fix(deps): update dependency next to v14 [security]

[live-github-bot]

This PR contains the following updates:

Package	Type	Update	Change
next (source)	dependencies	major	13.4.19 -> 14.1.1
next (source)	dependencies	major	13.5.6 -> 14.1.1

GitHub Vulnerability Alerts

CVE-2024-34350

Impact

Inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions.

For a request to be exploitable, the affected route also had to be making use of the rewrites feature in Next.js.

Patches

The vulnerability is resolved in Next.js 13.5.1 and newer. This includes Next.js 14.x.

Workarounds

There are no official workarounds for this vulnerability. We recommend that you upgrade to a safe version.

References

https://portswigger.net/web-security/request-smuggling/advanced/response-queue-poisoning

CVE-2024-34351

Impact

A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the Host header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.

Prerequisites

• Next.js (<14.1.1) is running in a self-hosted* manner.
• The Next.js application makes use of Server Actions.
• The Server Action performs a redirect to a relative path which starts with a /.

* Many hosting providers (including Vercel) route requests based on the Host header, so we do not believe that this vulnerability affects any Next.js applications where routing is done in this manner.

Patches

This vulnerability was patched in #​62561 and fixed in Next.js 14.1.1.

Workarounds

There are no official workarounds for this vulnerability. We recommend upgrading to Next.js 14.1.1.

Credit

Vercel and the Next.js team thank Assetnote for responsibly disclosing this issue to us, and for working with us to verify the fix. Thanks to:

Adam Kues - Assetnote
Shubham Shah - Assetnote

CVE-2023-46298

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets.

---

Release Notes

vercel/next.js (next)

v14.1.1

Compare Source

Note: this is a backport release for critical bug fixes -- this does not include all pending features/changes on canary

Core Changes

• Should not warn metadataBase missing if only absolute urls are present: https://github.com/vercel/next.js/pull/61898
• Fix trailing slash for canonical url: https://github.com/vercel/next.js/pull/62109
• Fix metadata json manifest convention: https://github.com/vercel/next.js/pull/62615
• Improve the Server Actions SWC transform: https://github.com/vercel/next.js/pull/61001
• Fix Server Reference being double registered: https://github.com/vercel/next.js/pull/61244
• Improve the Server Actions SWC transform (part 2): https://github.com/vercel/next.js/pull/62052
• Fix module-level Server Action creation with closure-closed values: https://github.com/vercel/next.js/pull/62437
• Fix draft mode invariant: https://github.com/vercel/next.js/pull/62121
• fix: babel usage with next/image: https://github.com/vercel/next.js/pull/61835
• Fix next/server api alias for ESM pkg: https://github.com/vercel/next.js/pull/61721
• Replace image optimizer IPC call with request handler: https://github.com/vercel/next.js/pull/61471
• chore: refactor image optimization to separate external/internal urls: https://github.com/vercel/next.js/pull/61172
• fix(image): warn when animated image is missing unoptimized prop: https://github.com/vercel/next.js/pull/61045
• fix(build-output): show stack during CSR bailout warning: https://github.com/vercel/next.js/pull/62594
• Fix extra swc optimizer applied to node_modules in browser layer: https://github.com/vercel/next.js/pull/62051
• fix(next-swc): Detect exports.foo from cjs_finder: https://github.com/vercel/next.js/pull/61795
• Fix attempted import error for react: https://github.com/vercel/next.js/pull/61791
• Add stack trace to client rendering bailout error: https://github.com/vercel/next.js/pull/61200
• fix router crash on revalidate + popstate: https://github.com/vercel/next.js/pull/62383
• fix loading issue when navigating to page with async metadata: https://github.com/vercel/next.js/pull/61687
• revert changes to process default routes at build: https://github.com/vercel/next.js/pull/61241
• fix parallel route top-level catch-all normalization logic to support nested explicit (non-catchall) slot routes: https://github.com/vercel/next.js/pull/60776
• Improve redirection handling: https://github.com/vercel/next.js/pull/62561
• Simplify node/edge server chunking some: https://github.com/vercel/next.js/pull/62424

Credits

Huge thanks to @​huozhi, @​shuding, @​Ethan-Arrowood, @​styfle, @​ijjk, @​ztanner, @​balazsorban44, @​kdy1, and @​williamli for helping!

v14.1.0

Compare Source

Core Changes

• Turbopack: switch to a single client components entrypoint: #​59352
• Update swc_core to v0.86.98 and turbopack: #​59393
• Fix cases for the optimize_server_react transform: #​59390
• Use new JSX transform: #​56294
• loading.tsx should have no effect on partial rendering when PPR is enabled: #​59196
• Update font data: #​59426
• Remove CacheNode.status field: #​59472
• Rename CacheNode.data → .lazyData : #​59473
• Generate Params Cleanup: #​59431
• Fix webpack chunks handling in traces: #​59498
• Rename CacheNode.subTreeData -> .rsc : #​59491
• fix NODE_OPTIONS=inspect: #​59530
• Add CacheNode.prefetchRsc field: #​59537
• allow passing wildcard domains in serverActions.allowedDomains: #​59428
• Page Info Cleanup: #​59430
• Fix force-static and fetch no-store cases: #​59549
• Should not show no index for client rendering bailout: #​59531
• Enable build worker by default: #​59405
• Fork navigateReducer into PPR and non-PPR versions: #​59538
• cleanup magic segment strings: #​59552
• chore: update Turbopack: #​59589
• Fix another magic segment string constant: #​59591
• Make CacheNodeSeedData match FlightRouterState more closely: #​59590
• transpilePackages should override default settings for external packages: #​59385
• move segment constants to separate file: #​59587
• Revert "Page Info Cleanup (#​59430)": #​59592
• Fix useOptimistic in server components bug. Add tests for invalid React server APIs: #​59621
• Partial Pre Rendering Headers: #​59447
• Add tests for invalid React server APIs: #​59622
• Refactor setup-dev-bundler to make Turbopack/Webpack split clearer: #​59650
• refactor and simplify app dynamic components: #​59658
• Change manifestPath to pagesManifestPath: #​59657
• Fix issue with outputFileTracingExcludes and pages/api edge runtime: #​59157
• Update font data: #​59722
• Remove path normalization logic when uploading .next/trace traces: #​59305
• LayoutRouter: Support segment value of Promise to asynchronously bail out and trigger a server patch: #​59724
• fix: Allow start turbopack dev server for a project using middleware: #​59759
• fix: gracefully shutdown server: #​59551
• Revert "fix: gracefully shutdown server (#​59551)": #​59792
• Optionally bundle legacy react-dom/server APIs based on usage: #​59737
• fix default handling in route groups that handle interception: #​59752
• Transpile all code on app browser layer: #​59569
• Initial implementation of PPR client navigations: #​59725
• fix(turbopack): prevent edge entrypoint from becoming an async module: #​59818
• Ensure we validate revalidate configs properly: #​59822
• Update error check in validateRevalidate: #​59826
• Rename confusing loaders: #​59827
• Upgrade og dependencies: #​59541
• [PPR Navs] Bugfix: Dynamic data never streams in if prefetch entry is stale: #​59833
• fix parallel catch-all route normalization: #​59791
• fix router prefetch cache key to work with route interception: #​59861
• Alias nextjs api entry to esm version for app router: #​59852
• Remove duplicate standalone check: #​60085
• Remove return on void function: #​60087
• Ensure NextBuildContext is only used during build: #​60099
• Add PageExtensions type: #​60108
• Ensure instrumentation file does not affect middleware count: #​60102
• Use WebpackError type instead of any: #​60105
• Remove root parameter: #​60112
• Remove extra duplicate pages warning: #​60113
• Add MappedPages type: #​60106
• Always call createPagesMapping for root paths: #​60107
• Fix path issues on linux machines when build created on windows: #​60116
• fix: Fix wrong cjs detection of auto-cjs pass: #​60118
• chore: update Copyright time from 2023 to 2024: #​60071
• Filter out duplicate paths in build output: #​59858
• chore: align webpack config node version: #​59862
• gracefully handle client router segment mismatches: #​60141
• Fix start build log being overwritten by logs from page: #​60122
• Allow using ESM pkg with custom incremental cache: #​59863
• Fix emitting ESM swc helpers for 3rd parties CJS libs in bundle: #​60169
• Move cacheDir logic to getCacheDir: #​60133
• Refactor to unify writeFile, readFile, and add readManifest: #​60137
• chore: bump @vercel/nft@0.26.2: #​60172
• fix: <Script> with beforeInteractive strategy ignores additional attributes in App Router: #​59779
• Fix invalid comment: #​60182
• Refactor: Separate RSC renderer from SSR wrapping component: #​59676
• fix: cache next font during development to avoid FOUC: #​60175
• Add writeManifest: #​60138
• Add writePrerenderManifest: #​60158
• Add writeStandaloneDirectory: #​60162
• Always write FunctionsConfigManifest: #​60163
• Upgrade @​vercel/og: #​60205
• Improve consistency of issues and diagnostics for napi calls: #​60198
• Change server actions cache default to no-store: #​60170
• Allow undefined environment variables in config: #​58247
• Add writeFullyStaticExport: #​60200
• fix: Mark file as ESM if it has an export from auto-cjs pass: #​60216
• log a dev warning when a missing parallel slot results in a 404: #​60186
• Fix: Throw an error for empty array return in generateStaticParams with output:export: #​57053
• Ensure appPathsManifest variable is inside if block: #​60210
• Remove NEXT_TURBO_FILTER_PAGES internal variable: #​60217
• fix: add node-web-audio-api to server-external-packages.json: #​60243
• Disable 2mb limit for custom incrementalCacheHandler: #​59976
• [PPR Nav] Fix: Page data should always be applied: #​60242
• Add writeImagesManifest: #​60209
• feat(next-core): apply rsc transform in turbopack: #​59629
• Move buildId logic to getBuildId: #​60132
• fix catch-all route normalization for default parallel routes: #​60240
• micro fix of the cache limit check: #​60249
• parallel routes: fix @​children slots: #​60288
• Bump webpack-bundle-analyzer: #​58442
• docs: Add docs for next dev --experimental-https: #​60357
• Update React from 0cdfef1 to f1039be: #​60368
• Simplify if condition: #​60250
• Fix dynamic sitemap detection: #​60356
• chore(font): enable minification: #​60319
• chore(precompile): remove obsolete precompiled assets : #​60316
• refactor: simplify the call in lib.picocolors: #​60386
• chore(precompile): re-add watchpack to the precompile: #​60309
• refactor(dev-overlay): remove chalk: #​60317
• Fix: HMR in multi-zone handling 🌱: #​59471
• HMR development stats: include updatedModules for App Router and Turbopack changes: #​59785
• Change color of output bundle size: #​60385
• Fix TypeError when using params in RootLayout with parallel routes: #​60401
• Fix missing source code display for some jsx errors: #​60390
• Refactor unstable_cache implementation: #​60403
• Missing Postpone Detection Fix: #​59891
• refactor(next/core): reorganize next.js custom transforms for next-swc/turbopack: #​60400
• Fix custom cache handler importing on windows: #​60312
• Display original failed fetch trace: #​60274
• feat(app-router): introduce experimental.missingSuspenseWithCSRBailout flag: #​57642
• update turbopack: #​60208
• update turbopack: #​60478
• feat(turbopack): support named client references properly: #​59578
• Fix intercepted segments with basepath: #​60485
• parallel routes: fix client reference manifest grouping for catch-all segments: #​60482
• Group small chunks in shared js section of output: #​60479
• filter default segments from prerender manifest: #​60499
• Add experimental options for more parallelization in webpack builds: #​60177
• move custom allocator flag and add rustls-tls comment: #​60128
• fix: redirect logic missing basePath in App Render: #​60184
• Revert "feat(app-router): introduce experimental.missingSuspenseWithCSRBailout flag": #​60508
• add retry logic to loadClientReferenceManifest: #​56518
• Turbopack hmr: record forwarded client spans: #​60500
• chore(turbopack): check for unsupported next config options instead of supported ones: #​58781
• Handle non server action post requests safely: #​60526
• Fix global-error for nested routes: #​60539
• chore(examples): use default prettier for examples/templates: #​60530
• Update default error rate for client filter: #​60542
• Enable windowHistorySupport by default: #​60557
• Fix logging order of build jobs: #​60564
• propagate notFound errors past a segment's error boundary: #​60567
• Tracing: attach Turbopack session value to root span: #​60576
• [PPR Nav] Fix flash of loading state during back/forward: #​60578
• Fix react-refresh for transpiled packages: #​60563
• Ensure client filter with basePath is correct: #​60580
• Update React from f1039be to 60a927d: #​60619
• Add cache reason for using fetch with noStore: #​60630
• chore: remove unused export: #​60647
• remove next build turbopack version: #​60655
• fix breakpoints on reload: #​60507
• Fix hmr updates with rebuilding for build errors: #​60676
• graceful shutdown: #​60059
• refactor(next-swc): remove unused crashreporter: #​60593
• chore(eslint-plugin-next): upgrade glob dependency: #​60732
• Fix client reference keys of barrel-optimized files: #​60685
• Fix recursive ignoring case in build traces: #​60740
• Telemetry: allow disabling of fetch tracing: #​60588
• chore: typo, responseCookes to responseCookies: #​60654
• Telemetry code load: #​60594
• allow to pass available chunk items when creating a chunk group: #​60554
• separate chunking per layout parts: #​60569
• feat(next-core): port remaining next.js custom transforms: #​60498
• Reapply "feat(app-router): introduce experimental.missingSuspenseWithCSRBailout flag" (#​60508): #​60751
• Skip postcss config location resolving in node_modules: #​60697
• apply page transforms only on pages: #​60779
• fix layout segment key to match up with manifest: #​60783
• Fix locale domain public files check: #​60749
• Stabilize custom cache handlers and changing memory size.: #​57953
• feat: stabilize unstable_getImgProps() => getImageProps(): #​60739
• Fix Server Actions compiler bug: #​60794
• Dev Server: Preserve globals overwrites in the initialization hook: #​60796
• add missing function call to normalize-catchall-routes test case: #​60777
• Use snapshots for component-stack tests: #​60768
• Support next/og usage in ESM nextjs app: #​60818
• fix(ts): auto-complete next/headers: #​60817
• Remove the warning for build worker when custom webpack present: #​60820
• chore(deps): update browserslist and caniuse-lite: #​60827
• feat: support custom image loaders in turbopack: #​60736
• Ensure request specific caches for revalidate are reset: #​60810
• Add metrics names for unstable_cache: #​60802
• Fix: respect init.cache if fetch input is request instance: #​60821
• Revert "Fix: Throw an error for empty array return in generateStaticParams with output:export": #​60831
• turbopack: rename custom cache handler configs: #​60828
• dx: warn the deprecated cache configs are used: #​60836
• Enable missing suspense bailout by default: #​60840

Documentation Changes

• Docs: Update Server Actions Docs: #​59080
• Docs: Polish Server Actions Page 💅🏼 : #​59400
• Update 10-route-handlers.mdx: #​59443
• docs: remove broken link: #​59487
• Docs: Add App Router Testing Guides and update /examples: #​59268
• docs: fix bad closed tag: #​59575
• Fix closing tags for jest docs: #​59579
• Docs: Fix formatting in testing docs and update examples dependencies: #​59572
• Docs: Add missing closing tag: #​59581
• Docs: Review and update getServerSideProps page: #​59545
• docs: add note for environment variables on Vercel deployment: #​59237
• docs(accessibility): updates WCAG version to 2.2: #​59646
• docs: small tweaks: #​59638
• docs: fix broken backtick for link: #​59717
• Docs: Document generateSitemaps: #​59626
• Docs: Polish testing section: #​59618
• docs: improve docs around geolocation and IP headers: #​59719
• Docs: Review and Typo Fix - getServerSideProps: #​59616
• docs: fix vitest example link in testing with vitest: #​59659
• docs: fix grammar issue in 03-get-server-side-props.mdx: #​59670
• Includes section to @next/third-parties documentation for Google Analytics: #​59671
• Change file extension to .tsx: #​59763
• docs: clarify data fetching pattern: #​59602
• change 'themeColor' to 'viewport' in the viewport section: #​59764
• docs: add missing comma to sitemap.mdx: #​59788
• Chore docs fix runon and definition of trailing slash redirect: #​59889
• Minor grammar edits: #​59887
• Introduce cache version history in cache API: #​59799
• docs: correct type in sitemap.mdx: #​59787
• chore(docs): Remove typesafe-i18n from thrid-party i18n options: #​59624
• docs: Add Chakra UI setup guide: #​59275
• Update not-found.mdx: #​59478
• Updates references for styled-components configuration in next.config.js: #​59495
• Update 05-mdx.mdx: #​57988
• Mention remark-mdx-frontmatter in frontmatter docs: #​59238
• Docs: Rename React Query to TanStack Query: #​59004
• Add cwd to VSCode debugging setup steps: #​58689
• [Docs]: fix tiny typo: #​59897
• [docs] Add sensible name for Cookie deleting functions: #​57893
• Update generate-viewport.mdx: #​57701
• Update opengraph-image.mdx: #​57810
• [docs] Update example links.: #​57891
• docs: clarify setting and reading cookies from Route Handlers: #​59915
• docs: add Sirv loader for next/image: #​57102
• docs: fix prettier lint: #​59918
• docs: Add media example for icon metadata: #​56141
• Fix typo in generate-sitemaps.mdx docs: #​59964
• Update 02-server-actions-and-mutations.mdx: #​59935
• Update 08-parallel-routes.mdx: #​59966
• Updates "No Before Interactive" error message for App router: #​56033
• docs: Update Middleware docs on ignoring prefetches: #​56799
• docs: add note that contentlayer is unmaintained: #​59927
• docs: small changes to linking docs: #​59982
• docs: opengraph / twitter image needs absolute URL: #​59985
• docs: fix typo for useFormState: #​60010
• docs: clarify using redirect with client components: #​60056
• Update documentation to reflect added support for 'userScalable' field in 'viewport': #​60033
• docs: Add section for CSP without nonces: #​60067
• docs: update install count: #​60072
• docs: fix version history order in sitemap.mdx: #​60054
• docs: clarify generateStaticParams and dynamicParams: #​60083
• docs: update maxDuration info: #​60086
• docs: ⌘+Enter for forms: #​60090
• Clarify measurement ID in Optimizing: Third Party Libraries: #​60136
• Update 03-css-in-js.mdx : fix typo: #​60114
• docs: small wording fix for 03-linking-and-navigating.mdx: #​60089
• Docs: If revalidatePath's path has dynamic segment path, type must be page.: #​59149
• docs: improve grammar: #​60149
• Fix config code in the CSS-in-JS chapter: #​60164
• Updating example with required content type in header: #​59990
• Adds a section to Optimizing: Third Party Libraries on tracking pageviews for Google Analytics: #​60176
• Update route-segment-config.mdx: #​60179
• docs: Fix typo on generate-sitemaps.mdx: #​60188
• small correction in 11-middleware.mdx: #​60189
• docs(trailingSlashes): add note for SSG generation: #​57628
• docs: fix typos and broken links in the image.mdx: #​60221
• Docs: Fix revalidate type annotation: #​60230
• Update 02-server-actions-and-mutations.mdx: #​60222
• fix(docs): add missing docs on external packages: #​60244
• Docs: Add "Going to production" page for App Router: #​59304
• Docs: Update compression docs: #​60264
• Docs: Clarify useSearchParams behavior: #​60257
• Docs: Add more clarification about compress : #​60268
• Clarify searchParams is not passed to Layouts: #​60277
• docs(testing): add bun command to running your tests section: #​60281
• chore(docs): add section for Custom Type Declarations: #​60282
• docs: small corrections to bundle analyzer docs: #​60285
• docs: typo fix in compression page: #​60318
• docs: add example of webhooks with App Router: #​60276
• docs: add optional catch-all segments typescript example: #​60237
• Update use-search-params.mdx: #​55357
• docs: address a few open issues: #​60329
• docs: next/head: Document error cases with head/body-tags; add subheadings: #​56412
• Fix bundle analyzer NPM package name in documentation: #​60339
• [doc] Update 03-linking-and-navigating.mdx: #​60345
• add missing types: #​60346
• docs: update docs for remotePatterns to mention what happens when prop is omitted: #​60387
• Docs: Update note on @next/third-parties being experimental: #​60372
• chore(docs): fix 14 upgrade guide mentioning export: #​60429
• chore(docs/errors): Improve documentation grammar: #​60452
• Docs: Address Community Feedback: #​60476
• for #​59178 - addition to robots.mdx - Customize user-agent rules: #​60361
• Docs: Document windowHistorySupport flag, and add pushState/replaceState examples: #​60374
• docs: correct windowHistorySupport title: #​60503
• chore: correct subject-verb conjugation in Client Components doc: #​60538
• Add "Redirecting" page in the Routing section: #​60435
• docs: small fix in Redirecting page: #​60583
• fix(mdx): update word order, fix typo: #​60466
• Add documentation for client router filter: #​60585
• docs: Update Google Analytics error doc: #​60612
• docs: remove Next 13 mention for App Router: #​60632
• Fix Typo in Testing Documentation Description: #​60601
• chore: remove duplicate package name: #​60652
• chore(docs): add docs for .svg unoptimized behavior: #​60735
• add authentication docs page: #​60388
• chore(docs): fix example documentation for Art Direction: #​60823
• docs: add build worker optout error back with upgrade advice: #​60826
• Docs: Use JS comment for MDX: #​60825
• Fix error from the auth docs.: #​60829

Example Changes

• Updates the with-vitest example. Unlocks the tests passing with server-only usage: #​58902
• Add text-wrap: balance to CNA template for card descriptions: #​59384
• fix: Invalid next version tag name in with-cypress example: #​59647
• Fix: Add matcher for middleware: #​59651
• examples: Add new NextAuth.js example: #​56914
• examples: add required env vars to auth example.: #​59901
• examples: update Redis to App Router: #​59311
• examples: remove broken deploy button: #​58794
• examples: progressive enhancement for Redis example: #​59937
• Update .env.local.example of with-firebase example: #​59954
• Upgrade with-algolia-react-instantsearch example to latest major version and use app router: #​59961
• Rename .env.local.example to .env.example: #​59984
• Update Convex Example: #​59789
• examples: Update next-forms example: #​60052
• chore(cms-contentfu): fix contentful instructions: #​60050
• examples: improve typings for i18n app dir: #​60160
• chore(examples): migrate image-component example to App Router: #​60289
• fix(#​58695): improve zustand example: #​58696
• examples: add allow-unauthenticated option to cloud run deploy: #​58792
• fixed import path in with-jest template.: #​60332
• chore(examples): fix image-component example viewsource paths, shimmer page filename: #​60451
• Update cache-handler-redis example dependencies: #​59458
• examples: Update hello world: #​60502
• chore: Fix typo s/desireable/desirable/: #​60518
• chore: Fix multiple typos: #​60531
• examples: Update redis example with useOptimistic: #​60596
• Update README.md: #​60595
• chore(example): update storybook: #​60737

Misc Changes

• Revert "Skip latest commit check for stable release": #​59401
• ci(workflow): restore publish wasm binary: #​59414
• ci: only run release commit check on canary releases: #​59423
• test(runner): preserve browser tracing if test fails: #​59469
• Adding Google analytics to next/third-parties: #​58418
• ci(test): upload playwright artifacts seperately: #​59496
• fix integration test workflow: #​59508
• Fix third party typings: #​59503
• test(fixture): try to include sources in the snapshot: #​59499
• chore: bump typescript-eslint to 6.14: #​59514
• Update Deployment Testing: #​59448
• fix(playwright): teardown when global quit force terminates browser: #​59548
• chore(create-next-app): bump prompts to v2.4.2: #​59006
• types: cover the tests with root tsconfig.json: #​59550
• Fix test/tsconfig.json alias for internal test utils: #​59570
• test(integration): adjust fixture to work with turbopack: #​59595
• Add test for importing client components from server actions: #​59615
• chore: extends from shared base tsconfig: #​59776
• Update Turbopack test manifest: #​59798
• Fix CI: Skip test in PPR dev mode, too: #​59817
• Add unstable_cache validate test case: #​59828
• Update swc_core to v0.87.10: #​59834
• chore: add github bug report item type module resolution: #​60121
• chore: add myself to created-by: Next.js team: #​60144
• chore: include required Next.js stages to issue template: #​60142
• searchParameters test for PPR: #​59678
• Getting rid of a few TypeScript anys.: #​60017
• fix responsiveness in starter templates: #​60140
• fix(generators): update errors gen: #​60233
• chore: test against latest sharp: #​60226
• style: enforce prop immutability in new next app: #​58845
• Update flakey test from port re-use: #​60291
• chore: update pnpm to the latest (v8.14.0): #​60295
• docs: update broken link in UPGRADING.md: #​60342
• Update Turbopack test manifest: #​60306
• Update Turbopack test manifest: #​60371
• Update swc_core to v0.87.16: #​60192
• Add replay.io test suite dependencies: #​60381
• chore: update turbo to the latest: #​60294
• Update Turbopack test manifest: #​60413
• Update testing contributor guide: #​60421
• chore: skip flaky turbopack navigation test: #​60431
• ci: skip cron workflows on forks: #​60422
• Add reproduction for HMR moving / renaming files.: #​57230
• add tests for incremental-cache: #​60331
• chore: fix postinstall when using tarball: #​60443
• test: use replay jest runner to add current test name to recording: #​60438
• misc: Skip cron workflows on forks: #​60487
• Handle pages double render for useParams in tests: #​60486
• Transition some check calls in tests to retry: #​60489
• Use next.config.mjs for CNA templates: #​60494
• Update Turbopack test manifest: #​60504
• run tests from test suite that are not listed in the manifest: #​58401
• Add --ci to jest tests in CI: #​60432
• Ensure aliased variable is used in test: #​60428
• Update Turbopack test manifest: #​60506
• Skip webpack loader test in Turbopack: #​60509
• Revert "Skip webpack loader test in Turbopack": #​60513
• Revert "Revert "Skip webpack loader test in Turbopack"": #​60514
• Remove unused target: es5 from tsconfig.json in create-next-app: #​60521
• refactor(cna): make create-next-app even smaller and faster: #​58030
• Expand hydration error test to check recovery: #​60423
• chore: update pull_request_approved workflow: #​60537
• chore: add issue_popular workflow: #​60543
• Update Turbopack test manifest: #​60553
• chore: update next-repo-info actions: #​60559
• chore(git): add .git-blame-ignore-revs: #​60582
• chore: remove pr_approved workflow & update popular_issues workflow: #​60584
• test(fixture): update assertion for turbopack: #​60579
• Remove duplicate pages -> app test: #​60589
• Update flakey dev middleware test: #​60590
• Add hasRedbox fix: #​60522
• Turbopack test updates: #​60662
• Remove normalizeSnapshot as it is no longer used: #​60664
• Stabilize flakey edge-module-error test: #​60728
• Update module-layer test for Turbopack: #​60707
• chore: bump nissuer: #​60706
• test(fixture): update assertion for turbopack: #​60750
• Update developing.md to include "Install Rust and Cargo" as 1st step: #​60761
• Fix tests exit race condition: #​60757
• Update ReactRefreshRegression test snapshot for Turbopack: #​60767

Credits

Huge thanks to @​delbaoliveira, @​OlehDutchenko, @​sokra, @​huozhi, @​shuding, @​kwonoj, @​ztanner, @​eps1lon, @​acdlite, @​ebidel, @​leerob, @​janicklas-ralph, @​wyattjoh, @​ijjk, @​JohnPhamous, @​chentsulin, @​akawalsky, @​BlankParticle, @​timneutkens, @​ForsakenHarmony, @​dvoytenko, @​smaeda-ks, @​kenji-webdev, @​rv-david, @​icyJoseph, @​dijonmusters, @​A7med3bdulBaset, @​jenewland1999, @​mknichel, @​kdy1, @​housseindjirdeh, @​max-programming, @​redbmk, @​SSakibHossain10, @​jamesmillerburgess, @​minaelee, @​officialrajdeepsingh, @​LorisSigrist, @​yesl-kim, @​StevenKamwaza, @​manovotny, @​mcexit, @​remcohaszing, [@​ryo

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
ledger-live-docs	❌ Failed (Inspect)			May 20, 2024 10:13pm
web-tools	❌ Failed (Inspect)			May 20, 2024 10:13pm

3 Ignored Deployments

Name	Status	Preview	Comments	Updated (UTC)
ledger-live-github-bot	⬜️ Ignored (Inspect)	Visit Preview		May 20, 2024 10:13pm
native-ui-storybook	⬜️ Ignored (Inspect)	Visit Preview		May 20, 2024 10:13pm
react-ui-storybook	⬜️ Ignored (Inspect)	Visit Preview		May 20, 2024 10:13pm

[gre]

i don't really know if we want to keep this "docs" project (is there really just 2 dummy page on this docs ?) but as far as i'm concerned the PR is good to go but needs a coin integration check now

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/next@14.1.1	environment, filesystem, network, shell, unsafe	+9	90 MB	vercel-release-bot

🚮 Removed packages: npm/next@13.4.19, npm/next@13.5.6

View full report↗︎