profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/codepen/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
CodePen codepen West Coast, East Coast and Sunshine Coast https://codepen.io The best place to build, test, and discover front-end code.

codepen/InfiniteLoopBuster 47

Using Esprima to stop infinite loops before they happen.

codepen/PrefillPen 10

POST data to CodePen.io to prefill code in a new Pen

codepen/burner-email-providers 7

A list of temporary email providers

codepen/CodeMirror-6-Needs 5

An exploration of CodeMirror 6 to integrate everything CodePen needs to use it in the future.

codepen/vscode 5

Visual Studio Code

codepen/ohmyzsh 1

🙃 A delightful community-driven (with 1700+ contributors) framework for managing your zsh configuration. Includes 200+ optional plugins (rails, git, OSX, hub, capistrano, brew, ant, php, python, etc), over 140 themes to spice up your morning, and an auto-update tool so that makes it easy to keep up with the latest updates from the community.

codepen/filestack-ruby 0

Official Ruby SDK for Filestack - API and content management system that makes it easy to add powerful file uploading and transformation capabilities to any web or mobile application.

codepen/less.js 0

Less. The dynamic stylesheet language.

fork ThitiratCnkts-com/InfiniteLoopBuster

Using Esprima to stop infinite loops before they happen.

fork in 8 days

pull request commentcodepen/CodeMirror-6-Needs

Bump tar from 4.4.13 to 4.4.19

👷 Deploy Preview for objective-blackwell-d4efc9 processing.

🔨 Explore the source changes: 92782d2585dadf2e03c76b001e7d57129a14edf4

🔍 Inspect the deploy log: https://app.netlify.com/sites/objective-blackwell-d4efc9/deploys/6131434c9b94d000070ce7ba

dependabot[bot]

comment created time in 14 days

delete branch codepen/CodeMirror-6-Needs

delete branch : dependabot/npm_and_yarn/tar-4.4.15

delete time in 14 days

PR closed codepen/CodeMirror-6-Needs

Bump tar from 4.4.13 to 4.4.15 dependencies

Bumps tar from 4.4.13 to 4.4.15. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/node-tar/commit/843c897e6844f70a34bb115df6c8a9b60112aaf5"><code>843c897</code></a> 4.4.15</li> <li><a href="https://github.com/npm/node-tar/commit/46fe35083e2676e31c4e0a81639dce6da7aaa356"><code>46fe350</code></a> Remove paths from dirCache when no longer dirs</li> <li><a href="https://github.com/npm/node-tar/commit/df3aa4d10253a886be82519acb901b446ca3feeb"><code>df3aa4d</code></a> 4.4.14</li> <li><a href="https://github.com/npm/node-tar/commit/6d2801396fbad917ab8332ec8e91ff3d15bc22c6"><code>6d28013</code></a> add publishConfig tag</li> <li><a href="https://github.com/npm/node-tar/commit/efc6bb0dbd54df8c7285d7aac12bba959b8387a6"><code>efc6bb0</code></a> fix: strip absolute paths more comprehensively</li> <li>See full diff in <a href="https://github.com/npm/node-tar/compare/v4.4.13...v4.4.15">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+106 -28

2 comments

2 changed files

dependabot[bot]

pr closed time in 14 days

pull request commentcodepen/CodeMirror-6-Needs

Bump tar from 4.4.13 to 4.4.15

Superseded by #5.

dependabot[bot]

comment created time in 14 days

create barnchcodepen/CodeMirror-6-Needs

branch : dependabot/npm_and_yarn/tar-4.4.19

created branch time in 14 days

PR opened codepen/CodeMirror-6-Needs

Bump tar from 4.4.13 to 4.4.19

Bumps tar from 4.4.13 to 4.4.19. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/node-tar/commit/9a6faa017ca90538840f3ae2ccdb4550ac3f4dcf"><code>9a6faa0</code></a> 4.4.19</li> <li><a href="https://github.com/npm/node-tar/commit/70ef812593184cc54ea1bc74c5dae2d22995002d"><code>70ef812</code></a> drop dirCache for symlink on all platforms</li> <li><a href="https://github.com/npm/node-tar/commit/3e35515c09da615ac268254bed85fe43ee71e2f0"><code>3e35515</code></a> 4.4.18</li> <li><a href="https://github.com/npm/node-tar/commit/52b09e309bcae0c741a7eb79a17ef36e7828b946"><code>52b09e3</code></a> fix: prevent path escape using drive-relative paths</li> <li><a href="https://github.com/npm/node-tar/commit/bb93ba243746f705092905da1955ac3b0509ba1e"><code>bb93ba2</code></a> fix: reserve paths properly for unicode, windows</li> <li><a href="https://github.com/npm/node-tar/commit/2f1bca027286c23e110b8dfc7efc10756fa3db5a"><code>2f1bca0</code></a> fix: prune dirCache properly for unicode, windows</li> <li><a href="https://github.com/npm/node-tar/commit/9bf70a8cf725c3af5fe2270f1e5d2e06d1559b93"><code>9bf70a8</code></a> 4.4.17</li> <li><a href="https://github.com/npm/node-tar/commit/6aafff0a8621ba9509b63654bde28762be373d58"><code>6aafff0</code></a> fix: skip extract if linkpath is stripped entirely</li> <li><a href="https://github.com/npm/node-tar/commit/5c5059a69c2aaaedfe4e9766e102ae9fb79e8255"><code>5c5059a</code></a> fix: reserve paths case-insensitively</li> <li><a href="https://github.com/npm/node-tar/commit/fd6accba697070560f301604b8f5f7e2995a2a8b"><code>fd6accb</code></a> 4.4.16</li> <li>Additional commits viewable in <a href="https://github.com/npm/node-tar/compare/v4.4.13...v4.4.19">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+135 -50

0 comment

2 changed files

pr created time in 14 days

push eventcodepen/less.js

Stephen Shaw

commit sha 153186b52c10dd4436b84f272ff2d335808624d0

Private Package

view details

push time in 15 days

pull request commentcodepen/CodeMirror-6-Needs

Bump next from 11.0.1 to 11.1.1

👷 Deploy Preview for objective-blackwell-d4efc9 processing.

🔨 Explore the source changes: 41bf83089f63f8bc9e74bc9ded33a497a6caa705

🔍 Inspect the deploy log: https://app.netlify.com/sites/objective-blackwell-d4efc9/deploys/612fdc6c3f68c20008769f47

dependabot[bot]

comment created time in 15 days

delete branch codepen/CodeMirror-6-Needs

delete branch : dependabot/npm_and_yarn/next-11.1.0

delete time in 15 days

PR closed codepen/CodeMirror-6-Needs

Bump next from 11.0.1 to 11.1.0 dependencies

Bumps next from 11.0.1 to 11.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v11.1.0</h2> <p>A security team from one of our partners noticed an issue in Next.js that allowed for an open redirect to occur.</p> <p>Specially encoded paths could be used when <code>pages/_error.js</code> was statically generated allowing an open redirect to occur to an external site.</p> <p>In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain.</p> <p>We recommend upgrading to the latest version of Next.js to improve the overall security of your application.</p> <h2>How to Upgrade</h2> <ul> <li>We have released patch versions for both the stable and canary channels of Next.js.</li> <li>To upgrade run <code>npm install next@latest --save</code></li> </ul> <h2>Impact</h2> <ul> <li><strong>Affected:</strong> Users of Next.js between 10.0.5 and 10.2.0</li> <li><strong>Affected:</strong> Users of Next.js between 11.0.0 and 11.0.1 using <code>pages/_error.js</code> without <code>getInitialProps</code></li> <li><strong>Affected:</strong> Users of Next.js between 11.0.0 and 11.0.1 using <code>pages/_error.js</code> and <code>next export</code></li> <li><strong>Not affected</strong>: Deployments on Vercel (<a href="https://vercel.com">vercel.com</a>) are not affected</li> <li><strong>Not affected:</strong> Deployments <strong>with</strong> <code>pages/404.js</code></li> </ul> <p>We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.</p> <h3>How to Assess Impact</h3> <p>If you think sensitive code or data could have been exposed, you can filter logs of affected sites by <code>//</code> (double slash at the start of the url) followed by a domain.</p> <h2>What is Being Done</h2> <p>As Next.js has grown in popularity and usage by enterprises, it has received the attention of security researchers and auditors. We are thankful to Gabriel Benmergui from Robinhood for their investigation and discovery of the original bug and subsequent responsible disclosure.</p> <p>We've landed a patch that ensures path parsing is handled properly for these paths so that the open redirect can no longer occur.</p> <p>Regression tests for this attack were added to the <a href="https://github.com/zeit/next.js/blob/canary/test/integration/production/test/security.js">security</a> integration test suite</p> <ul> <li>We have notified known Next.js users in advance of this publication.</li> <li>A public CVE was released.</li> <li>We encourage responsible disclosure of future reports. Please email us at <code>security@vercel.com</code>. We are actively monitoring this mailbox.</li> </ul> <hr /> <h2>Release notes</h2> <h3>Core Changes</h3> <ul> <li>Don't test image domains in test env: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/26502">#26502</a></li> <li>Fix props not updating when changing the locale and keeping hash: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/26205">#26205</a></li> <li>Allow user to override next-image-loader: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/26548">#26548</a></li> <li>Add logging when a custom babelrc is loaded: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/26570">#26570</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/ce4adfc02d3532e2c62ed8088660df1655e66278"><code>ce4adfc</code></a> v11.1.0</li> <li><a href="https://github.com/vercel/next.js/commit/092a476feb0d479d5a1d078e2e1f78ef93f092c2"><code>092a476</code></a> v11.0.2-canary.31</li> <li><a href="https://github.com/vercel/next.js/commit/ebb6a303700df09b83ebe49f23b7641c9573377c"><code>ebb6a30</code></a> Revert "Add warning during <code>next build</code> when sharp is missing (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27933">#27933</a>)"</li> <li><a href="https://github.com/vercel/next.js/commit/52486ceccf59ca05f2f9d3ee428813cddaa85654"><code>52486ce</code></a> v11.0.2-canary.30</li> <li><a href="https://github.com/vercel/next.js/commit/8ac3254d25725ccc171c6879f7dfc649cdb946bd"><code>8ac3254</code></a> Revert "Next swc publish flow (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27932">#27932</a>)"</li> <li><a href="https://github.com/vercel/next.js/commit/6014b6e0f82bd29b57e148bf0e6f404784297d27"><code>6014b6e</code></a> v11.0.2-canary.29</li> <li><a href="https://github.com/vercel/next.js/commit/4cd45aabcffc5adeb339703bb8c14e3069ba3de8"><code>4cd45aa</code></a> Add rootDir setting to eslint-plugin-next (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27918">#27918</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/e61ea6f27b7bf34b00ffd3f59f2326b3bbbdfa48"><code>e61ea6f</code></a> Add manifest check step and add missing items (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27934">#27934</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/94fc6f0832a81ab68b393a8d45f42493429d04ee"><code>94fc6f0</code></a> Next swc publish flow (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27932">#27932</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/51a2a028ddcc321aac4744b777df2b4e96511b83"><code>51a2a02</code></a> Add warning during <code>next build</code> when sharp is missing (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27933">#27933</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vercel/next.js/compare/v11.0.1...v11.1.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+384 -181

2 comments

3 changed files

dependabot[bot]

pr closed time in 15 days

pull request commentcodepen/CodeMirror-6-Needs

Bump next from 11.0.1 to 11.1.0

Superseded by #4.

dependabot[bot]

comment created time in 15 days

create barnchcodepen/CodeMirror-6-Needs

branch : dependabot/npm_and_yarn/next-11.1.1

created branch time in 15 days

PR opened codepen/CodeMirror-6-Needs

Bump next from 11.0.1 to 11.1.1

Bumps next from 11.0.1 to 11.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v11.1.1</h2> <h3>Core Changes</h3> <ul> <li>Next.js swc publish flow: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27984">#27984</a></li> <li>Ensure config file message is only shown once: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28017">#28017</a></li> <li>Add missing fields to <code>NextConfig</code> type: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27974">#27974</a></li> <li>use a shared worker pool for collecting page data and static page generation: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27924">#27924</a></li> <li>Use <a href="https://github.com/next"><code>@​next</code></a> scope for native packages: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28046">#28046</a></li> <li>Fix <code>generateBuildId</code> type that can be async function: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28040">#28040</a></li> <li>Fix image optimization encoding url: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28045">#28045</a></li> <li>Clean up <code>Document</code> in preparation for streaming: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28032">#28032</a></li> <li>Render as a concatenation of streams: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28082">#28082</a></li> <li>Add support for dynamic HTML: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28085">#28085</a></li> <li>Support suspense in next dynamic: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27611">#27611</a></li> <li>Handle blob urls in image component: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27975">#27975</a></li> <li>Bypass webpack compilation for precompiled <code>@​next/polyfills-nomodule</code>: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27596">#27596</a></li> <li>Update <code>util</code> to 0.12.4: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27939">#27939</a></li> <li>Remove duplicate doctypes: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28089">#28089</a></li> <li>Fix revalidate for initial notFound: true paths: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28097">#28097</a></li> <li>Add proper error when failing to load next.config.js: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28099">#28099</a></li> <li>Fix: wrong link error message: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28127">#28127</a></li> <li>Add support for Jaeger trace target: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28129">#28129</a></li> <li>Enable pure client suspense in blocking rendering: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28165">#28165</a></li> <li>Add entrypoint tracing: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/25538">#25538</a></li> <li>Add module type to build-module trace: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28128">#28128</a></li> <li>Update to latest babel versions: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28174">#28174</a></li> <li>Improve jaeger traces: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28168">#28168</a></li> <li>fix development mode bug with pages with "+" and other special characters: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28122">#28122</a></li> <li>let loaders automatically infer source map setting: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28204">#28204</a></li> <li>Avoid fs write <code>next-env.d.ts</code> on read-only filesystems: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28206">#28206</a></li> <li>Document usage of suspense option of next/dynamic: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28210">#28210</a></li> <li>Add warning when parent styles break <code>next/image</code>: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28221">#28221</a></li> <li>Use <code>zen-observable</code> library: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28214">#28214</a></li> <li>Fix HMR when custom _app or _document is removed: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28227">#28227</a></li> <li>Add relationship between issuer and module to traces: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28192">#28192</a></li> <li>Update generating next-server dependencies: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28223">#28223</a></li> <li>Fix <code>next/image</code> blur placeholder when JS is disabled: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28269">#28269</a></li> <li>Ensure adding _app/_document HMRs correctly: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28279">#28279</a></li> <li>upgrade webpack to 5.51.1: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28291">#28291</a></li> <li>[ESLint] Adds <code>process.exit</code> to <code>next lint</code> success output: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28299">#28299</a></li> <li>Fix next env vars injection in dynamic: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28309">#28309</a></li> <li>Add layout to data-nimg attribute: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28312">#28312</a></li> <li>Add data attribute to script component: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28310">#28310</a></li> <li>Ensure <code>@​babel/core</code> is de-duped when nccing: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28384">#28384</a></li> <li>Fix forked NODE_OPTIONS except for inspect: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28420">#28420</a></li> <li>[ESLint] Enable caching by default: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28349">#28349</a></li> <li>Update test config to leverage swc: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28400">#28400</a></li> <li>Add missing <code>typescript</code> property to <code>NextConfig</code>: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28459">#28459</a></li> <li>next/script fix duplicate scripts : <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28428">#28428</a></li> <li>Ensure error is shown correctly for empty headers field: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28430">#28430</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/804971fd9a49dfd009f7339dd8bf4bc32e6eb02c"><code>804971f</code></a> v11.1.1</li> <li><a href="https://github.com/vercel/next.js/commit/194d70f068288e3f08273694370910c0d8b2548b"><code>194d70f</code></a> v11.1.1-canary.19</li> <li><a href="https://github.com/vercel/next.js/commit/36d922fbdadcc357824d20169754e5bb4b950725"><code>36d922f</code></a> Add apiVersion to config (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28610">#28610</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/a60690f59b211777cb49abd4c5ecc4656464d0e9"><code>a60690f</code></a> v11.1.1-canary.18</li> <li><a href="https://github.com/vercel/next.js/commit/7afc97c5744b38bdf36aa7f87625f438224688aa"><code>7afc97c</code></a> Add CSP to Image Optimization API (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28620">#28620</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/8711c5ca53b468d4a270bb4d627a3c813565b8b3"><code>8711c5c</code></a> Tests: Remove unnecessary await (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28594">#28594</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/d209435724891fd20222cd268d95bf0f304ffaa4"><code>d209435</code></a> Small grammar fixes (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28590">#28590</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/04cc37f763e36fc4458105d37215f79f7c9b108d"><code>04cc37f</code></a> Add docs for using pageExtensions to colocate other files with page component...</li> <li><a href="https://github.com/vercel/next.js/commit/f1dbc9260d48c7995f6c52f8fbcc65f08e627992"><code>f1dbc92</code></a> Ensure dev server side errors are correct (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28520">#28520</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/27c2937cc748e0a04226c75c4381d6298830dd46"><code>27c2937</code></a> Update with-jest packages and docs (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/28209">#28209</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vercel/next.js/compare/v11.0.1...v11.1.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+458 -221

0 comment

3 changed files

pr created time in 15 days

push eventcodepen/CodeMirror-6-Needs

Chris Coyier

commit sha 4e9011f33739311855e95356079bf239fd2da5a7

saving notes

view details

push time in 23 days

startedcodepen/InfiniteLoopBuster

started time in 24 days

startedcodepen/InfiniteLoopBuster

started time in 24 days

push eventcodepen/less.js

Stephen Shaw

commit sha 1b3ab07e95082981ba8e19899db7a0e766ca0c7b

Fix dataset check

view details

push time in a month

push eventcodepen/less.js

Stephen Shaw

commit sha 619afe00e6dd882ac14e2a0f8b69b251d43eab27

Fix @plugin removal

view details

push time in a month

push eventcodepen/less.js

Stephen Shaw

commit sha a1a0124eeef9c30aaee1a051bce0883222cd72ac

Remove @plugin support

view details

Stephen Shaw

commit sha 3111b22d5be037645c5fc41e8ae874fef8a3a853

Dist files for no @plugin

view details

push time in a month

push eventcodepen/less.js

push time in a month

PR merged codepen/less.js

Remove @plugin support from Less 3
+70 -49

0 comment

9 changed files

shshaw

pr closed time in a month

push eventcodepen/less.js

Stephen Shaw

commit sha 9c1b64d14ccecf88d7c33d3037500746b71eaf71

Remove @plugin support

view details

Stephen Shaw

commit sha 689ba039f02175bd9d4d2bc43edb1247899fa510

Merge branch 'less-3-plugin-removal'

view details

push time in a month

PR opened codepen/less.js

Remove @plugin support from Less 3
+70 -49

0 comment

9 changed files

pr created time in a month

create barnchcodepen/less.js

branch : less-3-plugin-removal

created branch time in a month

push eventcodepen/less.js

Stephen Shaw

commit sha a12a1273e837cfdc825d4b60faff4053953b257a

Strip @plugin support

view details

push time in a month

startedcodepen/CodeMirror-6-Needs

started time in a month

pull request commentcodepen/CodeMirror-6-Needs

Bump next from 11.0.1 to 11.1.0

👷 Deploy Preview for objective-blackwell-d4efc9 processing.

🔨 Explore the source changes: 141022e4bed94ce0ea8ab8b57982f0c3a5d62f0e

🔍 Inspect the deploy log: https://app.netlify.com/sites/objective-blackwell-d4efc9/deploys/6115e7393d6575000770d208

dependabot[bot]

comment created time in a month

PR opened codepen/CodeMirror-6-Needs

Bump next from 11.0.1 to 11.1.0

Bumps next from 11.0.1 to 11.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v11.1.0</h2> <p>A security team from one of our partners noticed an issue in Next.js that allowed for an open redirect to occur.</p> <p>Specially encoded paths could be used when <code>pages/_error.js</code> was statically generated allowing an open redirect to occur to an external site.</p> <p>In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain.</p> <p>We recommend upgrading to the latest version of Next.js to improve the overall security of your application.</p> <h2>How to Upgrade</h2> <ul> <li>We have released patch versions for both the stable and canary channels of Next.js.</li> <li>To upgrade run <code>npm install next@latest --save</code></li> </ul> <h2>Impact</h2> <ul> <li><strong>Affected:</strong> Users of Next.js between 10.0.5 and 10.2.0</li> <li><strong>Affected:</strong> Users of Next.js between 11.0.0 and 11.0.1 using <code>pages/_error.js</code> without <code>getInitialProps</code></li> <li><strong>Affected:</strong> Users of Next.js between 11.0.0 and 11.0.1 using <code>pages/_error.js</code> and <code>next export</code></li> <li><strong>Not affected</strong>: Deployments on Vercel (<a href="https://vercel.com">vercel.com</a>) are not affected</li> <li><strong>Not affected:</strong> Deployments <strong>with</strong> <code>pages/404.js</code></li> </ul> <p>We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.</p> <h3>How to Assess Impact</h3> <p>If you think sensitive code or data could have been exposed, you can filter logs of affected sites by <code>//</code> (double slash at the start of the url) followed by a domain.</p> <h2>What is Being Done</h2> <p>As Next.js has grown in popularity and usage by enterprises, it has received the attention of security researchers and auditors. We are thankful to Gabriel Benmergui from Robinhood for their investigation and discovery of the original bug and subsequent responsible disclosure.</p> <p>We've landed a patch that ensures path parsing is handled properly for these paths so that the open redirect can no longer occur.</p> <p>Regression tests for this attack were added to the <a href="https://github.com/zeit/next.js/blob/canary/test/integration/production/test/security.js">security</a> integration test suite</p> <ul> <li>We have notified known Next.js users in advance of this publication.</li> <li>A public CVE was released.</li> <li>We encourage responsible disclosure of future reports. Please email us at <code>security@vercel.com</code>. We are actively monitoring this mailbox.</li> </ul> <hr /> <h2>Release notes</h2> <h3>Core Changes</h3> <ul> <li>Don't test image domains in test env: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/26502">#26502</a></li> <li>Fix props not updating when changing the locale and keeping hash: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/26205">#26205</a></li> <li>Allow user to override next-image-loader: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/26548">#26548</a></li> <li>Add logging when a custom babelrc is loaded: <a href="https://github-redirect.dependabot.com/vercel/next.js/issues/26570">#26570</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/ce4adfc02d3532e2c62ed8088660df1655e66278"><code>ce4adfc</code></a> v11.1.0</li> <li><a href="https://github.com/vercel/next.js/commit/092a476feb0d479d5a1d078e2e1f78ef93f092c2"><code>092a476</code></a> v11.0.2-canary.31</li> <li><a href="https://github.com/vercel/next.js/commit/ebb6a303700df09b83ebe49f23b7641c9573377c"><code>ebb6a30</code></a> Revert "Add warning during <code>next build</code> when sharp is missing (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27933">#27933</a>)"</li> <li><a href="https://github.com/vercel/next.js/commit/52486ceccf59ca05f2f9d3ee428813cddaa85654"><code>52486ce</code></a> v11.0.2-canary.30</li> <li><a href="https://github.com/vercel/next.js/commit/8ac3254d25725ccc171c6879f7dfc649cdb946bd"><code>8ac3254</code></a> Revert "Next swc publish flow (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27932">#27932</a>)"</li> <li><a href="https://github.com/vercel/next.js/commit/6014b6e0f82bd29b57e148bf0e6f404784297d27"><code>6014b6e</code></a> v11.0.2-canary.29</li> <li><a href="https://github.com/vercel/next.js/commit/4cd45aabcffc5adeb339703bb8c14e3069ba3de8"><code>4cd45aa</code></a> Add rootDir setting to eslint-plugin-next (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27918">#27918</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/e61ea6f27b7bf34b00ffd3f59f2326b3bbbdfa48"><code>e61ea6f</code></a> Add manifest check step and add missing items (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27934">#27934</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/94fc6f0832a81ab68b393a8d45f42493429d04ee"><code>94fc6f0</code></a> Next swc publish flow (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27932">#27932</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/51a2a028ddcc321aac4744b777df2b4e96511b83"><code>51a2a02</code></a> Add warning during <code>next build</code> when sharp is missing (<a href="https://github-redirect.dependabot.com/vercel/next.js/issues/27933">#27933</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vercel/next.js/compare/v11.0.1...v11.1.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+384 -181

0 comment

3 changed files

pr created time in a month

create barnchcodepen/CodeMirror-6-Needs

branch : dependabot/npm_and_yarn/next-11.1.0

created branch time in a month