Skip to content
This repository has been archived by the owner on Jun 10, 2020. It is now read-only.

[Security] Bump next from 9.3.0 to 9.4.2 in /src/dashboard/v2 #785

Closed
wants to merge 1 commit into from
Closed

[Security] Bump next from 9.3.0 to 9.4.2 in /src/dashboard/v2 #785

wants to merge 1 commit into from

Conversation

dependabot-preview[bot]
Copy link
Contributor

Bumps next from 9.3.0 to 9.4.2. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects next

Impact

  • Not affected: Deployments on ZEIT Now v2 (https://zeit.co) are not affected
  • Not affected: Deployments using the serverless target
  • Not affected: Deployments using next export
  • Affected: Users of Next.js below 9.3.2

We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.

Patches

https://github.com/zeit/next.js/releases/tag/v9.3.2

References

https://github.com/zeit/next.js/releases/tag/v9.3.2

Affected versions: < 9.3.2

Release notes

Sourced from next's releases.

v9.4.2

Minor Changes

  • [Experimental] Add support for production browser source maps: #13018
  • [Experimental] Implement optional catch all routes: #12887

Patches

  • Only retry tests on CI: #12998
  • Fix modal overlay in RTL layouts: #13000
  • Feat: Remove redundant imports in XState example: #13020
  • Convert test to be inline: #13022
  • Avoid over-transpiling core libs: #11803
  • [Examples] Chakra UI - Move CSSReset inside ColorModeProvider: #13044
  • Stabilize test for Windows: #13050
  • Improve jsconfig.json error message: #13053
  • An empty jsconfig.json should not fail the build: #13051
  • Add PR labeler action: #13054
  • Revert "Add PR labeler action": #13055
  • X-powered-by is added to response, not request: #13037
  • Chore: Remove redundant imports in several examples: #13030
  • Correct multi-match behavior for queries and header values: #13017
  • Fix with-emotion examples: #13005
  • Remove redundant React imports from with-redux-thunk example: #12986
  • [Examples] Added public folder to with-docker example: #12879
  • Docs: add prismic locale note: #12862
  • Chore: use function component on with-typescript example: #12695
  • Fix crash when NODE_OPTIONS includes --inspect-port: #12555
  • Add eslint-plugin-jest: #13003
  • Add monaco-editor example: #11232
  • Chore: hot-reloader, htmlescape, next-dev-server missing types: #12730
  • Fix lint: f9b72473604941337e3c4ced5cbc9ab7c2095bd1
  • Removed redundant code from the with-portals example: #13059
  • Upgrade to Prettier 2: #13061
  • Update Examples for Fast Refresh: #13068
  • Add sourcemaps to Next.js core compilation: #13049
  • Adding no html-link lint rule to eslint-plugin: #12969
  • Chore(next): check-custom-routes - recursive-copy missing types: #13065
  • Remove taskr typescript plugin as it&#39;s no longer used: #13081
  • Added path: #13075
  • Remove redundant code from with-portals-ssr example: #13060
  • Update prefetching explanation to correctly reflect data prefetching: #13088
  • Fix building server-side generated AMP pages: #13046
  • Improve Redux Toolkit example: #12858
  • Add error when exporting pages with fallback: true: #13063
  • Update the Automatic Static Optimization docs to explicitly state that Next.js will trigger an update.: #13096
  • Fix(examples): align with-absolute-imports with next 9.4: #13090
  • [Example] Unsubscribe Router.on.events: #13102
  • Add Kodiak Configuration: #13103
  • Fix catch-all route + index.js in dev when accessed with trailing slash: #10502
... (truncated)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

@dependabot-preview
[Security] Bump next from 9.3.0 to 9.4.2 in /src/dashboard/v2
3d4a843 
Bumps [next](https://github.com/zeit/next.js) from 9.3.0 to 9.4.2. **This update includes a security fix.**
- [Release notes](https://github.com/zeit/next.js/releases)
- [Commits](vercel/next.js@v9.3.0...v9.4.2)

Signed-off-by: dependabot-preview[bot] <[email protected]>
@dependabot-preview dependabot-preview bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code security Pull requests that address a security vulnerability labels May 24, 2020
@dependabot-preview dependabot-preview bot mentioned this pull request May 24, 2020
Closed
@codecov
Copy link

codecov bot commented May 24, 2020

Codecov Report

Merging #785 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #785   +/-   ##
=======================================
  Coverage   82.28%   82.28%           
=======================================
  Files          11       11           
  Lines         542      542           
=======================================
  Hits          446      446           
  Misses         96       96

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f963d45...3d4a843. Read the comment docs.

@dependabot-preview
Copy link
Contributor Author

Superseded by #797.

@dependabot-preview dependabot-preview bot deleted the dependabot/npm_and_yarn/src/dashboard/v2/next-9.4.2 branch May 31, 2020 20:24
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code security Pull requests that address a security vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants