Bump next from 14.2.21 to 14.2.32 #1748
Conversation
Bumps [next](https://github.com/vercel/next.js) from 14.2.21 to 14.2.32. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.21...v14.2.32) --- updated-dependencies: - dependency-name: next dependency-version: 14.2.32 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
dependabot
bot
added
dependencies
Wiz Scan Summary
To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension. |
![wiz-inc-a178a98b5d[bot]](https://avatars.githubusercontent.com/u/58791460?s=60&v=4){kind=small}
There was a problem hiding this comment.
More Details
Vulnerabilities [mermaid:10.6.1]
| Name | Severity | Source | Fixed version | CVSS score | CVSS exploitability score | Has public exploit | Has CISA KEV exploit |
|---|---|---|---|---|---|---|---|
| GHSA-m4gq-x24j-jpmf |  |
GHSA-m4gq-x24j-jpmf | 10.9.3 | 7.0 | - | false | false |
To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason
If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).
There was a problem hiding this comment.
More Details
Vulnerabilities [@apidevtools/json-schema-ref-parser:11.1.0]
| Name | Severity | Source | Fixed version | CVSS score | CVSS exploitability score | Has public exploit | Has CISA KEV exploit |
|---|---|---|---|---|---|---|---|
| CVE-2024-29651 | |
GHSA-5f97-h2c2-826q | 11.2.0 | 8.1 | 2.2 | false | false |
To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason
If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).
There was a problem hiding this comment.
More Details
Vulnerabilities [elliptic:6.5.4]
| Name | Severity | Source | Fixed version | CVSS score | CVSS exploitability score | Has public exploit | Has CISA KEV exploit |
|---|---|---|---|---|---|---|---|
| CVE-2024-42459 |  |
GHSA-f7q4-pwc6-w24p | 6.5.7 | 5.3 | 3.9 | false | false |
| CVE-2024-42460 | |
GHSA-977x-g7h5-7qgw | 6.5.7 | 5.3 | 3.9 | false | false |
| CVE-2024-42461 | |
GHSA-49q7-c7j4-3p7m | 6.5.7 | 9.1 | 3.9 | false | false |
| CVE-2024-48948 | |
GHSA-fc9h-whq2-v747 | 6.6.0 | 4.8 | 2.2 | false | false |
| CVE-2024-48949 | |
GHSA-434g-2637-qmqr | 6.5.6 | 9.1 | 3.9 | false | false |
| GHSA-vjh7-7g9h-fjfh |  |
GHSA-vjh7-7g9h-fjfh | 6.6.1 | 9.0 | - | false | false |
To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason
If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).
There was a problem hiding this comment.
More Details
Vulnerabilities [cross-spawn:7.0.3]
| Name | Severity | Source | Fixed version | CVSS score | CVSS exploitability score | Has public exploit | Has CISA KEV exploit |
|---|---|---|---|---|---|---|---|
| CVE-2024-21538 | |
GHSA-3xgq-45jj-v275 | 7.0.5 | 7.7 | 3.9 | false | false |
To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason
If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).
There was a problem hiding this comment.
More Details
Vulnerabilities [ws:8.13.0]
| Name | Severity | Source | Fixed version | CVSS score | CVSS exploitability score | Has public exploit | Has CISA KEV exploit |
|---|---|---|---|---|---|---|---|
| CVE-2024-37890 | |
GHSA-3h5v-q93c-6h6q | 8.17.1 | 7.5 | 3.9 | false | false |
To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason
If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).
There was a problem hiding this comment.
More Details
Vulnerabilities [cross-spawn:5.1.0]
| Name | Severity | Source | Fixed version | CVSS score | CVSS exploitability score | Has public exploit | Has CISA KEV exploit |
|---|---|---|---|---|---|---|---|
| CVE-2024-21538 | |
GHSA-3xgq-45jj-v275 | 6.0.6 | 7.7 | 3.9 | false | false |
To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason
If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).
There was a problem hiding this comment.
More Details
Vulnerabilities [ws:7.4.6]
| Name | Severity | Source | Fixed version | CVSS score | CVSS exploitability score | Has public exploit | Has CISA KEV exploit |
|---|---|---|---|---|---|---|---|
| CVE-2024-37890 | |
GHSA-3h5v-q93c-6h6q | 7.5.10 | 7.5 | 3.9 | false | false |
To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason
If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).
There was a problem hiding this comment.
More Details
Vulnerabilities [dompurify:3.0.6]
| Name | Severity | Source | Fixed version | CVSS score | CVSS exploitability score | Has public exploit | Has CISA KEV exploit |
|---|---|---|---|---|---|---|---|
| CVE-2024-45801 | |
GHSA-mmhx-hmjr-r674 | 3.1.3 | 7.3 | 3.9 | false | false |
| CVE-2024-47875 | |
GHSA-gx9m-whjm-85jf | 3.1.3 | 10.0 | 3.9 | false | false |
| CVE-2025-26791 |  |
GHSA-vhxf-7vqr-mrjg | 3.2.4 | 4.5 | 1.4 | false | false |
To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason
If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).
There was a problem hiding this comment.
More Details
Vulnerabilities [braces:3.0.2]
| Name | Severity | Source | Fixed version | CVSS score | CVSS exploitability score | Has public exploit | Has CISA KEV exploit |
|---|---|---|---|---|---|---|---|
| CVE-2024-4068 | |
GHSA-grv7-fg5c-xmjg | 3.0.3 | 7.5 | 3.9 | false | false |
To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason
If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).
❌ Deploy Preview for docs-optimism failed. Why did it fail? →
|
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Bumps next from 14.2.21 to 14.2.32.
Release notes
Sourced from next's releases.
Commits
89ee561v14.2.326a974ad[backport v14]: fix router handling when setting a location response header (...55f7662v14.2.315dd68a5[backport v14]: fix(next/image): improve and simplify detect-content-type (#8...bcc7c65[backport v14]: fix(next/image): fix image-optimizer.ts headers (#82114) (#82...243072bv14.2.30f523d4a[backport]: config.allowedDevOrigins (#80410)ca92115v14.2.29ec9ee87Only share incremental cache for edge in next start (#79389)e65628av14.2.28Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.