Releases: Hombre2014/nextjs-14-auth-v5-tutorial
Security update
Bump js-cookie from 3.0.5 to 3.0.7
What's Changed
- build(deps): bump js-cookie from 3.0.5 to 3.0.7 by @dependabot[bot] in #38
Full Changelog: v1.9.0...v1.9.1
Contributors
Assets 2
Many security updates
Several security updates:
What's Changed
- build(deps): bump next from 16.2.3 to 16.2.6 by @dependabot[bot] in #31
- fix: override postcss to >=8.5.10 to patch XSS vulnerability by @Hombre2014 in #32
- build(deps): bump next from 16.1.7 to 16.2.6 by @dependabot[bot] in #33
- build(deps-dev): bump flatted from 3.3.3 to 3.4.2 by @dependabot[bot] in #34
- build(deps): bump picomatch by @dependabot[bot] in #35
- build(deps): bump brace-expansion from 5.0.4 to 5.0.6 by @dependabot[bot] in #36
- build(deps): bump yaml from 2.7.0 to 2.9.0 by @dependabot[bot] in #37
Full Changelog: v1.8.2...v1.9.0
Contributors
Assets 2
Security update
Security updates:
What's Changed
- build(deps): bump uuid from 9.0.1 to 14.0.0 by @dependabot[bot] in #29
- build(deps-dev): bump postcss from 8.5.3 to 8.5.10 by @dependabot[bot] in #30
Full Changelog: v1.8.1...v1.8.2
Contributors
Assets 2
Security update
Security update.
What's Changed
- build(deps): bump next from 16.1.7 to 16.2.3 by @dependabot[bot] in #28
Full Changelog: v1.8.0...v1.8.1
Contributors
Assets 2
Security update
Several security updates.
What's Changed
- build(deps): bump picomatch by @dependabot[bot] in #24
- build(deps-dev): bump flatted from 3.3.3 to 3.4.2 by @dependabot[bot] in #25
- build(deps): bump brace-expansion from 5.0.4 to 5.0.5 by @dependabot[bot] in #26
- build(deps): bump yaml from 2.7.0 to 2.8.3 by @dependabot[bot] in #27
Full Changelog: v1.7.0...v1.8.0
Contributors
Assets 2
Security update
Security update:
What's Changed
- fix: update editorconfig, glob, and @typescript-eslint/typescript-est… by @Hombre2014 in #23
Full Changelog: v1.6.0...v1.7.0
Contributors
Assets 2
Security update
Next.js: Unbounded postponed resume buffering can lead to DoS #58
URL: https://github.com/Hombre2014/nextjs-14-auth-v5-tutorial/security/dependabot/58
What's Changed
- build(deps): bump next from 16.1.6 to 16.1.7 by @dependabot[bot] in #22
Full Changelog: v1.5.0...v1.6.0
Contributors
Assets 2
Security update
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments #49
URL: https://github.com/Hombre2014/nextjs-14-auth-v5-tutorial/security/dependabot/49
The minimatch package is vulnerable to Regular Expression Denial of Service (ReDoS) attacks due to the way it handles multiple non-adjacent GLOBSTAR segments in its matchOne() function. An attacker can craft a malicious input that causes the function to perform excessive backtracking, leading to a denial of service.
What's Changed
- build(deps): bump minimatch and editorconfig by @dependabot[bot] in #21
Full Changelog: v1.4.0...v1.5.0
Contributors
Assets 2
Security update
There was a Critical severity update - @isaacs/brace-expansion has Uncontrolled Resource Consumption.
For more information please, see this: isaacs/minimatch#254
What's Changed
- build(deps): bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 by @dependabot[bot] in #20
Full Changelog: v1.3.0...v1.4.0
Contributors
Assets 2
Dependencies updates
The vulnerable glob version is being required by the following packages in your dependency tree:
js-beautify
sucrase
These two packages are pulling in glob@10.4.5 or lower, which is why Dependabot cannot update glob to a non-vulnerable version. To resolve the vulnerability, you will need to check if js-beautify and/or sucrase have newer versions that support glob@10.5.0 or later, and update them accordingly.
What's Changed
- build(deps): bump next from 16.1.1 to 16.1.6 by @dependabot[bot] in #18
- fix: the dependencies issue by @Hombre2014 in #19
Full Changelog: v1.2.2...v1.3.0