[Snyk] Security upgrade next from 14.2.10 to 14.2.35#13
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-14400636 - https://snyk.io/vuln/SNYK-JS-NANOID-8492085
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Review or Edit in CodeSandboxOpen the branch in Web Editor • VS Code • Insiders |
|
Important Review skippedIgnore keyword(s) in the title. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the ✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This PR upgrades the Next.js dependency to address two security vulnerabilities identified by Snyk: a high-severity Deserialization of Untrusted Data vulnerability (SNYK-JS-NEXT-14400636) and a medium-severity Improper Input Validation vulnerability (SNYK-JS-NANOID-8492085). The upgrade follows a patch version increment within the 14.2.x series.
Key Changes:
- Upgrades Next.js from version 14.2.26 to 14.2.35 in package.json
- Addresses 2 security vulnerabilities with a combined priority score of 306
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "@headlessui/react": "^1.7.18", | ||
| "gray-matter": "^4.0.3", | ||
| "next": "14.2.26", | ||
| "next": "14.2.35", |
There was a problem hiding this comment.
The PR description states this upgrade is from version 14.2.10 to 14.2.35, but the diff shows the actual change is from 14.2.26 to 14.2.35. Additionally, the pnpm-lock.yaml file still references version 14.2.10. This inconsistency suggests that package.json was previously updated to 14.2.26 without updating the lock file, or the PR description is outdated. Please verify the actual current version and ensure the lock file is properly updated to reflect the new version 14.2.35.
Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-NEXT-14400636
SNYK-JS-NANOID-8492085
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Improper Input Validation
🦉 Deserialization of Untrusted Data