Next.js / Nextra Phoning Home?

[nelsonic]

While doing a routine update to the /docs I got the following compilation error in the Nextra project:

Note: the Nextra project is served on TCP: 3001
to avoid conflicts with another project on 3000
but otherwise it's "stock" Nextra.

Next.js (14.2.4) out of date (learn more)

This warning appearing in the error message may appear to be a "helpful" reminder to devs
but it is problematic in a high security environment because in order to know that there's a newer version of Next.js
needs to Phone Home either to NPM for the version number or to Vercel ... either way it's making an external network request. 💭

the is the page the "learn more" links to: https://nextjs.org/docs/messages/version-staleness

To be clear: I'm a proponent of keeping software/systems up-to-date in terms of security patches/updates. ⬆️
And to some people who aren't security conscious having Next.js making network requests might be convenient ...
But if you work in a high security environment and need to know what all outbound network requests are doing,
this is a no-go! 🙅

At the time of writing the version of Next.js in our Nextra project is 14.2.4 and the most recent version on NPM is 14.2.5:
https://www.npmjs.com/package/next?activeTab=versions

They have published 2,665 versions ... 😮
How maintainable is a project that has an update every day ...? 🤷‍♂️ dwyl/learn-nextjs#12