next-store
next-store copied to clipboard
Published
20 hours ago •
Answart
Answart
[Snyk] Security upgrade next from 9.0.5 to 11.1.0
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- client/package.json
- client/package-lock.json
- client/.snyk
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
No | Proof of Concept |
 |
539/1000 Why? Has a fix available, CVSS 6.5 |
Cross-site Scripting (XSS) SNYK-JS-DEVALUE-536388 |
No | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905 |
No | Proof of Concept |
|
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-MINIMIST-559764 |
No | Proof of Concept |
|
449/1000 Why? Has a fix available, CVSS 4.7 |
Open Redirect SNYK-JS-NEXT-1540422 |
Yes | No Known Exploit |
|
434/1000 Why? Has a fix available, CVSS 4.4 |
Path Traversal SNYK-JS-NEXT-561584 |
No | No Known Exploit |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840 |
No | No Known Exploit |
|
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7 |
Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: next
The new version differs by 250 commits.- ce4adfc v11.1.0
- 092a476 v11.0.2-canary.31
- ebb6a30 Revert "Add warning during `next build` when sharp is missing (#27933)"
- 52486ce v11.0.2-canary.30
- 8ac3254 Revert "Next swc publish flow (#27932)"
- 6014b6e v11.0.2-canary.29
- 4cd45aa Add rootDir setting to eslint-plugin-next (#27918)
- e61ea6f Add manifest check step and add missing items (#27934)
- 94fc6f0 Next swc publish flow (#27932)
- 51a2a02 Add warning during `next build` when sharp is missing (#27933)
- 459b391 Add experimental `concurrentFeatures` config (#27768)
- 3c837ed test(next): add tests for Node-like hashbang support (#27906)
- 12eb812 Add data-nimg attribute to image component (#27899)
- b4be678 Remove duplicate type for StaticImageData (#27931)
- 83b3ceb Update release stats job name (#27923)
- 681d298 update to webpack 5.50.0 (#27929)
- b881d65 Adding a missing a period (#27928)
- 43393d5 Fix `next/script` unhandled promise rejection (#27903)
- eb871d3 Replace `placeholder` with `blurDataURL` in global `StaticImageData` type (#27916)
- 0cc4a98 Little typo (#27911)
- 8cbaa40 v11.0.2-canary.28
- 97174ac Add with-cypress example (#27900)
- 6a32d85 Update with-jest example (#27894)
- 9d3e895 Upgrade styled-jsx to v4 (#27890)
With a Snyk patch:
| Severity | Priority Score (*) | Issue | Exploit Maturity |
|---|---|---|---|
|
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3 |
Prototype Pollution SNYK-JS-LODASH-567746 |
Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
