deps(example): Bump the dependencies group in /examples/nextjs-13-pages-wrap with 3 updates

[dependabot]

Bumps the dependencies group in /examples/nextjs-13-pages-wrap with 3 updates: @types/react, autoprefixer and eslint-config-next.

Updates @types/react from 18.2.59 to 18.2.61

Commits

• See full diff in compare view

Updates autoprefixer from 10.4.17 to 10.4.18

Release notes

Sourced from autoprefixer's releases.

10.4.18

• Fixed removing -webkit-box-orient on -webkit-line-clamp (@​Goodwine).

Changelog

Sourced from autoprefixer's changelog.

10.4.18

• Fixed removing -webkit-box-orient on -webkit-line-clamp (@​Goodwine).

Commits

• 90dc18d Release 10.4.18 version
• 0af1be8 Update dependencies
• 1efe165 Update c8 config
• 80ff109 Add Node.js 21 to CI
• 5e5d193 Automate release creation
• e72c36a Update actions
• ec68b52 Preserve -webkit-box-orient when -webkit-line-clamp is present (#1511)
• See full diff in compare view

Updates eslint-config-next from 14.1.0 to 14.1.1

Release notes

Sourced from eslint-config-next's releases.

v14.1.1

Note: this is a backport release for critical bug fixes -- this does not include all pending features/changes on canary

Core Changes

• Should not warn metadataBase missing if only absolute urls are present: vercel/next.js#61898
• Fix trailing slash for canonical url: vercel/next.js#62109
• Fix metadata json manifest convention: vercel/next.js#62615
• Improve the Server Actions SWC transform: vercel/next.js#61001
• Fix Server Reference being double registered: vercel/next.js#61244
• Improve the Server Actions SWC transform (part 2): vercel/next.js#62052
• Fix module-level Server Action creation with closure-closed values: vercel/next.js#62437
• Fix draft mode invariant: vercel/next.js#62121
• fix: babel usage with next/image: vercel/next.js#61835
• Fix next/server api alias for ESM pkg: vercel/next.js#61721
• Replace image optimizer IPC call with request handler: vercel/next.js#61471
• chore: refactor image optimization to separate external/internal urls: vercel/next.js#61172
• fix(image): warn when animated image is missing unoptimized prop: vercel/next.js#61045
• fix(build-output): show stack during CSR bailout warning: vercel/next.js#62594
• Fix extra swc optimizer applied to node_modules in browser layer: vercel/next.js#62051
• fix(next-swc): Detect exports.foo from cjs_finder: vercel/next.js#61795
• Fix attempted import error for react: vercel/next.js#61791
• Add stack trace to client rendering bailout error: vercel/next.js#61200
• fix router crash on revalidate + popstate: vercel/next.js#62383
• fix loading issue when navigating to page with async metadata: vercel/next.js#61687
• revert changes to process default routes at build: vercel/next.js#61241
• fix parallel route top-level catch-all normalization logic to support nested explicit (non-catchall) slot routes: vercel/next.js#60776
• Improve redirection handling: vercel/next.js#62561
• Simplify node/edge server chunking some: vercel/next.js#62424

Credits

Huge thanks to @​huozhi, @​shuding, @​Ethan-Arrowood, @​styfle, @​ijjk, @​ztanner, @​balazsorban44, @​kdy1, and @​williamli for helping!

v14.1.1-canary.82

Core Changes

• fix(turbopack): don't emit issues for deleted pages: #62012
• perf: don't emit issues via websocket for now: #59024
• add native css nesting support: #62644
• refactor(next-swc): remove unused features: #62696
• Upgrade mini-css-extract-plugin: #62698
• Update precompiled for mini-css-extract-plugin: #62699
• feat: display text diff for text mismatch hydration errors: #62684
• Fix lint check: #62702

Documentation Changes

• Correct format for autoplay attribute in NextJS video docs : #62695
• Update unstable_cache docs for revalidate option: #62689

... (truncated)

Commits

• 5f59ee5 v14.1.1
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[trunk-io]

Merging to main in this repository is managed by Trunk.

• To merge this pull request, check the box to the left or comment /trunk merge below.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/autoprefixer@10.4.18	environment Transitive: filesystem	+2	540 kB	ai
npm/eslint-config-next@14.1.1	unsafe Transitive: filesystem	+1	82.9 kB	vercel-release-bot
npm/next@13.5.6	environment, filesystem, network, shell, unsafe	+10	1.11 GB	vercel-release-bot

🚮 Removed packages: npm/@arcjet/analyze@1.0.0-alpha.8, npm/@arcjet/duration@1.0.0-alpha.8, npm/@arcjet/eslint-config@1.0.0-alpha.8, npm/@arcjet/ip@1.0.0-alpha.8, npm/@arcjet/logger@1.0.0-alpha.8, npm/@arcjet/next@1.0.0-alpha.8, npm/@bufbuild/protobuf@1.7.2, npm/@connectrpc/connect-web@1.3.0, npm/@connectrpc/connect@1.3.0, npm/@edge-runtime/jest-environment@2.3.10, npm/@jest/globals@29.7.0, npm/@rollup/plugin-replace@5.0.5, npm/@rollup/plugin-typescript@11.1.6, npm/@rollup/wasm-node@4.12.0, npm/@types/node@18.18.0, npm/@types/node@20.11.24, npm/arcjet@1.0.0-alpha.8, npm/next@14.1.1

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Minified code	npm/@next/env@13.5.6	Confidence: 1.00 Location: Package overview	examples/nextjs-13-pages-wrap/package-lock.json examples/nextjs-13-pages-wrap/package.json
Dynamic require	npm/next@13.5.6	Location: Package overview	examples/nextjs-13-pages-wrap/package-lock.json examples/nextjs-13-pages-wrap/package.json
Dynamic require	npm/next@13.5.6	Location: Package overview	examples/nextjs-13-pages-wrap/package-lock.json examples/nextjs-13-pages-wrap/package.json
Dynamic require	npm/next@13.5.6	Location: Package overview	examples/nextjs-13-pages-wrap/package-lock.json examples/nextjs-13-pages-wrap/package.json
Dynamic require	npm/next@13.5.6	Location: Package overview	examples/nextjs-13-pages-wrap/package-lock.json examples/nextjs-13-pages-wrap/package.json

View full report↗︎

Next steps

What's wrong with minified code?

This package contains minified code. This may be harmless in some cases where minified code is included in packaged libraries, however packages on npm should not minify code.

In many cases minified code is harmless, however minified code can be used to hide a supply chain attack. Consider not shipping minified code on npm.

What is dynamic require?

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Packages should avoid dynamic imports when possible. Audit the use of dynamic require to ensure it is not executing malicious or vulnerable code.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/@next/env@13.5.6
• @SocketSecurity ignore npm/next@13.5.6

[dependabot]

Superseded by #291.