Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency next to v14.2.15 [security] #623

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 18, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
next (source) 14.2.10 -> 14.2.15 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-51479

Impact

If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed.

Patches

This issue was patched in Next.js 14.2.15 and later.

If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version.

Workarounds

There are no official workarounds for this vulnerability.

Credits

We'd like to thank tyage (GMO CyberSecurity by IERAE) for responsible disclosure of this issue.


Release Notes

vercel/next.js (next)

v14.2.15

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes
  • support breadcrumb style catch-all parallel routes #​65063
  • Provide non-dynamic segments to catch-all parallel routes #​65233
  • Fix client reference access causing metadata missing #​70732
  • feat(next/image): add support for decoding prop #​70298
  • feat(next/image): add images.localPatterns config #​70529
  • fix(next/image): handle undefined images.localPatterns config in images-manifest.json
  • fix: Do not omit alt on getImgProps return type, ImgProps #​70608
  • [i18n] Routing fix #​70761
Credits

Huge thanks to @​ztanner, @​agadzik, @​huozhi, @​styfle, @​icyJoseph and @​wyattjoh for helping!

v14.2.14

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes
  • Fix: clone response in first handler to prevent race (#​70082) (#​70649)
  • Respect reexports from metadata API routes (#​70508) (#​70647)
  • Externalize node binary modules for app router (#​70646)
  • Fix revalidateTag() behaviour when invoked in server components (#​70446) (#​70642)
  • Fix prefetch bailout detection for nested loading segments (#​70618)
  • Add missing node modules to externals (#​70382)
  • Feature: next/image: add support for images.remotePatterns.search (#​70302)
Credits

Huge thanks to @​styfle, @​ztanner, @​ijjk, @​huozhi and @​wyattjoh for helping!

v14.2.13

Compare Source

v14.2.12

Compare Source

v14.2.11

Compare Source


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Copy link

💻 Website Preview

The latest changes are available as preview in: https://fcf52f8f.conductor-t2.pages.dev

Copy link

🐋 This PR was built and pushed to the following Docker images:

Docker Bake metadata
{
"conductor": {
  "buildx.build.provenance": {
    "buildType": "https://mobyproject.org/buildkit@v1",
    "materials": [
      {
        "uri": "pkg:docker/debian@12.5?platform=linux%2Famd64",
        "digest": {
          "sha256": "a92ed51e0996d8e9de041ca05ce623d2c491444df6a535a566dabd5cb8336946"
        }
      },
      {
        "uri": "pkg:docker/rust@1.77.2?platform=linux%2Famd64",
        "digest": {
          "sha256": "83101f6985c93e1e6501b3375de188ee3d2cbb89968bcc91611591f9f447bd42"
        }
      }
    ],
    "invocation": {
      "configSource": {
        "entryPoint": "Dockerfile"
      },
      "parameters": {
        "frontend": "dockerfile.v0",
        "args": {
          "label:org.opencontainers.image.authors": "The Guild <contact@the-guild.dev>",
          "label:org.opencontainers.image.description": "Conductor is a robust GraphQL Gateway.",
          "label:org.opencontainers.image.docs": "https://the-guild.dev/graphql/gateway",
          "label:org.opencontainers.image.licenses": "MIT",
          "label:org.opencontainers.image.revision": "bd9c5c49171a1165bb52607e64cd508047f96393",
          "label:org.opencontainers.image.source": "https://github.com/the-guild-org/conductor",
          "label:org.opencontainers.image.title": "Conductor",
          "label:org.opencontainers.image.url": "https://the-guild.dev/graphql/gateway",
          "label:org.opencontainers.image.vendor": "The Guild",
          "label:org.opencontainers.image.version": ""
        },
        "locals": [
          {
            "name": "context"
          },
          {
            "name": "dockerfile"
          }
        ]
      },
      "environment": {
        "platform": "linux/amd64"
      }
    }
  },
  "buildx.build.ref": "builder-d2756060-2753-49b2-8287-5a0b99ddf170/builder-d2756060-2753-49b2-8287-5a0b99ddf1700/ywauxhqni6mclfx9r66we2wbh",
  "containerimage.config.digest": "sha256:caf28870ca37ad04815514ef65242615dd1b340b3192c976711559d8ea511735",
  "containerimage.descriptor": {
    "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
    "digest": "sha256:43676adbdff13f8f24f1d072540f17cb751a912f24bf688aed814bdc0c569b91",
    "size": 902,
    "platform": {
      "architecture": "amd64",
      "os": "linux"
    }
  },
  "containerimage.digest": "sha256:43676adbdff13f8f24f1d072540f17cb751a912f24bf688aed814bdc0c569b91",
  "image.name": "ghcr.io/the-guild-org/conductor/conductor:bd9c5c49171a1165bb52607e64cd508047f96393"
}
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants