[cli] Update "follow-redirects" to v1.15.9 to avoid security vulnerability report by trek · Pull Request #12771 · vercel/vercel

trek · 2024-12-17T20:21:59Z

The actual dependency used is http-proxy and it's latest release only require ^1.0.0 so we need to override ourselves.

…ty issues

changeset-bot · 2024-12-17T20:22:03Z

🦋 Changeset detected

Latest commit: b588a24

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
vercel	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

package.json

.changeset/great-fireants-matter.md

…solve-security-vulnerability

…ity-vulnerability' of github.com:vercel/vercel into trek/zero-2968-update-follow-redirects-to-resolve-security-vulnerability

…solve-security-vulnerability

This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @vercel/[email protected] ### Major Changes - Change getPathOverrideForPackageManager() to use detectedLockfile argument ([#12749](#12749)) ### Patch Changes - Refactor build-util usage to reuse detected lockfile ([#12749](#12749)) - add support for `images.qualities` ([#12792](#12792)) ## @vercel/[email protected] ### Minor Changes - moved methods to @vercel/functions ([#12758](#12758)) ## @vercel/[email protected] ### Minor Changes - Update default ignored folders from the zip output: ([#12807](#12807)) - nested `node_modules` - nested `.next` & `.nuxt` - `.git` & `.vercel` ### Patch Changes - Support VERCEL_IPC_PATH along with VERCEL_IPC_FD ([#12800](#12800)) ## [email protected] ### Patch Changes - Added root params support for pages powered by partial prerendering ([#12764](#12764)) - Update `@vercel/fun` to v1.1.2 ([#12791](#12791)) - Update "follow-redirects" to v1.15.9 to avoid security vulnerability report ([#12771](#12771)) - [deploy] make deploy --target case sensitive ([#12747](#12747)) - add support for `images.qualities` ([#12792](#12792)) - Updated dependencies \[[`79a7374cdd8e734f01ee1b9ad6662182b9090bc0`](79a7374), [`6150fbe18ef7fb4a6591a87a40c4452b2c9923ce`](6150fbe), [`7adf5367054bdd86e7ecb9791290fffeb756fcfb`](7adf536), [`7adf5367054bdd86e7ecb9791290fffeb756fcfb`](7adf536), [`c11c3553f30bf00501f7136cfb5fda9f9c4b4fb1`](c11c355), [`99a2899b9f3e1868752690f75bd1ca587f53ffdd`](99a2899), [`c31d0813fc9668859c81ec0002e502aa200eec95`](c31d081)]: - @vercel/[email protected] - @vercel/[email protected] - @vercel/[email protected] - @vercel/[email protected] - @vercel/[email protected] - @vercel/[email protected] - @vercel/[email protected] - @vercel/[email protected] ## @vercel/[email protected] ### Patch Changes - Updated dependencies \[[`7adf5367054bdd86e7ecb9791290fffeb756fcfb`](7adf536), [`7adf5367054bdd86e7ecb9791290fffeb756fcfb`](7adf536), [`c31d0813fc9668859c81ec0002e502aa200eec95`](c31d081)]: - @vercel/[email protected] ## @vercel/[email protected] ### Patch Changes - remove "next" in firewall to resolve vulnerability report ([#12688](#12688)) ## @vercel/[email protected] ### Patch Changes - Refactor build-util usage to reuse detected lockfile ([#12749](#12749)) ## @vercel/[email protected] ### Patch Changes - Updated dependencies \[[`7adf5367054bdd86e7ecb9791290fffeb756fcfb`](7adf536), [`7adf5367054bdd86e7ecb9791290fffeb756fcfb`](7adf536), [`c31d0813fc9668859c81ec0002e502aa200eec95`](c31d081)]: - @vercel/[email protected] ## @vercel/[email protected] ### Patch Changes - Refactor build-util usage to reuse detected lockfile ([#12749](#12749)) ## @vercel/[email protected] ### Patch Changes - Added root params support for pages powered by partial prerendering ([#12764](#12764)) - Fix next data route replacing ([#12782](#12782)) - Refactor build-util usage to reuse detected lockfile ([#12749](#12749)) - add support for `images.qualities` ([#12792](#12792)) ## @vercel/[email protected] ### Patch Changes - Updated dependencies \[[`7adf5367054bdd86e7ecb9791290fffeb756fcfb`](7adf536), [`7adf5367054bdd86e7ecb9791290fffeb756fcfb`](7adf536), [`c31d0813fc9668859c81ec0002e502aa200eec95`](c31d081)]: - @vercel/[email protected] ## @vercel/[email protected] ### Patch Changes - Refactor build-util usage to reuse detected lockfile ([#12749](#12749)) ## @vercel/[email protected] ### Patch Changes - Refactor build-util usage to reuse detected lockfile ([#12749](#12749)) ## @vercel/[email protected] ### Patch Changes - Refactor build-util usage to reuse detected lockfile ([#12749](#12749)) - Updated dependencies \[]: - @vercel/[email protected] ## @vercel-internals/[email protected] ### Patch Changes - Updated dependencies \[[`7adf5367054bdd86e7ecb9791290fffeb756fcfb`](7adf536), [`7adf5367054bdd86e7ecb9791290fffeb756fcfb`](7adf536), [`c31d0813fc9668859c81ec0002e502aa200eec95`](c31d081)]: - @vercel/[email protected]

This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @vercel/[email protected] ### Major Changes - Change getPathOverrideForPackageManager() to use detectedLockfile argument ([#12749](vercel/vercel#12749)) ### Patch Changes - Refactor build-util usage to reuse detected lockfile ([#12749](vercel/vercel#12749)) - add support for `images.qualities` ([#12792](vercel/vercel#12792)) ## @vercel/[email protected] ### Minor Changes - moved methods to @vercel/functions ([#12758](vercel/vercel#12758)) ## @vercel/[email protected] ### Minor Changes - Update default ignored folders from the zip output: ([#12807](vercel/vercel#12807)) - nested `node_modules` - nested `.next` & `.nuxt` - `.git` & `.vercel` ### Patch Changes - Support VERCEL_IPC_PATH along with VERCEL_IPC_FD ([#12800](vercel/vercel#12800)) ## [email protected] ### Patch Changes - Added root params support for pages powered by partial prerendering ([#12764](vercel/vercel#12764)) - Update `@vercel/fun` to v1.1.2 ([#12791](vercel/vercel#12791)) - Update "follow-redirects" to v1.15.9 to avoid security vulnerability report ([#12771](vercel/vercel#12771)) - [deploy] make deploy --target case sensitive ([#12747](vercel/vercel#12747)) - add support for `images.qualities` ([#12792](vercel/vercel#12792)) - Updated dependencies \[[`34d76cd266658c88a0726ae58ed06ccc97cf68c9`](vercel/vercel@34d76cd), [`0d49e1e7ec14ad189aca39c625f9e020193b35b5`](vercel/vercel@0d49e1e), [`f50f256535f8f7742cadee3c992a24aaeb2280c4`](vercel/vercel@f50f256), [`f50f256535f8f7742cadee3c992a24aaeb2280c4`](vercel/vercel@f50f256), [`9e11876f3c946324eaaa939f004b1b44bb142bc2`](vercel/vercel@9e11876), [`9f98b21e6fc9551f03e55d6c6f8b033da3a67a73`](vercel/vercel@9f98b21), [`181dc4b21d7f94eb074d52d7c3d06cdbedb98d13`](vercel/vercel@181dc4b)]: - @vercel/[email protected] - @vercel/[email protected] - @vercel/[email protected] - @vercel/[email protected] - @vercel/[email protected] - @vercel/[email protected] - @vercel/[email protected] - @vercel/[email protected] ## @vercel/[email protected] ### Patch Changes - Updated dependencies \[[`f50f256535f8f7742cadee3c992a24aaeb2280c4`](vercel/vercel@f50f256), [`f50f256535f8f7742cadee3c992a24aaeb2280c4`](vercel/vercel@f50f256), [`181dc4b21d7f94eb074d52d7c3d06cdbedb98d13`](vercel/vercel@181dc4b)]: - @vercel/[email protected] ## @vercel/[email protected] ### Patch Changes - remove "next" in firewall to resolve vulnerability report ([#12688](vercel/vercel#12688)) ## @vercel/[email protected] ### Patch Changes - Refactor build-util usage to reuse detected lockfile ([#12749](vercel/vercel#12749)) ## @vercel/[email protected] ### Patch Changes - Updated dependencies \[[`f50f256535f8f7742cadee3c992a24aaeb2280c4`](vercel/vercel@f50f256), [`f50f256535f8f7742cadee3c992a24aaeb2280c4`](vercel/vercel@f50f256), [`181dc4b21d7f94eb074d52d7c3d06cdbedb98d13`](vercel/vercel@181dc4b)]: - @vercel/[email protected] ## @vercel/[email protected] ### Patch Changes - Refactor build-util usage to reuse detected lockfile ([#12749](vercel/vercel#12749)) ## @vercel/[email protected] ### Patch Changes - Added root params support for pages powered by partial prerendering ([#12764](vercel/vercel#12764)) - Fix next data route replacing ([#12782](vercel/vercel#12782)) - Refactor build-util usage to reuse detected lockfile ([#12749](vercel/vercel#12749)) - add support for `images.qualities` ([#12792](vercel/vercel#12792)) ## @vercel/[email protected] ### Patch Changes - Updated dependencies \[[`f50f256535f8f7742cadee3c992a24aaeb2280c4`](vercel/vercel@f50f256), [`f50f256535f8f7742cadee3c992a24aaeb2280c4`](vercel/vercel@f50f256), [`181dc4b21d7f94eb074d52d7c3d06cdbedb98d13`](vercel/vercel@181dc4b)]: - @vercel/[email protected] ## @vercel/[email protected] ### Patch Changes - Refactor build-util usage to reuse detected lockfile ([#12749](vercel/vercel#12749)) ## @vercel/[email protected] ### Patch Changes - Refactor build-util usage to reuse detected lockfile ([#12749](vercel/vercel#12749)) ## @vercel/[email protected] ### Patch Changes - Refactor build-util usage to reuse detected lockfile ([#12749](vercel/vercel#12749)) - Updated dependencies \[]: - @vercel/[email protected] ## @vercel-internals/[email protected] ### Patch Changes - Updated dependencies \[[`f50f256535f8f7742cadee3c992a24aaeb2280c4`](vercel/vercel@f50f256), [`f50f256535f8f7742cadee3c992a24aaeb2280c4`](vercel/vercel@f50f256), [`181dc4b21d7f94eb074d52d7c3d06cdbedb98d13`](vercel/vercel@181dc4b)]: - @vercel/[email protected]

[cli] overrides "follow-redirects" to at least 1.15.6 to avoid securi…

32ac17c

…ty issues

trek changed the title ~~[cli] overrides "follow-redirects" to at least 1.15.6 to avoid securi…~~ [cli] overrides "follow-redirects" to at least 1.15.6 to avoid security issue Dec 17, 2024

vercel bot deployed to Preview December 17, 2024 20:23 View deployment

Create great-fireants-matter.md

91029d9

vercel bot deployed to Preview December 17, 2024 20:24 View deployment

trek marked this pull request as ready for review December 17, 2024 21:14

trek requested review from EndangeredMassa, TooTallNate, erikareads, jeffsee55 and onsclom as code owners December 17, 2024 21:14

trek enabled auto-merge December 17, 2024 21:14

TooTallNate requested changes Dec 17, 2024

View reviewed changes

package.json Outdated Show resolved Hide resolved

vercel bot deployed to Preview December 17, 2024 21:28 View deployment

Just update lockfile

2f03901

trek force-pushed the trek/zero-2968-update-follow-redirects-to-resolve-security-vulnerability branch from caa6d11 to 2f03901 Compare December 17, 2024 21:30

trek requested a review from TooTallNate December 17, 2024 21:31

vercel bot deployed to Preview December 17, 2024 21:32 View deployment

TooTallNate reviewed Dec 17, 2024

View reviewed changes

.changeset/great-fireants-matter.md Outdated Show resolved Hide resolved

Update .changeset/great-fireants-matter.md

aa21b00

TooTallNate changed the title ~~[cli] overrides "follow-redirects" to at least 1.15.6 to avoid security issue~~ [cli] Update "follow-redirects" to v1.15.9 to avoid security vulnerability report Dec 17, 2024

TooTallNate previously approved these changes Dec 17, 2024

View reviewed changes

vercel bot deployed to Preview December 17, 2024 21:41 View deployment

onsclom previously approved these changes Dec 17, 2024

View reviewed changes

trek added this pull request to the merge queue Dec 17, 2024

github-merge-queue bot removed this pull request from the merge queue due to a conflict with the base branch Dec 17, 2024

trek added 2 commits December 18, 2024 07:07

Merge branch 'main' into trek/zero-2968-update-follow-redirects-to-re…

09c316c

…solve-security-vulnerability

Merge branch 'trek/zero-2968-update-follow-redirects-to-resolve-secur…

22988ff

…ity-vulnerability' of github.com:vercel/vercel into trek/zero-2968-update-follow-redirects-to-resolve-security-vulnerability

trek dismissed onsclom’s stale review via 22988ff December 18, 2024 13:08

trek dismissed TooTallNate’s stale review via 22988ff December 18, 2024 13:08

trek requested review from TooTallNate and onsclom December 18, 2024 13:08

vercel bot deployed to Preview December 18, 2024 13:09 View deployment

Merge branch 'main' into trek/zero-2968-update-follow-redirects-to-re…

b588a24

…solve-security-vulnerability

vercel bot deployed to Preview December 18, 2024 14:53 View deployment

trek merged commit 9dcbc95 into main Dec 18, 2024

trek deleted the trek/zero-2968-update-follow-redirects-to-resolve-security-vulnerability branch December 18, 2024 15:41

vercel-release-bot mentioned this pull request Dec 18, 2024

Version Packages #12776

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[cli] Update "follow-redirects" to v1.15.9 to avoid security vulnerability report#12771

[cli] Update "follow-redirects" to v1.15.9 to avoid security vulnerability report#12771
trek merged 7 commits intomainfrom
trek/zero-2968-update-follow-redirects-to-resolve-security-vulnerability

trek commented Dec 17, 2024 •

edited by TooTallNate

Loading

Uh oh!

changeset-bot bot commented Dec 17, 2024 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

trek commented Dec 17, 2024 • edited by TooTallNate Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

changeset-bot bot commented Dec 17, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🦋 Changeset detected

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

trek commented Dec 17, 2024 •

edited by TooTallNate

Loading

changeset-bot bot commented Dec 17, 2024 •

edited

Loading