search

upleveled / security-vulnerability-examples-next-js-postgres

https://vuln-examples-next-postgres-jose.vercel.app/
11 stars 6 forks source link

Update dependency upgrades - non-major #235

Closed renovate[bot] closed 1 week ago

renovate[bot] commented 1 week ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@types/node (source) 22.7.3 -> 22.7.4 age adoption passing confidence
@types/react (source) 18.3.9 -> 18.3.11 age adoption passing confidence
cookie 0.6.0 -> 0.7.0 age adoption passing confidence
eslint-config-upleveled 8.7.1 -> 8.7.2 age adoption passing confidence
next (source) 14.2.13 -> 14.2.14 age adoption passing confidence
pnpm (source) 9.11.0 -> 9.12.0 age adoption passing confidence
sass 1.79.3 -> 1.79.4 age adoption passing confidence

Release Notes

jshttp/cookie (cookie) ### [`v0.7.0`](https://redirect.github.com/jshttp/cookie/releases/tag/v0.7.0): 0.7.0 [Compare Source](https://redirect.github.com/jshttp/cookie/compare/v0.6.0...v0.7.0) - perf: parse cookies ~10% faster ([#​144](https://redirect.github.com/jshttp/cookie/issues/144) by [@​kurtextrem](https://redirect.github.com/kurtextrem) and [#​170](https://redirect.github.com/jshttp/cookie/issues/170)) - fix: narrow the validation of cookies to match RFC6265 ([#​167](https://redirect.github.com/jshttp/cookie/issues/167) by [@​bewinsnw](https://redirect.github.com/bewinsnw)) - fix: add `main` to `package.json` for rspack ([#​166](https://redirect.github.com/jshttp/cookie/issues/166) by [@​proudparrot2](https://redirect.github.com/proudparrot2))
upleveled/eslint-config-upleveled (eslint-config-upleveled) ### [`v8.7.2`](https://redirect.github.com/upleveled/eslint-config-upleveled/releases/tag/v8.7.2) [Compare Source](https://redirect.github.com/upleveled/eslint-config-upleveled/compare/v8.7.1...v8.7.2) - Update dependency upgrades - non-major [`b3ec11d`](https://redirect.github.com/upleveled/eslint-config-upleveled/commit/b3ec11da1f756ff5ee40438a9e2964100939795d) - Update dependency [@​types/node](https://redirect.github.com/types/node) to v22.7.3 [`e882521`](https://redirect.github.com/upleveled/eslint-config-upleveled/commit/e8825217d29e141f0cfdee448950959233743964) - Disable type checked rules for `.jsx` files [`aca50e8`](https://redirect.github.com/upleveled/eslint-config-upleveled/commit/aca50e8f66d519734734b58bb4c140ebb08e2672) #### New Contributors - [@​Omer-Szerer](https://redirect.github.com/Omer-Szerer) made their first contribution in [https://github.com/upleveled/eslint-config-upleveled/pull/435](https://redirect.github.com/upleveled/eslint-config-upleveled/pull/435) **Full Changelog**: https://github.com/upleveled/eslint-config-upleveled/compare/v8.7.1...v8.7.2
vercel/next.js (next) ### [`v14.2.14`](https://redirect.github.com/vercel/next.js/compare/v14.2.13...dbbec6ada34399df739f45273b50c38fc5b4a881) [Compare Source](https://redirect.github.com/vercel/next.js/compare/v14.2.13...v14.2.14)
pnpm/pnpm (pnpm) ### [`v9.12.0`](https://redirect.github.com/pnpm/pnpm/releases/tag/v9.12.0): pnpm 9.12 [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v9.11.0...v9.12.0) ##### Minor Changes - Fix peer dependency resolution dead lock [#​8570](https://redirect.github.com/pnpm/pnpm/issues/8570). This change might change some of the keys in the `snapshots` field inside `pnpm-lock.yaml` but it should happen very rarely. - `pnpm outdated` command supports now a `--sort-by=name` option for sorting outdated dependencies by package name [#​8523](https://redirect.github.com/pnpm/pnpm/pull/8523). - Added the ability for `overrides` to remove dependencies by specifying `"-"` as the field value [#​8572](https://redirect.github.com/pnpm/pnpm/issues/8572). For example, to remove `lodash` from the dependencies, use this configuration in `package.json`: ```json { "pnpm": { "overrides": { "lodash": "-" } } } ``` ##### Patch Changes - Fixed an issue where `pnpm list --json pkg` showed `"private": false` for a private package [#​8519](https://redirect.github.com/pnpm/pnpm/issues/8519). - Packages with `libc` that differ from `pnpm.supportedArchitectures.libc` are not downloaded [#​7362](https://redirect.github.com/pnpm/pnpm/issues/7362). - Prevent `ENOENT` errors caused by running `store prune` in parallel [#​8586](https://redirect.github.com/pnpm/pnpm/pull/8586). - Add issues alias to `pnpm bugs` [#​8596](https://redirect.github.com/pnpm/pnpm/pull/8596). ##### Platinum Sponsors
##### Gold Sponsors
##### Our Silver Sponsors
sass/dart-sass (sass) ### [`v1.79.4`](https://redirect.github.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1794) [Compare Source](https://redirect.github.com/sass/dart-sass/compare/1.79.3...1.79.4) ##### JS API - Fix a bug where passing `green` or `blue` to `color.change()` for legacy colors would fail.

Configuration

📅 Schedule: Branch creation - "after 4pm on thursday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

This PR was generated by Mend Renovate. View the repository job log.

socket-security[bot] commented 1 week ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@types/node@22.7.4 None +1 2.34 MB types
npm/@types/react@18.3.11 None +2 1.69 MB types
npm/cookie@0.7.0 None 0 23.3 kB blakeembrey
npm/eslint-config-upleveled@8.7.2 environment Transitive: eval, filesystem, shell, unsafe +352 44.7 MB karlhorky
npm/next@14.2.14 environment, filesystem, network, shell, unsafe +14 90.1 MB vercel-release-bot
npm/sass@1.79.4 filesystem, unsafe Transitive: environment +4 6.74 MB sassbot

🚮 Removed packages: npm/@types/node@22.7.3, npm/@types/react@18.3.9, npm/cookie@0.6.0, npm/eslint-config-upleveled@8.7.1, npm/next@14.2.13, npm/sass@1.79.3

View full report↗︎