Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @keystone-next/fields from 9.0.0 to 15.0.0 #6

Open
wants to merge 8 commits into
base: canary
Choose a base branch
from
Open

[Snyk] Security upgrade @keystone-next/fields from 9.0.0 to 15.0.0 #6

wants to merge 8 commits into from

Commits on Jul 18, 2023

  1. fix: examples/cms-keystonejs-embedded/package.json to reduce vulnerab… 

    …ilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-APOLLOSERVERCORE-2928764
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943
- https://snyk.io/vuln/SNYK-JS-NEXT-1540422
- https://snyk.io/vuln/SNYK-JS-NEXT-1577139
- https://snyk.io/vuln/SNYK-JS-NEXT-2405694
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118
- https://snyk.io/vuln/SNYK-JS-SHELLQUOTE-1766506
    @snyk-bot
    snyk-bot committed Jul 18, 2023
    Configuration menu
    Copy the full SHA
    9ff5a54 View commit details
    Browse the repository at this point in the history

Commits on Aug 15, 2023

  1. Revert "Move USER and remove redundant --chown from Dockerfile (verce… 

    …l#53441)" (vercel#54046)

This reverts commit 39c06ae.

Based on
vercel#53441 (review)

<!-- Thanks for opening a PR! Your contribution is much appreciated.
To make sure your PR is handled as smoothly as possible we request that
you follow the checklist sections below.
Choose the right checklist for the change(s) that you're making:

## For Contributors

### Improving Documentation

- Run `pnpm prettier-fix` to fix formatting issues before opening the
PR.
- Read the Docs Contribution Guide to ensure your contribution follows
the docs guidelines:
https://nextjs.org/docs/community/contribution-guide

### Adding or Updating Examples

- The "examples guidelines" are followed from our contributing doc
https://github.com/vercel/next.js/blob/canary/contributing/examples/adding-examples.md
- Make sure the linting passes by running `pnpm build && pnpm lint`. See
https://github.com/vercel/next.js/blob/canary/contributing/repository/linting.md

### Fixing a bug

- Related issues linked using `fixes #number`
- Tests added. See:
https://github.com/vercel/next.js/blob/canary/contributing/core/testing.md#writing-tests-for-nextjs
- Errors have a helpful link attached, see
https://github.com/vercel/next.js/blob/canary/contributing.md

### Adding a feature

- Implements an existing feature request or RFC. Make sure the feature
request has been accepted for implementation before opening a PR. (A
discussion must be opened, see
https://github.com/vercel/next.js/discussions/new?category=ideas)
- Related issues/discussions are linked using `fixes #number`
- e2e tests added
(https://github.com/vercel/next.js/blob/canary/contributing/core/testing.md#writing-tests-for-nextjs
- Documentation added
- Telemetry added. In case of a feature if it's used or not.
- Errors have a helpful link attached, see
https://github.com/vercel/next.js/blob/canary/contributing.md


## For Maintainers

- Minimal description (aim for explaining to someone not on the team to
understand the PR)
- When linking to a Slack thread, you might want to share details of the
conclusion
- Link both the Linear (Fixes NEXT-xxx) and the GitHub issues
- Add review comments if necessary to explain to the reviewer the logic
behind a change

### What?

### Why?

### How?

Closes NEXT-
Fixes #

-->
    @timneutkens
    timneutkens authored Aug 15, 2023
    Configuration menu
    Copy the full SHA
    c9fef18 View commit details
    Browse the repository at this point in the history

  2. chore: hide "same on new version" without link (vercel#54048) 

    Chat with @timneutkens

- Lock closed issues after 14 days of inactivity
- Hide comments "still happening" without a link we can verify
    @balazsorban44
    balazsorban44 authored Aug 15, 2023
    Configuration menu
    Copy the full SHA
    633b553 View commit details
    Browse the repository at this point in the history

  3. Do not output pages 404 in tree view if app not-found is used (vercel… 

    …#54051)

### What?

Skip logging `/404` for pages routes in `next build` when app router root not-found is present

### Why?

When app router's root not-found is used it can cover all the not found cases, and for static rendering it can already replace the `404.html`. So in the tree view we don't need to log the pages `/404` when those cases are covered by app router.
    @huozhi
    huozhi authored Aug 15, 2023
    Configuration menu
    Copy the full SHA
    ec6d2c7 View commit details
    Browse the repository at this point in the history

  4. Merge branch 'canary' into snyk-fix-52c74d69110d68f2acb32a8fdb48b7d7

    @X-oss-byte
    X-oss-byte authored Aug 15, 2023
    Configuration menu
    Copy the full SHA
    394edd8 View commit details
    Browse the repository at this point in the history

  5. Fix scroll bailout logic when targeting fixed/sticky elements (vercel… 

    …#53873)

### What?
When navigating to a new page with fixed or sticky positioned element as the first element, we were bailing on scroll to top behavior, which often isn't expected.

### Why?
Currently, we decide to bail on scroll to top behavior on navigation if the content that is swapped into view is visible within the viewport. Since fixed/sticky positioned elements are often intended to be relative to the current viewport, it's most likely not the case that you'd want it to be considered in this heuristic. For example, if you were scrolled far down on a page, and you navigated to a page that makes use of a sticky header, you would not be scrolled to the top of the page because that sticky header is technically visible within the viewport. 

### How?
I've updated the previous implementation that was intended to skip targeting invisible elements to also skip over fixed or sticky elements. This should help by falling back to the next level of the layout tree to determine which element to scroll to.

I've deleted the `// TODO-APP` comments as I couldn't think of a scenario in which we'd need a global scrollTop handler -- if we've bailed on every element up the tree, it's likely the page wasn't scrollable.

Some additional considerations:
- Is the warning helpful or annoying?
- Is the parallel route trade-off an acceptable one? (ie, a parallel modal slot might not be considered in the content visibility check unless if it’s fixed positioned)

Closes NEXT-1393
Fixes vercel#47475
    @ztanner
    ztanner authored Aug 15, 2023
    Configuration menu
    Copy the full SHA
    cb432eb View commit details
    Browse the repository at this point in the history

  6. Merge branch 'vercel:canary' into snyk-fix-52c74d69110d68f2acb32a8fdb… 

    …48b7d7
    @X-oss-byte
    X-oss-byte authored Aug 15, 2023
    Configuration menu
    Copy the full SHA
    c68371a View commit details
    Browse the repository at this point in the history

  7. Update index.mjs

    @X-oss-byte
    X-oss-byte authored Aug 15, 2023
    Configuration menu
    Copy the full SHA
    a6b421f View commit details
    Browse the repository at this point in the history