Skip to content

chore: upgrate nextJS version to avoid vulnerabilities #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
aimensahnoun merged 1 commit into from
Dec 12, 2025
Merged

chore: upgrate nextJS version to avoid vulnerabilities #37

aimensahnoun merged 1 commit into from
Dec 12, 2025

Conversation

@aimensahnoun
Copy link
Member

@aimensahnoun aimensahnoun commented Dec 12, 2025
edited
Loading

TL;DR

Upgrade Next.js from version 14.2.5 to 14.2.35.

What changed?

This PR updates the Next.js dependency from version 14.2.5 to 14.2.35 in both package.json and package-lock.json files. This includes updates to all related Next.js packages such as @next/env and various platform-specific SWC packages.

How to test?

  1. Pull the changes and run npm install
  2. Start the development server with npm run dev
  3. Verify that the application runs correctly
  4. Test key functionality to ensure nothing was broken by the upgrade

Why make this change?

This update brings in the latest bug fixes, security patches, and performance improvements from the Next.js framework. Keeping dependencies up-to-date is important for maintaining application security and stability.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 12, 2025
edited
Loading

Warning

Rate limit exceeded

@aimensahnoun has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 10 minutes and 6 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 68c0f1b and 233e181.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (1)
  • package.json (1 hunks)
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch 12-12-chore_upgrate_nextjs_version_to_avoid_vulnerabilities

Comment @coderabbitai help to get the list of available commands and usage tips.

@aimensahnoun Graphite App
Copy link
Member Author

aimensahnoun commented Dec 12, 2025

This stack of pull requests is managed by Graphite. Learn more about stacking.

@aimensahnoun aimensahnoun self-assigned this Dec 12, 2025
@aimensahnoun aimensahnoun marked this pull request as ready for review December 12, 2025 12:26
@greptile-apps
Copy link

greptile-apps bot commented Dec 12, 2025

Greptile Overview

Greptile Summary

This PR upgrades Next.js from 14.2.5 to 14.2.35, bringing 30 patch releases worth of bug fixes, security patches, and performance improvements.

  • Updated next package from 14.2.5 to 14.2.35 in package.json
  • Updated @next/env from 14.2.5 to 14.2.35 in package-lock.json
  • Updated all platform-specific SWC packages (@next/swc-*) from 14.2.5 to 14.2.33
  • Added MIT license fields to package entries

The SWC packages at version 14.2.33 (while the main package is 14.2.35) is intentional - this is how the official Next.js 14.2.35 package specifies its optional dependencies. This is a standard, low-risk dependency upgrade with no breaking changes expected within the same minor version (14.2.x).

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk - it's a standard patch version upgrade within the same minor version
  • Perfect score reflects: (1) straightforward dependency upgrade with no code changes, (2) patch version bump (14.2.5 → 14.2.35) maintains backward compatibility, (3) all dependency versions correctly match official Next.js 14.2.35 specification, (4) no breaking changes expected, (5) upgrade addresses security vulnerabilities as stated in PR description
  • No files require special attention - both files contain routine dependency version updates

Important Files Changed

File Analysis

Filename Score Overview
package.json 5/5 Updated Next.js from 14.2.5 to 14.2.35 - straightforward dependency upgrade
package-lock.json 5/5 Updated Next.js and related @next/env and SWC packages, added MIT license fields - lockfile correctly reflects official package dependencies

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant PM as Package Manager
    participant NPM as NPM Registry
    participant App as Next.js Application

    Dev->>PM: Update next to 14.2.35 in package.json
    Dev->>PM: Run npm install
    PM->>NPM: Fetch [email protected] metadata
    NPM-->>PM: Package info + dependencies
    PM->>NPM: Fetch @next/[email protected]
    NPM-->>PM: @next/env package
    PM->>NPM: Fetch optional @next/swc-* packages (14.2.33)
    NPM-->>PM: Platform-specific SWC binaries
    PM->>PM: Update package-lock.json
    PM->>PM: Install dependencies in node_modules
    PM-->>Dev: Installation complete
    Dev->>App: npm run dev / npm run build
    App->>App: Load Next.js 14.2.35 with SWC 14.2.33
    App-->>Dev: Application running with updated framework
Loading

greptile-apps[bot]
greptile-apps bot reviewed Dec 12, 2025
View reviewed changes
Copy link

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 file reviewed, no comments

Edit Code Review Agent Settings | Greptile

@aimensahnoun aimensahnoun merged commit d87319a into main Dec 12, 2025
12 of 14 checks passed
@aimensahnoun aimensahnoun deleted the 12-12-chore_upgrate_nextjs_version_to_avoid_vulnerabilities branch December 12, 2025 13:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rodrigopavezi rodrigopavezi rodrigopavezi approved these changes

@MantisClone MantisClone MantisClone approved these changes

@bassgeta bassgeta Awaiting requested review from bassgeta

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@aimensahnoun aimensahnoun

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aimensahnoun @rodrigopavezi @MantisClone