Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn at /. security update group with 2 updates #941

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn at /. security update group with 2 updates #941

wants to merge 2 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 15, 2023
edited
Loading

Bumps the npm_and_yarn at /. security update group with 2 updates: postcss and next.

Updates postcss from 8.4.14 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

8.4.30

8.4.29

8.4.28

  • Fixed Root.source.end for better source map (by @​romainmenke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

8.4.24

  • Fixed Plugin types.

8.4.23

  • Fixed warnings in TypeDoc.

8.4.22

8.4.21

8.4.20

  • Fixed source map generation for childless at-rules like @layer.

8.4.19

  • Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

  • Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

8.4.30

  • Improved source map performance (by Romain Menke).

8.4.29

  • Fixed Node#source.offset (by Ido Rosenthal).
  • Fixed docs (by Christian Oliff).

8.4.28

  • Fixed Root.source.end for better source map (by Romain Menke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

8.4.24

  • Fixed Plugin types.

8.4.23

  • Fixed warnings in TypeDoc.

8.4.22

  • Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

  • Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

  • Fixed source map generation for childless at-rules like @layer.

8.4.19

  • Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

  • Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

  • Fixed Node.before() unexpected behavior (by Romain Menke).
  • Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits

Updates next from 12.3.4 to 14.0.2

Release notes

Sourced from next's releases.

v14.0.2

Core Changes

  • Fix nested esm package default import resolving mismatch: #57784
  • [.next/trace] Serialize trace info across workers to preserve .next/trace with webpackBuildWorker: #57761
  • Add @​highlight-run/node to externals list: #57783
  • perf: change the chunks configuration for server code: #57773
  • [.next/trace] Add tags for webpack build worker: #57818
  • chore: update otel: #57774
  • refactor: remove unnecessary condition: #57835
  • chore: remove styfle from .vercel.approvers: #57841
  • Remove the actionBrowser to RSC client layering issue: #57842
  • Prevent caching page with 304 status: #57737
  • Ensure cache soft tags are correct: #57850
  • Update React from 0c6348758 to 08a39539f: #57852
  • Revert "perf: enable webpack build worker (#57346)": #57854
  • Add serverActions.allowedForwardedHosts option: #57529
  • chore: reword in tree-view: #57884
  • Polish logging segments of page route: #57834
  • Inherit title and description from metadata into social cards: #57857
  • remove legacy handling for suspense option of next/dynamic: #57900
  • fix(next-core): externalcjs resolve options: #57645
  • ppr: fail static generation if postponed & missing postpone data: #57786
  • Reduce FS access for incremental cache: #57902
  • suspend in render, not in reducers: #56497
  • move static worker IPC server behind experimental flag: #57943
  • feat(turbopack): Experimental wasm build: #57906
  • Fix client chunk loading encoding for dynamic route: #57960
  • misc: fix serverComponentsExternalPackages usage for experimental.bundlePagesExternals: #57954
  • Improve grammar of removable Babel config warning: #55088
  • Remove throw for unknown messages in hot-reloader-client: #57353
  • Improve CSRF protection error in Server Actions: #57980
  • fix: updates for resuming postponed in minimal mode: #57375
  • fix: ensure that postponed requests can be resumed in minimal mode: #58011
  • Use distDir from webpack-config in createWebpackAliases: #57268
  • use __NEXT_VERSION compile time replacement: #57512
  • fixes a problem with cache invalidation : #58079
  • feat: always use SWC Wasm fallback when running in WebContainer: #58081
  • update turbopack: #58080
  • fix: normalization and invariant fixes for ppr: #58105
  • ppr: fix fetch postpone not having correct React version: #58107
  • Fix incorrect normalizing in minimal mode: #58116
  • put app client modules into a separate layer: #58130
  • Revert "Revert "Add retry for fetching subsetted Google Fonts"": #58075
  • build: Update swc_core to v0.86.40 and update turbopack: #57904
  • fix(next-core): correct assets url reference condition: #58101
  • build(package): clean up next-swc* pkg properties: #57908
  • fix PPR build output logs: #58149
  • Update React from 08a39539f to 2983249dd.: #58154
  • fix: rsc normalization fixes: #58145

... (truncated)

Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 15, 2023
@ivababukova ivababukova added the safe to run Sensitive jobs are safe to be run label Nov 16, 2023
@codecov Codecov
Copy link

codecov bot commented Nov 16, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (b9f2147) 85.07% compared to head (1a7cdcb) 85.05%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #941      +/-   ##
==========================================
- Coverage   85.07%   85.05%   -0.02%     
==========================================
  Files         547      547              
  Lines       10046    10046              
  Branches     2170     2170              
==========================================
- Hits         8547     8545       -2     
- Misses       1439     1441       +2     
  Partials       60       60

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@alexvpickering
Copy link
Contributor

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/postcss-and-next-8.4.31 branch 4 times, most recently from f44d86a to ec77866 Compare November 20, 2023 19:02
@dependabot
Bump the npm_and_yarn at /. security update group with 2 updates
3a45431 
Bumps the npm_and_yarn at /. security update group with 2 updates: [postcss](https://github.com/postcss/postcss) and [next](https://github.com/vercel/next.js).


Updates `postcss` from 8.4.14 to 8.4.31
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.14...8.4.31)

Updates `next` from 12.3.4 to 14.0.2
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v12.3.4...v14.0.2)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: indirect
- dependency-name: next
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/postcss-and-next-8.4.31 branch from ec77866 to 3a45431 Compare November 22, 2023 14:12
@ivababukova
Copy link
Member

@alexvpickering about the failure in the build -- according to this github issue: vercel/next.js#57385 we need to update our version of node for this to work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file safe to run Sensitive jobs are safe to be run
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alexvpickering @ivababukova