Update resolve-url-loader to fix vulnerability #18064

felipeguilhermefs · 2020-10-20T19:37:39Z

Bump resolve-url-loader version to fix vulnerability.

ijjk · 2020-10-20T19:48:09Z

Stats from current PR

Default Server Mode (Increase detected ⚠️)

General Overall decrease ✓

	vercel/next.js canary	felipeguilhermefs/next.js fix/audit-error-object-path	Change
buildDuration	12s	12.2s	⚠️ +113ms
nodeModulesSize	62.7 MB	62.4 MB	-208 kB

Page Load Tests Overall increase ✓

	vercel/next.js canary	felipeguilhermefs/next.js fix/audit-error-object-path	Change
/ failed reqs	0	0	✓
/ total time (seconds)	2.515	2.326	-0.19
/ avg req/sec	994.08	1074.62	+80.54
/error-in-render failed reqs	0	0	✓
/error-in-render total time (seconds)	1.527	1.434	-0.09
/error-in-render avg req/sec	1637.42	1743.63	+106.21

Client Bundles (main, webpack, commons)

	vercel/next.js canary	felipeguilhermefs/next.js fix/audit-error-object-path	Change
677f882d2ed8..35e7.js gzip	11.1 kB	11.1 kB	✓
framework.HASH.js gzip	39 kB	39 kB	✓
main-4a72e8c..9b29.js gzip	7.34 kB	7.34 kB	✓
webpack-e067..f178.js gzip	751 B	751 B	✓
Overall change	58.1 kB	58.1 kB	✓

Client Bundles (main, webpack, commons) Modern

	vercel/next.js canary	felipeguilhermefs/next.js fix/audit-error-object-path	Change
677f882d2ed8..dule.js gzip	6.94 kB	6.94 kB	✓
framework.HA..dule.js gzip	39 kB	39 kB	✓
main-609fbc1..dule.js gzip	6.32 kB	6.32 kB	✓
webpack-07c5..dule.js gzip	751 B	751 B	✓
Overall change	53 kB	53 kB	✓

Legacy Client Bundles (polyfills)

	vercel/next.js canary	felipeguilhermefs/next.js fix/audit-error-object-path	Change
polyfills-4b..e242.js gzip	31 kB	31 kB	✓
Overall change	31 kB	31 kB	✓

Client Pages

	vercel/next.js canary	felipeguilhermefs/next.js fix/audit-error-object-path	Change
_app-9a0b9e1..b37e.js gzip	1.28 kB	1.28 kB	✓
_error-ed1b0..8fbd.js gzip	3.44 kB	3.44 kB	✓
hooks-89731c..c609.js gzip	887 B	887 B	✓
index-17468f..5d83.js gzip	227 B	227 B	✓
link-89ad9e7..25bb.js gzip	1.34 kB	1.34 kB	✓
routerDirect..924c.js gzip	284 B	284 B	✓
withRouter-7..c13d.js gzip	284 B	284 B	✓
Overall change	7.74 kB	7.74 kB	✓

Client Pages Modern

	vercel/next.js canary	felipeguilhermefs/next.js fix/audit-error-object-path	Change
_app-75d3a82..dule.js gzip	625 B	625 B	✓
_error-4469a..dule.js gzip	2.29 kB	2.29 kB	✓
hooks-cbf13f..dule.js gzip	387 B	387 B	✓
index-b9a643..dule.js gzip	226 B	226 B	✓
link-aeb707b..dule.js gzip	1.29 kB	1.29 kB	✓
routerDirect..dule.js gzip	284 B	284 B	✓
withRouter-f..dule.js gzip	282 B	282 B	✓
Overall change	5.39 kB	5.39 kB	✓

Client Build Manifests

	vercel/next.js canary	felipeguilhermefs/next.js fix/audit-error-object-path	Change
_buildManifest.js gzip	322 B	322 B	✓
_buildManife..dule.js gzip	329 B	329 B	✓
Overall change	651 B	651 B	✓

Rendered Page Sizes

	vercel/next.js canary	felipeguilhermefs/next.js fix/audit-error-object-path	Change
index.html gzip	1 kB	1 kB	✓
link.html gzip	1.01 kB	1.01 kB	✓
withRouter.html gzip	995 B	995 B	✓
Overall change	3.01 kB	3.01 kB	✓

Serverless Mode (Decrease detected ✓)

General Overall decrease ✓

	vercel/next.js canary	felipeguilhermefs/next.js fix/audit-error-object-path	Change
buildDuration	13.5s	13.5s	-33ms
nodeModulesSize	62.7 MB	62.4 MB	-208 kB

Client Bundles (main, webpack, commons)

	vercel/next.js canary	felipeguilhermefs/next.js fix/audit-error-object-path	Change
677f882d2ed8..35e7.js gzip	11.1 kB	11.1 kB	✓
framework.HASH.js gzip	39 kB	39 kB	✓
main-4a72e8c..9b29.js gzip	7.34 kB	7.34 kB	✓
webpack-e067..f178.js gzip	751 B	751 B	✓
Overall change	58.1 kB	58.1 kB	✓

Client Bundles (main, webpack, commons) Modern

	vercel/next.js canary	felipeguilhermefs/next.js fix/audit-error-object-path	Change
677f882d2ed8..dule.js gzip	6.94 kB	6.94 kB	✓
framework.HA..dule.js gzip	39 kB	39 kB	✓
main-609fbc1..dule.js gzip	6.32 kB	6.32 kB	✓
webpack-07c5..dule.js gzip	751 B	751 B	✓
Overall change	53 kB	53 kB	✓

Legacy Client Bundles (polyfills)

	vercel/next.js canary	felipeguilhermefs/next.js fix/audit-error-object-path	Change
polyfills-4b..e242.js gzip	31 kB	31 kB	✓
Overall change	31 kB	31 kB	✓

Client Pages

	vercel/next.js canary	felipeguilhermefs/next.js fix/audit-error-object-path	Change
_app-9a0b9e1..b37e.js gzip	1.28 kB	1.28 kB	✓
_error-ed1b0..8fbd.js gzip	3.44 kB	3.44 kB	✓
hooks-89731c..c609.js gzip	887 B	887 B	✓
index-17468f..5d83.js gzip	227 B	227 B	✓
link-89ad9e7..25bb.js gzip	1.34 kB	1.34 kB	✓
routerDirect..924c.js gzip	284 B	284 B	✓
withRouter-7..c13d.js gzip	284 B	284 B	✓
Overall change	7.74 kB	7.74 kB	✓

Client Pages Modern

	vercel/next.js canary	felipeguilhermefs/next.js fix/audit-error-object-path	Change
_app-75d3a82..dule.js gzip	625 B	625 B	✓
_error-4469a..dule.js gzip	2.29 kB	2.29 kB	✓
hooks-cbf13f..dule.js gzip	387 B	387 B	✓
index-b9a643..dule.js gzip	226 B	226 B	✓
link-aeb707b..dule.js gzip	1.29 kB	1.29 kB	✓
routerDirect..dule.js gzip	284 B	284 B	✓
withRouter-f..dule.js gzip	282 B	282 B	✓
Overall change	5.39 kB	5.39 kB	✓

Client Build Manifests

	vercel/next.js canary	felipeguilhermefs/next.js fix/audit-error-object-path	Change
_buildManifest.js gzip	322 B	322 B	✓
_buildManife..dule.js gzip	329 B	329 B	✓
Overall change	651 B	651 B	✓

Serverless bundles

	vercel/next.js canary	felipeguilhermefs/next.js fix/audit-error-object-path	Change
_error.js	1.06 MB	1.06 MB	✓
404.html	4.34 kB	4.34 kB	✓
hooks.html	3.92 kB	3.92 kB	✓
index.js	1.06 MB	1.06 MB	✓
link.js	1.1 MB	1.1 MB	✓
routerDirect.js	1.1 MB	1.1 MB	✓
withRouter.js	1.1 MB	1.1 MB	✓
Overall change	5.42 MB	5.42 MB	✓

Commit: 669fb5f

timneutkens · 2020-10-20T20:36:43Z

Thanks! Will try to get this on stable 🔜

rodrigoAdones · 2020-10-21T03:34:54Z

@timneutkens When do you think will have a stable version with this change?

PD: thanks for your work @felipeguilhermefs

Update resolve-url-loader to fix vulnerability

669fb5f

felipeguilhermefs requested review from ijjk, lfades, Timer and timneutkens as code owners October 20, 2020 19:37

ijjk added the type: next label Oct 20, 2020

timneutkens approved these changes Oct 20, 2020

View reviewed changes

kodiakhq bot merged commit d4f53ec into vercel:canary Oct 20, 2020

felipeguilhermefs deleted the fix/audit-error-object-path branch October 20, 2020 20:33

ijjk added the hacktoberfest-accepted label Oct 20, 2020

matamatanot mentioned this pull request Oct 21, 2020

upgrade resolve-url-loader to resolve https://www.npmjs.com/advisories/1573 #18050

Closed

vercel locked as resolved and limited conversation to collaborators Jan 29, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update resolve-url-loader to fix vulnerability #18064

Update resolve-url-loader to fix vulnerability #18064

felipeguilhermefs commented Oct 20, 2020 •

edited by timneutkens

ijjk commented Oct 20, 2020

timneutkens commented Oct 20, 2020

rodrigoAdones commented Oct 21, 2020

Update resolve-url-loader to fix vulnerability #18064

Update resolve-url-loader to fix vulnerability #18064

Conversation

felipeguilhermefs commented Oct 20, 2020 • edited by timneutkens

ijjk commented Oct 20, 2020

Stats from current PR

timneutkens commented Oct 20, 2020

rodrigoAdones commented Oct 21, 2020

felipeguilhermefs commented Oct 20, 2020 •

edited by timneutkens