Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Next.js: Support v14.0.0 #24593

Merged
merged 5 commits into from
Oct 27, 2023
Merged

Conversation

nikospapcom
Copy link
Contributor

@nikospapcom nikospapcom commented Oct 27, 2023

Closes #24589

What I did

Update nextjs package.json in order to support nextjs@14

Checklist for Contributors

Testing

The changes in this PR are covered in the following automated tests:

  • stories
  • unit tests
  • integration tests
  • end-to-end tests

Manual testing

This section is mandatory for all contributions. If you believe no manual test is necessary, please state so explicitly. Thanks!

Documentation

  • Add or update documentation reflecting your changes
  • If you are deprecating/removing a feature, make sure to update
    MIGRATION.MD

Checklist for Maintainers

  • When this PR is ready for testing, make sure to add ci:normal, ci:merged or ci:daily GH label to it to run a specific set of sandboxes. The particular set of sandboxes can be found in code/lib/cli/src/sandbox-templates.ts

  • Make sure this PR contains one of the labels below:

    Available labels
    • bug: Internal changes that fixes incorrect behavior.
    • maintenance: User-facing maintenance tasks.
    • dependencies: Upgrading (sometimes downgrading) dependencies.
    • build: Internal-facing build tooling & test updates. Will not show up in release changelog.
    • cleanup: Minor cleanup style change. Will not show up in release changelog.
    • documentation: Documentation only changes. Will not show up in release changelog.
    • feature request: Introducing a new feature.
    • BREAKING CHANGE: Changes that break compatibility in some way with current major version.
    • other: Changes that don't fit in the above categories.

🦋 Canary release

This PR does not have a canary release associated. You can request a canary release of this pull request by mentioning the @storybookjs/core team here.

core team members can create a canary release here or locally with gh workflow run --repo storybookjs/storybook canary-release-pr.yml --field pr=<PR_NUMBER>

@socket-security
Copy link

socket-security bot commented Oct 27, 2023

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
next 13.5.4...14.0.0 eval +10/-10 1.13 GB vercel-release-bot
@next/font 13.5.6...14.0.0 None +0/-0 2.6 MB vercel-release-bot

@socket-security
Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue Package Version Note Source
Uses eval next 14.0.0

Next steps

What is eval?

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Avoid packages that use eval, since this could potentially execute any code.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

@valentinpalkovic valentinpalkovic changed the title feat: Support [email protected] Next.js: Support v14.0.0 Oct 27, 2023
@valentinpalkovic valentinpalkovic self-assigned this Oct 27, 2023
@valentinpalkovic valentinpalkovic added the ci:daily Run the CI jobs that normally run in the daily job. label Oct 27, 2023
@@ -145,7 +145,7 @@
}
},
"engines": {
"node": ">=16.0.0"
"node": ">=18.17.0"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We cannot drop support for Node v16 with a minor release. This has to stay with v16 until we release a new major version, because we will still support Next.js 12 and 13

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, it also doesn't make sense to out of nowhere drop Node.js v16, major libraries are only now adding minimum requirement to Node.js v16; Even tho it is technically EOL. (Downstream != Upstream 🤷)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@valentinpalkovic @ovflowd Thanks for the comments, totally understand this, I reverted it back to 16 🙂

@nikospapcom
Copy link
Contributor Author

@valentinpalkovic do you have any other requests from my side? 🙃

@valentinpalkovic valentinpalkovic added the patch:yes Bugfix & documentation PR that need to be picked to main branch label Oct 27, 2023
@valentinpalkovic valentinpalkovic merged commit 7726afc into storybookjs:next Oct 27, 2023
14 of 15 checks passed
valentinpalkovic added a commit that referenced this pull request Oct 30, 2023
Next.js: Support v14.0.0

(cherry picked from commit 7726afc)
@github-actions github-actions bot added the patch:done Patch/release PRs already cherry-picked to main/release branch label Oct 30, 2023
@landsman
Copy link

thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ci:daily Run the CI jobs that normally run in the daily job. feature request nextjs patch:done Patch/release PRs already cherry-picked to main/release branch patch:yes Bugfix & documentation PR that need to be picked to main branch
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Bug]: Support for Nextjs 14 is required
4 participants