next-reason-boilerplate icon indicating copy to clipboard operation
next-reason-boilerplate copied to clipboard

Published 20 hours ago β€’ verified publisher icon Enalmada

[Snyk] Security upgrade next from 7.0.2 to 9.3.4

Open Enalmada opened this issue 2 years ago β€’ 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: next The new version differs by 250 commits.
  • 8c899ee v9.3.4
  • e000d84 v9.3.4-canary.4
  • 7b546a9 Update hello-world example React version & name for CodeSandbox (#11550)
  • a37ad0a Add notes to styled-components example README (#11540)
  • a992444 v9.3.4-canary.3
  • 3f6bd47 Update build output with renamed column (#11401)
  • 1992e2a Example/update unstated (#11534)
  • d61eced Update to make sure AMP only bundles are always removed in pro… (#11527)
  • fa5da6d Remove passing of NODE_OPTIONS='--inspect' to subprocesses (#11041)
  • f9cd7c5 v9.3.4-canary.2
  • c17ee73 Generic Type for GetStaticPaths (#11430)
  • 2263876 added "with-route-as-modal" example (#11473)
  • f2315ff update auth0 example with getServerSideProps (#11051)
  • b307ed9 Update checking for existing dotenv usage (#11496)
  • b8d075e Update environment support (#11524)
  • ce3f7d0 Drop url dependency (#11503)
  • 0bfc0b3 v9.3.4-canary.1
  • b88f20c Fix lockfile
  • d7f9a52 correct babel dev dependency
  • 755dc40 postcss loaders
  • a3ec26d ignore-loader
  • 8dad5ab file-loader
  • c855a38 babel-loader, cache-loader
  • 84a46df thread-loader

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

πŸ›  Adjust project settings

πŸ“š Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

πŸ¦‰ Learn about vulnerability in an interactive lesson of Snyk Learn.

Enalmada avatar May 13 '22 23:05 Enalmada