[Snyk] Upgrade: , class-variance-authority, next, next-themes, openai-edge

[X-oss-byte]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@vercel/og
from 0.5.20 to 0.6.2 | 3 versions ahead of your current version | 8 months ago
on 2024-01-04
class-variance-authority
from 0.4.0 to 0.7.0 | 10 versions ahead of your current version | a year ago
on 2023-07-17
next
from 13.4.7-canary.1 to 13.5.6 | 179 versions ahead of your current version | a year ago
on 2023-10-18
next-themes
from 0.2.1 to 0.3.0 | 2 versions ahead of your current version | 6 months ago
on 2024-03-13
openai-edge
from 0.5.1 to 0.6.1 | 2 versions ahead of your current version | a year ago
on 2023-05-29

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	HTTP Request Smuggling SNYK-JS-NEXT-6828456	586	No Known Exploit
	Denial of Service (DoS) SNYK-JS-NEXT-7442548	586	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ZOD-5925617	586	Proof of Concept
	Resource Exhaustion SNYK-JS-NEXT-6032387	586	Proof of Concept
	Improper Input Validation SNYK-JS-POSTCSS-5926692	586	No Known Exploit

Release notes

Package name: class-variance-authority

• 0.7.0 - 2023-07-17
  

  What's Changed

  • Upgrade to clsx@2.0.0 by @ joe-bell in #185

  Full Changelog: v0.6.1...v0.7.0

• 0.6.1 - 2023-06-26
  

  What's Changed

  • Add missing license key in package.json
  • Upgrade to typescript@5.1.3 by @ joe-bell in #175

  Full Changelog: v0.6.0...v0.6.1

• 0.6.0 - 2023-04-27
  

  What's Changed

  • cx → clsx by @ joe-bell in #152

    cva now uses clsx under-the-hood to concatenate classes with no breaking changes to the current experience and no increase to bundle-size.

    The existing cx export still exists, but as an alias of clsx

    Bringing additional benefits of:

    1. Provides additional support for booleans and variadic strings within class or className props

       const button = cva([true && "button-base", false && "not-rendered"]);
       // => 'button-base'

       const buttonConsumer = button({ class: [true && "extra-class"] });
       // => 'button-base extra-class'

    2. Provides support for object syntax within class or className props

       const button = cva({ foo: true, bar: false });
       // => 'foo baz'

  Full Changelog: v0.5.3...v0.6.0

• 0.6.0-canary.0 - 2023-04-27
• 0.5.3 - 2023-04-26
  

  What's Changed

  • fix: issue #147 where map files are not present for esm files by @ pfried in #148

    Thank you @ pfried!

  • fix: Added explicit undefined type to support exactOptionalPropertyTypes option by @ totto2727 in #149

    This has been a long standing issue for me and I'm so grateful to @ totto2727 for making the fix

  New Contributors

  • @ pfried made their first contribution in #148
  • @ totto2727 made their first contribution in #149

  Full Changelog: v0.5.2...v0.5.3

• 0.5.3-canary.0 - 2023-04-26
• 0.5.2 - 2023-04-11
  

  What's Changed

  • Support for moduleResolution: bundler (add types to exports field in package.json) by @ msonnberger in #138

  New Contributors

  • @ msonnberger made their first contribution in #138

  Full Changelog: v0.5.1...v0.5.2

• 0.5.1 - 2023-04-02
  

  What's Changed

  Warning
  v0.5.0 is broken, please skip straight to v0.5.1

  • Support for TypeScript 5 by @ joe-bell in #134

  Full Changelog: v0.4.0...v0.5.0

  Support the Project 🖤

  Note
  I'm actually supposed to be on vacation right now, but it seems like people are desperate for TypeScript 5 support

  cva is a labour of love – I don't get paid to work on this project

  Contributions of any size are greatly appreciated 🙏🏼

  Ethereum

  0xC756F748ff6A499f3C826529A0Da30FF1A3ac28c
  

  

• 0.5.1-canary.0 - 2023-04-02
• 0.5.0 - 2023-04-02
  

  class-variance-authority@0.5.0

• 0.4.0 - 2022-12-05
  

  What's Changed

  Features

  • Target Multiple Variant Options within Compound Variants by @ joe-bell and @ JeroenReumkens in #76

    // components/button.ts
    import { cva } from "class-variance-authority";

    const button = cva("…", {
    variants: {
    intent: { primary: "…", secondary: "…" },
    size: { small: "…", medium: "…" },
    },
    compoundVariants: [
    // Applied via:
    // button({ intent: "primary", size: "medium" })
    // or
    // button({ intent: "secondary", size: "medium" })
    {
    intent: ["primary", "secondary"],
    size: "medium",
    class: "…",
    },
    ],
    });

  Chores

  • Upgrade Commitlint by @ joe-bell in #71
  • fix: readme example by @ TmLev in #70

  New Contributors

  • @ TmLev made their first contribution in #70
  • @ JeroenReumkens made their first contribution in #76

  Full Changelog: v0.3.0...v0.4.0

from class-variance-authority GitHub release notes

Package name: next

• 13.5.6 - 2023-10-18
• 13.5.6-canary.8 - 2023-10-19
• 13.5.6-canary.7 - 2023-10-18
• 13.5.6-canary.6 - 2023-10-18
  

  Core Changes

  • fix typos: #56870
  • Update React from 09fbee89d to a41957507: #56970
  • Reland "feat(turbopack): support basic next/dynamic": #56934
  • Add @ mui/icons-material to the default optimizePackageImports list: #56801

  Credits

  Huge thanks to @ xiaolou86, @ ztanner, @ sokra, and @ shuding for helping!

• 13.5.6-canary.5 - 2023-10-17
  No content.
• 13.5.6-canary.4 - 2023-10-17
  

  Core Changes

  • Adding component to @ next/third-parties: #56106
  • Replace Promise.withResolvers polyfill with DetachedPromise: #56954
  • chore(next/image)!: mark onLoadingComplete as deprecated in favor of onLoad: #56944
  • chore: lower Node.js version requirement: #56943

  Misc Changes

  • chore: reduce fs-extra usage in scripts/: #56917
  • chore(test): set COREPACK_ENABLE_STRICT: 0 for create-next-app tests: #56955

  Credits

  Huge thanks to @ janicklas-ralph, @ wyattjoh, @ SukkaW, @ styfle, and @ balazsorban44 for helping!

• 13.5.6-canary.3 - 2023-10-17
  

  Core Changes

  • feat: set status code to 500 if unexpected error occurs before streaming in app router: #56236
  • cache: add unstable_noStore API: #56930

  Credits

  Huge thanks to @ dpnolte and @ feedthejim for helping!

• 13.5.6-canary.2 - 2023-10-17
  

  Core Changes

  • feat(env): upgrade dotenv: #38481
  • Update Babel dependencies: #51962
  • perf: fix tracing for routes: #56924
  • build: Update swc_core to v0.86.1: #56770

  Credits

  Huge thanks to @ JuanM04, @ Andarist, @ feedthejim, and @ kdy1 for helping!

• 13.5.6-canary.1 - 2023-10-16
  

  Core Changes

  • Update React from d900fadbf to 09fbee89d. Removes server context and experimental prefix for server action APIs: #56809

  Documentation Changes

  • Update 05-mdx.mdx . Fix key of the prop: #56883

  Credits

  Huge thanks to @ WhoAmIRUS and @ gnoff for helping!

• 13.5.6-canary.0 - 2023-10-16
  

  Core Changes

  • perf: fix server trace file logic : #56898
  • feat: drop Node.js 16: #56896

  Misc Changes

  • improve next-image-proxy test: #56893
  • chore(test): test remote image from proxy: #56895
  • ensure kodiak is re-added to apps list after code-freeze action: #56907

  Credits

  Huge thanks to @ ztanner, @ styfle, @ feedthejim, and @ balazsorban44 for helping!

• 13.5.5 - 2023-10-16
  

  Core Changes

  • Update parallelizing tasks with webpackBuildWorker config: #56287
  • Misc Typescript and export updates: #55841
  • chore: pass defineEnv from next.js to rust directly: #56216
  • Expose util internally for debugging: #56381
  • App Router - preinitialize chunks during SSR: #54752
  • fix: use fs.existsSync to avoid race condition: #56387
  • Ensure loader generated export default has name: #56388
  • Move Edge SSR event waitUntil into the handler: #56404
  • fix: avoid unnecessary existSync call: #56419
  • fix: avoid creation of buffers for read ops: #56421
  • fix empty externals list, pnpm special case, and project path: #56402
  • chore: extract edge-app-route loader template: #56424
  • Separate RSC and SSR jsx-runtime modules: #56438
  • Async Batcher: #56423
  • Fix cli log next.js color: #56448
  • Turbopack: Implement Server Actions: #53890
  • Component Module Types: #56454
  • refactor: rewrite config schema in zod: #56383
  • Dev Service: #56442
  • feat(turbopack): port next.js template loading logic: #56425
  • Chunking Refactor Step 1: #56467
  • Use native node:fs in taskfile.js: #56491
  • Loose RSC import restrictions for 3rd party packages: #56501
  • turbopack: Chunking Refactor Step 2 : #56504
  • update turbopack, fix sass peer dependency: #56508
  • Remove ServerDirectiveTransformer: #56496
  • Improve failed to fetch RSC error: #56517
  • misc: fix wrong next start start duration: #56512
  • turbopack: Extract as_chunk into shared ChunkType trait: #56506
  • Flatten recursive wildcard exports in barrel optimization: #56489
  • Turbopack + app router: always use externals for predefined packages: #56440
  • fix: log error cause: #56528
  • Unsilence Taskr Webpack errors: #56542
  • refactor: cleanup app render: #56538
  • fix: don't add isolateModules to tsconfig when extending from tsconfig with verbatimModuleSyntax: #54164
  • enable verbatimModuleSyntax to make type imports/exports explicit: #56551
  • Ensure react-server-dom-turbopack-experimental uses the right package: #56560
  • Fix build restart log: #56543
  • feat(turbopack): add support for edge app pages: #56426
  • Improve error handling of Server Actions with skewed deployment: #56618
  • misc: split app-render into smaller functions: #56611
  • remove unnecessary structuredClone: #56570
  • Fix trace ignore handling: #56674
  • fix(next-core): allow sass loader for foreign codes: #56679
  • Fix SSG query with experimental-compile: #56680
  • Ensure rewrites are included in build manifest when using Turbopack: #56692
  • fix static worker restart behavior: #56728
  • Improve internal waitUntil utility: #56720
  • Fix reconnection loop when devserver is offline: #56698
  • Fix ensurePage for client-side navigation to / in Turbopack: #56704
  • ci: add job summary to the test suite runs: #56742
  • Prefer module over main on main fields for app router server compiler: #56532
  • Check origins of Server Action requests: #56753
  • OpenTelemetry: ignore bubble errors to avoid spamming traces: #56625
  • fix(turbopack): always alias server-only and client-only: #56760
  • Utilize Promise.withResolvers: #56764
  • Revert "Prefer module over main on main fields for app router server compiler": #56766
  • Revalidate Type: #56763
  • Revert static worker refactor: #56767
  • memoize useParams: #56771
  • Turbopack: Chunking Refactoring: #56756
  • Chunking Refactoring followup fixes: #56789
  • put app code into a separate layer: #56800
  • fix: add x-forwarded-* headers:

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 73cb49b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.