Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump zod and next #75

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): bump zod and next #75

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Oct 17, 2023

Removes zod. It's no longer used after updating ancestor dependency next. These dependencies need to be updated together.

Removes zod

Updates next from 13.4.13 to 13.5.5

Release notes

Sourced from next's releases.

v13.5.5

Core Changes

  • Update parallelizing tasks with webpackBuildWorker config: #56287
  • Misc Typescript and export updates: #55841
  • chore: pass defineEnv from next.js to rust directly: #56216
  • Expose util internally for debugging: #56381
  • App Router - preinitialize chunks during SSR: #54752
  • fix: use fs.existsSync to avoid race condition: #56387
  • Ensure loader generated export default has name: #56388
  • Move Edge SSR event waitUntil into the handler: #56404
  • fix: avoid unnecessary existSync call: #56419
  • fix: avoid creation of buffers for read ops: #56421
  • fix empty externals list, pnpm special case, and project path: #56402
  • chore: extract edge-app-route loader template: #56424
  • Separate RSC and SSR jsx-runtime modules: #56438
  • Async Batcher: #56423
  • Fix cli log next.js color: #56448
  • Turbopack: Implement Server Actions: #53890
  • Component Module Types: #56454
  • refactor: rewrite config schema in zod: #56383
  • Dev Service: #56442
  • feat(turbopack): port next.js template loading logic: #56425
  • Chunking Refactor Step 1: #56467
  • Use native node:fs in taskfile.js: #56491
  • Loose RSC import restrictions for 3rd party packages: #56501
  • turbopack: Chunking Refactor Step 2 : #56504
  • update turbopack, fix sass peer dependency: #56508
  • Remove ServerDirectiveTransformer: #56496
  • Improve failed to fetch RSC error: #56517
  • misc: fix wrong next start start duration: #56512
  • turbopack: Extract as_chunk into shared ChunkType trait: #56506
  • Flatten recursive wildcard exports in barrel optimization: #56489
  • Turbopack + app router: always use externals for predefined packages: #56440
  • fix: log error cause: #56528
  • Unsilence Taskr Webpack errors: #56542
  • refactor: cleanup app render: #56538
  • fix: don't add isolateModules to tsconfig when extending from tsconfig with verbatimModuleSyntax: #54164
  • enable verbatimModuleSyntax to make type imports/exports explicit: #56551
  • Ensure react-server-dom-turbopack-experimental uses the right package: #56560
  • Fix build restart log: #56543
  • feat(turbopack): add support for edge app pages: #56426
  • Improve error handling of Server Actions with skewed deployment: #56618
  • misc: split app-render into smaller functions: #56611
  • remove unnecessary structuredClone: #56570
  • Fix trace ignore handling: #56674
  • fix(next-core): allow sass loader for foreign codes: #56679
  • Fix SSG query with experimental-compile: #56680
  • Ensure rewrites are included in build manifest when using Turbopack: #56692
  • fix static worker restart behavior: #56728

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump zod and next
13af78e 
Removes [zod](https://github.com/colinhacks/zod). It's no longer used after updating ancestor dependency [next](https://github.com/vercel/next.js). These dependencies need to be updated together.


Removes `zod`

Updates `next` from 13.4.13 to 13.5.5
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v13.4.13...v13.5.5)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: indirect
- dependency-name: next
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 17, 2023
@changeset-bot
Copy link

changeset-bot bot commented Oct 17, 2023

⚠️ No Changeset found

Latest commit: 13af78e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@codeautopilot
Copy link

codeautopilot bot commented Oct 17, 2023

Pull Request Summary

Your organization has reached the subscribed usage limit. You can upgrade your plan at https://www.codeautopilot.com/#pricing

Current plan usage: 100.54%

Have feedback or need help?

Discord
Documentation
support@codeautopilot.com

bridgecrew[bot]
bridgecrew bot reviewed Oct 17, 2023
View reviewed changes
Copy link

@bridgecrew bridgecrew bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bridgecrew has found errors in this PR ⬇️

package.json
@@ -62,7 +62,7 @@
"mdast-util-to-string": "^3.1.0",
"morgan": "^1.10.0",
"msgpack5rpc": "^1.1.0",
"next": "13.4.13",
"next": "13.5.5",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

semver 7.3.7 / package.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2022-25883 HIGH HIGH 7.5 7.5.2 Open

@socket-security
Copy link

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
next 13.4.13...13.5.5 None +10/-13 1.11 GB vercel-release-bot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bridgecrew bridgecrew[bot] bridgecrew[bot] left review comments

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants