Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version Packages #3492

Merged
merged 1 commit into from
Jan 30, 2024
Merged

Version Packages #3492

merged 1 commit into from
Jan 30, 2024

Conversation

github-actions[bot]
Copy link
Contributor

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@urql/next@1.1.1

Patch Changes

  • ⚠️ Fix CVE-2024-24556, addressing an XSS vulnerability, where @urql/next failed to escape HTML characters in JSON payloads injected into RSC hydration bodies. When an attacker is able to manipulate strings in the JSON response in RSC payloads, this could cause HTML to be evaluated via a typical XSS vulnerability (See GHSA-qhjf-hm5j-335w for details.)
    Submitted by @JoviDeCroock (See 4b7011b7)

@github-actions github-actions bot force-pushed the changeset-release/main branch from 3b77ac1 to 8d3771e Compare January 30, 2024 17:13
@kitten kitten merged commit 87d79cd into main Jan 30, 2024
7 checks passed
@kitten kitten deleted the changeset-release/main branch January 30, 2024 17:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kitten kitten kitten approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kitten