Skip to content

chore: Resolve nextjs vuln #190

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 15, 2024
Merged

chore: Resolve nextjs vuln #190

merged 6 commits into from
Nov 15, 2024
+123 −210

Conversation

@suejung-sentry
Copy link
Contributor

@suejung-sentry suejung-sentry commented Nov 14, 2024
edited
Loading

Bump version of next to resolve vulnerabilities

  • 14.2.10
  • 13.5.7

Closes https://github.com/codecov/internal-issues/issues/929
Closes https://github.com/codecov/internal-issues/issues/935

Due 11/18/24

@codecov
Copy link

codecov bot commented Nov 14, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 79.08%. Comparing base (2db57cc) to head (2efad06).
Report is 1 commits behind head on main.

✅ All tests successful. No failed tests found.

Additional details and impacted files
Components Coverage Δ
Plugin core 97.06% <ø> (ø)
Rollup plugin 10.81% <ø> (ø)
Vite plugin 11.02% <ø> (ø)
Webpack plugin 49.88% <ø> (ø)

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@codecov-notifications
Copy link

codecov-notifications bot commented Nov 14, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

✅ All tests successful. No failed tests found.

Components Coverage Δ
Plugin core 97.06% <ø> (ø)
Rollup plugin 10.81% <ø> (ø)
Vite plugin 11.02% <ø> (ø)
Webpack plugin 49.88% <ø> (ø)

📢 Thoughts on this report? Let us know!

@suejung-sentry suejung-sentry marked this pull request as ready for review November 14, 2024 01:26
@codecov-staging
Copy link

codecov-staging bot commented Nov 14, 2024
edited
Loading

Bundle Report

Changes will decrease total bundle size by 40.82kB (-1.46%) ⬇️. This is within the configured threshold ✅

Detailed changes
Bundle name Size Change
@codecov/example-next-app-edge-server-array-push 356 bytes 2 bytes (0.56%) ⬆️
@codecov/bundler-plugin-core-esm 12.29kB 40.83kB (-76.87%) ⬇️
@codecov/example-next-app-server-cjs 340.66kB 67 bytes (-0.02%) ⬇️
@codecov/example-next-app-client-array-push 687.13kB 73 bytes (0.01%) ⬆️

@codecov
Copy link

codecov bot commented Nov 14, 2024
edited
Loading

Bundle Report

Changes will decrease total bundle size by 41.52kB (-0.72%) ⬇️. This is within the configured threshold ✅

Detailed changes
Bundle name Size Change
@codecov/bundler-plugin-core-esm 12.29kB 40.83kB (-76.87%) ⬇️
@codecov/sveltekit-plugin-esm 1.09kB 198 bytes (22.22%) ⬆️
@codecov/webpack-plugin-esm 3.36kB 6 bytes (-0.18%) ⬇️
@codecov/example-next-app-edge-server-array-push 356 bytes 2 bytes (0.56%) ⬆️
@codecov/solidstart-plugin-esm 949 bytes 142 bytes (-13.02%) ⬇️
@codecov/example-sveltekit-app-client-esm 715.09kB 2 bytes (-0.0%) ⬇️
@codecov/example-next-app-server-cjs 340.66kB 67 bytes (-0.02%) ⬇️
@codecov/example-next-app-client-array-push 687.13kB 73 bytes (0.01%) ⬆️
@codecov/nextjs-webpack-plugin-esm 1.11kB 753 bytes (-40.33%) ⬇️

nicholas-codecov
nicholas-codecov reviewed Nov 14, 2024
View reviewed changes
packages/nextjs-webpack-plugin/package.json Outdated
},
"peerDependencies": {
"next": "14.x || 15.x",
"next": ">=14.2.10 <16.0.0",
Copy link

@nicholas-codecov nicholas-codecov Nov 14, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@suejung-sentry are we able to rollback to the prior implementation of peer deps declarations?

With these changes, we'd have to move from a patch to a major release as we're requiring users to update their version of next. If they don't, peer dep resolution would fail while they try to install the plugin.

Copy link
Contributor Author

@suejung-sentry suejung-sentry Nov 14, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yeah good point. I won't force that upon people & just fix in our examples / integration-tests instead to resolve the vulnerability - thanks!

@suejung-sentry suejung-sentry merged commit 6552110 into main Nov 15, 2024
62 checks passed
@suejung-sentry suejung-sentry deleted the sshin/chore/nextjs branch November 15, 2024 16:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@nicholas-codecov nicholas-codecov nicholas-codecov approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@suejung-sentry @nicholas-codecov