[Snyk] Security upgrade next from 14.2.35 to 15.5.10#17
[Snyk] Security upgrade next from 14.2.35 to 15.5.10#17Abbhiishek wants to merge 1 commit intomainfrom
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-15104645
|
Important Review skippedIgnore keyword(s) in the title. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the
✨ Finishing touches🧪 Generate unit tests (beta)
Tip 🧪 Unit Test Generation v2 is now available!We have significantly improved our unit test generation capabilities. To enable: Add this to your reviews:
finishing_touches:
unit_tests:
enabled: trueTry it out by using the Have feedback? Share your thoughts on our Discord thread! Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This PR upgrades Next.js from version 14.1.1 to 15.5.10 to address a high-severity security vulnerability (SNYK-JS-NEXT-15104645: Allocation of Resources Without Limits or Throttling). This is a Snyk-automated security fix that involves a major version upgrade.
Changes:
- Upgrades Next.js dependency from ^14.1.1 to ^15.5.10 in the docs app
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "dependencies": { | ||
| "@repo/ui": "*", | ||
| "next": "^14.1.1", | ||
| "next": "^15.5.10", |
There was a problem hiding this comment.
The @next/eslint-plugin-next package version (^14.1.1) should be updated to match the Next.js version being upgraded to (^15.5.10). Using mismatched versions between Next.js and its ESLint plugin can lead to incorrect linting rules or false positives/negatives in code checks.
| "dependencies": { | ||
| "@repo/ui": "*", | ||
| "next": "^14.1.1", | ||
| "next": "^15.5.10", |
There was a problem hiding this comment.
There is a discrepancy between the PR title/description and the actual code changes. The PR description states the upgrade is from version 14.2.35, but the diff shows the actual current version is ^14.1.1. While this doesn't affect the functionality of the upgrade, it suggests the automated PR generation may be using incorrect baseline information.
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
apps/docs/package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-NEXT-15104645
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling