search

windtoday / windtoday-app

Intelligent water sport marketplace
https://windtoday.co
MIT License
10 stars 5 forks source link

[Security] Bump next from 7.0.3 to 10.0.8 #472

Closed dependabot-preview[bot] closed 3 years ago

dependabot-preview[bot] commented 3 years ago

Bumps next from 7.0.3 to 10.0.8. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects next

Impact

  • Not affected: Deployments on ZEIT Now v2 (https://zeit.co) are not affected
  • Not affected: Deployments using the serverless target
  • Not affected: Deployments using next export
  • Affected: Users of Next.js below 9.3.2

We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.

Patches

https://github.com/zeit/next.js/releases/tag/v9.3.2

References

https://github.com/zeit/next.js/releases/tag/v9.3.2

Affected versions: < 9.3.2

Release notes

Sourced from next's releases.

v10.0.8

Core Changes

  • fix: use absolute paths for require hook: #21877
  • Experimental feature - fix optimizeCss flag for serverless deployments: #21790
  • feat(next/image): remove sharp for wasm variant: #22253
  • Add isPreview field to router: #21638
  • Delay server compilation until client compilation is done in development: #22187
  • Reduce webpack watcher aggregate timing: #22418
  • Add generating static 500 status page: #22139
  • chore: upgrade webpack5: #22460
  • Ensure static 500 hydrates correctly with query: #22468
  • Ensure rewrites are resolved while prefetching: #22442
  • Allow smaller sizes in srcset for image with fill layout and sizes prop: #21670
  • Experimental script loader changes: #22038
  • Ensure component load order: #22731
  • chore: upgrade webpack 5 version: #22737
  • Fix index revalidate with dynamic route in minimal mode: #22783

Documentation Changes

  • Document scroll option for router.push: #22275
  • Point to official next-auth example: #22282
  • Update docs.: #22358
  • docs(deployment): Add Docker Image section: #17794
  • add-supertokens-to-authentication.md: #22223
  • Update NEXT_LOCALE cookie note: #22736

Example Changes

  • With Supertokens example: #21384
  • Fixing grammar: #22201
  • Update emotion example package names in readme: #22144
  • with-google-analytics: replace the GA_TRACKING_ID string by a environment variable: #21817
  • Fix typo in German translation: #22291
  • Change zeit fetch to vercel fetch: #21913
  • Fix/Update (with-chakra-ui-typescript) dependencies: #22328
  • improved the example on how to use WDYR with the latest next.js: #21651
  • chore: fix typo in web.js: #22150
  • added port config var to migrate-db.js and .env: #22395
  • fix(examples/with-three-js): Upgrade drei@2.2.21 & three@0.125.0 #22365: #22431
  • moving to upstash and new integration: #22436
  • Add Azure Pipelines example to no-cache docs: #22708
  • Add missing dependencies in example: #22712

Misc Changes

  • Update CODEOWNERS: #22232
  • Fix issue templates: #22349
  • docs(deployment): Update working directory in builder stage: #22478

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
dependabot-preview[bot] commented 3 years ago

Superseded by #474.