Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Production deployment #363

Merged
merged 1 commit into from
Sep 19, 2024
Merged

Production deployment #363

merged 1 commit into from
Sep 19, 2024

Commits on Sep 18, 2024

  1. fix(deps): update dependency next to v14.2.10 [security] (#362) 

    This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [next](https://nextjs.org)
([source](https://redirect.github.com/vercel/next.js)) | [`14.2.6` ->
`14.2.10`](https://renovatebot.com/diffs/npm/next/14.2.6/14.2.10) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/next/14.2.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/next/14.2.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/next/14.2.6/14.2.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/next/14.2.6/14.2.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2024-46982](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9)

### Impact

By sending a crafted HTTP request, it is possible to poison the cache of
a non-dynamic server-side rendered route in the pages router (this does
not affect the app router). When this crafted request is sent it could
coerce Next.js to cache a route that is meant to not be cached and send
a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some
upstream CDNs may cache as well.

To be potentially affected all of the following must apply: 

- Next.js between 13.5.1 and 14.2.9
- Using pages router
- Using non-dynamic server-side rendered routes e.g.
`pages/dashboard.tsx` not `pages/blog/[slug].tsx`

The below configurations are unaffected:

- Deployments using only app router
- Deployments on [Vercel](https://vercel.com/) are not affected

### Patches

This vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later.
We recommend upgrading regardless of whether you can reproduce the issue
or not.

### Workarounds

There are no official or recommended workarounds for this issue, we
recommend that users patch to a safe version.

#### Credits

- Allam Rachid (zhero_)
- Henry Chen

---

### Release Notes

<details>
<summary>vercel/next.js (next)</summary>

###
[`v14.2.10`](https://redirect.github.com/vercel/next.js/compare/v14.2.9...v14.2.10)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v14.2.9...v14.2.10)

###
[`v14.2.9`](https://redirect.github.com/vercel/next.js/compare/v14.2.8...v14.2.9)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v14.2.8...v14.2.9)

###
[`v14.2.8`](https://redirect.github.com/vercel/next.js/compare/v14.2.7...v14.2.8)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v14.2.7...v14.2.8)

###
[`v14.2.7`](https://redirect.github.com/vercel/next.js/compare/v14.2.6...v14.2.7)

[Compare
Source](https://redirect.github.com/vercel/next.js/compare/v14.2.6...v14.2.7)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone Europe/Berlin,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/simonknittel/simonknittel.de).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC44MC4wIiwidXBkYXRlZEluVmVyIjoiMzguODAuMCIsInRhcmdldEJyYW5jaCI6ImRldmVsb3AiLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
    @renovate
    renovate[bot] committed Sep 18, 2024
    Configuration menu
    Copy the full SHA
    6fb0e7b View commit details
    Browse the repository at this point in the history