Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[GHSA-c59h-r6p8-q9wc] Next.js missing cache-control header may lead to CDN caching empty reply #2901

Closed
wants to merge 1 commit into from

Conversation

medikoo
Copy link

@medikoo medikoo commented Oct 31, 2023

Updates

  • Affected products

Comments
The problem is that security vulnerability is incorrectly applied to the v0.4 version of next when it was a totally different product, and that affects some packages that still depend on [email protected].

Unfortunately, this problem comes back whenever any new vulnerability is added for next.

See #179

Note: I was unable to setup a valid range in the form (either >=0.9.9 <13.4.20-canary.13 or 0.9.9 - 13.4.20-canary.12), how can we fix it?

@darakian
Copy link
Contributor

Note: I was unable to setup a valid range in the form (either >=0.9.9 <13.4.20-canary.13 or 0.9.9 - 13.4.20-canary.12), how can we fix it?

You were probably missing a , between the lower and upper expressions 😄
Why would 0.9.9 be the correct lower bound though? You're right that 0.4 was completely different but that would make 0.4 the lower bound right?

@medikoo
Copy link
Author

medikoo commented Oct 31, 2023

Closing, as I was able to address it by crafting PR manually here: #2902

@darakian darakian closed this Oct 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants