query icon indicating copy to clipboard operation
query copied to clipboard
verified publisher icon TanStack

chore(deps): update dependency next to v14.2.30 [security]

Open renovate[bot] opened this issue 6 months ago • 4 comments

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
next (source) 14.2.28 -> 14.2.30 age adoption passing confidence

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2025-48068

Summary

A low-severity vulnerability in Next.js has been fixed in version 15.2.2. This issue may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a malicious webpage while npm run dev is active.

Because the mitigation is potentially a breaking change for some development setups, to opt-in to the fix, you must configure allowedDevOrigins in your next config after upgrading to a patched version. Learn more.

Learn more: https://vercel.com/changelog/cve-2025-48068

Credit

Thanks to sapphi-red and Radman Siddiki for responsibly disclosing this issue.

Release Notes

vercel/next.js (next)

v14.2.30

Compare Source

v14.2.29

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate[bot] avatar May 29 '25 09:05 renovate[bot]

🤖 Nx Cloud AI Fix Eligible

An automatically generated fix could have helped fix failing tasks for this run, but Self-healing CI is disabled for this workspace. Visit workspace settings to enable it and get automatic fixes in future runs.

To disable these notifications, a workspace admin can disable them in workspace settings.

View your CI Pipeline Execution ↗ for commit 1b7ec2968aa4f634d5ca43ad186676961ad8ef4a

Command Status Duration Result
nx affected --targets=test:sherif,test:knip,tes... ❌ Failed 1m 52s View ↗
nx run-many --target=build --exclude=examples/*... ❌ Failed 1m 21s View ↗

☁️ Nx Cloud last updated this comment at 2025-08-13 14:54:12 UTC

nx-cloud[bot] avatar May 29 '25 09:05 nx-cloud[bot]

More templates

@tanstack/angular-query-devtools-experimental

npm i https://pkg.pr.new/@tanstack/angular-query-devtools-experimental@9214
@tanstack/angular-query-experimental

npm i https://pkg.pr.new/@tanstack/angular-query-experimental@9214
@tanstack/eslint-plugin-query

npm i https://pkg.pr.new/@tanstack/eslint-plugin-query@9214
@tanstack/query-async-storage-persister

npm i https://pkg.pr.new/@tanstack/query-async-storage-persister@9214
@tanstack/query-broadcast-client-experimental

npm i https://pkg.pr.new/@tanstack/query-broadcast-client-experimental@9214
@tanstack/query-core

npm i https://pkg.pr.new/@tanstack/query-core@9214
@tanstack/query-devtools

npm i https://pkg.pr.new/@tanstack/query-devtools@9214
@tanstack/query-persist-client-core

npm i https://pkg.pr.new/@tanstack/query-persist-client-core@9214
@tanstack/query-sync-storage-persister

npm i https://pkg.pr.new/@tanstack/query-sync-storage-persister@9214
@tanstack/react-query

npm i https://pkg.pr.new/@tanstack/react-query@9214
@tanstack/react-query-devtools

npm i https://pkg.pr.new/@tanstack/react-query-devtools@9214
@tanstack/react-query-next-experimental

npm i https://pkg.pr.new/@tanstack/react-query-next-experimental@9214
@tanstack/react-query-persist-client

npm i https://pkg.pr.new/@tanstack/react-query-persist-client@9214
@tanstack/solid-query

npm i https://pkg.pr.new/@tanstack/solid-query@9214
@tanstack/solid-query-devtools

npm i https://pkg.pr.new/@tanstack/solid-query-devtools@9214
@tanstack/solid-query-persist-client

npm i https://pkg.pr.new/@tanstack/solid-query-persist-client@9214
@tanstack/svelte-query

npm i https://pkg.pr.new/@tanstack/svelte-query@9214
@tanstack/svelte-query-devtools

npm i https://pkg.pr.new/@tanstack/svelte-query-devtools@9214
@tanstack/svelte-query-persist-client

npm i https://pkg.pr.new/@tanstack/svelte-query-persist-client@9214
@tanstack/vue-query

npm i https://pkg.pr.new/@tanstack/vue-query@9214
@tanstack/vue-query-devtools

npm i https://pkg.pr.new/@tanstack/vue-query-devtools@9214

commit: cfdb81f

pkg-pr-new[bot] avatar May 29 '25 09:05 pkg-pr-new[bot]

Sizes for commit cfdb81f54c00e608cf689f3ba52f451bbf603184:

Branch Bundle Size
Main
This PR

github-actions[bot] avatar May 29 '25 09:05 github-actions[bot]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 47.01%. Comparing base (34eedd6) to head (cfdb81f). Report is 36 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #9214      +/-   ##
==========================================
+ Coverage   45.24%   47.01%   +1.77%     
==========================================
  Files         209      209              
  Lines        8247     9127     +880     
  Branches     1859     2177     +318     
==========================================
+ Hits         3731     4291     +560     
- Misses       4076     4332     +256     
- Partials      440      504      +64
Components Coverage Δ
@tanstack/angular-query-devtools-experimental ∅ <ø> (∅)
@tanstack/angular-query-experimental 85.45% <ø> (+0.40%) :arrow_up:
@tanstack/eslint-plugin-query 83.24% <ø> (ø)
@tanstack/query-async-storage-persister 43.85% <ø> (ø)
@tanstack/query-broadcast-client-experimental 24.39% <ø> (ø)
@tanstack/query-codemods 0.00% <ø> (ø)
@tanstack/query-core 98.00% <ø> (-0.13%) :arrow_down:
@tanstack/query-devtools 3.06% <ø> (-0.50%) :arrow_down:
@tanstack/query-persist-client-core 79.35% <ø> (+1.03%) :arrow_up:
@tanstack/query-sync-storage-persister 84.61% <ø> (ø)
@tanstack/query-test-utils 77.77% <ø> (ø)
@tanstack/react-query 96.39% <ø> (+0.39%) :arrow_up:
@tanstack/react-query-devtools 10.00% <ø> (ø)
@tanstack/react-query-next-experimental ∅ <ø> (∅)
@tanstack/react-query-persist-client 100.00% <ø> (ø)
@tanstack/solid-query 80.27% <ø> (+2.07%) :arrow_up:
@tanstack/solid-query-devtools ∅ <ø> (∅)
@tanstack/solid-query-persist-client 100.00% <ø> (ø)
@tanstack/svelte-query 87.09% <ø> (-1.07%) :arrow_down:
@tanstack/svelte-query-devtools ∅ <ø> (∅)
@tanstack/svelte-query-persist-client 100.00% <ø> (ø)
@tanstack/vue-query 73.35% <ø> (+2.49%) :arrow_up:
@tanstack/vue-query-devtools ∅ <ø> (∅)
:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov[bot] avatar May 29 '25 09:05 codecov[bot]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 15.x releases. But if you manually upgrade to 15.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

renovate[bot] avatar Aug 19 '25 10:08 renovate[bot]