SAP / ui5-webcomponents-react / 12604377347
89%

DEFAULT BRANCH: main
Ran
Jobs 6
Files 218
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 87.145%. Remained the same
12604377347

push

github

web-flow 
chore(deps): update dependency next to v15.1.2 [security] (#6784)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [next](https://nextjs.org)
([source](https://redirect.github.com/vercel/next.js)) | [`15.1.0` ->
`15.1.2`](https://renovatebot.com/diffs/npm/next/15.1.0/15.1.2) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/next/15.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/next/15.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/next/15.1.0/15.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/next/15.1.0/15.1.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2024-56332](https://redirect.github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9)

### Impact
A Denial of Service (DoS) attack allows attackers to construct requests
that leaves requests to Server Actions hanging until the hosting
provider cancels the function execution.

_Note: Next.js server is idle during that time and only keeps the
connection open. CPU and memory footprint are low during that time._

Deployments without any protection against long running Server Action
invocations are especially vulnerable. Hosting providers like Vercel or
Netlify set a default maximum duration on function execution to reduce
the risk of excessive billing.

This is the same issue as if the incoming HTTP request has an invalid
`Content-Length` header or never closes. If the host has no other
mitigations to those then this vulnerability is novel.

This vulnerability affects only Next.js deployments using Server
Actions.

### Patches

This vulnerability was resolved in Next.js 14.2.21, 15.1.2, a... (continued)

2928 of 3893 branches covered (75.21%)

5091 of 5842 relevant lines covered (87.14%)

41775.3 hits per line

Subprojects
ID Flag name Job ID Ran Files Coverage
1 main/src/internal 12604377347.1 150
15.58
 GitHub Action Run
2 compat 12604377347.2 161
19.01
 GitHub Action Run
3 cypress-commands 12604377347.3 150
15.47
 GitHub Action Run
4 main/src/components 12604377347.4 150
84.57
 GitHub Action Run
5 base 12604377347.5 150
15.65
 GitHub Action Run
6 charts 12604377347.6 207
28.16
 GitHub Action Run
Source Files on build 12604377347