diff --git a/.github/workflows/deprecate_versions.yml b/.github/workflows/deprecate_versions.yml new file mode 100644 index 0000000000000..7461d87a98a3e --- /dev/null +++ b/.github/workflows/deprecate_versions.yml @@ -0,0 +1,176 @@ +name: Deprecate Vulnerable Versions + +on: + push: + branches: + - 12-03-add_deprecation_workflow + workflow_dispatch: + inputs: + dry_run: + description: 'Dry run (log commands without executing)' + required: true + type: boolean + default: true + message: + description: 'Deprecation message' + required: true + type: string + default: 'This version has a security vulnerability. Please upgrade to a patched version. See https://nextjs.org/blog/security-update-2025-12-11 for more details.' + +jobs: + deprecate: + if: github.repository_owner == 'vercel' + runs-on: ubuntu-latest + steps: + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 20 + registry-url: 'https://registry.npmjs.org' + + - name: Deprecate versions + shell: bash + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN_ELEVATED }} + DRY_RUN: false + DEPRECATION_MESSAGE: ${{ inputs.message || 'This version has a security vulnerability. Please upgrade to a patched version. See https://nextjs.org/blog/security-update-2025-12-11 for more details.' }} + run: | + VERSIONS=( + "13.3.0" + "13.3.1" + "13.3.2" + "13.3.3" + "13.3.4" + "13.4.0" + "13.4.1" + "13.4.2" + "13.4.3" + "13.4.4" + "13.4.5" + "13.4.6" + "13.4.7" + "13.4.8" + "13.4.9" + "13.4.10" + "13.4.11" + "13.4.12" + "13.4.13" + "13.4.14" + "13.4.15" + "13.4.16" + "13.4.17" + "13.4.18" + "13.4.19" + "13.5.0" + "13.5.1" + "13.5.2" + "13.5.3" + "13.5.4" + "13.5.5" + "13.5.6" + "13.5.7" + "13.5.8" + "13.5.9" + "13.5.10" + "14.0.0" + "14.0.1" + "14.0.2" + "14.0.3" + "14.0.4" + "14.1.0" + "14.1.1" + "14.1.2" + "14.1.3" + "14.1.4" + "14.2.0" + "14.2.1" + "14.2.2" + "14.2.3" + "14.2.4" + "14.2.5" + "14.2.6" + "14.2.7" + "14.2.8" + "14.2.9" + "14.2.10" + "14.2.11" + "14.2.12" + "14.2.13" + "14.2.14" + "14.2.15" + "14.2.16" + "14.2.17" + "14.2.18" + "14.2.19" + "14.2.20" + "14.2.21" + "14.2.22" + "14.2.23" + "14.2.24" + "14.2.25" + "14.2.26" + "14.2.27" + "14.2.28" + "14.2.29" + "14.2.30" + "14.2.31" + "14.2.32" + "14.2.33" + "14.2.34" + "15.0.5" + "15.0.6" + "15.1.9" + "15.1.10" + "15.2.6" + "15.2.7" + "15.3.6" + "15.3.7" + "15.4.8" + "15.4.9" + "15.5.7" + "15.5.8" + "16.0.7" + "16.0.8" + "16.0.9" + ) + + echo "=== Deprecation Summary ===" + echo "Total versions to deprecate: ${#VERSIONS[@]}" + echo "Dry run: $DRY_RUN" + echo "Message: $DEPRECATION_MESSAGE" + echo "" + + SUCCESS_COUNT=0 + FAIL_COUNT=0 + FAILED_VERSIONS="" + + for VERSION in "${VERSIONS[@]}"; do + if [ "$DRY_RUN" = "true" ]; then + echo "[DRY RUN] Would deprecate next@$VERSION" + else + echo "Deprecating next@$VERSION..." + if npm deprecate "next@$VERSION" "$DEPRECATION_MESSAGE" 2>&1; then + echo "✓ Successfully deprecated next@$VERSION" + SUCCESS_COUNT=$((SUCCESS_COUNT + 1)) + else + echo "✗ Failed to deprecate next@$VERSION" + FAIL_COUNT=$((FAIL_COUNT + 1)) + FAILED_VERSIONS="$FAILED_VERSIONS $VERSION" + fi + # Small delay to avoid potential rate limiting + sleep 1 + fi + done + + echo "" + echo "=== Results ===" + if [ "$DRY_RUN" = "true" ]; then + echo "Dry run complete. ${#VERSIONS[@]} versions would be deprecated." + else + echo "Successfully deprecated: $SUCCESS_COUNT" + echo "Failed: $FAIL_COUNT" + if [ $FAIL_COUNT -gt 0 ]; then + echo "Failed versions:$FAILED_VERSIONS" + exit 1 + fi + fi