search

UNCG-CSE / Poststorm_Imagery

Classification and analysis of post-storm response imagery
MIT License
7 stars 0 forks source link

[Security] Bump next from 9.3.0 to 9.4.4 in /src/dashboard/v2 #797

Open dependabot-preview[bot] opened 4 years ago

dependabot-preview[bot] commented 4 years ago

Bumps next from 9.3.0 to 9.4.4. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects next

Impact

  • Not affected: Deployments on ZEIT Now v2 (https://zeit.co) are not affected
  • Not affected: Deployments using the serverless target
  • Not affected: Deployments using next export
  • Affected: Users of Next.js below 9.3.2

We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.

Patches

https://github.com/zeit/next.js/releases/tag/v9.3.2

References

https://github.com/zeit/next.js/releases/tag/v9.3.2

Affected versions: < 9.3.2

Release notes

Sourced from next's releases.

v9.4.4

Patches

  • Add note about GS(S)P imports: #13475
  • Do not import from fs-extra: #13481

v9.4.4-canary.0

Patches

  • Add note about GS(S)P imports: #13475
  • Do not import from fs-extra: #13481

v9.4.3

Minor Changes

  • Better formatted Sass errors: #13211
  • Add support for sass-loader prependData option: #12277
  • Make page path case sensitive in dev: #8848
  • Feat(cli): use default template when GH is offline: #12194
  • Bundle env configs in serverless mode: #13406
  • Add failing paths to export error summary: #10026
  • Add type inference for getStaticProps and getServerSideProps: #11842

Patches

  • Remove dead events: #13156
  • Remove unnecessary loadGetInitialProps: #13159
  • Remove old ErrorComponent global: 7eaf9b8bab4e93b891be89704399644eafe70e21
  • Load .env files before running Telemetry: #13173
  • Migrate PR stats action into Next.js repo: #13177
  • Chore(next/build/babel): missing types: #13189
  • Bug fixes for Lint routing: #13111
  • [Docs] Replace hot reloading with fast refresh: #13207
  • Updated docs: #13205
  • Move csp examples: #13221
  • With reason relay example: #12080
  • Fix formatting of older PR that passed tests: e4d22cec63296a0fdc2e1c0e9217e8c51bbaa43b
  • Make .env clickable in terminal: #12210
  • More redundant imports @ examples: #13190
  • Chore: Remove react redundant imports on examples: #13169
  • Use correct chalk import: #13235
  • Chore: remove-redundant-example-import: #13175
  • Fix ssr-caching example: #12180
  • Ignore nullish user configs: #10250
  • Add urql to the examples list: #13006
  • Fix dotenv file loading order: #13161
  • Update custom server docs: #13172
  • Created Expo TypeScript example project: #13182
  • Use memoizedPagechecker: #13191
  • Upgrade react-with-styles to version 4: #13193
... (truncated)
Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
codecov[bot] commented 4 years ago

Codecov Report

Merging #797 into master will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #797   +/-   ##
=======================================
  Coverage   82.28%   82.28%           
=======================================
  Files          11       11           
  Lines         542      542           
=======================================
  Hits          446      446           
  Misses         96       96

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update f963d45...06d32dd. Read the comment docs.