René's URL Explorer Experiment

Title: 🚨 [security] Update next: 12.0.8 → 12.0.9 (patch) by depfu[bot] · Pull Request #122 · javaistic/javaistic · GitHub

Open Graph Title: 🚨 [security] Update next: 12.0.8 → 12.0.9 (patch) by depfu[bot] · Pull Request #122 · javaistic/javaistic

X Title: 🚨 [security] Update next: 12.0.8 → 12.0.9 (patch) by depfu[bot] · Pull Request #122 · javaistic/javaistic

Description: 🚨 Your current dependencies have known security vulnerabilities 🚨 This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible! Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request. What changed? ✳️ next (12.0.8 → 12.0.9) · Repo Security Advisories 🚨 🚨 DOS Vulnerability for self-hosted next.js apps using i18n Impact Vulnerable code could allow a bad actor to trigger a denial of service attack for anyone running a Next.js app at version >= 12.0.0, and using i18n functionality. Affected: All of the following must be true to be affected by this CVE Next.js versions above v12.0.0 Using next start or a custom server Using the built-in i18n support Not affected: Deployments on Vercel (vercel.com) are not affected along with similar environments where invalid requests are filtered before reaching Next.js. Patches A patch has been released, next@12.0.9, that mitigates this issue. We recommend all affected users upgrade as soon as possible. Workarounds We recommend upgrading whether you can reproduce or not although you can ensure /${locale}/_next/ is blocked from reaching the Next.js instance until you upgrade. For more information If you have any questions or comments about this advisory: Open an issue in next Email us at security@vercel.com Release Notes 12.0.9 Core Changes middlewares: limit process.env to inferred usage: #33186 update webpack: #33207 Abstract out native filesystem usage from the base server: #33226 use text data url instead of base64 for shorter encoding: #33218 chore(deps): upgrade postcss: #33142 Fix global process testing for the process polyfill: #33220 Update swc: #33201 improve full refresh overlay: #33301 Custom app for server components: #33149 Update yarn PnP tests and disable swc file reading for PnP: #33236 Base Http for BaseServer: #32999 Update swc: #33342 Update check for fallback pages during export: #33323 Pre-compile more dependencies: #32742 Remove node fetch polyfill from base server: #33395 Replace regexp to plain string for optimization render HTML: #33306 Fix broken html on streaming render for error page: #33399 Disable cache for rsc pages: #33438 Fix pre-compiled check from copying react-refresh-utils: #33442 fix(next-swc): Update swc: #33427 Move middleware handling to node server: #33448 Enforce absolute URLs in Edge Functions runtime: #33410 feat(next-swc): Update swc: #33461 Update main field for nccd jest-worker: #33465 chore(deps): upgrade node-fetch: #33466 Move static serving to next server: #33475 feat(next-swc): Update swc: #33485 Fix multiple calls to image onLoadingComplete(): #33474 Refactor base server to remove native dependencies: #33499 Update swc: #33514 Implement abstract methods to get manifest files in the base server: #33537 Simplify getMiddlewareInfo calls: #33542 Fix static file check with i18n: #33503 Bump styled-jsx: #33546 Ensure optional value normalizing is correct for index: #33547 Bump nft to 0.17.4: #33548 Add next-multilingual example: #29386 Removed the s from NextConfig: #33560 feat(next-swc): Update swc: #33595 Fix rsc export component name detection: #33608 upgrade webpack: #33549 Ensure fetch polyfill is loaded in next-server: #33616 feat(next-swc): Update swc: #33628 Add lazyRoot optional property to next/image component : #33290 feat(next-swc): Update swc: #33675 Implement web server as the request handler for edge SSR: #33635 Relay Support in Rust Compiler: #33240 Revert "Relay Support in Rust Compiler": #33699 Documentation Changes Fixed broken link related to the recently merged Data fetching docs refactor: #33209 Removed backticks on data fetching api titles: #33216 Added links to data fetching api refs, fixed title: #33221 Remove outdated & possibly confusing statement about redirects: #33224 [examples] Add a statically generated blog example using Next.js and Builder.io: #22094 Typo Fix: #33252 Update font-optimization.md: #33266 Fixed broken links in data fetching docs: #33250 docs: Mention middleware for getStaticProps: #33273 Add sections for Remove React Properties and Remove Console to compiler docs: #33311 Update links in next export + next/image error message: #33317 Add onLoad gottcha note to next/script docs: #33097 Update security-headers.md: fix path does not match homepage: #33137 fix minor typo in SWR: #33378 ReferenceError in authentication.md example fixed: #33411 docs: fix url: #33409 fix(docs): Fix typo in Custom Build Id docs: #33515 [docs] Update authentication docs to fix iron-session link.: #33483 docs(authentication): fix iron-session example link: #33502 Update middleware documentation for custom server: #33535 Removed unrequired path in docs' manifest: #33579 Update next/server documentation for geo: #33609 Clarify next/image usage with next export based on feedback.: #33555 Clarify headers config option description: #33484 fix(errors/no-cache): netlify-plugin-cache-nextjs has been deprecated: #33629 Updated docs for getServerSideProps and getStaticProps return values: #33577 Use relative path for example: #33565 chore(docs): update security headers specification: #33673 REMOVE: duplicate key in docs/testing.md: #33681 Example Changes [examples] Update remark dependency for blog-starter: #33313 Update package.json for examples/with-supabase-auth-realtime-db: #33321 Working example for building forms with Next.js: #32669 Updates dependency version of frontend SDK in with-supertokens example: #33393 docs: add skynexui to examples: #33326 Update with-linaria dependency: #33487 Update Supabase example README.: #33610 [examples] Add new Tailwind CSS Prettier plugin to example: #33614 Misc Changes Update license year fix(docs): master branch renaming: #33312 Add link to security email directly.: #33358 Fix getServerSideProps hanging in dev on early end: #33366 [docs] Fix 404 link for testing example.: #33407 Update to latest version of turbo: #33613 Update other instances of node-fetch: #33617 Does any of this look wrong? Please let us know. Commits See the full diff on Github. The new version differs by more commits than we can show here. Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase. All Depfu comment commands @​depfu rebaseRebases against your default branch and redoes this update @​depfu recreateRecreates this PR, overwriting any edits that you've made to it @​depfu mergeMerges this PR once your tests are passing and conflicts are resolved @​depfu closeCloses this PR and deletes the branch @​depfu reopenRestores the branch and reopens this PR (if it's closed) @​depfu pauseIgnores all future updates for this dependency and closes this PR @​depfu pause [minor|major]Ignores all future minor/major updates for this dependency and closes this PR @​depfu resumeFuture versions of this dependency will create PRs again (leaves this PR as is)

Open Graph Description: 🚨 Your current dependencies have known security vulnerabilities 🚨 This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We rec...

X Description: 🚨 Your current dependencies have known security vulnerabilities 🚨 This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We rec...

Opengraph URL: https://github.com/javaistic/javaistic/pull/122

X: @github

direct link

Domain: github.com

Links:

Viewport: width=device-width