@netlify/plugin-nextjs 5.13.5 → 5.14.0

package/dist/build/content/prerendered.js

@@ -13,7 +13,7 @@ import {
 } from "../../esm-chunks/chunk-YUXQHOYO.js";
 import {
   require_semver
-} from "../../esm-chunks/chunk-TLQCAGE2.js";
+} from "../../esm-chunks/chunk-TVEBGDAB.js";
 import {
   __toESM
 } from "../../esm-chunks/chunk-6BT4RYQJ.js";

package/dist/build/content/server.js

@@ -13,7 +13,7 @@ import {
 } from "../../esm-chunks/chunk-YUXQHOYO.js";
 import {
   require_semver
-} from "../../esm-chunks/chunk-TLQCAGE2.js";
+} from "../../esm-chunks/chunk-TVEBGDAB.js";
 import {
   __toESM
 } from "../../esm-chunks/chunk-6BT4RYQJ.js";

package/dist/build/plugin-context.js

@@ -6,7 +6,7 @@
     
 import {
   require_semver
-} from "../esm-chunks/chunk-TLQCAGE2.js";
+} from "../esm-chunks/chunk-TVEBGDAB.js";
 import {
   __toESM
 } from "../esm-chunks/chunk-6BT4RYQJ.js";
@@ -150,6 +150,10 @@ var PluginContext = class {
   get edgeHandlerDir() {
     return join(this.edgeFunctionsDir, EDGE_HANDLER_NAME);
   }
+  /** Absolute path to the skew protection config */
+  get skewProtectionConfigPath() {
+    return this.resolveFromPackagePath(".netlify/v1/skew-protection.json");
+  }
   constructor(options) {
     this.constants = options.constants;
     this.featureFlags = options.featureFlags;

package/dist/build/skew-protection.js

@@ -0,0 +1,106 @@
+
+      var require = await (async () => {
+        var { createRequire } = await import("node:module");
+        return createRequire(import.meta.url);
+      })();
+    
+import "../esm-chunks/chunk-6BT4RYQJ.js";
+
+// src/build/skew-protection.ts
+import { mkdir, writeFile } from "node:fs/promises";
+import { dirname } from "node:path";
+var EnabledOrDisabledReason = /* @__PURE__ */ ((EnabledOrDisabledReason2) => {
+  EnabledOrDisabledReason2["OPT_OUT_DEFAULT"] = "off-default";
+  EnabledOrDisabledReason2["OPT_OUT_NO_VALID_DEPLOY_ID"] = "off-no-valid-deploy-id";
+  EnabledOrDisabledReason2["OPT_OUT_NO_VALID_DEPLOY_ID_ENV_VAR"] = "off-no-valid-deploy-id-env-var";
+  EnabledOrDisabledReason2["OPT_IN_FF"] = "on-ff";
+  EnabledOrDisabledReason2["OPT_IN_ENV_VAR"] = "on-env-var";
+  EnabledOrDisabledReason2["OPT_OUT_ENV_VAR"] = "off-env-var";
+  return EnabledOrDisabledReason2;
+})(EnabledOrDisabledReason || {});
+var optInOptions = /* @__PURE__ */ new Set([
+  "on-ff" /* OPT_IN_FF */,
+  "on-env-var" /* OPT_IN_ENV_VAR */
+]);
+var skewProtectionConfig = {
+  patterns: [".*"],
+  sources: [
+    {
+      type: "cookie",
+      name: "__vdpl"
+    },
+    {
+      type: "header",
+      name: "X-Deployment-Id"
+    },
+    {
+      type: "query",
+      name: "dpl"
+    }
+  ]
+};
+function shouldEnableSkewProtection(ctx) {
+  let enabledOrDisabledReason = "off-default" /* OPT_OUT_DEFAULT */;
+  if (process.env.NETLIFY_NEXT_SKEW_PROTECTION === "true" || process.env.NETLIFY_NEXT_SKEW_PROTECTION === "1") {
+    enabledOrDisabledReason = "on-env-var" /* OPT_IN_ENV_VAR */;
+  } else if (process.env.NETLIFY_NEXT_SKEW_PROTECTION === "false" || process.env.NETLIFY_NEXT_SKEW_PROTECTION === "0") {
+    return {
+      enabled: false,
+      enabledOrDisabledReason: "off-env-var" /* OPT_OUT_ENV_VAR */
+    };
+  } else if (ctx.featureFlags?.["next-runtime-skew-protection"]) {
+    enabledOrDisabledReason = "on-ff" /* OPT_IN_FF */;
+  } else {
+    return {
+      enabled: false,
+      enabledOrDisabledReason: "off-default" /* OPT_OUT_DEFAULT */
+    };
+  }
+  if ((!process.env.DEPLOY_ID || process.env.DEPLOY_ID === "0") && optInOptions.has(enabledOrDisabledReason)) {
+    return {
+      enabled: false,
+      enabledOrDisabledReason: enabledOrDisabledReason === "on-env-var" /* OPT_IN_ENV_VAR */ && ctx.constants.IS_LOCAL ? (
+        // this case is singled out to provide visible feedback to users that env var has no effect
+        "off-no-valid-deploy-id-env-var" /* OPT_OUT_NO_VALID_DEPLOY_ID_ENV_VAR */
+      ) : (
+        // this is silent disablement to avoid spam logs for users opted in via feature flag
+        // that don't explicitly opt in via env var
+        "off-no-valid-deploy-id" /* OPT_OUT_NO_VALID_DEPLOY_ID */
+      )
+    };
+  }
+  return {
+    enabled: optInOptions.has(enabledOrDisabledReason),
+    enabledOrDisabledReason
+  };
+}
+var setSkewProtection = async (ctx, span) => {
+  const { enabled, enabledOrDisabledReason } = shouldEnableSkewProtection(ctx);
+  span.setAttribute("skewProtection", enabledOrDisabledReason);
+  if (!enabled) {
+    if (enabledOrDisabledReason === "off-no-valid-deploy-id-env-var" /* OPT_OUT_NO_VALID_DEPLOY_ID_ENV_VAR */) {
+      console.warn(
+        `NETLIFY_NEXT_SKEW_PROTECTION environment variable is set to ${process.env.NETLIFY_NEXT_SKEW_PROTECTION}, but skew protection is currently unavailable for CLI deploys. Skew protection will not be enabled.`
+      );
+    }
+    return;
+  }
+  if (enabledOrDisabledReason === "on-env-var" /* OPT_IN_ENV_VAR */) {
+    console.log(
+      `Setting up Next.js Skew Protection due to NETLIFY_NEXT_SKEW_PROTECTION=${process.env.NETLIFY_NEXT_SKEW_PROTECTION} environment variable.`
+    );
+  } else {
+    console.log("Setting up Next.js Skew Protection.");
+  }
+  process.env.NEXT_DEPLOYMENT_ID = process.env.DEPLOY_ID;
+  await mkdir(dirname(ctx.skewProtectionConfigPath), {
+    recursive: true
+  });
+  await writeFile(ctx.skewProtectionConfigPath, JSON.stringify(skewProtectionConfig));
+};
+export {
+  EnabledOrDisabledReason,
+  setSkewProtection,
+  shouldEnableSkewProtection,
+  skewProtectionConfig
+};

package/dist/build/verification.js

@@ -9,7 +9,7 @@ import {
 } from "../esm-chunks/chunk-YUXQHOYO.js";
 import {
   require_semver
-} from "../esm-chunks/chunk-TLQCAGE2.js";
+} from "../esm-chunks/chunk-TVEBGDAB.js";
 import {
   __toESM
 } from "../esm-chunks/chunk-6BT4RYQJ.js";

package/dist/esm-chunks/{chunk-TLQCAGE2.js → chunk-TVEBGDAB.js}

@@ -163,6 +163,9 @@ var require_identifiers = __commonJS({
     "use strict";
     var numeric = /^[0-9]+$/;
     var compareIdentifiers = (a, b) => {
+      if (typeof a === "number" && typeof b === "number") {
+        return a === b ? 0 : a < b ? -1 : 1;
+      }
       const anum = numeric.test(a);
       const bnum = numeric.test(b);
       if (anum && bnum) {
@@ -269,7 +272,25 @@ var require_semver = __commonJS({
         if (!(other instanceof _SemVer)) {
           other = new _SemVer(other, this.options);
         }
-        return compareIdentifiers(this.major, other.major) || compareIdentifiers(this.minor, other.minor) || compareIdentifiers(this.patch, other.patch);
+        if (this.major < other.major) {
+          return -1;
+        }
+        if (this.major > other.major) {
+          return 1;
+        }
+        if (this.minor < other.minor) {
+          return -1;
+        }
+        if (this.minor > other.minor) {
+          return 1;
+        }
+        if (this.patch < other.patch) {
+          return -1;
+        }
+        if (this.patch > other.patch) {
+          return 1;
+        }
+        return 0;
       }
       comparePre(other) {
         if (!(other instanceof _SemVer)) {
@@ -1030,6 +1051,7 @@ var require_range = __commonJS({
       return result;
     };
     var parseComparator = (comp, options) => {
+      comp = comp.replace(re[t.BUILD], "");
       debug("comp", comp, options);
       comp = replaceCarets(comp, options);
       debug("caret", comp);

package/dist/index.js

@@ -26,6 +26,7 @@ import { clearStaleEdgeHandlers, createEdgeHandlers } from "./build/functions/ed
 import { clearStaleServerHandlers, createServerHandler } from "./build/functions/server.js";
 import { setImageConfig } from "./build/image-cdn.js";
 import { PluginContext } from "./build/plugin-context.js";
+import { setSkewProtection } from "./build/skew-protection.js";
 import {
   verifyAdvancedAPIRoutes,
   verifyNetlifyFormsWorkaround,
@@ -49,7 +50,7 @@ var onPreBuild = async (options) => {
     console.warn(skipText);
     return;
   }
-  await tracer.withActiveSpan("onPreBuild", async () => {
+  await tracer.withActiveSpan("onPreBuild", async (span) => {
     process.env.NEXT_PRIVATE_STANDALONE = "true";
     const ctx = new PluginContext(options);
     if (options.constants.IS_LOCAL) {
@@ -58,6 +59,7 @@ var onPreBuild = async (options) => {
     } else {
       await restoreBuildCache(ctx);
     }
+    await setSkewProtection(ctx, span);
   });
 };
 var onBuild = async (options) => {

package/dist/run/handlers/cache.cjs

@@ -204,16 +204,20 @@ var NetlifyCacheHandler = class {
         );
         return null;
       }
-      const staleByTags = await this.checkCacheEntryStaleByTags(
+      const { stale: staleByTags, expired: expiredByTags } = await this.checkCacheEntryStaleByTags(
         blob,
         context.tags,
         context.softTags
       );
-      if (staleByTags) {
-        span.addEvent("Stale", { staleByTags, key, ttl });
+      if (expiredByTags) {
+        span.addEvent("Expired", { expiredByTags, key, ttl });
         return null;
       }
       this.captureResponseCacheLastModified(blob, key, span);
+      if (staleByTags) {
+        span.addEvent("Stale", { staleByTags, key, ttl });
+        blob.lastModified = -1;
+      }
       const isDataRequest = Boolean(context.fetchUrl);
       if (!isDataRequest) {
         this.captureCacheTags(blob.value, key);
@@ -350,8 +354,8 @@ var NetlifyCacheHandler = class {
       }
     });
   }
-  async revalidateTag(tagOrTags) {
-    return (0, import_tags_handler.markTagsAsStaleAndPurgeEdgeCache)(tagOrTags);
+  async revalidateTag(tagOrTags, durations) {
+    return (0, import_tags_handler.markTagsAsStaleAndPurgeEdgeCache)(tagOrTags, durations);
   }
   resetRequestCache() {
   }
@@ -365,16 +369,22 @@ var NetlifyCacheHandler = class {
     } else if (cacheEntry.value?.kind === "PAGE" || cacheEntry.value?.kind === "PAGES" || cacheEntry.value?.kind === "APP_PAGE" || cacheEntry.value?.kind === "ROUTE" || cacheEntry.value?.kind === "APP_ROUTE") {
       cacheTags = cacheEntry.value.headers?.[import_constants.NEXT_CACHE_TAGS_HEADER]?.split(/,|%2c/gi) || [];
     } else {
-      return false;
+      return {
+        stale: false,
+        expired: false
+      };
     }
     if (this.revalidatedTags && this.revalidatedTags.length !== 0) {
       for (const tag of this.revalidatedTags) {
         if (cacheTags.includes(tag)) {
-          return true;
+          return {
+            stale: true,
+            expired: true
+          };
         }
       }
     }
-    return (0, import_tags_handler.isAnyTagStale)(cacheTags, cacheEntry.lastModified);
+    return (0, import_tags_handler.isAnyTagStaleOrExpired)(cacheTags, cacheEntry.lastModified);
   }
 };
 var cache_default = NetlifyCacheHandler;

package/dist/run/handlers/tags-handler.cjs

@@ -20,8 +20,8 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/run/handlers/tags-handler.cts
 var tags_handler_exports = {};
 __export(tags_handler_exports, {
-  getMostRecentTagRevalidationTimestamp: () => getMostRecentTagRevalidationTimestamp,
-  isAnyTagStale: () => isAnyTagStale,
+  getMostRecentTagExpirationTimestamp: () => getMostRecentTagExpirationTimestamp,
+  isAnyTagStaleOrExpired: () => isAnyTagStaleOrExpired,
   markTagsAsStaleAndPurgeEdgeCache: () => markTagsAsStaleAndPurgeEdgeCache,
   purgeEdgeCache: () => purgeEdgeCache
 });
@@ -86,58 +86,86 @@ var pipeline = (0, import_util.promisify)(import_stream.pipeline);
 
 // package.json
 var name = "@netlify/plugin-nextjs";
-var version = "5.13.5";
+var version = "5.14.0";
 
 // src/run/handlers/tags-handler.cts
 var import_storage = require("../storage/storage.cjs");
 var import_request_context = require("./request-context.cjs");
 var purgeCacheUserAgent = `${name}@${version}`;
-async function getTagRevalidatedAt(tag, cacheStore) {
+async function getTagManifest(tag, cacheStore) {
   const tagManifest = await cacheStore.get(tag, "tagManifest.get");
   if (!tagManifest) {
     return null;
   }
-  return tagManifest.revalidatedAt;
+  return tagManifest;
 }
-async function getMostRecentTagRevalidationTimestamp(tags) {
+async function getMostRecentTagExpirationTimestamp(tags) {
   if (tags.length === 0) {
     return 0;
   }
   const cacheStore = (0, import_storage.getMemoizedKeyValueStoreBackedByRegionalBlobStore)({ consistency: "strong" });
-  const timestampsOrNulls = await Promise.all(
-    tags.map((tag) => getTagRevalidatedAt(tag, cacheStore))
-  );
-  const timestamps = timestampsOrNulls.filter((timestamp) => timestamp !== null);
-  if (timestamps.length === 0) {
+  const manifestsOrNulls = await Promise.all(tags.map((tag) => getTagManifest(tag, cacheStore)));
+  const expirationTimestamps = manifestsOrNulls.filter((manifest) => manifest !== null).map((manifest) => manifest.expireAt);
+  if (expirationTimestamps.length === 0) {
     return 0;
   }
-  return Math.max(...timestamps);
+  return Math.max(...expirationTimestamps);
 }
-function isAnyTagStale(tags, timestamp) {
+function isAnyTagStaleOrExpired(tags, timestamp) {
   if (tags.length === 0 || !timestamp) {
-    return Promise.resolve(false);
+    return Promise.resolve({ stale: false, expired: false });
   }
   const cacheStore = (0, import_storage.getMemoizedKeyValueStoreBackedByRegionalBlobStore)({ consistency: "strong" });
   return new Promise((resolve, reject) => {
     const tagManifestPromises = [];
     for (const tag of tags) {
-      const lastRevalidationTimestampPromise = getTagRevalidatedAt(tag, cacheStore);
+      const tagManifestPromise = getTagManifest(tag, cacheStore);
       tagManifestPromises.push(
-        lastRevalidationTimestampPromise.then((lastRevalidationTimestamp) => {
-          if (!lastRevalidationTimestamp) {
-            return false;
+        tagManifestPromise.then((tagManifest) => {
+          if (!tagManifest) {
+            return { stale: false, expired: false };
+          }
+          const stale = tagManifest.staleAt >= timestamp;
+          const expired = tagManifest.expireAt >= timestamp && tagManifest.expireAt <= Date.now();
+          if (expired && stale) {
+            const expiredResult = {
+              stale,
+              expired
+            };
+            resolve(expiredResult);
+            return expiredResult;
           }
-          const isStale = lastRevalidationTimestamp >= timestamp;
-          if (isStale) {
-            resolve(true);
-            return true;
+          if (stale) {
+            const staleResult = {
+              stale,
+              expired,
+              expireAt: tagManifest.expireAt
+            };
+            return staleResult;
           }
-          return false;
+          return { stale: false, expired: false };
         })
       );
     }
-    Promise.all(tagManifestPromises).then((tagManifestAreStale) => {
-      resolve(tagManifestAreStale.some((tagIsStale) => tagIsStale));
+    Promise.all(tagManifestPromises).then((tagManifestsAreStaleOrExpired) => {
+      let result = { stale: false, expired: false };
+      for (const tagResult of tagManifestsAreStaleOrExpired) {
+        if (tagResult.expired) {
+          result = tagResult;
+          break;
+        }
+        if (tagResult.stale) {
+          result = {
+            stale: true,
+            expired: false,
+            expireAt: (
+              // make sure to use expireAt that is lowest of all tags
+              result.stale && !result.expired && typeof result.expireAt === "number" ? Math.min(result.expireAt, tagResult.expireAt) : tagResult.expireAt
+            )
+          };
+        }
+      }
+      resolve(result);
     }).catch(reject);
   });
 }
@@ -154,13 +182,15 @@ function purgeEdgeCache(tagOrTags) {
     (0, import_request_context.getLogger)().withError(error).error(`[NextRuntime] Purging the cache for tags [${tags.join(",")}] failed`);
   });
 }
-async function doRevalidateTagAndPurgeEdgeCache(tags) {
-  (0, import_request_context.getLogger)().withFields({ tags }).debug("doRevalidateTagAndPurgeEdgeCache");
+async function doRevalidateTagAndPurgeEdgeCache(tags, durations) {
+  (0, import_request_context.getLogger)().withFields({ tags, durations }).debug("doRevalidateTagAndPurgeEdgeCache");
   if (tags.length === 0) {
     return;
   }
+  const now = Date.now();
   const tagManifest = {
-    revalidatedAt: Date.now()
+    staleAt: now,
+    expireAt: now + (durations?.expire ? durations.expire * 1e3 : 0)
   };
   const cacheStore = (0, import_storage.getMemoizedKeyValueStoreBackedByRegionalBlobStore)({ consistency: "strong" });
   await Promise.all(
@@ -174,9 +204,9 @@ async function doRevalidateTagAndPurgeEdgeCache(tags) {
   );
   await purgeEdgeCache(tags);
 }
-function markTagsAsStaleAndPurgeEdgeCache(tagOrTags) {
+function markTagsAsStaleAndPurgeEdgeCache(tagOrTags, durations) {
   const tags = getCacheTagsFromTagOrTags(tagOrTags);
-  const revalidateTagPromise = doRevalidateTagAndPurgeEdgeCache(tags);
+  const revalidateTagPromise = doRevalidateTagAndPurgeEdgeCache(tags, durations);
   const requestContext = (0, import_request_context.getRequestContext)();
   if (requestContext) {
     requestContext.trackBackgroundWork(revalidateTagPromise);
@@ -185,8 +215,8 @@ function markTagsAsStaleAndPurgeEdgeCache(tagOrTags) {
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  getMostRecentTagRevalidationTimestamp,
-  isAnyTagStale,
+  getMostRecentTagExpirationTimestamp,
+  isAnyTagStaleOrExpired,
   markTagsAsStaleAndPurgeEdgeCache,
   purgeEdgeCache
 });

package/dist/run/handlers/use-cache-handler.js

@@ -1381,8 +1381,8 @@ var LRUCache = class _LRUCache {
 // src/run/handlers/use-cache-handler.ts
 import { getLogger } from "./request-context.cjs";
 import {
-  getMostRecentTagRevalidationTimestamp,
-  isAnyTagStale,
+  getMostRecentTagExpirationTimestamp,
+  isAnyTagStaleOrExpired,
   markTagsAsStaleAndPurgeEdgeCache
 } from "./tags-handler.cjs";
 import { getTracer } from "./tracer.cjs";
@@ -1444,7 +1444,8 @@ var NetlifyDefaultUseCacheHandler = {
           });
           return void 0;
         }
-        if (await isAnyTagStale(entry.tags, entry.timestamp)) {
+        const { stale } = await isAnyTagStaleOrExpired(entry.tags, entry.timestamp);
+        if (stale) {
           getLogger().withFields({ cacheKey, ttl, status: "STALE BY TAG" }).debug(`[NetlifyDefaultUseCacheHandler] get result`);
           span.setAttributes({
             cacheStatus: "stale tag, discarded",
@@ -1520,7 +1521,7 @@ var NetlifyDefaultUseCacheHandler = {
         span.setAttributes({
           tags
         });
-        const expiration = await getMostRecentTagRevalidationTimestamp(tags);
+        const expiration = await getMostRecentTagExpirationTimestamp(tags);
         getLogger().withFields({ tags, expiration }).debug(`[NetlifyDefaultUseCacheHandler] getExpiration`);
         span.setAttributes({
           expiration

package/dist/shared/blob-types.cjs

@@ -25,7 +25,7 @@ __export(blob_types_exports, {
 });
 module.exports = __toCommonJS(blob_types_exports);
 var isTagManifest = (value) => {
-  return typeof value === "object" && value !== null && "revalidatedAt" in value && typeof value.revalidatedAt === "number" && Object.keys(value).length === 1;
+  return typeof value === "object" && value !== null && "staleAt" in value && typeof value.staleAt === "number" && "expiredAt" in value && typeof value.expiredAt === "number" && Object.keys(value).length === 2;
 };
 var isHtmlBlob = (value) => {
   return typeof value === "object" && value !== null && "html" in value && "isFullyStaticPage" in value && typeof value.html === "string" && typeof value.isFullyStaticPage === "boolean" && Object.keys(value).length === 2;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@netlify/plugin-nextjs",
-  "version": "5.13.5",
+  "version": "5.14.0",
   "description": "Run Next.js seamlessly on Netlify",
   "main": "./dist/index.js",
   "type": "module",