This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.
Releases
@urql/next@1.1.1
Patch Changes
⚠️ Fix CVE-2024-24556, addressing an XSS vulnerability, where @urql/next failed to escape HTML characters in JSON payloads injected into RSC hydration bodies. When an attacker is able to manipulate strings in the JSON response in RSC payloads, this could cause HTML to be evaluated via a typical XSS vulnerability (See GHSA-qhjf-hm5j-335w for details.)
Submitted by @JoviDeCroock (See 4b7011b7)
This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.
Releases
@urql/next@1.1.1
Patch Changes
CVE-2024-24556
, addressing an XSS vulnerability, where@urql/next
failed to escape HTML characters in JSON payloads injected into RSC hydration bodies. When an attacker is able to manipulate strings in the JSON response in RSC payloads, this could cause HTML to be evaluated via a typical XSS vulnerability (SeeGHSA-qhjf-hm5j-335w
for details.) Submitted by @JoviDeCroock (See4b7011b7
)