profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/c8r/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Compositor c8r NYC / ID / LDN https://compositor.io Design and development tools for people who build the web

c8r/x0 1704

Document & develop React components without breaking a sweat

c8r/kit 1211

Tools for developing, documenting, and testing React component libraries

c8r/pixo 368

Convert SVG icons into React components

c8r/lab 348

React UI component design tool

c8r/micro-react 163

Create microservice apps with React components

c8r/iso 158

Build pages and prototypes with Lab UI components. No configuration or build setup required.

c8r/gen 96

Compositor JSX static site generator

c8r/lab-portfolio-kit 58

UI components and templates for building a portfolio with Compositor Lab and Iso

c8r/lab-cli 52

Command line utilities and exporting module for Compositor Lab

startedc8r/kit

started time in 17 days

startedc8r/x0

started time in 17 days

startedc8r/jsx-loader

started time in 17 days

startedc8r/kit

started time in 25 days

startedc8r/x0

started time in 25 days

startedc8r/iso

started time in 25 days

delete branch c8r/kit

delete branch : dependabot/npm_and_yarn/templates/next/prismjs-1.24.0

delete time in a month

PR closed c8r/kit

Bump prismjs from 1.14.0 to 1.24.0 in /templates/next dependencies

Bumps prismjs from 1.14.0 to 1.24.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PrismJS/prism/releases">prismjs's releases</a>.</em></p> <blockquote> <h2>v1.24.0</h2> <p>Release 1.24.0</p> <h2>v1.23.0</h2> <p>Release 1.23.0</p> <h2>v1.22.0</h2> <p>Release 1.22.0</p> <h2>v1.21.0</h2> <p>Release 1.21.0</p> <h2>v1.20.0</h2> <p>Release 1.20.0</p> <h2>v1.19.0</h2> <p>Release 1.19.0</p> <h2>v1.18.0</h2> <p>Release 1.18.0</p> <h2>v1.17.1</h2> <p>Release 1.17.1</p> <h2>v1.17.0</h2> <p>Release 1.17.0</p> <h2>v1.16.0</h2> <p>Release 1.16.0</p> <h2>v1.15.0</h2> <p>Release 1.15.0</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PrismJS/prism/blob/master/CHANGELOG.md">prismjs's changelog</a>.</em></p> <blockquote> <h2>1.24.0 (2021-06-27)</h2> <h3>New components</h3> <ul> <li><strong>CFScript</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2771">#2771</a>) <a href="https://github.com/PrismJS/prism/commit/b0a6ec85"><code>b0a6ec85</code></a></li> <li><strong>ChaiScript</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2706">#2706</a>) <a href="https://github.com/PrismJS/prism/commit/3f7d7453"><code>3f7d7453</code></a></li> <li><strong>COBOL</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2800">#2800</a>) <a href="https://github.com/PrismJS/prism/commit/7e5f78ff"><code>7e5f78ff</code></a></li> <li><strong>Coq</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2803">#2803</a>) <a href="https://github.com/PrismJS/prism/commit/41e25d3c"><code>41e25d3c</code></a></li> <li><strong>CSV</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2794">#2794</a>) <a href="https://github.com/PrismJS/prism/commit/f9b69528"><code>f9b69528</code></a></li> <li><strong>DOT (Graphviz)</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2690">#2690</a>) <a href="https://github.com/PrismJS/prism/commit/1f91868e"><code>1f91868e</code></a></li> <li><strong>False</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2802">#2802</a>) <a href="https://github.com/PrismJS/prism/commit/99a21dc5"><code>99a21dc5</code></a></li> <li><strong>ICU Message Format</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2745">#2745</a>) <a href="https://github.com/PrismJS/prism/commit/bf4e7ba9"><code>bf4e7ba9</code></a></li> <li><strong>Idris</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2755">#2755</a>) <a href="https://github.com/PrismJS/prism/commit/e9314415"><code>e9314415</code></a></li> <li><strong>Jexl</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2764">#2764</a>) <a href="https://github.com/PrismJS/prism/commit/7e51b99c"><code>7e51b99c</code></a></li> <li><strong>KuMir (КуМир)</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2760">#2760</a>) <a href="https://github.com/PrismJS/prism/commit/3419fb77"><code>3419fb77</code></a></li> <li><strong>Log file</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2796">#2796</a>) <a href="https://github.com/PrismJS/prism/commit/2bc6475b"><code>2bc6475b</code></a></li> <li><strong>Nevod</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2798">#2798</a>) <a href="https://github.com/PrismJS/prism/commit/f84c49c5"><code>f84c49c5</code></a></li> <li><strong>OpenQasm</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2797">#2797</a>) <a href="https://github.com/PrismJS/prism/commit/1a2347a3"><code>1a2347a3</code></a></li> <li><strong>PATROL Scripting Language</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2739">#2739</a>) <a href="https://github.com/PrismJS/prism/commit/18c67b49"><code>18c67b49</code></a></li> <li><strong>Q#</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2804">#2804</a>) <a href="https://github.com/PrismJS/prism/commit/1b63cd01"><code>1b63cd01</code></a></li> <li><strong>Rego</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2624">#2624</a>) <a href="https://github.com/PrismJS/prism/commit/e38986f9"><code>e38986f9</code></a></li> <li><strong>Squirrel</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2721">#2721</a>) <a href="https://github.com/PrismJS/prism/commit/fd1081d2"><code>fd1081d2</code></a></li> <li><strong>URI</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2708">#2708</a>) <a href="https://github.com/PrismJS/prism/commit/bbc77d19"><code>bbc77d19</code></a></li> <li><strong>V</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2687">#2687</a>) <a href="https://github.com/PrismJS/prism/commit/72962701"><code>72962701</code></a></li> <li><strong>Wolfram language</strong> & <strong>Mathematica</strong> & <strong>Mathematica Notebook</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2921">#2921</a>) <a href="https://github.com/PrismJS/prism/commit/c4f6b2cc"><code>c4f6b2cc</code></a></li> </ul> <h3>Updated components</h3> <ul> <li>Fixed problems reported by <code>regexp/no-dupe-disjunctions</code> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2952">#2952</a>) <a href="https://github.com/PrismJS/prism/commit/f471d2d7"><code>f471d2d7</code></a></li> <li>Fixed some cases of quadratic worst-case runtime (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2922">#2922</a>) <a href="https://github.com/PrismJS/prism/commit/79d22182"><code>79d22182</code></a></li> <li>Fixed 2 cases of exponential backtracking (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2774">#2774</a>) <a href="https://github.com/PrismJS/prism/commit/d85e30da"><code>d85e30da</code></a></li> <li><strong>AQL</strong> <ul> <li>Update for ArangoDB 3.8 (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2842">#2842</a>) <a href="https://github.com/PrismJS/prism/commit/ea82478d"><code>ea82478d</code></a></li> </ul> </li> <li><strong>AutoHotkey</strong> <ul> <li>Improved tag pattern (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2920">#2920</a>) <a href="https://github.com/PrismJS/prism/commit/fc2a3334"><code>fc2a3334</code></a></li> </ul> </li> <li><strong>Bash</strong> <ul> <li>Accept hyphens in function names (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2832">#2832</a>) <a href="https://github.com/PrismJS/prism/commit/e4ad22ad"><code>e4ad22ad</code></a></li> <li>Fixed single-quoted strings (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2792">#2792</a>) <a href="https://github.com/PrismJS/prism/commit/e5cfdb4a"><code>e5cfdb4a</code></a></li> </ul> </li> <li><strong>C++</strong> <ul> <li>Added support for generic functions and made <code>::</code> punctuation (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2814">#2814</a>) <a href="https://github.com/PrismJS/prism/commit/3df62fd0"><code>3df62fd0</code></a></li> <li>Added missing keywords and modules (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2763">#2763</a>) <a href="https://github.com/PrismJS/prism/commit/88fa72cf"><code>88fa72cf</code></a></li> </ul> </li> <li><strong>Dart</strong> <ul> <li>Improved support for classes & generics (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2810">#2810</a>) <a href="https://github.com/PrismJS/prism/commit/d0bcd074"><code>d0bcd074</code></a></li> </ul> </li> <li><strong>Docker</strong> <ul> <li>Improvements (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2720">#2720</a>) <a href="https://github.com/PrismJS/prism/commit/93dd83c2"><code>93dd83c2</code></a></li> </ul> </li> <li><strong>Elixir</strong> <ul> <li>Added missing keywords (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2958">#2958</a>) <a href="https://github.com/PrismJS/prism/commit/114e4626"><code>114e4626</code></a></li> <li>Added missing keyword and other improvements (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2773">#2773</a>) <a href="https://github.com/PrismJS/prism/commit/e6c0d298"><code>e6c0d298</code></a></li> <li>Added <code>defdelagate</code> keyword and highlighting for function/module names (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2709">#2709</a>) <a href="https://github.com/PrismJS/prism/commit/59f725d7"><code>59f725d7</code></a></li> </ul> </li> <li><strong>F#</strong></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PrismJS/prism/commit/3432b4b1e4440d6592ed82b6b5b9e72f660e43a8"><code>3432b4b</code></a> 1.24.0</li> <li><a href="https://github.com/PrismJS/prism/commit/46d07207687fa747018b6676250507a486c0117f"><code>46d0720</code></a> Updated <code>.npmignore</code> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2971">#2971</a>)</li> <li><a href="https://github.com/PrismJS/prism/commit/aef7f08df6d6fe1e027ee3ab347c2f391c0c1045"><code>aef7f08</code></a> Changelog for v1.24.0 (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2965">#2965</a>)</li> <li><a href="https://github.com/PrismJS/prism/commit/e9477d8369bc59cacc99d1d81abfe3e20b7df258"><code>e9477d8</code></a> Markdown: Improved code snippets (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2967">#2967</a>)</li> <li><a href="https://github.com/PrismJS/prism/commit/4b55bd6af88559d430fc195fbe5845364ade8df1"><code>4b55bd6</code></a> Made Match Braces and Custom Class compatible (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2947">#2947</a>)</li> <li><a href="https://github.com/PrismJS/prism/commit/e8d3b50330a325a8291f20d63f60e68a985ae738"><code>e8d3b50</code></a> ESLint: Added <code>regexp/strict</code> rule (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2944">#2944</a>)</li> <li><a href="https://github.com/PrismJS/prism/commit/bfd7fded29755510571e3abf0846f2a9edf44ef6"><code>bfd7fde</code></a> GraphQL: Fixed <code>definition-query</code> and <code>definition-mutation</code> tokens (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2964">#2964</a>)</li> <li><a href="https://github.com/PrismJS/prism/commit/14e3868f05f84d05885f5465264c5c72e6ca9490"><code>14e3868</code></a> Fixed reST test</li> <li><a href="https://github.com/PrismJS/prism/commit/a7656de67a07e6415fe0c7149708c8613ff73c12"><code>a7656de</code></a> reST: Fixed <code>inline</code> pattern (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2946">#2946</a>)</li> <li><a href="https://github.com/PrismJS/prism/commit/b4ac0618156a13ab04ff685c5091cb436e8a13a4"><code>b4ac061</code></a> ESLint: Use cache (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2959">#2959</a>)</li> <li>Additional commits viewable in <a href="https://github.com/PrismJS/prism/compare/v1.14.0...v1.24.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~rundevelopment">rundevelopment</a>, a new releaser for prismjs since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+2 -30

1 comment

1 changed file

dependabot[bot]

pr closed time in a month

pull request commentc8r/kit

Bump prismjs from 1.14.0 to 1.24.0 in /templates/next

Superseded by #233.

dependabot[bot]

comment created time in a month

create barnchc8r/kit

branch : dependabot/npm_and_yarn/templates/next/prismjs-1.25.0

created branch time in a month

PR opened c8r/kit

Bump prismjs from 1.14.0 to 1.25.0 in /templates/next

Bumps prismjs from 1.14.0 to 1.25.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PrismJS/prism/releases">prismjs's releases</a>.</em></p> <blockquote> <h2>v1.25.0</h2> <p>Release 1.25.0</p> <h2>v1.24.1</h2> <p>Release 1.24.1</p> <h2>v1.24.0</h2> <p>Release 1.24.0</p> <h2>v1.23.0</h2> <p>Release 1.23.0</p> <h2>v1.22.0</h2> <p>Release 1.22.0</p> <h2>v1.21.0</h2> <p>Release 1.21.0</p> <h2>v1.20.0</h2> <p>Release 1.20.0</p> <h2>v1.19.0</h2> <p>Release 1.19.0</p> <h2>v1.18.0</h2> <p>Release 1.18.0</p> <h2>v1.17.1</h2> <p>Release 1.17.1</p> <h2>v1.17.0</h2> <p>Release 1.17.0</p> <h2>v1.16.0</h2> <p>Release 1.16.0</p> <h2>v1.15.0</h2> <p>Release 1.15.0</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PrismJS/prism/blob/master/CHANGELOG.md">prismjs's changelog</a>.</em></p> <blockquote> <h2>1.25.0 (2021-09-16)</h2> <h3>New components</h3> <ul> <li><strong>AviSynth</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3071">#3071</a>) <a href="https://github.com/PrismJS/prism/commit/746a4b1a"><code>746a4b1a</code></a></li> <li><strong>Avro IDL</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3051">#3051</a>) <a href="https://github.com/PrismJS/prism/commit/87e5a376"><code>87e5a376</code></a></li> <li><strong>Bicep</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3027">#3027</a>) <a href="https://github.com/PrismJS/prism/commit/c1dce998"><code>c1dce998</code></a></li> <li><strong>GAP (CAS)</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3054">#3054</a>) <a href="https://github.com/PrismJS/prism/commit/23cd9b65"><code>23cd9b65</code></a></li> <li><strong>GN</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3062">#3062</a>) <a href="https://github.com/PrismJS/prism/commit/4f97b82b"><code>4f97b82b</code></a></li> <li><strong>Hoon</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2978">#2978</a>) <a href="https://github.com/PrismJS/prism/commit/ea776756"><code>ea776756</code></a></li> <li><strong>Kusto</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3068">#3068</a>) <a href="https://github.com/PrismJS/prism/commit/e008ea05"><code>e008ea05</code></a></li> <li><strong>Magma (CAS)</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3055">#3055</a>) <a href="https://github.com/PrismJS/prism/commit/a1b67ce3"><code>a1b67ce3</code></a></li> <li><strong>MAXScript</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3060">#3060</a>) <a href="https://github.com/PrismJS/prism/commit/4fbdd2f8"><code>4fbdd2f8</code></a></li> <li><strong>Mermaid</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3050">#3050</a>) <a href="https://github.com/PrismJS/prism/commit/148c1eca"><code>148c1eca</code></a></li> <li><strong>Razor C#</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3064">#3064</a>) <a href="https://github.com/PrismJS/prism/commit/4433ccfc"><code>4433ccfc</code></a></li> <li><strong>Systemd configuration file</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3053">#3053</a>) <a href="https://github.com/PrismJS/prism/commit/8df825e0"><code>8df825e0</code></a></li> <li><strong>Wren</strong> (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3063">#3063</a>) <a href="https://github.com/PrismJS/prism/commit/6a356d25"><code>6a356d25</code></a></li> </ul> <h3>Updated components</h3> <ul> <li><strong>Bicep</strong> <ul> <li>Added support for multiline and interpolated strings and other improvements (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3028">#3028</a>) <a href="https://github.com/PrismJS/prism/commit/748bb9ac"><code>748bb9ac</code></a></li> </ul> </li> <li><strong>C#</strong> <ul> <li>Added <code>with</code> keyword & improved record support (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2993">#2993</a>) <a href="https://github.com/PrismJS/prism/commit/fdd291c0"><code>fdd291c0</code></a></li> <li>Added <code>record</code>, <code>init</code>, and <code>nullable</code> keyword (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2991">#2991</a>) <a href="https://github.com/PrismJS/prism/commit/9b561565"><code>9b561565</code></a></li> <li>Added context check for <code>from</code> keyword (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2970">#2970</a>) <a href="https://github.com/PrismJS/prism/commit/158f25d4"><code>158f25d4</code></a></li> </ul> </li> <li><strong>C++</strong> <ul> <li>Fixed generic function false positive (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3043">#3043</a>) <a href="https://github.com/PrismJS/prism/commit/5de8947f"><code>5de8947f</code></a></li> </ul> </li> <li><strong>Clojure</strong> <ul> <li>Improved tokenization (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3056">#3056</a>) <a href="https://github.com/PrismJS/prism/commit/8d0b74b5"><code>8d0b74b5</code></a></li> </ul> </li> <li><strong>Hoon</strong> <ul> <li>Fixed mixed-case aura tokenization (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3002">#3002</a>) <a href="https://github.com/PrismJS/prism/commit/9c8911bd"><code>9c8911bd</code></a></li> </ul> </li> <li><strong>Liquid</strong> <ul> <li>Added all objects from Shopify reference (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2998">#2998</a>) <a href="https://github.com/PrismJS/prism/commit/693b7433"><code>693b7433</code></a></li> <li>Added <code>empty</code> keyword (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2997">#2997</a>) <a href="https://github.com/PrismJS/prism/commit/fe3bc526"><code>fe3bc526</code></a></li> </ul> </li> <li><strong>Log file</strong> <ul> <li>Added support for Java stack traces (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3003">#3003</a>) <a href="https://github.com/PrismJS/prism/commit/b0365e70"><code>b0365e70</code></a></li> </ul> </li> <li><strong>Markup</strong> <ul> <li>Made most patterns greedy (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3065">#3065</a>) <a href="https://github.com/PrismJS/prism/commit/52e8cee9"><code>52e8cee9</code></a></li> <li>Fixed ReDoS (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3078">#3078</a>) <a href="https://github.com/PrismJS/prism/commit/0ff371bb"><code>0ff371bb</code></a></li> </ul> </li> <li><strong>PureScript</strong> <ul> <li>Made <code>∀</code> a keyword (alias for <code>forall</code>) (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3005">#3005</a>) <a href="https://github.com/PrismJS/prism/commit/b38fc89a"><code>b38fc89a</code></a></li> <li>Improved Haskell and PureScript (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3020">#3020</a>) <a href="https://github.com/PrismJS/prism/commit/679539ec"><code>679539ec</code></a></li> </ul> </li> <li><strong>Python</strong> <ul> <li>Support for underscores in numbers (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3039">#3039</a>) <a href="https://github.com/PrismJS/prism/commit/6f5d68f7"><code>6f5d68f7</code></a></li> </ul> </li> <li><strong>Sass</strong> <ul> <li>Fixed issues with CSS Extras (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/2994">#2994</a>) <a href="https://github.com/PrismJS/prism/commit/14fdfe32"><code>14fdfe32</code></a></li> </ul> </li> <li><strong>Shell session</strong> <ul> <li>Fixed command false positives (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3048">#3048</a>) <a href="https://github.com/PrismJS/prism/commit/35b88fcf"><code>35b88fcf</code></a></li> <li>Added support for the percent sign as shell symbol (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3010">#3010</a>) <a href="https://github.com/PrismJS/prism/commit/4492b62b"><code>4492b62b</code></a></li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PrismJS/prism/commit/99d94fa7c39d5aabee38ae0e729c330146820b4d"><code>99d94fa</code></a> 1.25.0</li> <li><a href="https://github.com/PrismJS/prism/commit/6d8e54703b086ba4f4a3a9d9a56cbb06fee226d2"><code>6d8e547</code></a> Updated changelog (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3083">#3083</a>)</li> <li><a href="https://github.com/PrismJS/prism/commit/e008ea056d5dac4c879bd89f41ec73f0ab7cda99"><code>e008ea0</code></a> Added support for Kusto (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3068">#3068</a>)</li> <li><a href="https://github.com/PrismJS/prism/commit/4433ccfc0c2623bcef8b6dd214ffdb55245dbbc9"><code>4433ccf</code></a> Added support for ASP.NET Razor (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3064">#3064</a>)</li> <li><a href="https://github.com/PrismJS/prism/commit/6a356d253aedf73c1167e84e2ad722cc1378a824"><code>6a356d2</code></a> Added support for Wren (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3063">#3063</a>)</li> <li><a href="https://github.com/PrismJS/prism/commit/4fbdd2f8f8b8e5d068a748bb85c32137028fc4fa"><code>4fbdd2f</code></a> Added support for MAXScript (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3060">#3060</a>)</li> <li><a href="https://github.com/PrismJS/prism/commit/746a4b1adff68045307e768f47a5a430b85f03d7"><code>746a4b1</code></a> Added AviSynth language definition (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3071">#3071</a>)</li> <li><a href="https://github.com/PrismJS/prism/commit/ffb2043909d7e40a41fab0077444ab80d2517b89"><code>ffb2043</code></a> Twilight theme: Increase selector specificities of plugin overrides (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3081">#3081</a>)</li> <li><a href="https://github.com/PrismJS/prism/commit/52e8cee97ad9e54c5095dc2e695cf8b50697f8fc"><code>52e8cee</code></a> Markup: Made most patterns greedy (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3065">#3065</a>)</li> <li><a href="https://github.com/PrismJS/prism/commit/c7b6a7f6a514143fa4a32774775e4b91676ce91d"><code>c7b6a7f</code></a> Previewers: Ensure popup is visible across themes (<a href="https://github-redirect.dependabot.com/PrismJS/prism/issues/3080">#3080</a>)</li> <li>Additional commits viewable in <a href="https://github.com/PrismJS/prism/compare/v1.14.0...v1.25.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~rundevelopment">rundevelopment</a>, a new releaser for prismjs since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+2 -30

0 comment

1 changed file

pr created time in a month

startedc8r/kit

started time in a month

startedc8r/x0

started time in 2 months

delete branch c8r/kit

delete branch : dependabot/npm_and_yarn/templates/next/tar-4.4.15

delete time in 2 months

PR closed c8r/kit

Bump tar from 4.4.2 to 4.4.15 in /templates/next dependencies

Bumps tar from 4.4.2 to 4.4.15. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/node-tar/commit/843c897e6844f70a34bb115df6c8a9b60112aaf5"><code>843c897</code></a> 4.4.15</li> <li><a href="https://github.com/npm/node-tar/commit/46fe35083e2676e31c4e0a81639dce6da7aaa356"><code>46fe350</code></a> Remove paths from dirCache when no longer dirs</li> <li><a href="https://github.com/npm/node-tar/commit/df3aa4d10253a886be82519acb901b446ca3feeb"><code>df3aa4d</code></a> 4.4.14</li> <li><a href="https://github.com/npm/node-tar/commit/6d2801396fbad917ab8332ec8e91ff3d15bc22c6"><code>6d28013</code></a> add publishConfig tag</li> <li><a href="https://github.com/npm/node-tar/commit/efc6bb0dbd54df8c7285d7aac12bba959b8387a6"><code>efc6bb0</code></a> fix: strip absolute paths more comprehensively</li> <li><a href="https://github.com/npm/node-tar/commit/65edb39114ad5956c06f8d7893365e942042ede1"><code>65edb39</code></a> 4.4.13</li> <li><a href="https://github.com/npm/node-tar/commit/d04c3ffb41a0d2bbae926a38d3456ebda0249565"><code>d04c3ff</code></a> Always provide a callback to fs.close()</li> <li><a href="https://github.com/npm/node-tar/commit/dbd6f52ba9cdfbce2a28d8cd28a016bc3435946a"><code>dbd6f52</code></a> 4.4.12</li> <li><a href="https://github.com/npm/node-tar/commit/0240086746b72c3080598ea2a2ba6ad85de9ec08"><code>0240086</code></a> update tap and minipass</li> <li><a href="https://github.com/npm/node-tar/commit/9232b3d7da934c142e3d0ab97ef35ec0ba3917fc"><code>9232b3d</code></a> 4.4.11</li> <li>Additional commits viewable in <a href="https://github.com/npm/node-tar/compare/v4.4.2...v4.4.15">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+35 -31

1 comment

1 changed file

dependabot[bot]

pr closed time in 2 months

pull request commentc8r/kit

Bump tar from 4.4.2 to 4.4.15 in /templates/next

Superseded by #232.

dependabot[bot]

comment created time in 2 months

PR opened c8r/kit

Bump tar from 4.4.2 to 4.4.19 in /templates/next

Bumps tar from 4.4.2 to 4.4.19. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/node-tar/commit/9a6faa017ca90538840f3ae2ccdb4550ac3f4dcf"><code>9a6faa0</code></a> 4.4.19</li> <li><a href="https://github.com/npm/node-tar/commit/70ef812593184cc54ea1bc74c5dae2d22995002d"><code>70ef812</code></a> drop dirCache for symlink on all platforms</li> <li><a href="https://github.com/npm/node-tar/commit/3e35515c09da615ac268254bed85fe43ee71e2f0"><code>3e35515</code></a> 4.4.18</li> <li><a href="https://github.com/npm/node-tar/commit/52b09e309bcae0c741a7eb79a17ef36e7828b946"><code>52b09e3</code></a> fix: prevent path escape using drive-relative paths</li> <li><a href="https://github.com/npm/node-tar/commit/bb93ba243746f705092905da1955ac3b0509ba1e"><code>bb93ba2</code></a> fix: reserve paths properly for unicode, windows</li> <li><a href="https://github.com/npm/node-tar/commit/2f1bca027286c23e110b8dfc7efc10756fa3db5a"><code>2f1bca0</code></a> fix: prune dirCache properly for unicode, windows</li> <li><a href="https://github.com/npm/node-tar/commit/9bf70a8cf725c3af5fe2270f1e5d2e06d1559b93"><code>9bf70a8</code></a> 4.4.17</li> <li><a href="https://github.com/npm/node-tar/commit/6aafff0a8621ba9509b63654bde28762be373d58"><code>6aafff0</code></a> fix: skip extract if linkpath is stripped entirely</li> <li><a href="https://github.com/npm/node-tar/commit/5c5059a69c2aaaedfe4e9766e102ae9fb79e8255"><code>5c5059a</code></a> fix: reserve paths case-insensitively</li> <li><a href="https://github.com/npm/node-tar/commit/fd6accba697070560f301604b8f5f7e2995a2a8b"><code>fd6accb</code></a> 4.4.16</li> <li>Additional commits viewable in <a href="https://github.com/npm/node-tar/compare/v4.4.2...v4.4.19">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+40 -36

0 comment

1 changed file

pr created time in 2 months

create barnchc8r/kit

branch : dependabot/npm_and_yarn/templates/next/tar-4.4.19

created branch time in 2 months

startedc8r/lab

started time in 2 months

startedc8r/kit

started time in 2 months

PR closed c8r/kit

Bump next from 6.0.3 to 9.3.2 in /templates/next dependencies

Bumps next from 6.0.3 to 9.3.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/zeit/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v9.3.2</h2> <p><strong>This upgrade is <em>completely backwards compatible and recommended for all users on versions below 9.3.2.</em> For future security related communications of our OSS projects, please <a href="https://zeit.co/security">join this mailing list</a>.</strong></p> <p>Next.js has just been audited by one of the top security firms in the world.</p> <p>They found that attackers could craft special requests to access files in the dist directory (<code>.next</code>).</p> <p><strong>This does not affect files outside of the dist directory (<code>.next</code>).</strong></p> <p>In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory.</p> <p>We recommend upgrading to the latest version of Next.js to improve the overall security of your application.</p> <h2>How to Upgrade</h2> <ul> <li>We have released patch versions for both the stable and canary channels of Next.js.</li> <li>To upgrade run <code>npm install next@latest --save</code></li> </ul> <h2>Impact</h2> <ul> <li><strong>Not affected</strong>: Deployments on ZEIT Now v2 (<a href="https://zeit.co/">https://zeit.co</a>) are not affected</li> <li><strong>Not affected</strong>: Deployments using the <code>serverless</code> target</li> <li><strong>Not affected</strong>: Deployments using <code>next export</code></li> <li><strong>Affected</strong>: Users of Next.js below 9.3.2 that use <code>next start</code></li> </ul> <p>We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.</p> <h3>How to Assess Impact</h3> <p>If you think sensitive code or data could have been exposed, you can filter logs of affected sites by <code>../</code> with a 200 response.</p> <h2>What is Being Done</h2> <p>As Next.js has grown in popularity, it has received the attention of security researchers and auditors. We are thankful to Luca Carettoni from Doyensec for their investigation and discovery of the original bug and subsequent responsible disclosure.</p> <p>We've landed a patch that ensures only known filesystem paths of <code>.next/static</code> are made available under <code>/_next/static</code>. Regression tests for this attack were added to the <a href="https://github.com/zeit/next.js/blob/canary/test/integration/production/test/security.js">security</a> integration test suite.</p> <ul> <li>We have notified known Next.js users in advance of this publication.</li> <li>A public CVE was issued.</li> <li>If you want to stay on top of our security related news impacting Next.js or other ZEIT projects, please <a href="https://zeit.co/security">join this mailing list</a>.</li> <li>We encourage responsible disclosure of future issues. Please email us at <strong><a href="https://github.com/zeit/next.js/blob/HEAD/mailto:security@zeit.co">security@zeit.co</a></strong>. We are actively monitoring this mailbox.</li> </ul> <hr /> <h3>Patches</h3> <ul> <li>Add Numeric Separator Support for TypeScript: <a href="https://github-redirect.dependabot.com/zeit/next.js/issues/11308">#11308</a></li> <li>Update CLI custom config documentation link: <a href="https://github-redirect.dependabot.com/zeit/next.js/issues/11152">#11152</a></li> <li>Add error when attempting to export GSSP page: <a href="https://github-redirect.dependabot.com/zeit/next.js/issues/11154">#11154</a></li> </ul> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/zeit/next.js/commit/ee0081356d7ea166dfed4765f134730c11ecaecf"><code>ee00813</code></a> v9.3.2</li> <li><a href="https://github.com/zeit/next.js/commit/dd4cee724590892ff4939f7682601c867dc23537"><code>dd4cee7</code></a> v9.3.2-canary.9</li> <li><a href="https://github.com/zeit/next.js/commit/e02b66a52c0a9bb837845e6ec4e6356b3ee1697f"><code>e02b66a</code></a> Add with-redux-toolkit example (<a href="https://github-redirect.dependabot.com/zeit/next.js/issues/11358">#11358</a>)</li> <li><a href="https://github.com/zeit/next.js/commit/044ddf44216f848a0a6641e2471eb67dffc71f93"><code>044ddf4</code></a> [Example] Use .jpg for images in blog-starter (<a href="https://github-redirect.dependabot.com/zeit/next.js/issues/11176">#11176</a>)</li> <li><a href="https://github.com/zeit/next.js/commit/ee249ee6cd3c7987496e256b7fdd9db171c821d7"><code>ee249ee</code></a> v9.3.2-canary.8</li> <li><a href="https://github.com/zeit/next.js/commit/1d6ffc39f7b2da55aec02da8dc53a24eab8a6c5d"><code>1d6ffc3</code></a> Fix <code>static/</code> file name encoding (<a href="https://github-redirect.dependabot.com/zeit/next.js/issues/11373">#11373</a>)</li> <li><a href="https://github.com/zeit/next.js/commit/e83cd4aa967e8b49ff32f9fe12713d9dd436a2dd"><code>e83cd4a</code></a> v9.3.2-canary.7</li> <li><a href="https://github.com/zeit/next.js/commit/d8155b22ffbd2e64ca1aca6a7a843481a4f1c913"><code>d8155b2</code></a> Add initial support for new env handling (<a href="https://github-redirect.dependabot.com/zeit/next.js/issues/10525">#10525</a>)</li> <li><a href="https://github.com/zeit/next.js/commit/a391d328ae5606282d99513c6330d78512d2e203"><code>a391d32</code></a> Add docs for multi zones (<a href="https://github-redirect.dependabot.com/zeit/next.js/issues/11348">#11348</a>)</li> <li><a href="https://github.com/zeit/next.js/commit/4801dcdd15132f485f2701101e4c2ee77b8666c3"><code>4801dcd</code></a> Update AMP docs (<a href="https://github-redirect.dependabot.com/zeit/next.js/issues/11353">#11353</a>)</li> <li>Additional commits viewable in <a href="https://github.com/zeit/next.js/compare/6.0.3...v9.3.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~zeit-bot">zeit-bot</a>, a new releaser for next since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3059 -1649

1 comment

2 changed files

dependabot[bot]

pr closed time in 2 months

delete branch c8r/kit

delete branch : dependabot/npm_and_yarn/templates/next/next-9.3.2

delete time in 2 months

pull request commentc8r/kit

Bump next from 6.0.3 to 9.3.2 in /templates/next

Superseded by #231.

dependabot[bot]

comment created time in 2 months

create barnchc8r/kit

branch : dependabot/npm_and_yarn/templates/next/next-11.1.0

created branch time in 2 months

PR opened c8r/kit

Bump next from 6.0.3 to 11.1.0 in /templates/next

Bumps next from 6.0.3 to 11.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v11.1.0</h2> <p>A security team from one of our partners noticed an issue in Next.js that allowed for an open redirect to occur.</p> <p>Specially encoded paths could be used when <code>pages/_error.js</code> was statically generated allowing an open redirect to occur to an external site.</p> <p>In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain.</p> <p>We recommend upgrading to the latest version of Next.js to improve the overall security of your application.</p> <h2>How to Upgrade</h2> <ul> <li>We have released patch versions for both the stable and canary channels of Next.js.</li> <li>To upgrade run <code>npm install next@latest --save</code></li> </ul> <h2>Impact</h2> <ul> <li><strong>Affected:</strong> Users of Next.js between 10.0.5 and 10.2.0</li> <li><strong>Affected:</strong> Users of Next.js between 11.0.0 and 11.0.1 using <code>pages/_error.js</code> without <code>getInitialProps</code></li> <li><strong>Affected:</strong> Users of Next.js between 11.0.0 and 11.0.1 using <code>pages/_error.js</code> and <code>next export</code></li> <li><strong>Not affected</strong>: Deployments on Vercel (<a href="https://vercel.com">vercel.com</a>) are not affected</li> <li><strong>Not affected:</strong> Deployments <strong>with</strong> <code>pages/404.js</code></li> </ul> <p>We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.</p> <h3>How to Assess Impact</h3> <p>If you think sensitive code or data could have been exposed, you can filter logs of affected sites by <code>//</code> (double slash at the start of the url) followed by a domain.</p> <h2>What is Being Done</h2> <p>As Next.js has grown in popularity and usage by enterprises, it has received the attention of security researchers and auditors. We are thankful to Gabriel Benmergui from Robinhood for their investigation and discovery of the original bug and subsequent responsible disclosure.</p> <p>We've landed a patch that ensures path parsing is handled properly for these paths so that the open redirect can no longer occur.</p> <p>Regression tests for this attack were added to the <a href="https://github.com/zeit/next.js/blob/canary/test/integration/production/test/security.js">security</a> integration test suite</p> <ul> <li>We have notified known Next.js users in advance of this publication.</li> <li>A public CVE was released.</li> <li>We encourage responsible disclosure of future reports. Please email us at <code>security@vercel.com</code>. We are actively monitoring this mailbox.</li> </ul> <hr /> <h2>Release notes</h2> <h3>Core Changes</h3> <ul> <li>Don't test image domains in test env: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/26502">#26502</a></li> <li>Fix props not updating when changing the locale and keeping hash: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/26205">#26205</a></li> <li>Allow user to override next-image-loader: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/26548">#26548</a></li> <li>Add logging when a custom babelrc is loaded: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/26570">#26570</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/ce4adfc02d3532e2c62ed8088660df1655e66278"><code>ce4adfc</code></a> v11.1.0</li> <li><a href="https://github.com/vercel/next.js/commit/092a476feb0d479d5a1d078e2e1f78ef93f092c2"><code>092a476</code></a> v11.0.2-canary.31</li> <li><a href="https://github.com/vercel/next.js/commit/ebb6a303700df09b83ebe49f23b7641c9573377c"><code>ebb6a30</code></a> Revert "Add warning during <code>next build</code> when sharp is missing (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27933">#27933</a>)"</li> <li><a href="https://github.com/vercel/next.js/commit/52486ceccf59ca05f2f9d3ee428813cddaa85654"><code>52486ce</code></a> v11.0.2-canary.30</li> <li><a href="https://github.com/vercel/next.js/commit/8ac3254d25725ccc171c6879f7dfc649cdb946bd"><code>8ac3254</code></a> Revert "Next swc publish flow (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27932">#27932</a>)"</li> <li><a href="https://github.com/vercel/next.js/commit/6014b6e0f82bd29b57e148bf0e6f404784297d27"><code>6014b6e</code></a> v11.0.2-canary.29</li> <li><a href="https://github.com/vercel/next.js/commit/4cd45aabcffc5adeb339703bb8c14e3069ba3de8"><code>4cd45aa</code></a> Add rootDir setting to eslint-plugin-next (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27918">#27918</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/e61ea6f27b7bf34b00ffd3f59f2326b3bbbdfa48"><code>e61ea6f</code></a> Add manifest check step and add missing items (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27934">#27934</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/94fc6f0832a81ab68b393a8d45f42493429d04ee"><code>94fc6f0</code></a> Next swc publish flow (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27932">#27932</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/51a2a028ddcc321aac4744b777df2b4e96511b83"><code>51a2a02</code></a> Add warning during <code>next build</code> when sharp is missing (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27933">#27933</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vercel/next.js/compare/6.0.3...v11.1.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~zeit-bot">zeit-bot</a>, a new releaser for next since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+884 -3157

0 comment

2 changed files

pr created time in 2 months

create barnchc8r/kit

branch : dependabot/npm_and_yarn/templates/next/path-parse-1.0.7

created branch time in 2 months

PR opened c8r/kit

Bump path-parse from 1.0.5 to 1.0.7 in /templates/next

Bumps path-parse from 1.0.5 to 1.0.7. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/jbgutierrez/path-parse/commits/v1.0.7">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+2 -2

0 comment

1 changed file

pr created time in 2 months

PR opened c8r/kit

Bump tar from 4.4.2 to 4.4.15 in /templates/next

Bumps tar from 4.4.2 to 4.4.15. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/node-tar/commit/843c897e6844f70a34bb115df6c8a9b60112aaf5"><code>843c897</code></a> 4.4.15</li> <li><a href="https://github.com/npm/node-tar/commit/46fe35083e2676e31c4e0a81639dce6da7aaa356"><code>46fe350</code></a> Remove paths from dirCache when no longer dirs</li> <li><a href="https://github.com/npm/node-tar/commit/df3aa4d10253a886be82519acb901b446ca3feeb"><code>df3aa4d</code></a> 4.4.14</li> <li><a href="https://github.com/npm/node-tar/commit/6d2801396fbad917ab8332ec8e91ff3d15bc22c6"><code>6d28013</code></a> add publishConfig tag</li> <li><a href="https://github.com/npm/node-tar/commit/efc6bb0dbd54df8c7285d7aac12bba959b8387a6"><code>efc6bb0</code></a> fix: strip absolute paths more comprehensively</li> <li><a href="https://github.com/npm/node-tar/commit/65edb39114ad5956c06f8d7893365e942042ede1"><code>65edb39</code></a> 4.4.13</li> <li><a href="https://github.com/npm/node-tar/commit/d04c3ffb41a0d2bbae926a38d3456ebda0249565"><code>d04c3ff</code></a> Always provide a callback to fs.close()</li> <li><a href="https://github.com/npm/node-tar/commit/dbd6f52ba9cdfbce2a28d8cd28a016bc3435946a"><code>dbd6f52</code></a> 4.4.12</li> <li><a href="https://github.com/npm/node-tar/commit/0240086746b72c3080598ea2a2ba6ad85de9ec08"><code>0240086</code></a> update tap and minipass</li> <li><a href="https://github.com/npm/node-tar/commit/9232b3d7da934c142e3d0ab97ef35ec0ba3917fc"><code>9232b3d</code></a> 4.4.11</li> <li>Additional commits viewable in <a href="https://github.com/npm/node-tar/compare/v4.4.2...v4.4.15">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+35 -31

0 comment

1 changed file

pr created time in 3 months

create barnchc8r/kit

branch : dependabot/npm_and_yarn/templates/next/tar-4.4.15

created branch time in 3 months

startedc8r/x0

started time in 3 months