Skip to content

Bump next from 14.2.14 to 14.2.23#38

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/next-14.2.23
Open

Bump next from 14.2.14 to 14.2.23#38
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/next-14.2.23

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jan 23, 2025

Bumps next from 14.2.14 to 14.2.23.

Release notes

Sourced from next's releases.

v14.2.23

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • backport: force module format for virtual client-proxy (#74590)
  • Backport: Use provided waitUntil for pending revalidates (#74573)
  • Feature: next/image: add support for images.qualities in next.config (#74500)

Credits

Huge thanks to @​styfle, @​ijjk and @​lubieowoce for helping!

v14.2.22

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Retry manifest file loading only in dev mode: #73900
  • Ensure workers are cleaned up: #71564
  • Use shared worker for lint & typecheck steps: #74154

Credits

Huge thanks to @​unstubbable, @​ijjk, and @​ztanner for helping!

v14.2.21

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Misc Changes

Credits

Huge thanks to @​unstubbable, @​ztanner, and @​styfle for helping!

v14.2.20

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Credits

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump next from 14.2.14 to 14.2.23
755fc63 
Bumps [next](https://github.com/vercel/next.js) from 14.2.14 to 14.2.23.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.14...v14.2.23)

---
updated-dependencies:
- dependency-name: next
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jan 23, 2025
@dependabot dependabot Bot mentioned this pull request Jan 23, 2025
Closed
@codara-ai-code-review
Copy link
Copy Markdown

codara-ai-code-review Bot commented Jan 23, 2025

Potential issues, bugs, and flaws that can introduce unwanted behavior:

  1. /package-lock.json - Various dependencies have been updated to new major versions without evaluating if breaking changes might affect the application (e.g., fumadocs-core, fumadocs-mdx, shiki, etc.). Consider reviewing the changelogs of these libraries to assess impact.
  2. /package-lock.json - The dependency next was upgraded from 14.2.14 to 14.2.23. While minor patch upgrades typically do not introduce breaking changes, dependencies should be tested after this upgrade to ensure compatibility.
  3. /package-lock.json - Multiple instances of installed packages (like nanoid) are specified at different versions in both the root and within nested dependencies. This could lead to version conflicts or unexpected behavior if the version being used is not what is expected. This is particularly relevant for libraries that may have different behavior between versions.
  4. /package-lock.json - The significant number of updates could potentially lead to compatibility issues. It's important to verify that the application still functions correctly with these updates, as changes in dependencies can sometimes introduce deprecations or changes in behavior.

Code suggestions and improvements for better exception handling, logic, standardization, and consistency:

  1. /package.json - It would be prudent to use "^" for critical dependencies such as next, react, and react-dom to maintain compatibility with future patch updates, rather than locking them to specific versions.
  2. /package.json - Consider defining a range for nanoid in the package.json (e.g., "nanoid": "^5.0.9"), which allows for minor updates while preventing major breaking changes automatically being included.
  3. /package-lock.json - Make use of npm ci in CI pipelines to ensure consistent environments are recreated based on the lock file, rather than relying on npm install, which may introduce unwanted dependency updates.
  4. /package-lock.json - Regularly audit your dependencies and ensure that unused dependencies are removed to decrease security risks and improve maintainability. Use npm prune to help keep your dependency tree clean.
  5. /package-lock.json - Review the updates on changelogs for major dependencies and ensure those items are noted in the project change logs for transparency—especially if any behavioral changes could impact other contributors working on the codebase.
  6. /package-lock.json - It’s best practice to run your test suite after updating dependencies to catch any issues early related to the upgrades. Consider integrating automated tests into your own CI/CD process if you haven't already.
  7. /package-lock.json - Consider using a tool like npm-check-updates to help manage and visualize updates across your package.json more effectively.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants