npm - next - Versions diffs - 15.3.0-canary.17 → 15.3.0-canary.19 - Mend

next 15.3.0-canary.17 → 15.3.0-canary.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

package/dist/bin/next +1 -1
package/dist/build/index.js +2 -2
package/dist/build/swc/index.js +1 -1
package/dist/build/webpack-config.js +2 -2
package/dist/client/app-bootstrap.js +1 -1
package/dist/client/index.js +1 -1
package/dist/esm/build/index.js +2 -2
package/dist/esm/build/swc/index.js +1 -1
package/dist/esm/build/webpack-config.js +2 -2
package/dist/esm/client/app-bootstrap.js +1 -1
package/dist/esm/client/index.js +1 -1
package/dist/esm/lib/require-instrumentation-client.js +14 -1
package/dist/esm/lib/require-instrumentation-client.js.map +1 -1
package/dist/esm/server/config-shared.js +1 -1
package/dist/esm/server/config-shared.js.map +1 -1
package/dist/esm/server/dev/hot-reloader-turbopack.js +1 -1
package/dist/esm/server/dev/hot-reloader-webpack.js +1 -1
package/dist/esm/server/lib/app-info-log.js +1 -1
package/dist/esm/server/lib/router-server.js +2 -10
package/dist/esm/server/lib/router-server.js.map +1 -1
package/dist/esm/server/lib/router-utils/block-cross-site.js +28 -14
package/dist/esm/server/lib/router-utils/block-cross-site.js.map +1 -1
package/dist/esm/server/lib/start-server.js +1 -1
package/dist/esm/shared/lib/canary-only.js +1 -1
package/dist/lib/require-instrumentation-client.js +14 -1
package/dist/lib/require-instrumentation-client.js.map +1 -1
package/dist/server/config-shared.js +1 -1
package/dist/server/config-shared.js.map +1 -1
package/dist/server/dev/hot-reloader-turbopack.js +1 -1
package/dist/server/dev/hot-reloader-webpack.js +1 -1
package/dist/server/lib/app-info-log.js +1 -1
package/dist/server/lib/router-server.js +2 -10
package/dist/server/lib/router-server.js.map +1 -1
package/dist/server/lib/router-utils/block-cross-site.d.ts +1 -1
package/dist/server/lib/router-utils/block-cross-site.js +28 -14
package/dist/server/lib/router-utils/block-cross-site.js.map +1 -1
package/dist/server/lib/start-server.js +1 -1
package/dist/shared/lib/canary-only.js +1 -1
package/dist/telemetry/anonymous-meta.js +1 -1
package/dist/telemetry/events/session-stopped.js +2 -2
package/dist/telemetry/events/version.js +2 -2
package/package.json +15 -15

package/dist/server/lib/router-utils/block-cross-site.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../src/server/lib/router-utils/block-cross-site.ts"],"sourcesContent":["import type { Duplex } from 'stream'\nimport type { IncomingMessage, ServerResponse } from 'webpack-dev-server'\nimport { parseUrl } from '../../../lib/url'\nimport net from 'net'\nimport { warnOnce } from '../../../build/output/log'\nimport { isCsrfOriginAllowed } from '../../app-render/csrf-protection'\n\nexport const blockCrossSite = (\n req: IncomingMessage,\n res: ServerResponse \| Duplex,\n ~~allowedOrigins~~: string[],\n activePort: string\n): boolean => {\n // only process _next URLs\n if (!req.url?.includes('/_next')) {\n return false\n }\n // block non-cors request from cross-site e.g. script tag on\n // different host\n if (\n req.headers['sec-fetch-mode'] === 'no-cors' &&\n req.headers['sec-fetch-site'] === 'cross-site'\n ) {\n if (~~'statusCode' in~~ res) ~~{\n res.statusCode~~ ~~= 403\n }\n res.end('Unauthorized')\n warnOnce(\n `Blocked cross-origin request to /_next/*. Cross-site requests are blocked in \"no-cors\"~~ mode~~.`\n~~ )\n ~~return true\n~~ }\n\n // ensure websocket requests from allowed origin\n const rawOrigin = req.headers['origin']\n\n if (rawOrigin) {\n const parsedOrigin = parseUrl(rawOrigin)\n\n if (parsedOrigin) {\n const originLowerCase = parsedOrigin.hostname.toLowerCase()\n const isMatchingPort = parsedOrigin.port === activePort\n const isIpRequest =\n net.isIPv4(originLowerCase) \|\| net.isIPv6(originLowerCase)\n\n if (\n // allow requests if direct IP and matching port and\n // allow if any of the allowed origins match\n !(isIpRequest && isMatchingPort) &&\n !isCsrfOriginAllowed(originLowerCase, allowedOrigins)\n ) {\n if (~~'statusCode' in~~ res) ~~{\n res.statusCode = 403\n }\n res.end('Unauthorized')\n warnOnce(\n `Blocked cross-origin request from ${~~originLowerCase~~}. To allow this~~, ~~configure \"allowedDevOrigins\" in next.config\\nRead more: https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins`\n~~ )\n ~~return true\n~~ }\n }\n }\n\n return false\n}\n"],"names":["blockCrossSite","~~req~~","res","~~allowedOrigins~~","activePort","~~url~~","~~includes~~","~~headers~~","~~statusCode~~","~~end~~","~~warnOnce~~","rawOrigin","parsedOrigin","parseUrl","originLowerCase","~~hostname","~~toLowerCase","isMatchingPort","port","isIpRequest","net","isIPv4","isIPv6","isCsrfOriginAllowed"],"mappings":";;;;+~~BAOaA~~;;;eAAAA;;;~~qBALY~~;4DACT;qBACS;gCACW;;;;;;~~AAE7B~~,~~MAAMA~~,~~iBAAiB~~,~~CAC5BC~~,~~KACAC~~,~~KACAC~~,~~gBACAC;QAGKH;IADL~~,~~0BAA0B~~;~~IAC1B~~,~~IAAI~~,~~GAACA~~,~~WAAAA~~,~~IAAII~~,GAAG,~~qBAAPJ~~,~~SAASK~~,QAAQ,CAAC,~~YAAW~~;~~QAChC~~,OAAO;IACT;~~IACA~~,~~4DAA4D~~;~~IAC5D~~,~~iBAAiB~~;~~IACjB~~,~~IACEL~~,IAAIM,~~OAAO~~,CAAC,iBAAiB,~~KAAK~~,~~aAClCN~~,~~IAAIM~~,OAAO,~~CAAC~~,~~iBAAiB~~,~~KAAK~~,~~cAClC~~;QACA,~~IAAI~~,~~gBAAgBL,KAAK~~;~~YACvBA~~,~~IAAIM~~,UAAU,~~GAAG~~;~~QACnB~~;~~QACAN~~,~~IAAIO~~,GAAG,CAAC;~~QACRC~~,~~IAAAA~~,~~aAAQ~~,~~EACN~~,CAAC,~~4FAA4F~~,CAAC;~~QAEhG~~,~~OAAO~~;~~IACT~~;IAEA,gDAAgD;IAChD,~~MAAMC~~,YAAYV,~~IAAIM~~,OAAO,CAAC,SAAS;IAEvC,~~IAAII~~,WAAW;QACb,MAAMC,eAAeC,IAAAA,aAAQ,EAACF;QAE9B,IAAIC,cAAc;YAChB,MAAME,kBAAkBF,~~aAAaG~~,QAAQ,~~CAACC~~,WAAW;YACzD,MAAMC,~~iBAAiBL~~,~~aAAaM~~,IAAI,~~KAAKd~~;YAC7C,~~MAAMe~~,cACJC,YAAG,CAACC,MAAM,~~CAACP~~,~~oBAAoBM~~,YAAG,CAACE,MAAM,~~CAACR~~;YAE5C,IACE,oDAAoD;YACpD,4CAA4C;YAC5C,~~CAAEK~~,CAAAA,eAAeF,cAAa,KAC9B,CAACM,IAAAA,mCAAmB,~~EAACT~~,~~iBAAiBX~~,iBACtC;gBACA,~~IAAI~~,~~gBAAgBD~~,~~KAAK;oBACvBA~~,~~IAAIM,UAAU,GAAG~~;~~gBACnB~~;~~gBACAN,IAAIO,GAAG,CAAC;gBACRC,IAAAA,aAAQ,EACN,CAAC,kCAAkC,EAAEI,gBAAgB,2JAA2J,CAAC;gBAEnN,OAAO;YACT;~~QACF;IACF;IAEA,OAAO;AACT"}
1	+ {"version":3,"sources":["../../../../src/server/lib/router-utils/block-cross-site.ts"],"sourcesContent":["import type { Duplex } from 'stream'\nimport type { IncomingMessage, ServerResponse } from 'webpack-dev-server'\nimport { parseUrl } from '../../../lib/url'\nimport net from 'net'\nimport { warnOnce } from '../../../build/output/log'\nimport { isCsrfOriginAllowed } from '../../app-render/csrf-protection'\n\nfunction warnOrBlockRequest(\n res: ServerResponse \| Duplex,\n origin: string \| undefined,\n mode: 'warn' \| 'block'\n): boolean {\n const originString = origin ? `from ${origin}` : ''\n if (mode === 'warn') {\n warnOnce(\n `Cross origin request detected ${originString} to /_next/* resource. In a future major version of Next.js, you will need to explicitly configure \"allowedDevOrigins\" in next.config to allow this.\\nRead more: https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins`\n )\n\n return false\n }\n\n warnOnce(\n `Blocked cross-origin request ${originString} to /_next/* resource. To allow this, configure \"allowedDevOrigins\" in next.config\\nRead more: https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins`\n )\n\n if ('statusCode' in res) {\n res.statusCode = 403\n }\n\n res.end('Unauthorized')\n\n return true\n}\n\nexport const blockCrossSite = (\n req: IncomingMessage,\n res: ServerResponse \| Duplex,\n allowedDevOrigins: string[] \| undefined,\n hostname: string \| undefined,\n activePort: string\n): boolean => {\n // in the future, these will be blocked by default when allowed origins aren't configured.\n // for now, we warn when allowed origins aren't configured\n const mode = typeof allowedDevOrigins === 'undefined' ? 'warn' : 'block'\n\n const allowedOrigins = [\n '*.localhost',\n 'localhost',\n ...(allowedDevOrigins \|\| []),\n ]\n if (hostname) {\n allowedOrigins.push(hostname)\n }\n\n // only process _next URLs when\n if (!req.url?.includes('/_next')) {\n return false\n }\n // block non-cors request from cross-site e.g. script tag on\n // different host\n if (\n req.headers['sec-fetch-mode'] === 'no-cors' &&\n req.headers['sec-fetch-site'] === 'cross-site'\n ) {\n return warnOrBlockRequest(res, undefined, mode)\n }\n\n // ensure websocket requests from allowed origin\n const rawOrigin = req.headers['origin']\n\n if (rawOrigin) {\n const parsedOrigin = parseUrl(rawOrigin)\n\n if (parsedOrigin) {\n const originLowerCase = parsedOrigin.hostname.toLowerCase()\n const isMatchingPort = parsedOrigin.port === activePort\n const isIpRequest =\n net.isIPv4(originLowerCase) \|\| net.isIPv6(originLowerCase)\n\n if (\n // allow requests if direct IP and matching port and\n // allow if any of the allowed origins match\n !(isIpRequest && isMatchingPort) &&\n !isCsrfOriginAllowed(originLowerCase, allowedOrigins)\n ) {\n return warnOrBlockRequest(res, originLowerCase, mode)\n }\n }\n }\n\n return false\n}\n"],"names":["blockCrossSite","warnOrBlockRequest","res","origin","mode","originString","warnOnce","statusCode","end","req","allowedDevOrigins","hostname","activePort","allowedOrigins","push","url","includes","headers","undefined","rawOrigin","parsedOrigin","parseUrl","originLowerCase","toLowerCase","isMatchingPort","port","isIpRequest","net","isIPv4","isIPv6","isCsrfOriginAllowed"],"mappings":";;;;+BAkCaA;;;eAAAA;;;qBAhCY;4DACT;qBACS;gCACW;;;;;;AAEpC,SAASC,mBACPC,GAA4B,EAC5BC,MAA0B,EAC1BC,IAAsB;IAEtB,MAAMC,eAAeF,SAAS,CAAC,KAAK,EAAEA,QAAQ,GAAG;IACjD,IAAIC,SAAS,QAAQ;QACnBE,IAAAA,aAAQ,EACN,CAAC,8BAA8B,EAAED,aAAa,kPAAkP,CAAC;QAGnS,OAAO;IACT;IAEAC,IAAAA,aAAQ,EACN,CAAC,6BAA6B,EAAED,aAAa,gLAAgL,CAAC;IAGhO,IAAI,gBAAgBH,KAAK;QACvBA,IAAIK,UAAU,GAAG;IACnB;IAEAL,IAAIM,GAAG,CAAC;IAER,OAAO;AACT;AAEO,MAAMR,iBAAiB,CAC5BS,KACAP,KACAQ,mBACAC,UACAC;QAgBKH;IAdL,0FAA0F;IAC1F,0DAA0D;IAC1D,MAAML,OAAO,OAAOM,sBAAsB,cAAc,SAAS;IAEjE,MAAMG,iBAAiB;QACrB;QACA;WACIH,qBAAqB,EAAE;KAC5B;IACD,IAAIC,UAAU;QACZE,eAAeC,IAAI,CAACH;IACtB;IAEA,+BAA+B;IAC/B,IAAI,GAACF,WAAAA,IAAIM,GAAG,qBAAPN,SAASO,QAAQ,CAAC,YAAW;QAChC,OAAO;IACT;IACA,4DAA4D;IAC5D,iBAAiB;IACjB,IACEP,IAAIQ,OAAO,CAAC,iBAAiB,KAAK,aAClCR,IAAIQ,OAAO,CAAC,iBAAiB,KAAK,cAClC;QACA,OAAOhB,mBAAmBC,KAAKgB,WAAWd;IAC5C;IAEA,gDAAgD;IAChD,MAAMe,YAAYV,IAAIQ,OAAO,CAAC,SAAS;IAEvC,IAAIE,WAAW;QACb,MAAMC,eAAeC,IAAAA,aAAQ,EAACF;QAE9B,IAAIC,cAAc;YAChB,MAAME,kBAAkBF,aAAaT,QAAQ,CAACY,WAAW;YACzD,MAAMC,iBAAiBJ,aAAaK,IAAI,KAAKb;YAC7C,MAAMc,cACJC,YAAG,CAACC,MAAM,CAACN,oBAAoBK,YAAG,CAACE,MAAM,CAACP;YAE5C,IACE,oDAAoD;YACpD,4CAA4C;YAC5C,CAAEI,CAAAA,eAAeF,cAAa,KAC9B,CAACM,IAAAA,mCAAmB,EAACR,iBAAiBT,iBACtC;gBACA,OAAOZ,mBAAmBC,KAAKoB,iBAAiBlB;YAClD;QACF;IACF;IAEA,OAAO;AACT"}

package/dist/server/lib/start-server.js CHANGED Viewed

@@ -111,7 +111,7 @@ async function getRequestHandlers({ dir, port, isDev, onDevServerCleanup, server
 async function startServer(serverOptions) {
     const { dir, isDev, hostname, minimalMode, allowRetry, keepAliveTimeout, selfSignedCertificate } = serverOptions;
     let { port } = serverOptions;
-    process.title = `next-server (v${"15.3.0-canary.17"})`;
+    process.title = `next-server (v${"15.3.0-canary.19"})`;
     let handlersReady = ()=>{};
     let handlersError = ()=>{};
     let handlersPromise = new Promise((resolve, reject)=>{

package/dist/shared/lib/canary-only.js CHANGED Viewed

@@ -22,7 +22,7 @@ _export(exports, {
 });
 function isStableBuild() {
     var _process_env___NEXT_VERSION;
-    return !((_process_env___NEXT_VERSION = "15.3.0-canary.17") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE && !process.env.NEXT_PRIVATE_LOCAL_DEV;
+    return !((_process_env___NEXT_VERSION = "15.3.0-canary.19") == null ? void 0 : _process_env___NEXT_VERSION.includes('canary')) && !process.env.__NEXT_TEST_MODE && !process.env.NEXT_PRIVATE_LOCAL_DEV;
 }
 class CanaryOnlyError extends Error {
     constructor(arg){

package/dist/telemetry/anonymous-meta.js CHANGED Viewed

@@ -81,7 +81,7 @@ function getAnonymousMeta() {
         isWsl: _iswsl.default,
         isCI: _ciinfo.isCI,
         ciName: _ciinfo.isCI && _ciinfo.name || null,
-        nextVersion: "15.3.0-canary.17"
+        nextVersion: "15.3.0-canary.19"
     };
     return traits;
 }

package/dist/telemetry/events/session-stopped.js CHANGED Viewed

@@ -11,11 +11,11 @@ Object.defineProperty(exports, "eventCliSessionStopped", {
 const EVENT_VERSION = 'NEXT_CLI_SESSION_STOPPED';
 function eventCliSessionStopped(event) {
     // This should be an invariant, if it fails our build tooling is broken.
-    if (typeof "15.3.0-canary.17" !== 'string') {
+    if (typeof "15.3.0-canary.19" !== 'string') {
         return [];
     }
     const payload = {
-        nextVersion: "15.3.0-canary.17",
+        nextVersion: "15.3.0-canary.19",
         nodeVersion: process.version,
         cliCommand: event.cliCommand,
         durationMilliseconds: event.durationMilliseconds,

package/dist/telemetry/events/version.js CHANGED Viewed

@@ -36,12 +36,12 @@ function hasBabelConfig(dir) {
 function eventCliSession(dir, nextConfig, event) {
     var _nextConfig_experimental_staleTimes, _nextConfig_experimental_staleTimes1, _nextConfig_experimental_reactCompiler, _nextConfig_experimental_reactCompiler1;
     // This should be an invariant, if it fails our build tooling is broken.
-    if (typeof "15.3.0-canary.17" !== 'string') {
+    if (typeof "15.3.0-canary.19" !== 'string') {
         return [];
     }
     const { images, i18n } = nextConfig || {};
     const payload = {
-        nextVersion: "15.3.0-canary.17",
+        nextVersion: "15.3.0-canary.19",
         nodeVersion: process.version,
         cliCommand: event.cliCommand,
         isSrcDir: event.isSrcDir,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "next",
-  "version": "15.3.0-canary.17",
+  "version": "15.3.0-canary.19",
   "description": "The React Framework",
   "main": "./dist/server/next.js",
   "license": "MIT",
@@ -100,7 +100,7 @@
     ]
   },
   "dependencies": {
-    "@next/env": "15.3.0-canary.17",
+    "@next/env": "15.3.0-canary.19",
     "@swc/counter": "0.1.3",
     "@swc/helpers": "0.5.15",
     "busboy": "1.6.0",
@@ -132,14 +132,14 @@
   },
   "optionalDependencies": {
     "sharp": "^0.33.5",
-    "@next/swc-darwin-arm64": "15.3.0-canary.17",
-    "@next/swc-darwin-x64": "15.3.0-canary.17",
-    "@next/swc-linux-arm64-gnu": "15.3.0-canary.17",
-    "@next/swc-linux-arm64-musl": "15.3.0-canary.17",
-    "@next/swc-linux-x64-gnu": "15.3.0-canary.17",
-    "@next/swc-linux-x64-musl": "15.3.0-canary.17",
-    "@next/swc-win32-arm64-msvc": "15.3.0-canary.17",
-    "@next/swc-win32-x64-msvc": "15.3.0-canary.17"
+    "@next/swc-darwin-arm64": "15.3.0-canary.19",
+    "@next/swc-darwin-x64": "15.3.0-canary.19",
+    "@next/swc-linux-arm64-gnu": "15.3.0-canary.19",
+    "@next/swc-linux-arm64-musl": "15.3.0-canary.19",
+    "@next/swc-linux-x64-gnu": "15.3.0-canary.19",
+    "@next/swc-linux-x64-musl": "15.3.0-canary.19",
+    "@next/swc-win32-arm64-msvc": "15.3.0-canary.19",
+    "@next/swc-win32-x64-msvc": "15.3.0-canary.19"
   },
   "devDependencies": {
     "@ampproject/toolbox-optimizer": "2.8.3",
@@ -172,11 +172,11 @@
     "@jest/types": "29.5.0",
     "@mswjs/interceptors": "0.23.0",
     "@napi-rs/triples": "1.2.0",
-    "@next/font": "15.3.0-canary.17",
-    "@next/polyfill-module": "15.3.0-canary.17",
-    "@next/polyfill-nomodule": "15.3.0-canary.17",
-    "@next/react-refresh-utils": "15.3.0-canary.17",
-    "@next/swc": "15.3.0-canary.17",
+    "@next/font": "15.3.0-canary.19",
+    "@next/polyfill-module": "15.3.0-canary.19",
+    "@next/polyfill-nomodule": "15.3.0-canary.19",
+    "@next/react-refresh-utils": "15.3.0-canary.19",
+    "@next/swc": "15.3.0-canary.19",
     "@opentelemetry/api": "1.6.0",
     "@playwright/test": "1.41.2",
     "@storybook/addon-a11y": "8.6.0",