Skip to content
This repository has been archived by the owner on Oct 25, 2023. It is now read-only.

Bump the npm_and_yarn at /source security update group in /source with 2 updates #269

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 25, 2023

Bumps the npm_and_yarn at /source security update group in /source with 2 updates: next and postcss.

Updates next from 12.2.4 to 13.5.0

Release notes

Sourced from next's releases.

v13.4.20-canary.41

Core Changes

  • Add mui-core to the default optimizePackageImports list: #55554
  • Consolidate experimental React opt-in & add ppr flag: #55560
  • Add react-icons to optimizePackageImports: #55572
  • Fix useState function initialiser case for optimize_server_react transform: #55551
  • Update supported config options for Turbopack: #55556
  • Fix react packages are not bundled for metadata routes: #55579
  • improve internal error logging: #55582
  • fix styled-jsx alias: #55581

Documentation Changes

  • chore: Fix heading hierarchy in revalidateTag documentation: #55470
  • chore: replace issue triaing actions with nissuer: #55525

Credits

Huge thanks to @​romeobravo, @​shuding, @​ztanner, @​balazsorban44, @​padmaia, @​huozhi, and @​sokra for helping!

v13.4.20-canary.40

Core Changes

  • Fix missing module.compiled trace file and unhandledRejection in ensurePage: #55553

Example Changes

  • Type Error on Event Type payment_intent webhook: #55493
  • Correct spelling in playwright docs: #55557

Credits

Huge thanks to @​roigecode, @​hoop71, and @​ijjk for helping!

v13.4.20-canary.39

Core Changes

  • fix next.js own build on windows: #55544
  • Fix notFound status code with ISR in app: #55542
  • Disable client-only for middleware and pages api layer: #55541

Documentation Changes

  • Add route groups example to revalidatePath doc: #55543

Misc Changes

  • chore(third-parties): replace rimraf with rm.mjs: #55547

... (truncated)

Commits

Updates postcss from 8.4.14 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

8.4.30

8.4.29

8.4.28

  • Fixed Root.source.end for better source map (by @​romainmenke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

8.4.24

  • Fixed Plugin types.

8.4.23

  • Fixed warnings in TypeDoc.

8.4.22

8.4.21

8.4.20

  • Fixed source map generation for childless at-rules like @layer.

8.4.19

  • Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

  • Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

8.4.30

  • Improved source map performance (by Romain Menke).

8.4.29

  • Fixed Node#source.offset (by Ido Rosenthal).
  • Fixed docs (by Christian Oliff).

8.4.28

  • Fixed Root.source.end for better source map (by Romain Menke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

8.4.24

  • Fixed Plugin types.

8.4.23

  • Fixed warnings in TypeDoc.

8.4.22

  • Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

  • Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

  • Fixed source map generation for childless at-rules like @layer.

8.4.19

  • Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

  • Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

  • Fixed Node.before() unexpected behavior (by Romain Menke).
  • Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits

Updates next from 13.5.0 to 13.5.6

Release notes

Sourced from next's releases.

v13.4.20-canary.41

Core Changes

  • Add mui-core to the default optimizePackageImports list: #55554
  • Consolidate experimental React opt-in & add ppr flag: #55560
  • Add react-icons to optimizePackageImports: #55572
  • Fix useState function initialiser case for optimize_server_react transform: #55551
  • Update supported config options for Turbopack: #55556
  • Fix react packages are not bundled for metadata routes: #55579
  • improve internal error logging: #55582
  • fix styled-jsx alias: #55581

Documentation Changes

  • chore: Fix heading hierarchy in revalidateTag documentation: #55470
  • chore: replace issue triaing actions with nissuer: #55525

Credits

Huge thanks to @​romeobravo, @​shuding, @​ztanner, @​balazsorban44, @​padmaia, @​huozhi, and @​sokra for helping!

v13.4.20-canary.40

Core Changes

  • Fix missing module.compiled trace file and unhandledRejection in ensurePage: #55553

Example Changes

  • Type Error on Event Type payment_intent webhook: #55493
  • Correct spelling in playwright docs: #55557

Credits

Huge thanks to @​roigecode, @​hoop71, and @​ijjk for helping!

v13.4.20-canary.39

Core Changes

  • fix next.js own build on windows: #55544
  • Fix notFound status code with ISR in app: #55542
  • Disable client-only for middleware and pages api layer: #55541

Documentation Changes

  • Add route groups example to revalidatePath doc: #55543

Misc Changes

  • chore(third-parties): replace rimraf with rm.mjs: #55547

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn at /source security update group in /source with 2 updates: [next](https://github.com/vercel/next.js) and [postcss](https://github.com/postcss/postcss).


Updates `next` from 12.2.4 to 13.5.0
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v12.2.4...v13.5.0)

Updates `postcss` from 8.4.14 to 8.4.31
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.14...8.4.31)

Updates `next` from 13.5.0 to 13.5.6
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v12.2.4...v13.5.0)

---
updated-dependencies:
- dependency-name: next
  dependency-type: direct:production
- dependency-name: postcss
  dependency-type: indirect
- dependency-name: next
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 25, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants