefetch={true}on Links to routes withinstant: #900616066c782-20260212to4842fbea-20260217: #90144pnpm build: #89819Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.