[Snyk] Upgrade eslint-config-next from 13.1.5 to 13.5.6

[abdulrahman305]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade eslint-config-next from 13.1.5 to 13.5.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 388 versions ahead of your current version.

• The recommended version was released on 8 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	375	No Known Exploit
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	375	Proof of Concept
	Template Injection SNYK-JS-DOMPURIFY-6474511	375	Proof of Concept
	Improper Encoding or Escaping of Output SNYK-JS-KATEX-6483831	375	No Known Exploit
	Incomplete List of Disallowed Inputs SNYK-JS-KATEX-6483834	375	No Known Exploit
	Unchecked Input for Loop Condition SNYK-JS-KATEX-6483835	375	No Known Exploit
	Unchecked Input for Loop Condition SNYK-JS-KATEX-6483836	375	No Known Exploit
	Improper Encoding or Escaping of Output SNYK-JS-KATEX-6483831	375	No Known Exploit
	Incomplete List of Disallowed Inputs SNYK-JS-KATEX-6483834	375	No Known Exploit
	Unchecked Input for Loop Condition SNYK-JS-KATEX-6483835	375	No Known Exploit

Release notes

Package name: eslint-config-next

• 13.5.6 - 2023-10-18
• 13.5.6-canary.8 - 2023-10-19
• 13.5.6-canary.7 - 2023-10-18
• 13.5.6-canary.6 - 2023-10-18
  

  Core Changes

  • fix typos: #56870
  • Update React from 09fbee89d to a41957507: #56970
  • Reland "feat(turbopack): support basic next/dynamic": #56934
  • Add @ mui/icons-material to the default optimizePackageImports list: #56801

  Credits

  Huge thanks to @ xiaolou86, @ ztanner, @ sokra, and @ shuding for helping!

• 13.5.6-canary.5 - 2023-10-17
  No content.
• 13.5.6-canary.4 - 2023-10-17
  

  Core Changes

  • Adding component to @ next/third-parties: #56106
  • Replace Promise.withResolvers polyfill with DetachedPromise: #56954
  • chore(next/image)!: mark onLoadingComplete as deprecated in favor of onLoad: #56944
  • chore: lower Node.js version requirement: #56943

  Misc Changes

  • chore: reduce fs-extra usage in scripts/: #56917
  • chore(test): set COREPACK_ENABLE_STRICT: 0 for create-next-app tests: #56955

  Credits

  Huge thanks to @ janicklas-ralph, @ wyattjoh, @ SukkaW, @ styfle, and @ balazsorban44 for helping!

• 13.5.6-canary.3 - 2023-10-17
  

  Core Changes

  • feat: set status code to 500 if unexpected error occurs before streaming in app router: #56236
  • cache: add unstable_noStore API: #56930

  Credits

  Huge thanks to @ dpnolte and @ feedthejim for helping!

• 13.5.6-canary.2 - 2023-10-17
  

  Core Changes

  • feat(env): upgrade dotenv: #38481
  • Update Babel dependencies: #51962
  • perf: fix tracing for routes: #56924
  • build: Update swc_core to v0.86.1: #56770

  Credits

  Huge thanks to @ JuanM04, @ Andarist, @ feedthejim, and @ kdy1 for helping!

• 13.5.6-canary.1 - 2023-10-16
  

  Core Changes

  • Update React from d900fadbf to 09fbee89d. Removes server context and experimental prefix for server action APIs: #56809

  Documentation Changes

  • Update 05-mdx.mdx . Fix key of the prop: #56883

  Credits

  Huge thanks to @ WhoAmIRUS and @ gnoff for helping!

• 13.5.6-canary.0 - 2023-10-16
  

  Core Changes

  • perf: fix server trace file logic : #56898
  • feat: drop Node.js 16: #56896

  Misc Changes

  • improve next-image-proxy test: #56893
  • chore(test): test remote image from proxy: #56895
  • ensure kodiak is re-added to apps list after code-freeze action: #56907

  Credits

  Huge thanks to @ ztanner, @ styfle, @ feedthejim, and @ balazsorban44 for helping!

• 13.5.5 - 2023-10-16
  

  Core Changes

  • Update parallelizing tasks with webpackBuildWorker config: #56287
  • Misc Typescript and export updates: #55841
  • chore: pass defineEnv from next.js to rust directly: #56216
  • Expose util internally for debugging: #56381
  • App Router - preinitialize chunks during SSR: #54752
  • fix: use fs.existsSync to avoid race condition: #56387
  • Ensure loader generated export default has name: #56388
  • Move Edge SSR event waitUntil into the handler: #56404
  • fix: avoid unnecessary existSync call: #56419
  • fix: avoid creation of buffers for read ops: #56421
  • fix empty externals list, pnpm special case, and project path: #56402
  • chore: extract edge-app-route loader template: #56424
  • Separate RSC and SSR jsx-runtime modules: #56438
  • Async Batcher: #56423
  • Fix cli log next.js color: #56448
  • Turbopack: Implement Server Actions: #53890
  • Component Module Types: #56454
  • refactor: rewrite config schema in zod: #56383
  • Dev Service: #56442
  • feat(turbopack): port next.js template loading logic: #56425
  • Chunking Refactor Step 1: #56467
  • Use native node:fs in taskfile.js: #56491
  • Loose RSC import restrictions for 3rd party packages: #56501
  • turbopack: Chunking Refactor Step 2 : #56504
  • update turbopack, fix sass peer dependency: #56508
  • Remove ServerDirectiveTransformer: #56496
  • Improve failed to fetch RSC error: #56517
  • misc: fix wrong next start start duration: #56512
  • turbopack: Extract as_chunk into shared ChunkType trait: #56506
  • Flatten recursive wildcard exports in barrel optimization: #56489
  • Turbopack + app router: always use externals for predefined packages: #56440
  • fix: log error cause: #56528
  • Unsilence Taskr Webpack errors: #56542
  • refactor: cleanup app render: #56538
  • fix: don't add isolateModules to tsconfig when extending from tsconfig with verbatimModuleSyntax: #54164
  • enable verbatimModuleSyntax to make type imports/exports explicit: #56551
  • Ensure react-server-dom-turbopack-experimental uses the right package: #56560
  • Fix build restart log: #56543
  • feat(turbopack): add support for edge app pages: #56426
  • Improve error handling of Server Actions with skewed deployment: #56618
  • misc: split app-render into smaller functions: #56611
  • remove unnecessary structuredClone: #56570
  • Fix trace ignore handling: #56674
  • fix(next-core): allow sass loader for foreign codes: #56679
  • Fix SSG query with experimental-compile: #56680
  • Ensure rewrites are included in build manifest when using Turbopack: #56692
  • fix static worker restart behavior: #56728
  • Improve internal waitUntil utility: #56720
  • Fix reconnection loop when devserver is offline: #56698
  • Fix ensurePage for client-side navigation to / in Turbopack: #56704
  • ci: add job summary to the test suite runs: #56742
  • Prefer module over main on main fields for app router server compiler: #56532
  • Check origins of Server Action requests: #56753
  • OpenTelemetry: ignore bubble errors to avoid spamming traces: #56625
  • fix(turbopack): always alias server-only and client-only: #56760
  • Utilize Promise.withResolvers: #56764
  • Revert "Prefer module over main on main fields for app router server compiler": #56766
  • Revalidate Type: #56763
  • Revert static worker refactor: #56767
  • memoize useParams: #56771
  • Turbopack: Chunking Refactoring: #56756
  • Chunking Refactoring followup fixes: #56789
  • put app code into a separate layer: #56800
  • fix: add x-forwarded-* headers: #56797
  • fix(turbopack): middleware path and aliases: #56804
  • Implement preferredRegion array in Turbopack: #56743
  • Fix build traces case: #56817
  • Revert "Drop ipc server headers filters (#56226)": #56836
  • Implement getOptimizedModuleAliases for Turbopack: #56839
  • chore: bump undici: #56851
  • bump: edge-runtime: #56856
  • feat(turbopack): support basic next/dynamic: #56389
  • Revert "feat(turbopack): support basic next/dynamic": #56885

  Documentation Changes

  • add digest property to error prop: #56339
  • Updates MDX docs: #56378
  • Update redirect.mdx: #56414
  • docs: add missing word: #56547
  • docs: update code snippet for correct file name: #56006
  • corrected sentence: #56595
  • clarify client components render on server on full page load: #55469
  • docs(router): clarify dynamic route slug is about a file name, not "folder": #56596
  • Update 01-contribution-guide.mdx: Fix a typo: #56665
  • fix(docs): adjust api route documentation examples: #56660
  • Updates Large Page Data error message doc to use JSON.parse to make reading output easier: #56713
  • Docs: Add missing description field: #56749
  • Changes codeblock filename delimiter: #56712
  • Update supported-browsers.mdx: #56815
  • docs: fix cypress script typo in 10-testing.mdx: #56765
  • Fix typo: #56863

  Example Changes

  • Maintenance: minor example dep bumps to fix moderate vulns: #56375
  • Update actions.ts: #56579
  • updated fauna fql v10: #56185
  • fix lint error from fauna example: #56719
  • chore(example): bump @ radix-ui/react-icons: #56452
  • fix: http2 example issue: #56768

  Misc Changes

  • Fix mjs import for Turbopack test: #56354
  • Add test case for the permalink option of useFormState: #56329
  • Fix code freeze disable handling: #56340
  • add cargo fmt to lint staged: #56430
  • fix: .../templates/*/app/layout.* import order: #56380
  • Update .node-version: #56460
  • Fix logging level in actions test: #56473
  • Remove app dir warning test: #56350
  • Use consistent name for App Router tests: #56352
  • Remove isTurbo check in custom-routes test: #56360
  • test: speed up isolated next instance test setup: #56525
  • Update rust-toolchain to nightly-2023-10-06: #56541
  • update test manifest: #56522
  • chore: bump pnpm to 8.9: #56649
  • fix: next dev with edge runtime on windows: #56502
  • invert test filtering logic to exclude known failing: #56663
  • (test only) Integration tests: remove flatMap polyfill: #56546
  • Use node:fs instead of fs-extra in .github...

[korbit-ai]

👋 I'm here to help you review your pull request. When you're ready for me to perform a review, you can comment anywhere on this pull request with this command: /korbit-review.

As a reminder, here are some helpful tips on how we can collaborate together:

• To have me re-scan your pull request, simply re-invoke the /korbit-review command in a new comment.
• You can interact with me by tagging @korbit-ai in any conversation in your pull requests.
• On any comment I make on your code, please leave a 👍 if it is helpful and a 👎 if it is unhelpful. This will help me learn and improve as we work together
• Lastly, to learn more, check out our Docs.

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codeautopilot]

PR summary

This Pull Request upgrades the eslint-config-next package from version 13.1.5 to 13.5.6. The purpose of this upgrade is to keep dependencies up-to-date, which helps in fixing existing vulnerabilities and quickly identifying and addressing newly disclosed vulnerabilities. The upgrade addresses several high and medium severity issues, including inefficient regular expression complexity, uncontrolled resource consumption, and various template injection vulnerabilities.

Suggestion

No specific suggestions for improvement. The upgrade is straightforward and addresses important security vulnerabilities, making it a necessary update.

Disclaimer: This comment was entirely generated using AI. Be aware that the information provided may be incorrect.

Current plan usage: 72.19%

Have feedback or need help?
Discord
Documentation
support@codeautopilot.com