[Snyk] Upgrade: , , , , , autoprefixer, axios, iframe-resizer-react, next, next-sanity, query-string, react-icons, styled-components

[WontonSam]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name	Versions	Released on

@commercelayer/js-auth
from 4.3.0 to 6.3.1 | 16 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-15
@commercelayer/react-components
from 4.2.2 to 4.15.9 | 185 versions ahead of your current version | a month ago
on 2024-08-23
@headlessui/react
from 1.7.19 to 2.1.3 | 13 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-23
@next/env
from 13.5.7 to 14.2.7 | 345 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 21 days ago
on 2024-08-27
@tailwindcss/forms
from 0.4.1 to 0.5.7 | 8 versions ahead of your current version | 10 months ago
on 2023-11-10
autoprefixer
from 10.4.5 to 10.4.20 | 15 versions ahead of your current version | 2 months ago
on 2024-08-02
axios
from 0.26.1 to 1.7.5 | 47 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-23
iframe-resizer-react
from 1.1.1 to 5.1.5 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-09
next
from 13.5.7 to 14.2.7 | 338 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 21 days ago
on 2024-08-27
next-sanity
from 5.5.11 to 9.4.7 | 119 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-20
query-string
from 7.1.3 to 9.1.0 | 8 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-22
react-icons
from 4.12.0 to 5.3.0 | 6 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-13
styled-components
from 5.3.11 to 6.1.12 | 60 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-17

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	524	Proof of Concept
	Prototype Pollution SNYK-JS-AXIOS-6144788	524	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-7361793	524	Proof of Concept
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	524	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	524	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	524	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	524	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-NEXT-6828457	524	Proof of Concept

Release notes

Package name: @commercelayer/js-auth

• 6.3.1 - 2024-07-15
  

  What's Changed

  🐛 Bug Fix

  • Fix the edge function crash on Vercel by @ marcomontalbano in #84

  Full Changelog: v6.3.0...v6.3.1

• 6.3.0 - 2024-07-02
  

  What's Changed

  🚀 Enhancement

  • Add jwtVerify method by @ marcomontalbano in #83

  Full Changelog: v6.2.2...v6.3.0

• 6.2.2 - 2024-05-20
  

  What's Changed

  🚀 Enhancement

  • Remove price_list_id by @ marcomontalbano in #82

  Full Changelog: v6.2.1...v6.2.2

• 6.2.1 - 2024-05-08
  

  What's Changed

  📝 Documentation

  • Update all dependencies to the latest and update documentation by @ marcomontalbano in #81

  Full Changelog: v6.2.0...v6.2.1

• 6.2.0 - 2024-04-22
  

  What's Changed

  🚀 Enhancement

  • Export JWT types by @ marcomontalbano in #79

  Other Changes

  • Update all dependencies to the latest by @ marcomontalbano in #80

  Full Changelog: v6.1.1...v6.2.0

• 6.1.1 - 2024-04-17
  

  What's Changed

  🐛 Bug Fix

  • Improve type definitions for jwtDecode and createAssertion by @ marcomontalbano in #77

  Full Changelog: v6.1.0...v6.1.1

• 6.1.0 - 2024-04-16
  

  What's Changed

  🚀 Enhancement

  • Add configuration for jsr.io by @ marcomontalbano in #76

  Full Changelog: v6.0.1...v6.1.0

• 6.0.1 - 2024-04-15
  

  What's Changed

  🐛 Bug Fix

  • The encodeBase64URLSafe method replaces the base64 instead of the payload by @ marcomontalbano in #75

  📝 Documentation

  • Update README by @ sfiorucci in #74

  Full Changelog: v6.0.0...v6.0.1

• 6.0.0 - 2024-03-26
  

  What's Changed

  💥 Breaking Change

  • New auth endpoint by @ marcomontalbano in #68

  🚀 Enhancement

  • Add an helper to decode the JWT by @ marcomontalbano in #69
  • Add support to JWT Bearer by @ marcomontalbano in #71
  • Add revoke method by @ marcomontalbano in #72

  📝 Documentation

  • Add custom header types by @ marcomontalbano in #70

  💥 Breaking changes

  This library now uses the new https://auth.commercelayer.io/oauth/token endpoint. We unified core and provisioning into a single authenticate method.

  # no more valid
  - import { provisioning } from '@ commercelayer/js-auth'

# no more valid
- import { core } from '@ commercelayer/js-auth'

# new syntax
+ import { authenticate } from '@ commercelayer/js-auth'

Examples

Core authentication

import { authenticate } from '@ commercelayer/js-auth'

const auth = await authenticate('client_credentials', {
clientId: '{{ client_id }}',
scope: 'market:id:1234'
})

Provisioning authentication

Read more about how to get the client id and secret.

import { authenticate } from '@ commercelayer/js-auth'

const auth = await authenticate('client_credentials', {
clientId: '{{ client_id }}',
clientSecret: '{{ client_secret }}',
})

Typescript

import { authenticate, type AuthenticateOptions } from '@ commercelayer/js-auth'

const options: AuthenticateOptions<'client_credentials'> = {
clientId: '{{ client_id }}',
scope: 'market:id:1234'
}

const auth = await authenticate('client_credentials', options)

Decode an access token

We added an helper method to decode an access token:

import { authenticate, jwtDecode, jwtIsSalesChannel } from '@ commercelayer/js-auth'

const auth = await authenticate('client_credentials', {
clientId: '{{ application_client_id }}',
scope: '{{ application_scope }}'
})

const decodedJWT = jwtDecode(auth.accessToken)

if (jwtIsSalesChannel(decodedJWT.payload)) {
console.log('organization slug is', decodedJWT.payload.organization.slug)
}

JWT bearer flow

JWT Bearer flow allows a client application to obtain an access token using a JSON Web Token (JWT) assertion.

We added support to the JWT bearer flow by introducing a new createAssertion method:

const assertion = await createAssertion({
  payload: {
    'https://commercelayer.io/claims': {
      owner: {
        type: 'Customer',
        id: '4tepftJsT2'
      },
      custom_claim: {
        customer: {
          first_name: 'John',
          last_name: 'Doe'
        }
      }
    }
  }
})

Once you created the assertion you can get an access token using the urn:ietf:params:oauth:grant-type:jwt-bearer grant type:

import { authenticate } from '@ commercelayer/js-auth'

const auth = await authenticate('urn:ietf:params:oauth:grant-type:jwt-bearer', {
clientId: 'your-client-id',
clientSecret: 'your-client-secret',
scope: 'market:code:europe',
assertion
})

console.log('My access token: ', auth.accessToken)
console.log('Expiration date: ', auth.expires)

Revoke an access token

We added the revoke method.

Any previously generated access tokens (refresh tokens included) can be revoked before their natural expiration date.

import { revoke } from '@ commercelayer/js-auth'

await revoke({
clientId: 'your-client-id',
clientSecret: 'your-client-secret',
token: 'a-generated-access-token'
})

Full Changelog: v5.2.1...v6.0.0

6.0.0-beta.2 - 2024-03-26

What's Changed

📝 Documentation

• Add exports.types to the package.json by @ marcomontalbano in #73

Full Changelog: v6.0.0-beta.1...v6.0.0-beta.2

6.0.0-beta.1 - 2024-03-26

6.0.0-beta.0 - 2024-03-22

5.2.1 - 2024-03-18

5.2.0 - 2024-03-14

5.1.0 - 2024-03-14

5.0.0 - 2024-03-14

4.3.0 - 2024-03-12

from @commercelayer/js-auth GitHub release notes

Package name: @commercelayer/react-components

• 4.15.9 - 2024-08-23
  

  What's Changed

  🐛 Bug Fix

  • Update Order: Set customer address using the invertAddresses prop by @ acasazza in #574
  • Display Braintree 3DS Error Messages by @ acasazza in #575

  Full Changelog: v4.15.8...v4.15.9

• 4.15.9-beta.3 - 2024-08-21
  

  Full Changelog: v4.15.9-beta.2...v4.15.9-beta.3

• 4.15.9-beta.2 - 2024-08-14
  

  Full Changelog: v4.15.9-beta.1...v4.15.9-beta.2

• 4.15.9-beta.1 - 2024-08-13
  

  Full Changelog: v4.15.9-beta.0...v4.15.9-beta.1

• 4.15.9-beta.0 - 2024-08-12
  

  Full Changelog: v4.15.8...v4.15.9-beta.0

• 4.15.8 - 2024-08-09
  

  What's Changed

  🐛 Bug Fix

  • Address fields by @ acasazza in #571

  Full Changelog: v4.15.7...v4.15.8

• 4.15.8-beta.1 - 2024-08-09
  

  Full Changelog: v4.15.8-beta.0...v4.15.8-beta.1

• 4.15.8-beta.0 - 2024-08-08
  

  Full Changelog: v4.15.7...v4.15.8-beta.0

• 4.15.7 - 2024-08-07
  

  What's Changed

  🐛 Bug Fix

  • Read org configuration for buy now mode by @ acasazza in #569

  Full Changelog: v4.15.6...v4.15.7

• 4.15.7-beta.1 - 2024-08-07
  

  Full Changelog: v4.15.7-beta.0...v4.15.7-beta.1

• 4.15.7-beta.0 - 2024-08-06
• 4.15.6 - 2024-08-04
• 4.15.6-beta.0 - 2024-08-02
• 4.15.5 - 2024-07-31
• 4.15.5-beta.0 - 2024-07-31
• 4.15.4 - 2024-07-31
• 4.15.3 - 2024-07-30
• 4.15.3-beta.3 - 2024-07-30
• 4.15.3-beta.2 - 2024-07-30
• 4.15.3-beta.1 - 2024-07-30
• 4.15.3-beta.0 - 2024-07-30
• 4.15.2 - 2024-07-29
• 4.15.1 - 2024-07-25
• 4.15.0 - 2024-07-25
• 4.15.0-beta.3 - 2024-07-25
• 4.15.0-beta.2 - 2024-07-19
• 4.15.0-beta.1 - 2024-07-18
• 4.15.0-beta.0 - 2024-07-16
• 4.14.5 - 2024-07-12
• 4.14.4 - 2024-07-12
• 4.14.4-beta.0 - 2024-07-11
• 4.14.3 - 2024-07-10
• 4.14.3-beta.1 - 2024-07-09
• 4.14.3-beta.0 - 2024-07-08
• 4.14.2 - 2024-06-27
• 4.14.1 - 2024-06-25
• 4.14.0 - 2024-06-20
• 4.13.6 - 2024-06-10
• 4.13.6-beta.1 - 2024-05-29
• 4.13.6-beta.0 - 2024-05-24
• 4.13.5 - 2024-05-21
• 4.13.5-beta.2 - 2024-05-20
• 4.13.5-beta.1 - 2024-05-20
• 4.13.5-beta.0 - 2024-05-16
• 4.13.4 - 2024-05-15
• 4.13.4-beta.0 - 2024-05-15
• 4.13.3 - 2024-05-14
• 4.13.2 - 2024-05-14
• 4.13.1 - 2024-05-14
• 4.13.1-beta.9 - 2024-05-14
• 4.13.1-beta.8 - 2024-05-10
• 4.13.1-beta.7 - 2024-05-09
• 4.13.1-beta.6 - 2024-04-30
• 4.13.1-beta.5 - 2024-04-22
• 4.13.1-beta.4 - 2024-04-19
• 4.13.1-beta.3 - 2024-04-19
• 4.13.1-beta.2 - 2024-04-16
• 4.13.1-beta.1 - 2024-04-15
• 4.13.1-beta.0 - 2024-04-11
• 4.13.0 - 2024-04-08
• 4.12.0 - 2024-03-25
• 4.12.0-beta.1 - 2024-03-22
• 4.12.0-beta.0 - 2024-03-20
• 4.11.3 - 2024-03-14
• 4.11.3-beta.1 - 2024-03-14
• 4.11.3-beta.0 - 2024-03-12
• 4.11.2 - 2024-03-08
• 4.11.2-beta.8 - 2024-03-07
• 4.11.2-beta.7 - 2024-03-07
• 4.11.2-beta.6 - 2024-03-07
• 4.11.2-beta.5 - 2024-03-07
• 4.11.2-beta.4 - 2024-03-07
• 4.11.2-beta.3 - 2024-03-07
• 4.11.2-beta.2 - 2024-03-06
• 4.11.2-beta.1 - 2024-03-06
• 4.11.2-beta.0 - 2024-03-05
• 4.11.1 - 2024-03-05
• 4.11.1-beta.3 - 2024-03-05
• 4.11.1-beta.2 - 2024-03-04
• 4.11.1-beta.1 - 2024-03-04
• 4.11.0 - 2024-02-27
• 4.10.2 - 2024-02-26
• 4.10.1 - 2024-02-16
• 4.10.0 - 2024-02-15
• 4.10.0-beta.0 - 2024-02-07
• 4.9.0 - 2024-02-05
• 4.9.0-beta.4 - 2024-02-02
• 4.9.0-beta.3 - 2024-01-30
• 4.9.0-beta.2 - 2024-01-19
• 4.9.0-beta.1 - 2024-01-18
• 4.9.0-beta.0 - 2024-01-18
• 4.8.8 - 2024-01-25
• 4.8.7 - 2024-01-18
• 4.8.6 - 2024-01-11
• 4.8.6-beta.2 - 2024-01-11
• 4.8.6-beta.1 - 2024-01-10
• 4.8.6-beta.0 - 2024-01-09
• 4.8.5 - 2024-01-04
• 4.8.5-beta.0 - 2024-01-04
• 4.8.4 - 2023-12-22
• 4.8.4-beta.1 - 2024-01-03
• 4.8.4-beta.0 - 2023-12-22
• 4.8.3 - 2023-12-21
• 4.8.2 - 2023-12-21
• 4.8.1 - 2023-12-20
• 4.8.1-beta.2 - 2023-12-20
• 4.8.1-beta.1 - 2023-12-19
• 4.8.1-beta.0 - 2023-12-18
• 4.8.0 - 2023-12-11
• 4.8.0-beta.4 - 2023-12-04
• 4.8.0-beta.3 - 2023-11-20
• 4.8.0-beta.2 - 2023-10-16
• 4.8.0-beta.1 - 2023-10-11
• 4.8.0-beta.0 - 2023-10-10
• 4.7.11 - 2023-11-16
• 4.7.10 - 2023-11-15
• 4.7.9 - 2023-11-15
• 4.7.9-beta.1 - 2023-11-13
• 4.7.9-beta.0 - 2023-11-13
• 4.7.8 - 2023-11-08
• 4.7.7 - 2023-11-07
• 4.7.7-beta.0 - 2023-11-06
• 4.7.6 - 2023-11-03
• 4.7.5 - 2023-11-02
• 4.7.5-beta.3 - 2023-11-02
• 4.7.5-beta.2 - 2023-11-02
• 4.7.5-beta.1 - 2023-10-31
• 4.7.5-beta.0 - 2023-10-31
• 4.7.4 - 2023-10-25
• 4.7.4-beta.0 - 2023-10-24
• 4.7.3 - 2023-10-24
• 4.7.3-beta.1 - 2023-10-23
• 4.7.3-beta.0 - 2023-10-23
• 4.7.2 - 2023-10-23
• 4.7.2-beta.0 - 2023-10-17
• 4.7.1 - 2023-10-13
• 4.7.1-beta.0 - 2023-10-13
• 4.7.0 - 2023-10-10
• 4.6.0 - 2023-10-02
• 4.6.0-beta.1 - 2023-09-29
• 4.6.0-beta.0 - 2023-09-28
• 4.5.2-beta.2 - 2023-09-21
• 4.5.2-beta.1 - 2023-09-21
• 4.5.2-beta.0 - 2023-09-21
• 4.5.1 - 2023-09-12
• 4.5.0-beta.16 - 2023-09-01
• 4.5.0-beta.13 - 2023-08-21
• 4.5.0-beta.12 - 2023-08-19
• 4.5.0-beta.11 - 2023-08-18
• 4.5.0-beta.10 - 2023-08-18
• 4.5.0-beta.9 - 2023-08-17
• 4.5.0-beta.8 - 2023-08-16
• 4.5.0-beta.7 - 2023-08-10
• 4.5.0-beta.6 - 2023-08-09
• 4.5.0-beta.5 - 2023-08-08
• 4.5.0-beta.4 - 2023-08-08
• 4.5.0-beta.3 - 2023-08-01
• 4.5.0-beta.2 - 2023-06-20
• 4.5.0-beta.1 - 2023-06-19
• 4.5.0-beta.0 - 2023-06-14
• 4.4.4 - 2023-05-23
• 4.4.4-beta.2 - 2023-05-23
• 4.4.4-beta.0 - 2023-05-23
• 4.4.3 - 2023-05-23
• 4.4.2 - 2023-05-22
• 4.4.1 - 2023-05-22
• 4.4.0 - 2023-05-08
• 4.4.0-beta.8 - 2023-04-28
• 4.4.0-beta.7 - 2023-04-27
• 4.4.0-beta.6 - 2023-04-27
• 4.4.0-beta.5 - 2023-04-26
• 4.4.0-beta.4 - 2023-04-21
• 4.4.0-beta.2 - 2023-03-30
• 4.3.6 - 2023-05-24
• 4.3.5 - 2023-03-27
• 4.3.5-beta.1 - 2023-03-27
• 4.3.5-beta.0 - 2023-03-24
• 4.3.4 - 2023-03-23
• 4.3.3 - 2023-03-22
• 4.3.2 - 2023-03-20
• 4.3.1 - 2023-03-10
• 4.3.0 - 2023-03-10
• 4.2.3-beta.2 - 2023-03-09
• 4.2.3-beta.1 - 2023-03-07
• 4.2.3-beta.0 - 2023-02-22
• 4.2.2 - 2023-02-08

from @commercelayer/react-components GitHub release notes

Package name: @headlessui/react

• 2.1.3 - 2024-08-23
  

  Fixed

  • Ensure Transition component state doesn't change when it becomes hidden (#3372)
  • Fix closing components using the transition prop, and after scrolling the page (#3407)
  • Ensure all client components are marked correctly to avoid a crash with React 19 and Turbopack (#3429)
• 2.1.2 - 2024-07-05
  

  Fixed

  • Fix prematurely added anchoring styles on ListboxOptions (#3337)
  • Ensure unmount on Dialog works in combination with the transition prop on DialogBackdrop and DialogPanel components (#3352)
  • Fix crash in Combobox component when in virtual mode when options are empty (#3356)
  • Fix hanging tests when using anchor prop (#3357)
  • Fix transition and focus prop combination for PopoverPanel component (#3361)
  • Fix outside click in nested portalled Popover components (#3362)
  • Fix restoring focus to correct element when closing Dialog component (#3365)
  • Fix flushSync warning for Combobox component with immediate prop enabled (#3366)
• 2.1.1 - 2024-06-26
  

  Fixed

  • Fix issues spreading omitted props onto components (#3313)
  • Fix initial anchor="selection" positioning (#3324)
  • Fix render prop in ComboboxOptions to use any instead of unknown (#3327)
  • Fix incorrect Transition boundary for Dialog component (#3331)
• 2.1.0 - 2024-06-21
  

  

  We just released Headless UI v2.1 for React, which dramatically simplifies our transition APIs and adds support for rendering multiple dialogs as siblings. See our announcement blog to learn more.

  Changelog

  Added

  • Add ability to render multiple Dialog components at once (without nesting them) (#3242)
  • Add new data-attribute-based transition API (#3273, #3285, #3307, #3309, #3312)
  • Add DialogBackdrop component (#3307, #3310)
  • Add PopoverBackdrop component to replace PopoverOverlay (#3308)

  Fixed

  • Keep Combobox open when clicking scrollbar in ComboboxOptions (#3249)
  • Ensure ComboboxInput does not sync with current value while typing (#3259)
  • Fix visual jitter in Combobox component when using native scrollbar (#3190)
  • Improve UX by freezing ComboboxOptions while closing (#3304)
  • Merge incoming style prop on ComboboxOptions, ListboxOptions, MenuItems, and PopoverPanel components (#3250)
  • Prevent focus on Checkbox when it is disabled (#3251)
  • Use useId instead of React internals (for React 19 compatibility) (#3254)
  • Cancel outside click behavior on touch devices when scrolling (#3266)
  • Correctly apply conditional classes when using Transition and TransitionChild components (#3303)

  Changed

  • Allow using the Tab and Shift+Tab keys when the Listbox component is open (#3284)
• 2.0.4 - 2024-05-24
• 2.0.3 - 2024-05-07
• 2.0.2 - 2024-05-07
• 2.0.1 - 2024-05-06
• 2.0.0 - 2024-05-06
• 2.0.0-alpha.4 - 2024-01-03
• 2.0.0-alpha.3 - 2023-12-21
• 2.0.0-alpha.2 - 2023-12-20
• 2.0.0-alpha.1 - 2023-12-20
• 1.7.19 - 2024-04-15

from @headlessui/react GitHub release notes

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.