YuriGor / deepdash.io

Site for deepdash
https://deepdash.io/
0 stars 0 forks source link

[Snyk] Security upgrade next from 9.5.2 to 13.5.0 #105

Open YuriGor opened 1 year ago

YuriGor commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json
⚠️ Warning ``` Failed to update the package-lock.json, please update manually before merging. ```
#### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **658/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 | Resource Exhaustion
[SNYK-JS-NEXT-6032387](https://snyk.io/vuln/SNYK-JS-NEXT-6032387) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: next The new version differs by 250 commits.
  • ffafad2 v13.5.0
  • 4a589ed v13.4.20-canary.41
  • deb81cf fix styled-jsx alias (#55581)
  • 1a9b0f6 improve internal error logging (#55582)
  • 0631549 Fix react packages are not bundled for metadata routes (#55579)
  • bad5365 Update supported config options for Turbopack (#55556)
  • 8881c41 Fix useState function initialiser case for `optimize_server_react` transform (#55551)
  • 1025011 Add react-icons to optimizePackageImports (#55572)
  • d5c35a1 chore: replace issue triaing actions with `nissuer` (#55525)
  • 33c561b Consolidate experimental React opt-in & add `ppr` flag (#55560)
  • f630cb8 Add `mui-core` to the default `optimizePackageImports` list (#55554)
  • caa9083 chore: Fix heading hierarchy in revalidateTag documentation (#55470)
  • d01ab61 v13.4.20-canary.40
  • 6123a97 Fix missing trace file and unhandledRejection in ensurePage (#55553)
  • b5beb3a Correct spelling in playwright docs (#55557)
  • 4c6d4b3 Type Error on Event Type payment_intent webhook (#55493)
  • 41c89f0 v13.4.20-canary.39
  • 7fe01bb Disable client-only for middleware and pages api layer (#55541)
  • e4439b1 chore(third-parties): replace rimraf with rm.mjs (#55547)
  • 1b8ce8f Add route groups example to revalidatePath doc (#55543)
  • 9697bcd Fix notFound status code with ISR in app (#55542)
  • 0338dcd fix next.js own build on windows (#55544)
  • 4f98dc6 v13.4.20-canary.38
  • 0ddb15b fix: run turbopack in forked process (#55545)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/yurigor/project/cc1459a6-41eb-4585-9add-bf2a954348cb?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/yurigor/project/cc1459a6-41eb-4585-9add-bf2a954348cb?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"df9e2fdd-a3cc-458e-8741-3ff6f239bd96","prPublicId":"df9e2fdd-a3cc-458e-8741-3ff6f239bd96","dependencies":[{"name":"next","from":"9.5.2","to":"13.5.0"}],"packageManager":"npm","projectPublicId":"cc1459a6-41eb-4585-9add-bf2a954348cb","projectUrl":"https://app.snyk.io/org/yurigor/project/cc1459a6-41eb-4585-9add-bf2a954348cb?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-NEXT-6032387"],"upgrade":["SNYK-JS-NEXT-6032387"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"priorityScoreList":[658],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Resource Exhaustion](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
vercel[bot] commented 1 year ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
deepdash.io ❌ Failed (Inspect) Oct 26, 2023 1:27am