• 8545fd1 v12.1.0
• 1605f30 v12.0.11-canary.21
• 69aedbd Fix typo (#34480)
• f0f322c Remove deprecation for relative URL usage in middlewares (#34461)
• d4d79b2 Fix chunk buffering for server components (#34474)
• 74fa4d4 update webpack (#34477)
• b70397e Revert "Allow reading request bodies in middlewares (#34294)" (#34479)
• 4202011 Update font-optimization test snapshot (#34478)
• 1edd851 Allow reading request bodies in middlewares (#34294)
• ba78437 fix: don't wrap profile in firebase example (#34457)
• Additional commits viewable in compare view

This version was pushed to npm by vercel-release-bot, a new releaser for next since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from next's releases.

v11.1.3

See https://github.com/vercel/next.js/releases/v12.0.5 for details about this patch.

v11.1.3-canary.105

Core Changes

• Update swc-minify-enabled link: #30290
• Fix middleware header propagation: #30288
• Move outputFileTracing config up: #30295
• Track usage of swc features: #30297
• Ensure null bytes in resolved path are handled: #30313
• Improve deprecation errors for new middleware API: #30316

Documentation Changes

• Add more docs.: #30320

Example Changes

• Update image component example to use AVIF: #30294

Credits

Huge thanks to @​ijjk, @​styfle, @​padmaia, @​javivelasco, and @​leerob for helping!

v11.1.3-canary.104

Misc Changes

• Add necessary workflow job dependencies: #30291

v11.1.3-canary.103

Core Changes

• Warn when mutating res if not streaming: #30284
• Chore/publish all swc: #30289

Credits

Huge thanks to @​kara for helping!

v11.1.3-canary.102

Core Changes

• Add warning when LCP image is missing priority prop: #30221
• New Middleware API signature: #30282
• Fix trace case with tsconfig/jsconfig baseUrl: #30286

Documentation Changes

... (truncated)

• ec1a0f7 v11.1.3
• 4dc9bba Add no-verify-access for lerna
• e314019 use correct token
• 1a40e71 fix lint
• b01acc1 Update branch name to next-11
• 66de88d Use next-11 tag
• 303bc0f Allow publishing on v11-patch branch
• f59c82b Enable GitHub actions for v11-patch branch
• 4888713 Ensure invalid URLs respond with 400 correctly
• 97456e8 v11.1.2
• Additional commits viewable in compare view

This version was pushed to npm by vercel-release-bot, a new releaser for next since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from next's releases.

v11.1.0

A security team from one of our partners noticed an issue in Next.js that allowed for an open redirect to occur.

Specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site.

In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain.

We recommend upgrading to the latest version of Next.js to improve the overall security of your application.

How to Upgrade

• We have released patch versions for both the stable and canary channels of Next.js.
• To upgrade run npm install next@latest --save

Impact

• Affected: Users of Next.js between 10.0.5 and 10.2.0
• Affected: Users of Next.js between 11.0.0 and 11.0.1 using pages/_error.js without getInitialProps
• Affected: Users of Next.js between 11.0.0 and 11.0.1 using pages/_error.js and next export
• Not affected: Deployments on Vercel (vercel.com) are not affected
• Not affected: Deployments with pages/404.js

We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.

How to Assess Impact

If you think sensitive code or data could have been exposed, you can filter logs of affected sites by // (double slash at the start of the url) followed by a domain.

What is Being Done

As Next.js has grown in popularity and usage by enterprises, it has received the attention of security researchers and auditors. We are thankful to Gabriel Benmergui from Robinhood for their investigation and discovery of the original bug and subsequent responsible disclosure.

We've landed a patch that ensures path parsing is handled properly for these paths so that the open redirect can no longer occur.

Regression tests for this attack were added to the security integration test suite

• We have notified known Next.js users in advance of this publication.
• A public CVE was released.
• We encourage responsible disclosure of future reports. Please email us at [email protected]. We are actively monitoring this mailbox.

---

Release notes

Core Changes

• Don't test image domains in test env: #26502
• Fix props not updating when changing the locale and keeping hash: #26205
• Allow user to override next-image-loader: #26548
• Add logging when a custom babelrc is loaded: #26570

... (truncated)

• ce4adfc v11.1.0
• 092a476 v11.0.2-canary.31
• ebb6a30 Revert "Add warning during next build when sharp is missing (#27933)"
• 52486ce v11.0.2-canary.30
• 8ac3254 Revert "Next swc publish flow (#27932)"
• 6014b6e v11.0.2-canary.29
• 4cd45aa Add rootDir setting to eslint-plugin-next (#27918)
• e61ea6f Add manifest check step and add missing items (#27934)
• 94fc6f0 Next swc publish flow (#27932)
• 51a2a02 Add warning during next build when sharp is missing (#27933)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from browserslist's changelog.

4.16.6

• Fixed npm-shrinkwrap.json support in --update-db (by Geoff Newman).

4.16.5

• Fixed unsafe RegExp (by Yeting Li).

4.16.4

• Fixed unsafe RegExp.
• Added artifactory support to --update-db (by Ittai Baratz).

4.16.3

• Fixed --update-db.

4.16.2

• Fixed --update-db (by @​ialarmedalien).

4.16.1

• Fixed Chrome 4 with mobileToDesktop (by Aron Woost).

4.16

• Add browserslist config query.

4.15

• Add TypeScript types (by Dmitry Semigradsky).

4.14.7

• Fixed Yarn Workspaces support to --update-db (by Fausto Núñez Alberro).
• Added browser changes to --update-db (by @​AleksandrSl).
• Added color output to --update-db.
• Updated package.funding to have link to our Open Collective.

4.14.6

• Fixed Yarn support in --update-db (by Ivan Storck).
• Fixed npm 7 support in --update-db.

4.14.5

• Fixed last 2 electron versions query (by Sergey Melyukov).

4.14.4

• Fixed Unknown version 59 of op_mob error.

4.14.3

• Update Firefox ESR.

4.14.2

• Fixed --update-db on Windows (by James Ross).
• Improved --update-db output.

4.14.1

• Added --update-db explanation (by Justin Zelinsky).

... (truncated)

• 6fe3614 Release 4.16.6 version
• 33ebac9 Update dependencies
• 2128170 Add support for npm-shrinkwrap files alongside package-lock (#595)
• 7cc2aed Release 4.16.5 version
• 27e4afd Update dependencies
• 1013a18 Fix version RegExp
• b879a1a Use Node.js 16 on CI
• bd1e9e0 Fix ReDoS (#593)
• 209adf9 Release 4.16.4 version
• 3e2ae3b Fix types
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from y18n's changelog.

Change Log

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

5.0.5 (2020-10-25)

Bug Fixes

• address prototype pollution issue (#108) (a9ac604)

5.0.4 (2020-10-16)

Bug Fixes

• exports: node 13.0 and 13.1 require the dotted object form with a string fallback (#105) (4f85d80)

5.0.3 (2020-10-16)

Bug Fixes

• exports: node 13.0-13.6 require a string fallback (#103) (e39921e)

5.0.2 (2020-10-01)

Bug Fixes

• deno: update types for deno ^1.4.0 (#100) (3834d9a)

5.0.1 (2020-09-05)

Bug Fixes

• main had old index path (#98) (124f7b0)

5.0.0 (2020-09-05)

⚠ BREAKING CHANGES

• exports maps are now used, which modifies import behavior.
• drops Node 6 and 4. begin following Node.js LTS schedule (#89)

Features

• add support for ESM and Deno #95) (4d7ae94)

... (truncated)

• See full diff in compare view

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from next's releases.

v13.0.2

Core Changes

• Hybrid App Hooks Support: #41767
• Add sqlite3 to the default list of server externals: #42294
• Improve the error message when custom export fields are used in an entry: #42221
• Add preload for layouts / components: #41519
• Add mongodb to default server externals: #42313
• refactor(next/turbo): consolidate turbo devserver logic: #42315
• [middleware] add tests for body reading methods #37980: #41718
• Handle dynamic css-in-js styles under suspense: #42293
• Fix page folder being wrongly resolved as page file: #42348
• Update dev process exit handling: #42367
• Ensure edge runtime doesn't propagate cache on fetch as Cloudflare doesn't support it.: #42362
• Add prisma to the external package list: #42323
• Local font family name: #42286
• useSelectedLayoutSegment at the current level: #42299
• Stop writing window specific paths in vscode configuration: #42338
• Ensure Undici is enabled for appDir in all cases: #42382
• fix: usage of wasm in an appDir page file using the edge runtime: #41689
• feat(next/mdx): support experimental mdx-rs loader: #41919
• Fix CSS modules imports not collected due to race conditions: #42392
• Fix entry creation on Windows: #42421
• Mock @​next/font when using next/jest: #42413
• Avoid breaking useRouter() type change: #42430
• Do not strip loader arg in dynamic for server components: #42426
• Clarify app and pages file conflicting files: #42415
• Change usePathname to return string | null: #42380
• Fix undici warning showing unexpectedly: #42444
• Remove static generation bail-out from usePathname: #42440

Documentation Changes

• docs(script): explain expected next/script behavior on client-side navigation: #42260
• Add path for information in cookie setting: #42146
• Update wording to remove beta FUD and keep evergreen: #42337
• update font optimization page: #42266
• Fix broken link on the upgrading guide: #42340
• Fix typo: docs/api-reference/next/font.md: #42344
• Update getting-started.md: #42353
• Fix typo in usage of onError in script.md: #42368
• Fix negative lookahead example in middleware.md: #42320
• Update customizing-postcss-config.md: #42331
• update middleware cookies example: #42341
• Fix Docs API Reference font.md broken link: #42418
• fixed missing <Link /> keyword: #42422
• Fix docs for next/image upgrade guide: #42424
• Revert font-optimization.md syntax: #42403
• Fix invalid markdown lang: #42442

... (truncated)

• 2f9efb1 v13.0.2
• 3cb0c29 v13.0.2-canary.3
• eb0d9f5 Remove static generation bail-out from usePathname (#42440)
• c0a8c88 Fix undici warning showing unexpectedly (#42444)
• 0eed107 Fix invalid markdown lang (#42442)
• 1f55ba3 Change usePathname to return string | null (#42380)
• e74de1a Clarify app and pages file conflicting files (#42415)
• 21b6654 Do not strip loader arg in dynamic for server components (#42426)
• 152f51c Avoid breaking useRouter() type change (#42430)
• 8fa78a5 Google fonts single request (#42406)
• Additional commits viewable in compare view

This version was pushed to npm by vercel-release-bot, a new releaser for next since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from next's releases.

v12.3.1

Core Changes

• Update react-server-dom-webpack: #40356
• Fix flight manifest to include all chunks: #40365
• docs: fix typos: #40342
• Fix page url for edge routes in app dir: #40361
• Subresource Integrity for App Directory: #39729
• Stop build warning about experimental: { esmExternals: 'loose' }: #40377
• Add template and error file types: #39808
• Bump styled-jsx for showing displayName: #40411
• fix(#40388): next/dynamic should only add default loading without suspense: #40397
• Add missing trace for full reload event: #40393
• feat(ts): expose AppType: #40391
• Update dev watcher to ignore more accurately: #40412
• Add failing case for location throw: #40445
• Drop legacy RSC handling in client for pages: #40472
• fix: eslint no-script-component-in-head error url: #40422
• chore: Update swc: #40292
• feat(edge): allows configuring Dynamic code execution guard: #39539
• Rename allowDynamic to unstable_allowDynamic: #40496
• Don't execute prefetches for bot user agents: #40435
• Update semver of eslint-plugin-react: #40246
• Clean up startTransition in Link: #40505
• docs(README): next.js logo with dark mode: #40223
• Passing down original sourcemap for flight client loader: #40508
• next/script: make onLoad concurrent rendering resilient: #40191
• chore: Update swc: #40520
• Add missing feature in next-swc: #40550
• Mask Flight Parameters from Middleware: #39939
• Unwrap promise with experimental_use: #40575
• fix(next/router): Prevent query delete in routing when next.config basePath option is truthy: #40566
• fix(image): handle image imports with high aspect ratio: #40563
• fix: loosen webpack compilation with fallbackNodePolyfills: false: #40612
• Adding experimentalAdjustFallback feature to font optimization: #40185
• fix: handle notFound: true in / with next export: #40592
• refactor: split up CONTRIBUTING.md: #40515
• Implement SWC transformer for server and client graphs: #40603
• Fix edge wasm handling during deploy: #40625
• Client directive: #40415
• Remove internal client next api detection: #40646
• Attach module trace for RSC related errors: #40652
• Use createFromFetch instead of createFromReadableStream to fetch Flight: #40656
• Change Flight response content type to application/octet-stream: #40665
• Send web vitals to Vercel analytics in app: #40669
• Refactor fetchServerResponse: #40674
• Port page and layout level API assertions to SWC transform: #40653
• Ensure smooth scroll is disabled for navigation in new and existing router: #40642
• Upgrade to latest React experimental: #40672
• Refine error messages: #40661

... (truncated)

• 980095d v12.3.1
• 4901fc7 v12.3.1-canary.5
• a03cdc6 docs(examples): fix error connection handling (#40633)
• 5a50a99 Drop legacy RSC server and client extension (#40692)
• 35098a1 v12.3.1-canary.4
• 7f9fe8c chore: Refactor active-class-name example (#40670)
• 24b20dd chore: Migrate with-prefetching example to typescript (#40671)
• 6279dba Avoid direct React client API imports in the server graph (#40686)
• aed2dc0 Add handling for static generation in app (#40561)
• 4a53582 fix(image): preload should respect crossOrigin (#40676)
• Additional commits viewable in compare view

This version was pushed to npm by vercel-release-bot, a new releaser for next since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from jest's releases.

v29.0.3

Features

• [@jest/environment, jest-runtime] Allow passing a generic type argument to jest.createMockFromModule<T>() method (#13202)
• [expect] Expose ExpectationResult type (#13240)
• [jest-snapshot] Expose Context type (#13240)
• [@jest/globals] Add jest.Mock type helper (#13235)

Fixes

• [jest-core] Capture execError during TestScheduler.scheduleTests and dispatch to reporters (#13203)
• [jest-resolve] Make sure to resolve module paths after looking at exports (#13242)
• [jest-resolve] Improve error on module not found deep in the require stack (#8704)
• [jest-snapshot] Fix typings of snapshot matchers (#13240)

Chore & Maintenance

• [*] Fix inconsistent workspace prefixes (#13217)
• [jest-haste-map] Expose a minimal public API to TypeScript (#13023)

New Contributors

• @​iamWing made their first contribution in facebook/jest#13191
• @​shinxi made their first contribution in facebook/jest#12930
• @​bmish made their first contribution in facebook/jest#13217
• @​maschwenk made their first contribution in facebook/jest#13226

Full Changelog: https://github.com/facebook/jest/compare/v29.0.2...v29.0.3

v29.0.2

Features

• [jest-transform] Expose TransformFactory type (#13184)

Fixes

• [babel-plugin-jest-hoist] Support imported jest in mock factory (#13188)
• [jest-mock] Align the behavior and return type of generateFromMetadata method (#13207)
• [jest-runtime] Support jest.resetModules() with ESM (#13211)

New Contributors

• @​momokid made their first contribution in facebook/jest#13194

Full Changelog: https://github.com/facebook/jest/compare/v29.0.1...v29.0.2

v29.0.1

Fixes

• [jest-snapshot] Pass snapshotFormat through when diffing snapshots (#13181)

Full Changelog: https://github.com/facebook/jest/compare/v29.0.0...v29.0.1

... (truncated)

Sourced from jest's changelog.

29.0.3

Features

• [@jest/environment, jest-runtime] Allow passing a generic type argument to jest.createMockFromModule<T>() method (#13202)
• [expect] Expose ExpectationResult type (#13240)
• [jest-snapshot] Expose Context type (#13240)
• [@jest/globals] Add jest.Mock type helper (#13235)

Fixes

• [jest-core] Capture execError during TestScheduler.scheduleTests and dispatch to reporters (#13203)
• [jest-resolve] Make sure to resolve module paths after looking at exports (#13242)
• [jest-resolve] Improve error on module not found deep in the require stack (#8704)
• [jest-snapshot] Fix typings of snapshot matchers (#13240)

Chore & Maintenance

• [*] Fix inconsistent workspace prefixes (#13217)
• [jest-haste-map] Expose a minimal public API to TypeScript (#13023)

29.0.2

Features

• [jest-transform] Expose TransformFactory type (#13184)

Fixes

• [babel-plugin-jest-hoist] Support imported jest in mock factory (#13188)
• [jest-mock] Align the behavior and return type of generateFromMetadata method (#13207)
• [jest-runtime] Support jest.resetModules() with ESM (#13211)

29.0.1

Fixes

• [jest-snapshot] Pass snapshotFormat through when diffing snapshots (#13181)

29.0.0

Features

• [expect] [BREAKING] Differentiate between MatcherContext MatcherUtils and MatcherState types (#13141)
• [jest-circus] Add support for test.failing.each (#13142)
• [jest-config] [BREAKING] Make snapshotFormat default to escapeString: false and printBasicPrototype: false (#13036)
• [jest-config] [BREAKING] Remove undocumented collectCoverageOnlyFrom option (#13156)
• [jest-environment-jsdom] [BREAKING] Upgrade to jsdom@20 (#13037, #13058)
• [@jest/globals] Add jest.Mocked, jest.MockedClass, jest.MockedFunction and jest.MockedObject utility types (#12727)
• [jest-mock] [BREAKING] Refactor Mocked* utility types. MaybeMockedDeep and MaybeMocked became Mocked and MockedShallow respectively; only deep mocked variants of MockedClass, MockedFunction and MockedObject are exported (#13123, #13124)

... (truncated)

• 77f865d v29.0.3
• 616fcf5 v29.0.2
• 132e815 chore: update to TypeScript 4.8 (#13177)
• b959a3d v29.0.1
• 86de0cb chore: update jest-runner-tsd (#13179)
• 75006e4 v29.0.0
• 4def94b v29.0.0-alpha.6
• 63e506b v29.0.0-alpha.5
• 98a833b v29.0.0-alpha.4
• 0998187 v29.0.0-alpha.3
• Additional commits viewable in compare view

This version was pushed to npm by simenb, a new releaser for jest since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.