Skip to content

deps(example): bump the dependencies group in /examples/nextjs-14-clerk-shield with 2 updates #1143

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

deps(example): bump the dependencies group in /examples/nextjs-14-clerk-shield with 2 updates #1143

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 17, 2024
edited
Loading

Bumps the dependencies group in /examples/nextjs-14-clerk-shield with 2 updates: @clerk/nextjs and tailwindcss.

Updates @clerk/nextjs from 5.2.3 to 5.2.4

Changelog

Sourced from @​clerk/nextjs's changelog.

5.2.4

Patch Changes

Commits
  • b1669a5 chore(repo): Version packages (#3356)
  • 558430d fix(backend,nextjs): Replace DevBrowser constant usage for query params (#3355)
  • bb6a13f chore(repo): Version packages (#3336)
  • 63b6733 fix(nextjs): Apply response headers on redirect (#3344)
  • 4ae79af fix(nextjs): url-based session syncing for auth() helpers (#3334)
  • 39265d9 chore(repo): Remove eslint-config-custom from react's deps (#3307)
  • c13b29c chore(repo): Version packages (#3313)
  • 7ef62b2 Emmanouela/sdk 1612 update links to docs in source code (#3312)
  • 3cfea92 fix(nextjs): Wait for isLoaded before checking catch-all route
  • 9ec7b04 fix(nextjs): Fix rules of hooks warning
  • Additional commits viewable in compare view

Updates tailwindcss from 3.4.5 to 3.4.6

Release notes

Sourced from tailwindcss's releases.

v3.4.6

Fixed

  • Fix detection of some utilities in Slim/Pug templates (#14006)

Changed

  • Loosen :is() wrapping rules when using an important selector (#13900)
Changelog

Sourced from tailwindcss's changelog.

[3.4.6] - 2024-07-16

Fixed

  • Fix detection of some utilities in Slim/Pug templates (#14006)

Changed

  • Loosen :is() wrapping rules when using an important selector (#13900)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot requested a review from a team as a code owner July 17, 2024 06:33
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 17, 2024
@dependabot dependabot bot requested a review from blaine-arcjet July 17, 2024 06:33
@trunk-io Trunk.io
Copy link

trunk-io bot commented Jul 17, 2024

Merging to main in this repository is managed by Trunk.

  • To merge this pull request, check the box to the left or comment /trunk merge below.

@socket-security Socket Security
Copy link

socket-security bot commented Jul 17, 2024
edited
Loading

New dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@clerk/[email protected] None +1 1.79 MB bradenclerk, chanioxaris, colinclerk, ...5 more
npm/[email protected] environment, filesystem 0 5.62 MB adamwathan

View full report↗︎

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/examples/nextjs-14-clerk-shield/dependencies-179d7cb8f4 branch from 75831b0 to 07e1933 Compare July 23, 2024 07:00
@dependabot
deps(example): bump the dependencies group
703ed35 
Bumps the dependencies group in /examples/nextjs-14-clerk-shield with 2 updates: [@clerk/nextjs](https://github.com/clerk/javascript/tree/HEAD/packages/nextjs) and [tailwindcss](https://github.com/tailwindlabs/tailwindcss).


Updates `@clerk/nextjs` from 5.2.3 to 5.2.4
- [Release notes](https://github.com/clerk/javascript/releases)
- [Changelog](https://github.com/clerk/javascript/blob/main/packages/nextjs/CHANGELOG.md)
- [Commits](https://github.com/clerk/javascript/commits/@clerk/[email protected]/packages/nextjs)

Updates `tailwindcss` from 3.4.5 to 3.4.6
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/v3.4.6/CHANGELOG.md)
- [Commits](tailwindlabs/tailwindcss@v3.4.5...v3.4.6)

---
updated-dependencies:
- dependency-name: "@clerk/nextjs"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: tailwindcss
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/examples/nextjs-14-clerk-shield/dependencies-179d7cb8f4 branch from 07e1933 to 703ed35 Compare July 24, 2024 14:50
@socket-security Socket Security
Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Manifest confusion npm/@clerk/[email protected] 🚫
Manifest confusion npm/@clerk/[email protected] 🚫
Manifest confusion npm/@clerk/[email protected] 🚫
Manifest confusion npm/@clerk/[email protected] 🚫
Manifest confusion npm/@clerk/[email protected] 🚫
Manifest confusion npm/@clerk/[email protected] 🚫
Manifest confusion npm/@clerk/[email protected] 🚫
Manifest confusion npm/@clerk/[email protected] 🚫

View full report↗︎

Next steps

What is manifest confusion?

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Packages with inconsistent metadata may be corrupted or malicious.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jul 24, 2024

Superseded by #1181.

@dependabot dependabot bot closed this Jul 24, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/examples/nextjs-14-clerk-shield/dependencies-179d7cb8f4 branch July 24, 2024 20:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blaine-arcjet blaine-arcjet Awaiting requested review from blaine-arcjet

Assignees

@blaine-arcjet blaine-arcjet

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@blaine-arcjet