fix(deps): update dependency next to v13 [security]

renovate[bot] commented 1 week ago

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
next (source)	`^12.1.6` -> `^13.0.0`

GitHub Vulnerability Alerts

CVE-2023-46298

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets.

Next.js missing cache-control header may lead to CDN caching empty reply

CVE-2023-46298 / GHSA-c59h-r6p8-q9wc

More information

#### Details Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets. #### Severity Low #### References - [https://nvd.nist.gov/vuln/detail/CVE-2023-46298](https://nvd.nist.gov/vuln/detail/CVE-2023-46298) - [https://github.com/vercel/next.js/issues/45301](https://togithub.com/vercel/next.js/issues/45301) - [https://github.com/vercel/next.js/pull/54732](https://togithub.com/vercel/next.js/pull/54732) - [https://github.com/vercel/next.js/commit/20d05958ff853e9c9e42139ffec294336881c648](https://togithub.com/vercel/next.js/commit/20d05958ff853e9c9e42139ffec294336881c648) - [https://github.com/vercel/next.js](https://togithub.com/vercel/next.js) - [https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13](https://togithub.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-c59h-r6p8-q9wc) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).

Release Notes

vercel/next.js (next)

### [`v13.5.0`](https://togithub.com/vercel/next.js/compare/v13.4.19...v13.5.0) [Compare Source](https://togithub.com/vercel/next.js/compare/v13.4.19...v13.5.0) ### [`v13.4.19`](https://togithub.com/vercel/next.js/releases/tag/v13.4.19) [Compare Source](https://togithub.com/vercel/next.js/compare/v13.4.18...v13.4.19) ##### Core Changes - fix: invalid module transform for `@headlessui/react`: [#54206](https://togithub.com/vercel/next.js/issues/54206) - chore: remove unnecessary type cast in dev-build-watcher: [#54221](https://togithub.com/vercel/next.js/issues/54221) - fix process.env not being available in standalone mode: [#54203](https://togithub.com/vercel/next.js/issues/54203) - Fix missing `devPageFiles` collection: [#54224](https://togithub.com/vercel/next.js/issues/54224) - Add `Route` and `LinkProps` stub generics: [#54226](https://togithub.com/vercel/next.js/issues/54226) - Use `createClientModuleProxy` from Flight Server: [#54232](https://togithub.com/vercel/next.js/issues/54232) - Add default not found to loader tree of group routes root layer: [#54228](https://togithub.com/vercel/next.js/issues/54228) - feat(image): add support for custom `loaderFile` when `loader: default`: [#53417](https://togithub.com/vercel/next.js/issues/53417) - Fix renamed export of Server Actions: [#54241](https://togithub.com/vercel/next.js/issues/54241) - Ensures App Router Link respects scroll-behavior: smooth when only hash is changed.: [#54243](https://togithub.com/vercel/next.js/issues/54243) ##### Misc Changes - Update dd-trace used for internal tools: [#54214](https://togithub.com/vercel/next.js/issues/54214) - (Fix)Broken `upgrading.mdx` link : [#54234](https://togithub.com/vercel/next.js/issues/54234) - chore: skip CI run on forks: [#54219](https://togithub.com/vercel/next.js/issues/54219) - chore(ci): bump `cancel-workflow-action@0.11.0`: [#54246](https://togithub.com/vercel/next.js/issues/54246) ##### Credits Huge thanks to [@opnay](https://togithub.com/opnay), [@styfle](https://togithub.com/styfle), [@timneutkens](https://togithub.com/timneutkens), [@ztanner](https://togithub.com/ztanner), [@shuding](https://togithub.com/shuding), [@huozhi](https://togithub.com/huozhi), [@vinaykulk621](https://togithub.com/vinaykulk621), [@balazsorban44](https://togithub.com/balazsorban44), [@goguda](https://togithub.com/goguda), and [@coreyleelarson](https://togithub.com/coreyleelarson) for helping! ### [`v13.4.18`](https://togithub.com/vercel/next.js/releases/tag/v13.4.18) [Compare Source](https://togithub.com/vercel/next.js/compare/v13.4.17...v13.4.18) ##### Core Changes - refactor: remove edge condition for module proxy path: [#54167](https://togithub.com/vercel/next.js/issues/54167) - Remove unused variables: [#54149](https://togithub.com/vercel/next.js/issues/54149) - chore: improve ts types for `position` in `dev-build-watcher`: [#54124](https://togithub.com/vercel/next.js/issues/54124) - Turbopack: Strip relative path prefix when generating PageLoaderAsset: [#54040](https://togithub.com/vercel/next.js/issues/54040) - Add `size` property to `ReadonlySearchParams`: [#53144](https://togithub.com/vercel/next.js/issues/53144) - Assign default not-found boundary if custom not-found is not present for root layer only: [#54185](https://togithub.com/vercel/next.js/issues/54185) - Allow range version for eslint config: [#53751](https://togithub.com/vercel/next.js/issues/53751) - Automatically modularizeImports for the popular [@headlessui/react](https://togithub.com/headlessui/react) library: [#54188](https://togithub.com/vercel/next.js/issues/54188) - fix bfcache restoration behavior: [#54198](https://togithub.com/vercel/next.js/issues/54198) ##### Misc Changes - Update rust toolchain: [#54130](https://togithub.com/vercel/next.js/issues/54130) ##### Credits Huge thanks to [@huozhi](https://togithub.com/huozhi), [@shuding](https://togithub.com/shuding), [@styfle](https://togithub.com/styfle), [@jridgewell](https://togithub.com/jridgewell), [@bencmbrook](https://togithub.com/bencmbrook), [@cramforce](https://togithub.com/cramforce), and [@ztanner](https://togithub.com/ztanner) for helping! ### [`v13.4.17`](https://togithub.com/vercel/next.js/releases/tag/v13.4.17) [Compare Source](https://togithub.com/vercel/next.js/compare/v13.4.16...v13.4.17) ##### Core Changes - fix(next/image): empty blur image when animated [#54028](https://togithub.com/vercel/next.js/issues/54028) - Do not output pages 404 in tree view if app not-found is used: [#54051](https://togithub.com/vercel/next.js/issues/54051) - Fix scroll bailout logic when targeting fixed/sticky elements: [#53873](https://togithub.com/vercel/next.js/issues/53873) - Debug tracing: add updated modules and page to HMR span: [#53698](https://togithub.com/vercel/next.js/issues/53698) - fix(next-swc): coerce mdxrs default options: [#54068](https://togithub.com/vercel/next.js/issues/54068) - fix: don't add forceConsistentCasingInFileNames to tsconfig when ts version >= 5.0: [#51564](https://togithub.com/vercel/next.js/issues/51564) - fix(47299): allow testing pages with metadata in jsdom test environment: [#53578](https://togithub.com/vercel/next.js/issues/53578) - upgrade edge-runtime dependency: [#54117](https://togithub.com/vercel/next.js/issues/54117) - Fix root not-found page tree loader structure: [#54080](https://togithub.com/vercel/next.js/issues/54080) - chore: remove `as any` type cast: [#54074](https://togithub.com/vercel/next.js/issues/54074) - chore: refactor to use `fs.promises.rm()`: [#54076](https://togithub.com/vercel/next.js/issues/54076) - Refactor layout router creation in app-render: [#54126](https://togithub.com/vercel/next.js/issues/54126) - chore(image): remove apple silicon workaround for versions older than `node@16.5.0`: [#54125](https://togithub.com/vercel/next.js/issues/54125) - fix routing bug when bfcache is hit following an mpa navigation: [#54081](https://togithub.com/vercel/next.js/issues/54081) - Tracing: add opt-in flag to send a subset of development traces to url: [#53880](https://togithub.com/vercel/next.js/issues/53880) - fix(edge): override init when cloning with `NextRequest`: [#54108](https://togithub.com/vercel/next.js/issues/54108) - OpenTel: remove the internal (ipc) fetched from traces in a non-verbose mode: [#54083](https://togithub.com/vercel/next.js/issues/54083) - cleanup: remove unnecessary effect dep: [#54134](https://togithub.com/vercel/next.js/issues/54134) - Next build: use exported `handle_issues` from turbopack: [#52972](https://togithub.com/vercel/next.js/issues/52972) - node-web-streams: remove tee shim, use ReadableStream.tee: [#54079](https://togithub.com/vercel/next.js/issues/54079) - fix: `cookies().has()` breaks in app-route: [#54112](https://togithub.com/vercel/next.js/issues/54112) - Revert "fix(47299): allow testing pages with metadata in jsdom test environment": [#54160](https://togithub.com/vercel/next.js/issues/54160) ##### Documentation Changes - fix missing `'` in data-fetching/fetching-caching-and-revalidating: [#54058](https://togithub.com/vercel/next.js/issues/54058) ##### Example Changes - Update Docker example to remove HOSTNAME: [#54102](https://togithub.com/vercel/next.js/issues/54102) ##### Misc Changes - chore: hide "same on new version" without link: [#54048](https://togithub.com/vercel/next.js/issues/54048) - chore(ci): small notes for the build steps: [#54073](https://togithub.com/vercel/next.js/issues/54073) - chore: update lock bot wording: [#54099](https://togithub.com/vercel/next.js/issues/54099) - Update `swc_core` to `v0.79.59`: [#54082](https://togithub.com/vercel/next.js/issues/54082) - install-native.mjs: include `packageManager` field: [#54132](https://togithub.com/vercel/next.js/issues/54132) ##### Credits Huge thanks to [@balazsorban44](https://togithub.com/balazsorban44), [@huozhi](https://togithub.com/huozhi), [@ztanner](https://togithub.com/ztanner), [@williamli](https://togithub.com/williamli), [@wbinnssmith](https://togithub.com/wbinnssmith), [@kwonoj](https://togithub.com/kwonoj), [@stefanprobst](https://togithub.com/stefanprobst), [@feugy](https://togithub.com/feugy), [@timneutkens](https://togithub.com/timneutkens), [@kdy1](https://togithub.com/kdy1), [@Kikobeats](https://togithub.com/Kikobeats), [@styfle](https://togithub.com/styfle), [@dvoytenko](https://togithub.com/dvoytenko), [@MaxLeiter](https://togithub.com/MaxLeiter), and [@devjiwonchoi](https://togithub.com/devjiwonchoi) for helping! ### [`v13.4.16`](https://togithub.com/vercel/next.js/releases/tag/v13.4.16) [Compare Source](https://togithub.com/vercel/next.js/compare/v13.4.15...v13.4.16) ##### Core Changes - Concept: test mode for Playwright and similar integration tools: [#52520](https://togithub.com/vercel/next.js/issues/52520) - Turbopack: fix hiding node_modules warnings in error overlay.: [#54022](https://togithub.com/vercel/next.js/issues/54022) - ci(next-swc): print glibc version when build: [#54026](https://togithub.com/vercel/next.js/issues/54026) - Adjust internal action proxy export: [#54004](https://togithub.com/vercel/next.js/issues/54004) ##### Documentation Changes - Update 05-client-side-rendering.mdx with latest tanstack query version: [#54009](https://togithub.com/vercel/next.js/issues/54009) - Open Graph Image font declaration moved to correct place: [#53998](https://togithub.com/vercel/next.js/issues/53998) - Update opengraph-image.mdx: Fix typo: [#54020](https://togithub.com/vercel/next.js/issues/54020) ##### Misc Changes - Remove extra label from runner: [#54002](https://togithub.com/vercel/next.js/issues/54002) - add standalone testcase for ipv6 hostnames: [#53999](https://togithub.com/vercel/next.js/issues/53999) - release: add release log generation script: [#54006](https://togithub.com/vercel/next.js/issues/54006) - test(ci): refine test suite name unique: [#54013](https://togithub.com/vercel/next.js/issues/54013) - Leverage previous swc build images: [#54027](https://togithub.com/vercel/next.js/issues/54027) - chore: mark build folder indexable: [#54029](https://togithub.com/vercel/next.js/issues/54029) - Move turbo outside of build for docker swc builds: [#54035](https://togithub.com/vercel/next.js/issues/54035) ##### Credits Huge thanks to [@ijjk](https://togithub.com/ijjk), [@ztanner](https://togithub.com/ztanner), [@huozhi](https://togithub.com/huozhi), [@lacymorrow](https://togithub.com/lacymorrow), [@dvoytenko](https://togithub.com/dvoytenko), [@kylemcd](https://togithub.com/kylemcd), [@kwonoj](https://togithub.com/kwonoj), [@tibi1220](https://togithub.com/tibi1220), [@wbinnssmith](https://togithub.com/wbinnssmith), and [@shuding](https://togithub.com/shuding) for helping! ### [`v13.4.15`](https://togithub.com/vercel/next.js/releases/tag/v13.4.15) [Compare Source](https://togithub.com/vercel/next.js/compare/v13.4.13...v13.4.15) ##### Core Changes - Fix action failures due to state tree encoding: [#53655](https://togithub.com/vercel/next.js/issues/53655) - Initial HMR Nexturbo API implementation: [#52950](https://togithub.com/vercel/next.js/issues/52950) - Turbopack: add edge app routes : [#53387](https://togithub.com/vercel/next.js/issues/53387) - Turbopack: Hide Turbo Engine internals: [#53007](https://togithub.com/vercel/next.js/issues/53007) - add unit test case for next.rs api: [#53679](https://togithub.com/vercel/next.js/issues/53679) - Fix not-found rendering in production with edge: [#53687](https://togithub.com/vercel/next.js/issues/53687) - fix(next/image): don't call ReactDOM.preload if missing, such as jest: [#53443](https://togithub.com/vercel/next.js/issues/53443) - Add docs page for uncaught DynamicServerErrors: [#53402](https://togithub.com/vercel/next.js/issues/53402) - Consolidate Server and Routing process into one process: [#53523](https://togithub.com/vercel/next.js/issues/53523) - fix: Update outdated transform imports lucide-react: [#53697](https://togithub.com/vercel/next.js/issues/53697) - Update font data: [#53759](https://togithub.com/vercel/next.js/issues/53759) - Add warnings for static generation bail outs: [#53761](https://togithub.com/vercel/next.js/issues/53761) - Sort root entries per pageExtensions config for consistency: [#53769](https://togithub.com/vercel/next.js/issues/53769) - improve error message for conflicting parallel segments: [#53803](https://togithub.com/vercel/next.js/issues/53803) - Add `changeFrequency` and `priority` attributes to sitemaps: [#48484](https://togithub.com/vercel/next.js/issues/48484) - Ensure we set cache-control: no-cache for actions: [#53824](https://togithub.com/vercel/next.js/issues/53824) - Reuse RenderWorker type: [#53782](https://togithub.com/vercel/next.js/issues/53782) - fix: normalize backslash in `getStaticPaths()` for windows: [#53876](https://togithub.com/vercel/next.js/issues/53876) - Delete errorneous empty content length header: [#53843](https://togithub.com/vercel/next.js/issues/53843) - Turbopack: more tests and bugfixes for next.rs api: [#53809](https://togithub.com/vercel/next.js/issues/53809) - Add `@heroicons/react` to `modularizeImports`: [#53902](https://togithub.com/vercel/next.js/issues/53902) - Turbopack: Fix debugging in napi for next-api: [#53889](https://togithub.com/vercel/next.js/issues/53889) - Fix/match resource: [#53796](https://togithub.com/vercel/next.js/issues/53796) - Use summary_large_image as twitter card if images present by default: [#53919](https://togithub.com/vercel/next.js/issues/53919) - Turbopack: Emit whether server or client assets changed: [#53879](https://togithub.com/vercel/next.js/issues/53879) - Limit sharp's concurrency: [#53385](https://togithub.com/vercel/next.js/issues/53385) - enable [@vercel/og](https://togithub.com/vercel/og) support for turbopack: [#53917](https://togithub.com/vercel/next.js/issues/53917) - feat(image): DataURL placeholder support for : [#53442](https://togithub.com/vercel/next.js/issues/53442) - Recover not found errors from flight data to render with proper boundary: [#53703](https://togithub.com/vercel/next.js/issues/53703) - Update React to `18.3.0-canary-1a001dac6-20230812`: [#53881](https://togithub.com/vercel/next.js/issues/53881) - add "expect" to list of forbidden IPC headers: [#53947](https://togithub.com/vercel/next.js/issues/53947) - Update swc runners config: [#53939](https://togithub.com/vercel/next.js/issues/53939) - Better IPv6 support for `next-server`: [#53131](https://togithub.com/vercel/next.js/issues/53131) ##### Documentation Changes - Update 11-middleware.mdx: Added Switcher: [#53977](https://togithub.com/vercel/next.js/issues/53977) - Fix doc grammatical errors: [#53672](https://togithub.com/vercel/next.js/issues/53672) - Fix a link in incrementalCacheHandlerPath.mdx: [#53718](https://togithub.com/vercel/next.js/issues/53718) - Fix typo in data fetching documentation: [#53772](https://togithub.com/vercel/next.js/issues/53772) - Docs: Add option for fetching data using route handlers - from the client: [#53793](https://togithub.com/vercel/next.js/issues/53793) - docs: Add more information about Server Actions: [#53805](https://togithub.com/vercel/next.js/issues/53805) - docs: document cache tagging mechanism: [#53806](https://togithub.com/vercel/next.js/issues/53806) - chore(docs): add missing "try it out": [#53815](https://togithub.com/vercel/next.js/issues/53815) - docs: Opting out of scrolling with `next/link` and `useRouter`.: [#53804](https://togithub.com/vercel/next.js/issues/53804) - chore(docs): note cache-control header for preview/draft mode: [#53825](https://togithub.com/vercel/next.js/issues/53825) - Include instructions for `bun` package manager: [#53590](https://togithub.com/vercel/next.js/issues/53590) - Docs: Update confusing wording in intercepting routes: [#53854](https://togithub.com/vercel/next.js/issues/53854) - (docs) Fixes Server Actions example: [#53920](https://togithub.com/vercel/next.js/issues/53920) - fix typo: [#53908](https://togithub.com/vercel/next.js/issues/53908) - Docs: fix pnpm command for saving dev deps ([#53937](https://togithub.com/vercel/next.js/issues/53937)): [#53938](https://togithub.com/vercel/next.js/issues/53938) - The extra word 'the' has been deleted: [#53951](https://togithub.com/vercel/next.js/issues/53951) ##### Example Changes - \[Examples] Update Example Prepr CMS: [#49224](https://togithub.com/vercel/next.js/issues/49224) - Update to with-supertokens example app: [#53434](https://togithub.com/vercel/next.js/issues/53434) - docs(with-stripe-typescript): Update README demo link: [#53662](https://togithub.com/vercel/next.js/issues/53662) - (example) update github-pages example: [#52168](https://togithub.com/vercel/next.js/issues/52168) - chore: add light/dark mode theme detection to image component example: [#53760](https://togithub.com/vercel/next.js/issues/53760) ##### Misc Changes - Remove tsconfig extending for [@next/thrid-parties](https://togithub.com/next/thrid-parties) package: [#53991](https://togithub.com/vercel/next.js/issues/53991) - Make next as dependency of `@next/third-parties` package: [#53996](https://togithub.com/vercel/next.js/issues/53996) - update eslint config: [#53637](https://togithub.com/vercel/next.js/issues/53637) - enable more test cases for next.rs api: [#53670](https://togithub.com/vercel/next.js/issues/53670) - fix(node): pnpm 8.6 needs node 16.14: [#53677](https://togithub.com/vercel/next.js/issues/53677) - fix(create-next-app): fix CI defaults (default to typescript): [#53686](https://togithub.com/vercel/next.js/issues/53686) - fix azure test cases: [#53692](https://togithub.com/vercel/next.js/issues/53692) - Adding GoogleMaps and Youtube embed components: [#52909](https://togithub.com/vercel/next.js/issues/52909) - Update env variable for fonts data workflow: [#53701](https://togithub.com/vercel/next.js/issues/53701) - Move next-rs API tests from unit to e2e: [#53771](https://togithub.com/vercel/next.js/issues/53771) - test(turbo): allow to run test with --experimental-turbo: [#53396](https://togithub.com/vercel/next.js/issues/53396) - chore(actions): exclude drafts from PR notificiation: [#53669](https://togithub.com/vercel/next.js/issues/53669) - Update runner labels: [#53925](https://togithub.com/vercel/next.js/issues/53925) - Update `swc_core` to `v0.79.55`: [#53831](https://togithub.com/vercel/next.js/issues/53831) - \[chore] Upgrade playwright to 1.35.1: [#53875](https://togithub.com/vercel/next.js/issues/53875) - Update turbo env handling: [#53970](https://togithub.com/vercel/next.js/issues/53970) ##### Credits Huge thanks to [@iamarpitpatidar](https://togithub.com/iamarpitpatidar), [@pythagoras-yamamoto](https://togithub.com/pythagoras-yamamoto), [@alexkirsz](https://togithub.com/alexkirsz), [@sokra](https://togithub.com/sokra), [@jsteele-stripe](https://togithub.com/jsteele-stripe), [@tknickman](https://togithub.com/tknickman), [@gaojude](https://togithub.com/gaojude), [@styfle](https://togithub.com/styfle), [@janicklas-ralph](https://togithub.com/janicklas-ralph), [@huozhi](https://togithub.com/huozhi), [@ijjk](https://togithub.com/ijjk), [@vinaykulk621](https://togithub.com/vinaykulk621), [@balazsorban44](https://togithub.com/balazsorban44), [@ztanner](https://togithub.com/ztanner), [@timneutkens](https://togithub.com/timneutkens), [@ericfennis](https://togithub.com/ericfennis), [@JohnAdib](https://togithub.com/JohnAdib), [@MiLk](https://togithub.com/MiLk), [@kwonoj](https://togithub.com/kwonoj), [@delbaoliveira](https://togithub.com/delbaoliveira), [@leerob](https://togithub.com/leerob), [@LuudJanssen](https://togithub.com/LuudJanssen), [@lucasconstantino](https://togithub.com/lucasconstantino), [@davecarlson](https://togithub.com/davecarlson), [@colinhacks](https://togithub.com/colinhacks), [@shuding](https://togithub.com/shuding), [@jridgewell](https://togithub.com/jridgewell), [@jantimon](https://togithub.com/jantimon), [@Banbarashik](https://togithub.com/Banbarashik), [@ForsakenHarmony](https://togithub.com/ForsakenHarmony), [@kdy1](https://togithub.com/kdy1), [@dvoytenko](https://togithub.com/dvoytenko), [@arturbien](https://togithub.com/arturbien), [@gnoff](https://togithub.com/gnoff), [@hsrvms](https://togithub.com/hsrvms), and [@DuCanhGH](https://togithub.com/DuCanhGH), [@tim-hanssen](https://togithub.com/tim-hanssen), [@Aryan9592](https://togithub.com/Aryan9592), and [@rishabhpoddar](https://togithub.com/rishabhpoddar) for helping! ### [`v13.4.13`](https://togithub.com/vercel/next.js/releases/tag/v13.4.13) [Compare Source](https://togithub.com/vercel/next.js/compare/v13.4.12...v13.4.13) ##### Core Changes - Improve internal web stream utils: [#53004](https://togithub.com/vercel/next.js/issues/53004) - fix: Add `Next-Url` to http vary in consideration of intercept routes.: [#52746](https://togithub.com/vercel/next.js/issues/52746) - update Turbopack: [#53098](https://togithub.com/vercel/next.js/issues/53098) - Add app, error, and document entrypoints: [#53013](https://togithub.com/vercel/next.js/issues/53013) - Turbopack: use edge environment in server-side rendering of client components too: [#53099](https://togithub.com/vercel/next.js/issues/53099) - refactor(codemod): replace chalk with picocolors: [#53115](https://togithub.com/vercel/next.js/issues/53115) - move webpack specific logic into a separate file: [#53114](https://togithub.com/vercel/next.js/issues/53114) - feat(turbopack): emit MODULE_FEATURE telemetry from turbopack: [#52356](https://togithub.com/vercel/next.js/issues/52356) - Fix not found hangs the build with overridden node env: [#53106](https://togithub.com/vercel/next.js/issues/53106) - chore: update warning message from `yarn add sharp` to `npm i sharp`: [#53130](https://togithub.com/vercel/next.js/issues/53130) - fix(edge): allow `Request` cloning via `NextRequest`: [#53157](https://togithub.com/vercel/next.js/issues/53157) - chore: extract common get-validated-args: [#53165](https://togithub.com/vercel/next.js/issues/53165) - Fix minimal basePath handling: [#53174](https://togithub.com/vercel/next.js/issues/53174) - Updates [@typescript-eslint/parser](https://togithub.com/typescript-eslint/parser) to 6.1.0: [#52848](https://togithub.com/vercel/next.js/issues/52848) - fix(next/image): washed out blur placeholder: [#52583](https://togithub.com/vercel/next.js/issues/52583) - Handle basePath app-dir minimal case: [#53189](https://togithub.com/vercel/next.js/issues/53189) ##### Documentation Changes - (Docs) add missing import.: [#52992](https://togithub.com/vercel/next.js/issues/52992) - Fix formData code snippet in route handler docs: [#52532](https://togithub.com/vercel/next.js/issues/52532) - docs: remove unneeded good to know section during installation: [#53078](https://togithub.com/vercel/next.js/issues/53078) - docs: fix typo in `08-parallel-routes.mdx`: [#53069](https://togithub.com/vercel/next.js/issues/53069) - chore(docs): Extend the options for custom server init: [#52851](https://togithub.com/vercel/next.js/issues/52851) - (Docs) Add missing import for `useRef()`: [#53015](https://togithub.com/vercel/next.js/issues/53015) - (Docs) Remove `FormData` type on `formData` defined in `.js` file: [#53014](https://togithub.com/vercel/next.js/issues/53014) - docs: fix codeblock for redirect: [#53120](https://togithub.com/vercel/next.js/issues/53120) - chore(docs): client-side data fetching loading state: [#53164](https://togithub.com/vercel/next.js/issues/53164) ##### Example Changes - feat: remove unused global variable: [#51767](https://togithub.com/vercel/next.js/issues/51767) ##### Misc Changes - chore(ci): always run validate-docs-links action: [#53022](https://togithub.com/vercel/next.js/issues/53022) - update install-native postinstall to use pnpm: [#53080](https://togithub.com/vercel/next.js/issues/53080) - chore(ci): make `validate-docs-links` required: [#53123](https://togithub.com/vercel/next.js/issues/53123) - chore(test): fix flaky tsconfig.json test: [#53132](https://togithub.com/vercel/next.js/issues/53132) - chore(ci): fix validate-docs-links for non-PR: [#53129](https://togithub.com/vercel/next.js/issues/53129) - Temporarily skip flakey action revalidate: [#53134](https://togithub.com/vercel/next.js/issues/53134) ##### Credits Huge thanks to [@vinaykulk621](https://togithub.com/vinaykulk621), [@Lantianyou](https://togithub.com/Lantianyou), [@styfle](https://togithub.com/styfle), [@shuding](https://togithub.com/shuding), [@joulev](https://togithub.com/joulev), [@AkifumiSato](https://togithub.com/AkifumiSato), [@trigaten](https://togithub.com/trigaten), [@HurSungYun](https://togithub.com/HurSungYun), [@DevLab2425](https://togithub.com/DevLab2425), [@sokra](https://togithub.com/sokra), [@alexkirsz](https://togithub.com/alexkirsz), [@ztanner](https://togithub.com/ztanner), [@leerob](https://togithub.com/leerob), [@SukkaW](https://togithub.com/SukkaW), [@kwonoj](https://togithub.com/kwonoj), [@huozhi](https://togithub.com/huozhi), [@ijjk](https://togithub.com/ijjk), [@balazsorban44](https://togithub.com/balazsorban44), [@daniel-web-developer](https://togithub.com/daniel-web-developer), [@ky1ejs](https://togithub.com/ky1ejs), and [@arturbien](https://togithub.com/arturbien) for helping! ### [`v13.4.12`](https://togithub.com/vercel/next.js/releases/tag/v13.4.12) [Compare Source](https://togithub.com/vercel/next.js/compare/v13.4.11...v13.4.12) ##### Core Changes - Separate routing code from render servers: [#52492](https://togithub.com/vercel/next.js/issues/52492) - Move Pages API rendering into bundle: [#52149](https://togithub.com/vercel/next.js/issues/52149) - update Turbopack: [#52986](https://togithub.com/vercel/next.js/issues/52986) - Turbopack: Refactoring module references: [#52930](https://togithub.com/vercel/next.js/issues/52930) - Increase timeout for 404 tests: [#52998](https://togithub.com/vercel/next.js/issues/52998) - Reland "Refine the not-found rendering process for app router": [#52985](https://togithub.com/vercel/next.js/issues/52985) - Revert "Separate routing code from render servers ([#52492](https://togithub.com/vercel/next.js/issues/52492))": [#53016](https://togithub.com/vercel/next.js/issues/53016) ##### Documentation Changes - "Clarify the 'Existing Projects' section of the TypeScript docs:: [#52944](https://togithub.com/vercel/next.js/issues/52944) - Update 02-dynamic-routes.mdx: [#52975](https://togithub.com/vercel/next.js/issues/52975) - chore(docs): fix broken link: [#53021](https://togithub.com/vercel/next.js/issues/53021) ##### Misc Changes - Update to latest version of turborepo: [#52979](https://togithub.com/vercel/next.js/issues/52979) - Update `swc_core` to `v0.79.22`: [#52945](https://togithub.com/vercel/next.js/issues/52945) - chore(ci): add pnpm workspace for github actions: [#52976](https://togithub.com/vercel/next.js/issues/52976) - Changed package manager for install-native.mjs to pnpm: [#52971](https://togithub.com/vercel/next.js/issues/52971) - update CODEOWNERS config: [#53017](https://togithub.com/vercel/next.js/issues/53017) ##### Credits Huge thanks to [@ijjk](https://togithub.com/ijjk), [@wyattjoh](https://togithub.com/wyattjoh), [@sokra](https://togithub.com/sokra), [@kdy1](https://togithub.com/kdy1), [@alexkirsz](https://togithub.com/alexkirsz), [@styfle](https://togithub.com/styfle), [@ShaunFerris](https://togithub.com/ShaunFerris), [@syedtaqi95](https://togithub.com/syedtaqi95), [@Heidar-An](https://togithub.com/Heidar-An), [@huozhi](https://togithub.com/huozhi), and [@ztanner](https://togithub.com/ztanner) for helping! ### [`v13.4.11`](https://togithub.com/vercel/next.js/releases/tag/v13.4.11) [Compare Source](https://togithub.com/vercel/next.js/compare/v13.4.10...v13.4.11) ##### Core Changes - fix: add missing `` for `next/image` in App Router: [#52425](https://togithub.com/vercel/next.js/issues/52425) - Support metadata exports for server components not-found: [#52678](https://togithub.com/vercel/next.js/issues/52678) - feat(next-swc): try to fallback native bindings with MODULE_NOT_FOUND: [#52667](https://togithub.com/vercel/next.js/issues/52667) - Turbopack: Vc and Turbo Engine type system improvements : [#51792](https://togithub.com/vercel/next.js/issues/51792) - Fix runtime edge not-found handling: [#52754](https://togithub.com/vercel/next.js/issues/52754) - fix: forward NavigateOptions in adaptForAppRouterInstance: [#52498](https://togithub.com/vercel/next.js/issues/52498) - fix(output): do not slice pathname unless ends with `.txt`: [#52640](https://togithub.com/vercel/next.js/issues/52640) - Fix tagsManifest initialization check: [#52776](https://togithub.com/vercel/next.js/issues/52776) - Turbopack: Experimental dev app pages support: [#52680](https://togithub.com/vercel/next.js/issues/52680) - Turbopack: move Asset::ident to more specific traits: [#52683](https://togithub.com/vercel/next.js/issues/52683) - Fix tracking of ContextModule: [#52795](https://togithub.com/vercel/next.js/issues/52795) - Set process.title for router and render workers: [#52779](https://togithub.com/vercel/next.js/issues/52779) - fix Remove unnecessary await: [#52800](https://togithub.com/vercel/next.js/issues/52800) - Revert "perf: improve URL validation performance": [#52818](https://togithub.com/vercel/next.js/issues/52818) - Refactor the client entry plugin: [#52798](https://togithub.com/vercel/next.js/issues/52798) - Turbopack: Add manifest generation to pages: [#52793](https://togithub.com/vercel/next.js/issues/52793) - Turbopack: move references() to specific traits: [#52822](https://togithub.com/vercel/next.js/issues/52822) - Update default `moduleResolution` in `tsconfig.json` from `node` to `bundler`: [#51957](https://togithub.com/vercel/next.js/issues/51957) - Turbopack: Next.rs API improvements: [#52856](https://togithub.com/vercel/next.js/issues/52856) - update turbopack: [#52899](https://togithub.com/vercel/next.js/issues/52899) - Update vendor [@vercel/og](https://togithub.com/vercel/og): [#52897](https://togithub.com/vercel/next.js/issues/52897) - Fixed:[#52853](https://togithub.com/vercel/next.js/issues/52853) Lacking 'color' attribute in IconDescriptor Metadata: [#52902](https://togithub.com/vercel/next.js/issues/52902) - Support basePath with edge runtime for Custom App Routes: [#52910](https://togithub.com/vercel/next.js/issues/52910) - improve error DX on pages with RSC build errors: [#52843](https://togithub.com/vercel/next.js/issues/52843) - fix: allow smooth scrolling if only hash changes (pages & app): [#52915](https://togithub.com/vercel/next.js/issues/52915) - add edge support for next.rs API: [#52885](https://togithub.com/vercel/next.js/issues/52885) - Allow general language codes in the Metadata API: [#52920](https://togithub.com/vercel/next.js/issues/52920) - Fix client reference manifest for interception routes: [#52961](https://togithub.com/vercel/next.js/issues/52961) - Refine the not-found rendering process for app router: [#52790](https://togithub.com/vercel/next.js/issues/52790) - app-router: prefetching tweaks: [#52949](https://togithub.com/vercel/next.js/issues/52949) - Revert "Refine the not-found rendering process for app router": [#52977](https://togithub.com/vercel/next.js/issues/52977) ##### Documentation Changes - Update mention of route handlers for forms: [#52781](https://togithub.com/vercel/next.js/issues/52781) - (Docs) add missing `js` version for `generateMetadata`.: [#52763](https://togithub.com/vercel/next.js/issues/52763) - docs : fix typo in React cache example: [#52787](https://togithub.com/vercel/next.js/issues/52787) - chore(docs): Add mentioning of HOSTNAME env variable for standalone output: [#52804](https://togithub.com/vercel/next.js/issues/52804) - Fix typo in docs: [#52815](https://togithub.com/vercel/next.js/issues/52815) - Update 02-edge-and-nodejs-runtimes.mdx: [#52888](https://togithub.com/vercel/next.js/issues/52888) - chore(docs): add Typescript statically typed links mention in link doc: [#52847](https://togithub.com/vercel/next.js/issues/52847) - chore(docs): fix typo in generate metadata docs: [#52904](https://togithub.com/vercel/next.js/issues/52904) - fix example component in MDX documentation: [#52753](https://togithub.com/vercel/next.js/issues/52753) - wrong content for next.config.mjs for MDX Plugins: [#52738](https://togithub.com/vercel/next.js/issues/52738) - Update 06-lazy-loading.mdx: Incorrect filename in Example on "Importing Named Imports": [#52932](https://togithub.com/vercel/next.js/issues/52932) - Change "publically" to "publicly" in the routing docs: [#52966](https://togithub.com/vercel/next.js/issues/52966) ##### Example Changes - examples: export `force-dynamic` from all dynamic routes: [#52916](https://togithub.com/vercel/next.js/issues/52916) ##### Misc Changes - chore: add "please simplify reproduction" comment: [#52631](https://togithub.com/vercel/next.js/issues/52631) - update job concurrency: [#52788](https://togithub.com/vercel/next.js/issues/52788) - Lock node version to 18.16: [#52894](https://togithub.com/vercel/next.js/issues/52894) - Update runs-on tags - chore: add GitHub Action to manage "+1" comments: [#52866](https://togithub.com/vercel/next.js/issues/52866) ##### Credits Huge thanks to [@styfle](https://togithub.com/styfle), [@huozhi](https://togithub.com/huozhi), [@balazsorban44](https://togithub.com/balazsorban44), [@kwonoj](https://togithub.com/kwonoj), [@alexkirsz](https://togithub.com/alexkirsz), [@ijjk](https://togithub.com/ijjk), [@Jeffrey-Zutt](https://togithub.com/Jeffrey-Zutt), [@timneutkens](https://togithub.com/timneutkens), [@vinaykulk621](https://togithub.com/vinaykulk621), [@Ryan-Dia](https://togithub.com/Ryan-Dia), [@sokra](https://togithub.com/sokra), [@shuding](https://togithub.com/shuding), [@steppefox](https://togithub.com/steppefox), [@hiro0218](https://togithub.com/hiro0218), [@rjsdnql123](https://togithub.com/rjsdnql123), [@feedthejim](https://togithub.com/feedthejim), [@fgiuliani](https://togithub.com/fgiuliani), [@steven-tey](https://togithub.com/steven-tey), [@AntoineBourin](https://togithub.com/AntoineBourin), [@adamrhunter](https://togithub.com/adamrhunter), [@darshanjain-entrepreneur](https://togithub.com/darshanjain-entrepreneur), [@s0h311](https://togithub.com/s0h311), [@wyattjoh](https://togithub.com/wyattjoh), [@ztanner](https://togithub.com/ztanner), [@djreillo](https://togithub.com/djreillo), [@dijonmusters](https://togithub.com/dijonmusters), and [@cassidoo](https://togithub.com/cassidoo) for helping! ### [`v13.4.10`](https://togithub.com/vercel/next.js/releases/tag/v13.4.10) [Compare Source](https://togithub.com/vercel/next.js/compare/v13.4.9...v13.4.10) ##### Core Changes - Fix trailing slash with locale domain: [#52343](https://togithub.com/vercel/next.js/issues/52343) - perf: use fs.readdirSync with withFileTypes: [#52340](https://togithub.com/vercel/next.js/issues/52340) - Make `get_client_chunking_context` independent of context: [#51928](https://togithub.com/vercel/next.js/issues/51928) - perf: use fs.opendir for better resource usage: [#52341](https://togithub.com/vercel/next.js/issues/52341) - fix: metadatabase warning message: [#52363](https://togithub.com/vercel/next.js/issues/52363) - perf: simplify getShortDynamicParamType on app-render: [#52355](https://togithub.com/vercel/next.js/issues/52355) - fix: prevent infinite dev refresh on nested parallel routes: [#52362](https://togithub.com/vercel/next.js/issues/52362) - turbopack: add incremental cache for node.js app rendering: [#52172](https://togithub.com/vercel/next.js/issues/52172) - Refactor metadata og and twitter title to be always presented: [#52320](https://togithub.com/vercel/next.js/issues/52320) - perf: reduce system calls on eslint plugin: [#52359](https://togithub.com/vercel/next.js/issues/52359) - Turbopack: Use a different chunking context for web entry: [#52404](https://togithub.com/vercel/next.js/issues/52404) - Temporarily revert change to pages render: [#52407](https://togithub.com/vercel/next.js/issues/52407) - Remove integration tests now in vercel/turbo: [#52413](https://togithub.com/vercel/next.js/issues/52413) - Update Rust nightly toolchain: [#51757](https://togithub.com/vercel/next.js/issues/51757) - Cache concurrent `ensurePage` requests for the same page: [#52360](https://togithub.com/vercel/next.js/issues/52360) - \[turbopack]: Remove skipped integration tests: [#52421](https://togithub.com/vercel/next.js/issues/52421) - Fix metadata layer webpack rule for server-only: [#52403](https://togithub.com/vercel/next.js/issues/52403) - Override file based images with social images property: [#52416](https://togithub.com/vercel/next.js/issues/52416) - Split the client reference manifest file to be generated per-entry: [#52450](https://togithub.com/vercel/next.js/issues/52450) - fix(standalone): fixed `output: "standalone"` crashing build when there is no `app/` page: [#51993](https://togithub.com/vercel/next.js/issues/51993) - fix: add aws packages to default `serverComponentsExternalPackages`: [#52388](https://togithub.com/vercel/next.js/issues/52388) - refactor: avoid unnecessary async scopes in eslint: [#52418](https://togithub.com/vercel/next.js/issues/52418) - Ensure useParams return array for catch-all routes: [#52494](https://togithub.com/vercel/next.js/issues/52494) - turbopack: Module Trait: [#52401](https://togithub.com/vercel/next.js/issues/52401) - Fix tracking of client reference manifest: [#52505](https://togithub.com/vercel/next.js/issues/52505) - perf: create an experimental bundled version of the next server: [#52206](https://togithub.com/vercel/next.js/issues/52206) - Chore: Remove redundant intersection type: [#52453](https://togithub.com/vercel/next.js/issues/52453) - perf: Refactor recursiveReadDirSync: [#52517](https://togithub.com/vercel/next.js/issues/52517) - add version to function config manifest: [#52507](https://togithub.com/vercel/next.js/issues/52507) - Turbopack: Source trait: [#52511](https://togithub.com/vercel/next.js/issues/52511) - Update id handling for fonts: [#52559](https://togithub.com/vercel/next.js/issues/52559) - feat(turbopack): support swc transform plugins : [#50401](https://togithub.com/vercel/next.js/issues/50401) - feat(babel-loader): provide migration help message for babel config: [#52565](https://togithub.com/vercel/next.js/issues/52565) - Support global-error for ssr fallback: [#52573](https://togithub.com/vercel/next.js/issues/52573) - Fix ISR case with bot requests: [#52581](https://togithub.com/vercel/next.js/issues/52581) - fix(next/jest): jest can not load server-only code: [#52393](https://togithub.com/vercel/next.js/issues/52393) - Turbopack: App Router build POC: [#52036](https://togithub.com/vercel/next.js/issues/52036) - Avoid loading Next.js config again in render workers: [#52587](https://togithub.com/vercel/next.js/issues/52587) - Add more extensions to `next-types-plugin` for `Node16`/`NodeNext`: [#52562](https://togithub.com/vercel/next.js/issues/52562) - feat(next-swc): report native bindings load err code: [#52570](https://togithub.com/vercel/next.js/issues/52570) - Move App Pages rendering into bundle: [#52290](https://togithub.com/vercel/next.js/issues/52290) - feat(turbopack): support native webp: [#52285](https://togithub.com/vercel/next.js/issues/52285) - Set sizes prop to any for svg icons: [#52609](https://togithub.com/vercel/next.js/issues/52609) - Turbopack: OutputAsset trait: [#52606](https://togithub.com/vercel/next.js/issues/52606) - chore(deps): bump `react@18.3.0-canary-9377e1010-20230712`: [#52649](https://togithub.com/vercel/next.js/issues/52649) - Ensure root layout only render once per request: [#52589](https://togithub.com/vercel/next.js/issues/52589) - Fix bundle path normalization for /index routes: [#52650](https://togithub.com/vercel/next.js/issues/52650) - Turobpack: Next.rs API (part 1): [#52259](https://togithub.com/vercel/next.js/issues/52259) - Clean up promises after resolving: [#52656](https://togithub.com/vercel/next.js/issues/52656) - Catch layout error in global-error: [#52654](https://togithub.com/vercel/next.js/issues/52654) - Fix per-entry client reference manifest for grouped and named segments: [#52664](https://togithub.com/vercel/next.js/issues/52664) ##### Documentation Changes - chore(docs): fix link to `useSearchParams`: [#52348](https://togithub.com/vercel/next.js/issues/52348) - docs: Clarify `create-next-app` requires public GitHub URLs.: [#52367](https://togithub.com/vercel/next.js/issues/52367) - remove unnecessary dot.: [#52387](https://togithub.com/vercel/next.js/issues/52387) - fix metadata-related typo in MDX documentation: [#52446](https://togithub.com/vercel/next.js/issues/52446) - docs: Simplify message in React essentials section.: [#52469](https://togithub.com/vercel/next.js/issues/52469) - docs: Improve error handling docs for server-side errors.: [#52302](https://togithub.com/vercel/next.js/issues/52302) - docs: Add Playwright/Cypress Discord links: [#52084](https://togithub.com/vercel/next.js/issues/52084) - docs: Add Kuma to CSS-in-JS supported list.: [#52438](https://togithub.com/vercel/next.js/issues/52438) - docs: clarify `fetch` request de-duplication: [#52100](https://togithub.com/vercel/next.js/issues/52100) - docs: Update TypeScript plugin section for VS Code prompt: [#52111](https://togithub.com/vercel/next.js/issues/52111) - docs: Improve hydration mismatch error guide.: [#52481](https://togithub.com/vercel/next.js/issues/52481) - docs: add Supabase loader for `next/image`: [#52480](https://togithub.com/vercel/next.js/issues/52480) - docs: fix the incrementalCacheHandlerPath: [#52124](https://togithub.com/vercel/next.js/issues/52124) - fixed error [#52486](https://togithub.com/vercel/next.js/issues/52486) fetchUsers to fetchUser: [#52487](https://togithub.com/vercel/next.js/issues/52487) - Update 08-parallel-routes.mdx: [#52419](https://togithub.com/vercel/next.js/issues/52419) - docs: Add `formData` example for Route Handlers: [#52358](https://togithub.com/vercel/next.js/issues/52358) - chore(docs): Typesafe `metadata` object: [#52252](https://togithub.com/vercel/next.js/issues/52252) - docs: Update `_app` and `_document`: [#52479](https://togithub.com/vercel/next.js/issues/52479) - docs: add CDN optimization as possible hydration error cause: [#52489](https://togithub.com/vercel/next.js/issues/52489) - docs: correct TypeScript spelling on the home page: [#52500](https://togithub.com/vercel/next.js/issues/52500) - chore(docs): fix a few typos in image loader docs: [#52508](https://togithub.com/vercel/next.js/issues/52508) - docs: fix grammar on Server Actions: [#52556](https://togithub.com/vercel/next.js/issues/52556) - Fixed grammar in 03-react-essentials.mdx: [#52597](https://togithub.com/vercel/next.js/issues/52597) - docs: fix typo in CSS Modules Description: [#52599](https://togithub.com/vercel/next.js/issues/52599) - docs: Fix typo in generate-static-params.mdx: [#52595](https://togithub.com/vercel/next.js/issues/52595) - docs: move MUI to supported list: [#52584](https://togithub.com/vercel/next.js/issues/52584) - docs: Add missing closing tag for react hydration error message.: [#52607](https://togithub.com/vercel/next.js/issues/52607) ##### Example Changes - examples: Update Convex to latest version (`0.19`): [#52473](https://togithub.com/vercel/next.js/issues/52473) - Update examples: counter.tsx - Don't need empty space: [#52576](https://togithub.com/vercel/next.js/issues/52576) ##### Misc Changes - Update swc_core to `v0.79.13`: [#52371](https://togithub.com/vercel/next.js/issues/52371) - chore(ci): fix turbo input path globs: [#52414](https://togithub.com/vercel/next.js/issues/52414) - fix(create-next-app): click event blockage under 1024px by adjusting z-index: [#52074](https://togithub.com/vercel/next.js/issues/52074) - chore: add label to locked threads: [#52497](https://togithub.com/vercel/next.js/issues/52497) - fix: `not-found.tsx` with `output: export`: [#52526](https://togithub.com/vercel/next.js/issues/52526) - use `npm pack` instead of `yarn pack`: [#52563](https://togithub.com/vercel/next.js/issues/52563) - ci: skip build-native for docs only change: [#52571](https://togithub.com/vercel/next.js/issues/52571) - Remove unnecessary `body-parser`: [#52580](https://togithub.com/vercel/next.js/issues/52580) ##### Credits Huge thanks to [@ijjk](https://togithub.com/ijjk), [@anonrig](https://togithub.com/anonrig), [@alexkirsz](https://togithub.com/alexkirsz), [@gfgabrielfranca](https://togithub.com/gfgabrielfranca), [@styfle](https://togithub.com/styfle), [@ztanner](https://togithub.com/ztanner), [@leerob](https://togithub.com/leerob), [@sokra](https://togithub.com/sokra), [@huozhi](https://togithub.com/huozhi), [@Bitbbot](https://togithub.com/Bitbbot), [@wyattjoh](https://togithub.com/wyattjoh), [@kdy1](https://togithub.com/kdy1), [@wbinnssmith](https://togithub.com/wbinnssmith), [@shuding](https://togithub.com/shuding), [@jridgewell](https://togithub.com/jridgewell), [@BrennanColberg](https://togithub.com/BrennanColberg), [@Nick-Mazuk](https://togithub.com/Nick-Mazuk), [@delbaoliveira](https://togithub.com/delbaoliveira), [@thomasballinger](https://togithub.com/thomasballinger), [@lucgagan](https://togithub.com/lucgagan), [@nroland013](https://togithub.com/nroland013), [@SonMooSans](https://togithub.com/SonMooSans), [@jenewland1999](https://togithub.com/jenewland1999), [@thorwebdev](https://togithub.com/thorwebdev), [@jyunhanlin](https://togithub.com/jyunhanlin), [@darshanjain-entrepreneur](https://togithub.com/darshanjain-entrepreneur), [@DuCanhGH](https://togithub.com/DuCanhGH), [@Gnadhi](https://togithub.com/Gnadhi), [@yagogmaisp](https://togithub.com/yagogmaisp), [@carlos-menezes](https://togithub.com/carlos-menezes), [@balazsorban44](https://togithub.com/balazsorban44), [@ryo-manba](https://togithub.com/ryo-manba), [@timneutkens](https://togithub.com/timneutkens), [@feedthejim](https://togithub.com/feedthejim), [@vamcs](https://togithub.com/vamcs), [@matepapp](https://togithub.com/matepapp), [@SleeplessOne1917](https://togithub.com/SleeplessOne1917), [@ecklf](https://togithub.com/ecklf), [@djreillo](https://togithub.com/djreillo), [@kwonoj](https://togithub.com/kwonoj), [@gnoff](https://togithub.com/gnoff), [@feugy](https://togithub.com/feugy), [@karlhorky](https://togithub.com/karlhorky), [@starunaway](https://togithub.com/starunaway), [@FernandVEYRIER](https://togithub.com/FernandVEYRIER), [@Ryan-Dia](https://togithub.com/Ryan-Dia), [@Terro216](https://togithub.com/Terro216), [@anthonyshew](https://togithub.com/anthonyshew), and [@suhaotian](https://togithub.com/suhaotian) for helping! ### [`v13.4.9`](https://togithub.com/vercel/next.js/releases/tag/v13.4.9) [Compare Source](https://togithub.com/vercel/next.js/compare/v13.4.8...v13.4.9) ##### Core Changes - Reland "ReverseTopological -> AdjacencyMap"": [#52142](https://togithub.com/vercel/next.js/issues/52142) - Change the Server Actions feature flag to be validated at compile time: [#52147](https://togithub.com/vercel/next.js/issues/52147) - Fix `modularizeImports` transform of `antd`: [#52148](https://togithub.com/vercel/next.js/issues/52148) - fix: next.config.js with `unstable_getImgProps()`: [#52153](https://togithub.com/vercel/next.js/issues/52153) - update tests list to include all passing tests: [#52026](https://togithub.com/vercel/next.js/issues/52026) - Support scroll: false for Link component for app router: [#51869](https://togithub.com/vercel/next.js/issues/51869) - Memoize useRouter from next/navigation when used in Pages Router: [#52177](https://togithub.com/vercel/next.js/issues/52177) - chore(deps): bump react `18.3.0-canary-1fdacbefd-20230630`: [#52005](https://togithub.com/vercel/next.js/issues/52005) - fix: infinite dev reloads when parallel route is treated a page entry: [#52061](https://togithub.com/vercel/next.js/issues/52061) - disable flaky test cases: [#52184](https://togithub.com/vercel/next.js/issues/52184) - Revert "chore(deps): bump react `18.3.0-canary-1fdacbefd-20230630`": [#52192](https://togithub.com/vercel/next.js/issues/52192) - update turbopack: [#52186](https://togithub.com/vercel/next.js/issues/52186) - Update CustomModuleType import: [#52133](https://togithub.com/vercel/next.js/issues/52133) - Skip build-time dynamic code checks for specific polyfills in the Edge runtime: [#52009](https://togithub.com/vercel/next.js/issues/52009) - Update Turbopack: [#52198](https://togithub.com/vercel/next.js/issues/52198) - Use base36 for the RSC query: [#52204](https://togithub.com/vercel/next.js/issues/52204) - Fix `dynamicParams` check in TS plugin: [#52211](https://togithub.com/vercel/next.js/issues/52211) - Fix tree shaking for image generation module: [#51950](https://togithub.com/vercel/next.js/issues/51950) - fix env reloading for turbopack: [#52194](https://togithub.com/vercel/next.js/issues/52194) - Remove zod from require-hook: [#52197](https://togithub.com/vercel/next.js/issues/52197) - Optimize watch ignore: [#52238](https://togithub.com/vercel/next.js/issues/52238) - Remove the outdated error for find page dir: [#52274](https://togithub.com/vercel/next.js/issues/52274) - Disable flakey turbopack env test: [#52295](https://togithub.com/vercel/next.js/issues/52295) - skip hot reload sync event for applying hmr updates: [#52270](https://togithub.com/vercel/next.js/issues/52270) - Handle 409s in fetch cache: [#51652](https://togithub.com/vercel/next.js/issues/51652) - chore: remove experimental `appDir: true` from tests: [#52291](https://togithub.com/vercel/next.js/issues/52291) - fix: correct `modularizeImports` for antd & ant-design/icons: [#52169](https://togithub.com/vercel/next.js/issues/52169) - Update checksum algorithm to SHA1: [#52102](https://togithub.com/vercel/next.js/issues/52102) - chore(deps): bump react to [`7118f5d`](https://togithub.com/vercel/next.js/commit/7118f5dd7): [#52282](https://togithub.com/vercel/next.js/issues/52282) - Update eslint-plugin-react-hooks to 5.0.0-canary-7118f5dd7-20230705: [#52275](https://togithub.com/vercel/next.js/issues/52275) - Named page chunks: [#51921](https://togithub.com/vercel/next.js/issues/51921) - chore: fix next dev turbopack benchmark: [#52328](https://togithub.com/vercel/next.js/issues/52328) - Fix to use keep-alive in standalone mode: [#50221](https://togithub.com/vercel/next.js/issues/50221) - Use 127.0.0.1 as the default host for the standalone server [#52283](https://togithub.com/vercel/next.js/issues/52283) ##### Documentation Changes - Update generate-image-metadata.mdx: [#52230](https://togithub.com/vercel/next.js/issues/52230) - docs(mdx): Add clearer instructions on the storage location of mdx-components files.: [#52187](https://togithub.com/vercel/next.js/issues/52187) - docs: Improve some of the error messages pages.: [#52271](https://togithub.com/vercel/next.js/issues/52271) - fix wrong Link import: [#52298](https://togithub.com/vercel/next.js/issues/52298) - Document redirect parameters: [#51987](https://togithub.com/vercel/next.js/issues/51987) - Add manual installation instructions for pages: [#51995](https://togithub.com/vercel/next.js/issues/51995) - Update 10-router-handlers.mdx: [#52098](https://togithub.com/vercel/next.js/issues/52098) - Add app router example: [#52066](https://togithub.com/vercel/next.js/issues/52066) - doc: update typo in instrumentation page: [#52311](https://togithub.com/vercel/next.js/issues/52

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

vercel[bot] commented 1 week ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
react-celo	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 18, 2024 8:59pm

socket-security[bot] commented 1 week ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@next/env@13.5.6	environment, filesystem	`0`	6.95 kB	vercel-release-bot
npm/@next/swc-darwin-arm64@13.5.6	None	`0`	108 MB	vercel-release-bot
npm/@next/swc-darwin-x64@13.5.6	None	`0`	109 MB	vercel-release-bot
npm/@next/swc-linux-arm64-gnu@13.5.6	None	`0`	110 MB	vercel-release-bot
npm/@next/swc-linux-arm64-musl@13.5.6	None	`0`	130 MB	vercel-release-bot
npm/@next/swc-linux-x64-gnu@13.5.6	None	`0`	123 MB	vercel-release-bot
npm/@next/swc-linux-x64-musl@13.5.6	None	`0`	143 MB	vercel-release-bot
npm/@next/swc-win32-arm64-msvc@13.5.6	None	`0`	96.7 MB	vercel-release-bot
npm/@next/swc-win32-ia32-msvc@13.5.6	None	`0`	89.8 MB	vercel-release-bot
npm/@next/swc-win32-x64-msvc@13.5.6	None	`0`	128 MB	vercel-release-bot
npm/@swc/helpers@0.5.2	None	`0`	228 kB	kdy1
npm/busboy@1.6.0	None	`0`	124 kB	mscdex
npm/client-only@0.0.1	None	`0`	611 B	sebmarkbage
npm/glob-to-regexp@0.4.1	None	`0`	18.1 kB	nickfitzgerald
npm/next@13.5.6	environment, filesystem, network, shell, unsafe	`+4`	73.6 MB	vercel-release-bot
npm/streamsearch@1.1.0	None	`0`	16.6 kB	mscdex

🚮 Removed packages: npm/@next/env@12.3.4, npm/@next/swc-android-arm-eabi@12.3.4, npm/@next/swc-android-arm64@12.3.4, npm/@next/swc-darwin-arm64@12.3.4, npm/@next/swc-darwin-x64@12.3.4, npm/@next/swc-freebsd-x64@12.3.4, npm/@next/swc-linux-arm-gnueabihf@12.3.4, npm/@next/swc-linux-arm64-gnu@12.3.4, npm/@next/swc-linux-arm64-musl@12.3.4, npm/@next/swc-linux-x64-gnu@12.3.4, npm/@next/swc-linux-x64-musl@12.3.4, npm/@next/swc-win32-arm64-msvc@12.3.4, npm/@next/swc-win32-ia32-msvc@12.3.4, npm/@next/swc-win32-x64-msvc@12.3.4, npm/@swc/helpers@0.4.11, npm/next@12.3.4

View full report↗︎

socket-security[bot] commented 1 week ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
AI warning	npm/next@13.5.6	Notes: This code has a worrying combination of potential security risks, including executing a downloaded binary with user input, writing to user-controlled file paths, and automatically modifying the .gitignore. While it does not appear to be outright malware, using it as-is poses significant security concerns. A thorough security review and hardening of these risk areas would be recommended before use. Confidence: 1.00 Severity: 0.60	`packages/example/package.json`	🚫

View full report↗︎

Next steps

What is an AI detected anomaly?

AI has identified unusual behaviors that may pose a security risk.

An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/next@13.5.6

celo-org / react-celo