LinksHub aims to provide developers with access to a wide range of free resources and tools that they can use in their work. These resources include links to free software, libraries, frameworks, and other tools that can be used to build and deploy applications and websites.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **661/1000** **Why?** Recently disclosed, Has a fix available, CVSS 7.5 | HTTP Request Smuggling [SNYK-JS-NEXT-6828456](https://snyk.io/vuln/SNYK-JS-NEXT-6828456) | No | No Known Exploit
 | **581/1000** **Why?** Recently disclosed, Has a fix available, CVSS 5.9 | Server-Side Request Forgery (SSRF) [SNYK-JS-NEXT-6828457](https://snyk.io/vuln/SNYK-JS-NEXT-6828457) | Yes | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: next
The new version differs by 250 commits.
6aee03d fix router crash on revalidate + popstate (#62383)
8fd3d7e fix loading issue when navigating to page with async metadata (#61687)
05b972b revert changes to process default routes at build (#61241)
7026eb2 fix parallel route top-level catch-all normalization logic to support nested explicit (non-catchall) slot routes (#60776)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/juanpablodiaz/project/791efabe-1cbd-4975-af5a-e1e5fec93e79?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/juanpablodiaz/project/791efabe-1cbd-4975-af5a-e1e5fec93e79?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"5ba1f8dd-bedf-4dc3-a831-ebd50e33b70a","prPublicId":"5ba1f8dd-bedf-4dc3-a831-ebd50e33b70a","dependencies":[{"name":"next","from":"13.4.3","to":"14.1.1"}],"packageManager":"npm","projectPublicId":"791efabe-1cbd-4975-af5a-e1e5fec93e79","projectUrl":"https://app.snyk.io/org/juanpablodiaz/project/791efabe-1cbd-4975-af5a-e1e5fec93e79?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-NEXT-6828456","SNYK-JS-NEXT-6828457"],"upgrade":["SNYK-JS-NEXT-6828456","SNYK-JS-NEXT-6828457"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[661,581],"remediationStrategy":"vuln"})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Server-Side Request Forgery (SSRF)](https://learn.snyk.io/lesson/ssrf-server-side-request-forgery/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **661/1000****Why?** Recently disclosed, Has a fix available, CVSS 7.5 | HTTP Request Smuggling
[SNYK-JS-NEXT-6828456](https://snyk.io/vuln/SNYK-JS-NEXT-6828456) | No | No Known Exploit  | **581/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 5.9 | Server-Side Request Forgery (SSRF)
[SNYK-JS-NEXT-6828457](https://snyk.io/vuln/SNYK-JS-NEXT-6828457) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: next
The new version differs by 250 commits.- 5f59ee5 v14.1.1
- f48b90b even more
- 7f789f4 more timeout
- ab71c4c update timeout
- 75f60d9 update trigger release workflow
- 74b3f0f Server Action tests (#62655)
- a6946b6 Backport metadata fixes (#62663)
- 4002f4b Fix draft mode invariant (#62121)
- 7dbf6f8 fix: babel usage with next/image (#61835)
- 3efc842 Fix next/server apit push alias for ESM pkg (#61721)
- 179d14e Replace image optimizer IPC call with request handler (#61471)
- f8fe70d chore: refactor image optimization to separate external/internal urls (#61172)
- 5a5f178 fix(image): warn when animated image is missing `unoptimized` prop (#61045)
- b0474c8 fix(build-output): show stack during CSR bailout warning (#62594)
- 1bee5b6 Fix extra swc optimizer applied to node_modules in browser layer (#62051)
- b747e08 fix(next-swc): Detect `exports.foo` from `cjs_finder` (#61795)
- af47328 Fix attempted import error for react (#61791)
- 181e7d5 Add stack trace to client rendering bailout error (#61200)
- 06f01e5 Merge branch 'next-14-1' of github.com:vercel/next.js into next-14-1
- c1edac7 update chunking tests
- 6aee03d fix router crash on revalidate + popstate (#62383)
- 8fd3d7e fix loading issue when navigating to page with async metadata (#61687)
- 05b972b revert changes to process default routes at build (#61241)
- 7026eb2 fix parallel route top-level catch-all normalization logic to support nested explicit (non-catchall) slot routes (#60776)
See the full diff