Closed renovate[bot] closed 2 years ago
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN using --force I sure hope you know what you are doing.
npm ERR! code EBADPLATFORM
npm ERR! notsup Unsupported platform for @next/swc-darwin-arm64@12.0.9: wanted {"os":"darwin","arch":"arm64"} (current: {"os":"linux","arch":"x64"})
npm ERR! notsup Valid OS: darwin
npm ERR! notsup Valid Arch: arm64
npm ERR! notsup Actual OS: linux
npm ERR! notsup Actual Arch: x64
npm ERR! A complete log of this run can be found in:
npm ERR! /tmp/renovate-cache/others/npm/_logs/2022-01-29T00_20_47_918Z-debug.log
This PR contains the following updates:
12.0.3
->12.0.9
GitHub Vulnerability Alerts
CVE-2021-43803
Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue.
CVE-2022-21721
Impact
Vulnerable code could allow a bad actor to trigger a denial of service attack for anyone running a Next.js app at version >= 12.0.0, and using i18n functionality.
Patches
A patch has been released,
next@12.0.9
, that mitigates this issue. We recommend all affected users upgrade as soon as possible.Workarounds
We recommend upgrading whether you can reproduce or not although you can ensure
/${locale}/_next/
is blocked from reaching the Next.js instance until you upgrade.For more information
If you have any questions or comments about this advisory:
Configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.