chore(deps): update dependency @astrojs/vercel to v10 [security]#10339
chore(deps): update dependency @astrojs/vercel to v10 [security]#10339renovate[bot] wants to merge 1 commit intomainfrom
Conversation
|
| Command | Status | Duration | Result |
|---|---|---|---|
nx affected --targets=test:sherif,test:knip,tes... |
❌ Failed | 9m 16s | View ↗ |
nx run-many --target=build --exclude=examples/*... |
✅ Succeeded | 1s | View ↗ |
☁️ Nx Cloud last updated this comment at 2026-03-26 22:26:18 UTC
🚀 Changeset Version PreviewNo changeset entries found. Merging this PR will not cause a version bump for any packages. |
📝 WalkthroughWalkthroughA dependency version for Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@examples/solid/astro/package.json`:
- Line 17: Update the package.json dependency entry for "@astrojs/vercel" to
enforce the patched release floor: change the version range string from
"^10.0.0" to "^10.0.2" so fresh installs or lockfile regenerations cannot
resolve vulnerable 10.0.0/10.0.1 releases; locate the line containing the
"@astrojs/vercel" dependency in package.json and modify the version string
accordingly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 3c88382b-b0f6-4f93-aa8b-889ae4d260e3
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (1)
examples/solid/astro/package.json
| "@astrojs/solid-js": "^5.0.7", | ||
| "@astrojs/tailwind": "^6.0.2", | ||
| "@astrojs/vercel": "^8.1.3", | ||
| "@astrojs/vercel": "^10.0.0", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "Checking dependency declaration floor in package.json..."
rg -n '"@astrojs/vercel"\s*:\s*"\^10\.[0-9]+\.[0-9]+"' examples/solid/astro/package.json
echo
echo "Searching lockfiles for resolved `@astrojs/vercel` versions..."
fd '^(pnpm-lock\.yaml|package-lock\.json|yarn\.lock|bun\.lockb)$' -H .
echo
echo "Resolved versions (if lockfiles exist):"
rg -n '@astrojs/vercel(@|":|\s)' pnpm-lock.yaml package-lock.json yarn.lock 2>/dev/null || true
echo
echo "Expected result: all resolved versions are >= 10.0.2"Repository: TanStack/query
Length of output: 1119
Update the version constraint to ^10.0.2 to enforce the patched release floor.
The current ^10.0.0 range permits vulnerable versions 10.0.0 and 10.0.1 to be resolved in fresh installs or lockfile regeneration scenarios. Since this PR addresses CVE-2026-33768 (fixed in v10.0.2), the dependency floor must be explicitly set to the patched version.
Suggested change
- "@astrojs/vercel": "^10.0.0",
+ "@astrojs/vercel": "^10.0.2",📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| "@astrojs/vercel": "^10.0.0", | |
| "@astrojs/vercel": "^10.0.2", |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@examples/solid/astro/package.json` at line 17, Update the package.json
dependency entry for "@astrojs/vercel" to enforce the patched release floor:
change the version range string from "^10.0.0" to "^10.0.2" so fresh installs or
lockfile regenerations cannot resolve vulnerable 10.0.0/10.0.1 releases; locate
the line containing the "@astrojs/vercel" dependency in package.json and modify
the version string accordingly.
size-limit report 📦
|
This PR contains the following updates:
^8.1.3→^10.0.0Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2026-33768
Summary
The
@astrojs/vercelserverless entrypoint reads thex-astro-pathheader andx_astro_pathquery parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel's platform-level path restrictions entirely.The override preserves the original HTTP method and body, so this isn't limited to GET. POST, PUT, DELETE all land on the rewritten path. A Firewall rule blocking
/admin/*does nothing when the request comes in asPOST /api/health?x_astro_path=/admin/delete-user.Affected Versions
Verified against:
duplexbug in the Request constructor (theduplex: 'half'option is required when passing a ReadableStream body — this has been an issue since Node.js 18 but is consistently enforced in the Node.js 22+ runtime that Astro 6 requires). This is not a security fix — the code explicitly passesbody: request.bodyand intends to preserve it. Once the missingduplexoption is added, all methods will be exploitable on v6 as well.The vulnerable code path is identical across both versions.
Affected Component
@astrojs/vercelpackages/integrations/vercel/src/serverless/entrypoint.ts(lines 19–28)packages/integrations/vercel/src/index.ts(lines 44–45)Vulnerable Code
The handler blindly trusts the caller-supplied path:
What makes this worse is the inconsistency.
x-astro-localsright below it is gated behindmiddlewareSecret, butx-astro-pathgets nothing:Conditions
@astrojs/verceladapteroutput: 'server'(SSR)src/middleware.tsdefined, or middleware not using Edge modeThis is a realistic production configuration. Middleware is optional and many deployments skip it.
The
x-astro-pathmechanism exists for a legitimate purpose: when Edge Middleware is present, it forwards requests to a single serverless function (_render) and uses this header to communicate the original path. The Edge Middleware always overwrites any client-supplied value with the correct one. But when no Edge Middleware is configured, requests hit the serverless function directly, and the override is exposed to external callers with no protection.Proof of Concept
Setup: minimal Astro SSR project on Vercel, no middleware. Routes:
/public(page),/api/health(API endpoint),/admin/secret(page),/admin/delete-user(API endpoint). Vercel Firewall blocks/admin/*.GET — page content override:
GET — API route override:
Header override:
Vercel Firewall bypass (GET):
Vercel Firewall bypass (POST) — verified on Astro 5.x:
The Firewall evaluates the original path. The serverless function serves the overridden path. Method and body carry over.
ISR is not affected. Vercel's cache layer appears to intercept before the function runs.
Impact
Firewall/WAF bypass — read (Critical): Any path-based restriction in Vercel Dashboard or
vercel.json(IP blocks, geo restrictions, rate limits scoped to specific paths) can be bypassed for GET requests. Protected page content and API responses are fully readable.Firewall/WAF bypass — write (Critical): POST/PUT/DELETE requests also bypass Firewall rules. The method and body are preserved through the override, so any write endpoint behind path-based restrictions is reachable. Verified on Astro 5.x; on 6.x this is blocked by an unrelated
duplexbug in the Request constructor, not by any security check.Audit log mismatch (Medium): Vercel logs record the original request path and query string (e.g.
/public?x_astro_path=/admin/secret), so the override parameter is technically visible. However, the logged path (/public) does not reflect the path actually served (/admin/secret). Detecting this attack from logs requires knowing whatx_astro_pathmeans — standard monitoring and alerting based on request paths will not catch it.Prior Art
CVE-2025-29927 (Next.js):
x-middleware-subrequestheader injectable by external clients, bypassing middleware. Same class of vulnerability.Release Notes
withastro/astro (@astrojs/vercel)
v10.0.2Compare Source
Patch Changes
335a204Thanks @matthewp! - Fix Vercel serverless path override handling so override values are only applied when the trusted middleware secret is present.v10.0.1Compare Source
Patch Changes
6f8f0bcThanks @ematipico! - Updates the AstropeerDependencies#astroto be6.0.0.v10.0.0Compare Source
Major Changes
736216bThanks @florian-lefebvre! - Removes the deprecated@astrojs/vercel/serverlessand@astrojs/vercel/staticexports. Use the@astrojs/vercelexport insteadMinor Changes
#15258
d339a18Thanks @ematipico! - Stabilizes the adapter featureexperimentalStatiHeaders. If you were using this feature in any of the supported adapters, you'll need to change the name of the flag:export default defineConfig({ adapter: netlify({ - experimentalStaticHeaders: true + staticHeaders: true }) })#15413
736216bThanks @florian-lefebvre! - Updates the implementation to use the new Adapter API#15495
5b99e90Thanks @leekeh! - Adds newmiddlewareModeadapter feature and deprecatesedgeMiddlewareoptionThe
edgeMiddlewareoption is now deprecated and will be removed in a future release, so users should transition to using the newmiddlewareModefeature as soon as possible.export default defineConfig({ adapter: vercel({ - edgeMiddleware: true + middlewareMode: 'edge' }) })#14946
95c40f7Thanks @ematipico! - Removes theexperimental.cspflag and replaces it with a new configuration optionsecurity.csp- (v6 upgrade guidance)Patch Changes
#15781
2de969dThanks @ematipico! - Adds a newclientAddressoption to thecreateContext()functionProviding this value gives adapter and middleware authors explicit control over the client IP address. When not provided, accessing
clientAddressthrows an error consistent with other contexts where it is not set by the adapter.Additionally, both of the official Netlify and Vercel adapters have been updated to provide this information in their edge middleware.
#15778
4ebc1e3Thanks @ematipico! - Fixes an issue where the computedclientAddresswas incorrect in cases of a Request header with multiple values. TheclientAddressis now also validated to contain only characters valid in IP addresses, rejecting injection payloads.#15460
ee7e53fThanks @florian-lefebvre! - Updates to use the new Adapter API#15450
50c9129Thanks @florian-lefebvre! - Fixes a case wherebuild.serverEntrywould not be respected when using the new Adapter API#15461
9f21b24Thanks @florian-lefebvre! - Updates to new Adapter API introduced in v6#15125
6feb0d7Thanks @florian-lefebvre! - Updates Node versions data to account for v24 as the defaultUpdated dependencies [
4ebc1e3,4e7f3e8,a164c77,cf6ea6b,a18d727,240c317,745e632]:v9.0.5Compare Source
Patch Changes
c2cd371]:v9.0.4Compare Source
Patch Changes
29fd188Thanks @drwpow! - Improves error message when using Node builtins inside Edge middlewaresv9.0.3Compare Source
Patch Changes
9fc4562Thanks @Raanelom! - Updates Node versions data to account for v24 as the defaultv9.0.2Compare Source
Patch Changes
9a284cdThanks @drwpow! - fix: Allow "node:" prefix for Node builtinsv9.0.1Patch Changes
9e9c528,0f75f6b]:v9.0.0Major Changes
5601357Thanks @jacobdalamb! - Updates Node v18 'retiring' notice to 'deprecated' for Vercel adapter.Minor Changes
#14543
9b3241dThanks @matthewp! - Enables skew protection for Astro sites deployed on Vercel. Skew protection ensures that your site's client and server versions stay synchronized during deployments, preventing issues where users might load assets from a newer deployment while the server is still running the older version.Skew protection is automatically enabled on Vercel deployments when the
VERCEL_SKEW_PROTECTION_ENABLEDenvironment variable is set to1. The deployment ID is automatically included in both asset requests and API calls, allowing Vercel to serve the correct version to every user.Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.