-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency next to v14 [security] #5538
base: next
Are you sure you want to change the base?
Conversation
✅ Deploy Preview for dev-web-novu ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview for novu-design ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
d73e6e0
to
f802390
Compare
Hey there and thank you for opening this pull request! 👋 We require pull request titles to follow the Conventional Commits specification and it looks like your proposed title needs to be adjusted. Your PR title is: Details: Unknown scope "deps" found in pull request title "chore(deps): update dependency next to v14 [security]". Scope must match one of: root, api, inbound-mail, web, webhook, widget, worker, ws, ee-auth, ee-billing, ee-billing-web, ee-echo-api, ee-echo-web, ee-echo-worker, ee-dal, ee-shared-services, ee-translation, ee-translation-web, application-generic, automation, dal, design-system, embed, novui, shared, shared-web, testing, novu, novu-labs, client, create-novu-app, echo, headless, js, nest, node, notification-center, angular-workspace, notification-center-angular, notification-center-vue, providers, stateless. |
Hey there and thank you for opening this pull request! 👋 We require pull request titles to follow the Conventional Commits specification and it looks like your proposed title needs to be adjusted. Your PR title is: Details:
|
f802390
to
a4d3d18
Compare
a4d3d18
to
57da0f1
Compare
57da0f1
to
87957af
Compare
87957af
to
ff4ca94
Compare
dc6f1aa
to
403e637
Compare
403e637
to
440e72f
Compare
440e72f
to
504b1c1
Compare
4e19838
to
3f71ec2
Compare
3f71ec2
to
fa1e429
Compare
fa1e429
to
71f3a2a
Compare
71f3a2a
to
2a76b95
Compare
2a76b95
to
745aa0e
Compare
745aa0e
to
da4e2a1
Compare
da4e2a1
to
9854a4c
Compare
This PR contains the following updates:
^13.5.4
->^14.0.0
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2024-34351
Impact
A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the
Host
header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.Prerequisites
<14.1.1
) is running in a self-hosted* manner./
.* Many hosting providers (including Vercel) route requests based on the Host header, so we do not believe that this vulnerability affects any Next.js applications where routing is done in this manner.
Patches
This vulnerability was patched in #62561 and fixed in Next.js
14.1.1
.Workarounds
There are no official workarounds for this vulnerability. We recommend upgrading to Next.js
14.1.1
.Credit
Vercel and the Next.js team thank Assetnote for responsibly disclosing this issue to us, and for working with us to verify the fix. Thanks to:
Adam Kues - Assetnote
Shubham Shah - Assetnote
Release Notes
vercel/next.js (next)
v14.1.1
Compare Source
Note: this is a backport release for critical bug fixes -- this does not include all pending features/changes on canary
Core Changes
Credits
Huge thanks to @huozhi, @shuding, @Ethan-Arrowood, @styfle, @ijjk, @ztanner, @balazsorban44, @kdy1, and @williamli for helping!
v14.1.0
Compare Source
v14.0.4
Compare Source
v14.0.3
Compare Source
v14.0.2
Compare Source
v14.0.1
Compare Source
Core Changes
8c8ee9e
to0c63487
and types: #57772Documentation Changes
Example Changes
with-youtube-embed
example: #57367with-google-maps-embed
example: #57365Misc Changes
create-next-app
: #57262Credits
Huge thanks to @dijonmusters, @sokra, @philwolstenholme, @IgorKowalczyk, @housseindjirdeh, @Zoe-Bot, @HanCiHu, @JackHowa, @goncy, @hirotomoyamada, @pveyes, @yeskunall, @vinaykulk621, @ChendayUP, @leerob, @dvoytenko, @mknichel, @ijjk, @hmaesta, @ajz003, @its-kunal, @joelhooks, @blurrah, @tariknh, @Vinlock, @Nayeem-XTREME, @aziyatali, @aspehler, @huozhi, @ztanner, @ForsakenHarmony, @moka-ayumu, and @gnoff for helping!
v14.0.0
Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.