rayan/next-learn
1
0
Fork 0
mirror of https://github.com/vercel/next-learn.git synced 2026-06-11 09:51:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
233 Commits 28 Branches 0 Tags
c8a4e0179a77705f50268d3ca0ddbf273e81d850
Commit Graph

233 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Cursor Agent
c8a4e0179a Use npmrc for standalone pnpm installs 
Co-authored-by: Steven <styfle@users.noreply.github.com>
 2026-05-21 22:36:20 +00:00
Cursor Agent
c3c8c1984f Simplify pnpm CI and centralize settings 
Co-authored-by: Steven <styfle@users.noreply.github.com>
 2026-05-21 22:11:41 +00:00
Cursor Agent
895433665a Add standalone pnpm setup for SEO demo 
Co-authored-by: Steven <styfle@users.noreply.github.com>
 2026-05-21 21:48:09 +00:00
Cursor Agent
6cad0c0245 Set standalone install command for SEO preview 
Co-authored-by: Steven <styfle@users.noreply.github.com>
 2026-05-21 21:46:39 +00:00
Cursor Agent
31ede5c9be Ignore generated Next env files in Prettier 
Co-authored-by: Steven <styfle@users.noreply.github.com>
 2026-05-21 21:41:52 +00:00
Cursor Agent
46b4008fce Preserve standalone pnpm installs for examples 
Co-authored-by: Steven <styfle@users.noreply.github.com>
 2026-05-21 21:39:46 +00:00
Cursor Agent
aef11452f3 Scope pnpm workspace to root package 
Co-authored-by: Steven <styfle@users.noreply.github.com>
 2026-05-21 21:35:56 +00:00
Cursor Agent
98123cd129 Fix pnpm workspace install settings 
Co-authored-by: Steven <styfle@users.noreply.github.com>
 2026-05-21 21:22:07 +00:00
Cursor Agent
d2e5eb6186 Switch root package manager to pnpm 10 
Co-authored-by: Steven <styfle@users.noreply.github.com>
 2026-05-21 21:19:56 +00:00
Joseph
914a33426a chore: issue template and auto close (#1295) 
* chore: issue tempalte and auto close

* chore: formatting issue
 2026-02-16 23:54:01 +01:00
dependabot[bot]
c57ef7bd8a Bump styfle/cancel-workflow-action from 0.12.1 to 0.13.0 (#1270) 
Bumps [styfle/cancel-workflow-action](https://github.com/styfle/cancel-workflow-action) from 0.12.1 to 0.13.0.
- [Release notes](https://github.com/styfle/cancel-workflow-action/releases)
- [Commits](https://github.com/styfle/cancel-workflow-action/compare/0.12.1...0.13.0)

---
updated-dependencies:
- dependency-name: styfle/cancel-workflow-action
  dependency-version: 0.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-16 14:59:49 +01:00
Joseph
31116a0ae3 chore: update dependencies (#1150) 2025-12-12 13:43:44 +01:00
Joseph
ba8a108f3a chore: update starter lockfile (#1147) 2025-12-09 21:25:12 +01:00
vercel[bot]
8cf1326979 Update dependencies for React Flight RCE advisory (#1144) 
# React Flight / Next.js RCE Advisory Patch

## Summary
Successfully patched the React Flight / Next.js RCE vulnerability across all affected Next.js projects in the vercel/next-learn repository.

## Analysis Results

### Projects Affected:
The repository contains multiple Next.js projects. Analysis determined:

**Updated to patched versions:**
- 2 projects using Next.js 15.1.x → Updated to 15.1.9
- 10 projects using Next.js "latest" → Pinned to 16.0.7
- 1 project already on Next.js 16.0.7 → No changes needed

**Not affected (no changes made):**
- 1 project using Next.js 13.0.2 (too old, predates vulnerability)
- 1 root workspace using Next.js 14.2.23 (stable release, not in affected range)
- No projects use react-server-dom-webpack, react-server-dom-parcel, or react-server-dom-turbopack

## Changes Made

### Files Modified:

**SEO Projects (Next.js 15.1.x):**
- `seo/package.json` - Updated `next: ^15.1.6` → `next: 15.1.9`
- `seo/demo/package.json` - Updated `next: ^15.1.6` → `next: 15.1.9`

**Dashboard Projects (Next.js latest):**
- `dashboard/starter-example/package.json` - Pinned `next: latest` → `next: 16.0.7`
- `dashboard/final-example/package.json` - Already at `next: 16.0.7` (no change)

**Basics Projects (Next.js latest):**
- `basics/api-routes-starter/package.json` - Pinned `next: latest` → `next: 16.0.7`
- `basics/assets-metadata-css-starter/package.json` - Pinned `next: latest` → `next: 16.0.7`
- `basics/basics-final/package.json` - Pinned `next: latest` → `next: 16.0.7`
- `basics/data-fetching-starter/package.json` - Pinned `next: latest` → `next: 16.0.7`
- `basics/demo/package.json` - Pinned `next: latest` → `next: 16.0.7`
- `basics/dynamic-routes-starter/package.json` - Pinned `next: latest` → `next: 16.0.7`
- `basics/dynamic-routes-step-1/package.json` - Pinned `next: latest` → `next: 16.0.7`
- `basics/learn-starter/package.json` - Pinned `next: latest` → `next: 16.0.7`
- `basics/navigate-between-pages-starter/package.json` - Pinned `next: latest` → `next: 16.0.7`

**Lockfiles:**
- `pnpm-lock.yaml` - Updated root workspace lockfile
- `basics/learn-starter/pnpm-lock.yaml` - New lockfile created
- `seo/pnpm-lock.yaml` - New lockfile created

**Not Modified:**
- `basics/typescript-final/package.json` - Uses `next: ^13.0.2` (not affected)
- `package.json` (root) - Uses `next: ^14.0.0` resolving to 14.2.23 (not affected)

## Patch Strategy

### For Next.js 15.1.x projects:
Updated to **15.1.9** per advisory guidance:
- 15.1.x → 15.1.9 (patched version for 15.1 minor)
- Did not upgrade to React manually (Next.js supplies correct versions)

### For Next.js "latest" projects:
Pinned to **16.0.7** per advisory guidance:
- Changed from "latest" to explicit "16.0.7"
- This prevents automatic upgrades and ensures the patched version is used
- 16.x → 16.0.7 (patched version for 16.0 minor)
- Did not upgrade React manually (Next.js supplies correct versions)

### For unaffected projects:
- Next.js 13.x: Too old to be affected by this vulnerability
- Next.js 14.2.x: Stable releases before 14.3.0-canary.77 are not affected

## Verification

### Build Tests Performed:
 **basics/learn-starter** (Next.js 16.0.7):
- Compiled successfully
- Static pages generated
- Build completed without dependency errors

 **seo/** (Next.js 15.1.9):
- Linting and type checking passed
- Compiled successfully
- Static pages generated
- Build completed successfully

 **Root workspace** (pnpm install):
- All dependencies installed successfully
- Lockfile updated correctly
- No breaking changes introduced

⚠️ **dashboard/final-example** (Next.js 16.0.7):
- Next.js compilation successful
- Build failures due to missing PostgreSQL database (expected in sandbox)
- Not a dependency-related issue; application requires database for data fetching
- Dependency upgrade confirmed working

## Implementation Approach

1. **Detection Phase:**
   - Scanned all package.json files in the repository
   - Identified Next.js versions and determined affected projects
   - Checked for React Flight packages (none found)

2. **Update Phase:**
   - Updated package.json files with appropriate patched versions
   - Maintained version constraints per advisory guidelines
   - Did not upgrade across major versions

3. **Lockfile Phase:**
   - Ran `pnpm install` at root to update workspace lockfile
   - Individual project lockfiles created/updated as needed
   - All dependencies resolved to patched versions

4. **Verification Phase:**
   - Tested builds on representative projects
   - Confirmed Next.js 15.1.9 builds successfully
   - Confirmed Next.js 16.0.7 builds successfully
   - Verified no breaking changes introduced

## Why This Approach:

**Version Selection:**
- 15.1.x → 15.1.9: Official patched version for 15.1 minor per advisory
- 16.0.x → 16.0.7: Official patched version for 16.0 minor per advisory
- Did not upgrade React/React-DOM manually: Next.js manages these dependencies

**"latest" → Pinned Version:**
- Changed from "latest" to explicit version numbers
- Ensures projects use patched versions
- Prevents accidental use of vulnerable versions if "latest" tag moves

**Selective Updates:**
- Only updated projects in affected version ranges
- Left Next.js 13.x and 14.2.x unchanged (not vulnerable)
- Followed advisory guidance precisely

## Advisory Compliance:

 Detected if project is affected (checked all package.json files)
 Updated Next.js 15.1.x to 15.1.9
 Updated Next.js 16.x to 16.0.7
 Did not upgrade across major versions
 Did not manually upgrade React/React-DOM (Next.js manages these)
 Updated lockfiles and reinstalled dependencies
 Verified builds work with patched versions
 Did not modify application logic
 No React Flight packages found (not applicable)

## References:
- React Flight / Next.js RCE Advisory
- CVE-2025-66478 (Next.js RCE)
- CVE-2025-55182 (React Flight RCE)
- GitHub Advisory: GHSA-9qr9-h5gf-34mp

Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
 2025-12-05 17:40:13 -06:00
Joseph
799cd79739 chore: regenerate lock files (#1138) 
* chore: bump packages

* chore: update tsconfig starter-example
 2025-11-26 23:32:09 +01:00
Roman Krasikov
f14425bbdf Fix chapter num in pagination component (#1135) 
Co-authored-by: Roman Krasikov <romankrru@yandex-team.ru>
 2025-11-20 23:47:16 +01:00
Joseph
7a05b718a1 learn: update to use proxy (#1120) 
* learn: update to use proxy

* learn: prettier fix to tsconfig
 2025-11-04 08:52:46 +01:00
Joseph
5bea28a64d feat: nodejs runtime for middleware (#1087) 2025-08-21 09:34:02 +02:00
Joseph
1041eeac0e chore: add sharp to pnpm built dependencies (#1066) 2025-05-26 12:47:07 -05:00
Joseph
a5170a538c chore: pnpm onlyBuildDependencies for bcrypt on starter (#1065) 2025-05-26 10:57:56 +02:00
Joseph
3829633600 Upgrade packages in next-learn/dashboard (#1061) 
* chore: Bump packages in starter-example

* chore: Bump packages in final-example

* chore: allow bcrypt to build

* chore: prettier fixes
 2025-05-22 11:30:38 +02:00
Zackary
4dfc687b2b fix: Add index to Pagination key for uniqueness in starter-example (#1039) 2025-04-09 06:57:23 -05:00
Roy Shani
bd393a4c60 Update data.ts (#994) 2025-02-04 19:36:16 -06:00
zviedris
b9c5ac3ed6 fixed missing query files (#992) 2025-01-29 20:41:04 -06:00
Lee Robinson
46d15fa2e5 Move from @vercel/postgres to postgres (provider-agnostic) (#989) 
* Postgres

* fix

* fix

* prettier-fix

---------

Co-authored-by: Delba de Oliveira <32464864+delbaoliveira@users.noreply.github.com>
 2025-01-29 11:39:32 -06:00
Lee Robinson
fc3a4e3faa Update deps on SEO and Pages Router courses (#987) 2025-01-23 08:16:22 -06:00
Lee Robinson
fc6c41c8d1 Update auth chapter (#983) 2025-01-21 12:09:06 -06:00
Lee Robinson
7295dab1e7 Revert "remove unused failing eslint (#894)" (#981) 
This reverts commit 29f96d1fc1.
 2025-01-18 18:59:24 -06:00
Lee Robinson
f83f04cf32 Update buttons.tsx 2025-01-15 13:47:00 -06:00
Mahendri Dwicahyo
29f96d1fc1 remove unused failing eslint (#894) 2025-01-15 13:40:12 -06:00
Lee Robinson
c5f12f9e3c React 19 stable. (#946) 2024-12-05 15:22:59 -06:00
Lee Robinson
0e41ddce78 Update dependencies (#941) 2024-12-02 11:34:21 -06:00
Fabio Benedetti
6f06a7f71a add example query (#927) 
* add example query

* prettier-fix

---------

Co-authored-by: Delba de Oliveira <32464864+delbaoliveira@users.noreply.github.com>
 2024-11-19 10:50:25 +00:00
Lee Robinson
e73e821f30 Update to Next 15 stable (#888) 2024-10-21 17:17:11 -05:00
Lee Robinson
1011f2f19f Move to canary until we cut a new RC version. 2024-07-06 11:56:38 -05:00
vincent bruneau
929b6bbbb2 Correct pagination.tsx chapter reference (#784) 
Chapter to uncomment was 7 instead of 11
 2024-07-05 22:17:33 -05:00
Miguel Fernández
91e23c4040 Correct latest-invoice.tsx chapter reference (#790) 2024-07-05 22:17:19 -05:00
Lee Robinson
d379162091 Cleanup from previous simplification PR. 2024-07-05 22:15:52 -05:00
Delba de Oliveira
e4ecb6679d Update code comments (#774) 
* Update code comments

* Use "uncomment"
 2024-06-28 15:39:02 +01:00
Lee Robinson
bab4ed6723 Fix test 2024-06-23 22:52:12 -05:00
Lee Robinson
f535c37750 Update the Learn codebase (#764) 2024-06-23 22:48:40 -05:00
wnhlee
9daf946b78 Remove unused getUser (#533) 
* remove unused getUser

* fixup
 2024-06-23 18:01:57 -05:00
howiesommerfeld
8022bb32a2 Add index to key for uniqueness (#640) 
Using only the page as a key does not preserve uniqueness across updates. This caused, for example, an ellipsis to appear before the pagination elements when navigating from a page in the middle back to the first page.
 2024-06-23 18:00:24 -05:00
Artur Comunello
fe35ffe0be Fix missing type (#624) 
Co-authored-by: Artur Comunello <artur.comunello@corel.com>
 2024-06-23 17:58:42 -05:00
Bartosz Trusiński
63b4f71f5a Fix: make UI skeleton look like its actual component (#620) 2024-06-23 17:57:59 -05:00
Delba de Oliveira
f8d9f39f44 Remove old team members (#744) 2024-06-23 11:33:55 -05:00
Delba de Oliveira
de76b00263 Replace useFormStatus and useFormState with useActionState (#748) 2024-06-19 03:41:51 -05:00
Delba de Oliveira
deca7c766f Add PPR (#745) 
* Update to next v15, switch to pnpm

* Delete package-lock.json

* Add PPR

* Update to next@canary

* Update starter-example to next@canary

* Update file extension

* Update ts compiler options to match CNA

* Fix ts errors
 2024-06-19 08:50:40 +01:00
Delba de Oliveira
58f9a68c6a Update Next 15 RC, React 19 RC, and use pnpm (#743) 
* Update to next v15, switch to pnpm

* Delete package-lock.json
 2024-06-11 13:28:44 -05:00
dependabot[bot]
b7a4366f68 Bump pnpm/action-setup from 2 to 3 (#591) 
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 2 to 3.
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](https://github.com/pnpm/action-setup/compare/v2...v3)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Delba de Oliveira <32464864+delbaoliveira@users.noreply.github.com>
 2024-02-23 14:22:25 +00:00