Skip to content

[Snyk] Fix for 10 vulnerabilities#28

Open
Abuchtela wants to merge 1 commit into
mainfrom
snyk-fix-3271773e98f67c6e8ff69f106e3f4107
Open

[Snyk] Fix for 10 vulnerabilities#28
Abuchtela wants to merge 1 commit into
mainfrom
snyk-fix-3271773e98f67c6e8ff69f106e3f4107

Conversation

@Abuchtela

Copy link
Copy Markdown
Owner

snyk-top-banner

Snyk has created this PR to fix 10 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • pnpm-lock.yaml

Vulnerabilities that will be fixed with an upgrade:

Issue
high severity Allocation of Resources Without Limits or Throttling
SNYK-JS-NEXT-16638674
medium severity Acceptance of Extraneous Untrusted Data With Trusted Data
SNYK-JS-NEXT-16638675
medium severity Interpretation Conflict
SNYK-JS-NEXT-16638676
medium severity Use of Weak Hash
SNYK-JS-NEXT-16638677
high severity Allocation of Resources Without Limits or Throttling
SNYK-JS-NEXT-16638680
medium severity Cross-site Scripting (XSS)
SNYK-JS-NEXT-16638681
high severity Server-side Request Forgery (SSRF)
SNYK-JS-NEXT-16638682
high severity Incorrect Authorization
SNYK-JS-NEXT-16638683
low severity Cross-site Scripting (XSS)
SNYK-JS-NEXT-16638684
medium severity Use of Uninitialized Resource
SNYK-JS-WS-16722635

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling
🦉 Use of Weak Hash
🦉 Cross-site Scripting (XSS)
🦉 More lessons are available in Snyk Learn

Copilot AI review requested due to automatic review settings May 20, 2026 11:46
@vercel

vercel Bot commented May 20, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
ecosystem-contributions Error Error May 20, 2026 11:47am

@codesandbox

codesandbox Bot commented May 20, 2026

Copy link
Copy Markdown

Review or Edit in CodeSandbox

Open the branch in Web EditorVS CodeInsiders

Open Preview

@coderabbitai

coderabbitai Bot commented May 20, 2026

Copy link
Copy Markdown

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 42326af9-b8dd-4c93-8bc3-7851c5a0f78e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch snyk-fix-3271773e98f67c6e8ff69f106e3f4107

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This Snyk-generated PR upgrades key pnpm dependencies to remediate reported vulnerabilities, primarily by moving the project to Next.js 15 and updating viem.

Changes:

  • Upgrade next from 14.2.35 to 15.5.16.
  • Upgrade viem from ^2.49.3 to ^2.50.x and refresh pnpm-lock.yaml accordingly.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.

File Description
package.json Bumps next to 15.5.16 and updates the viem semver range.
pnpm-lock.yaml Updates resolved dependency graph for Next.js 15 / viem upgrade (including new transitive deps like sharp).
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread package.json
"remark": "^15.0.1",
"remark-html": "^16.0.1",
"viem": "^2.49.3",
"viem": "^2.50.3",
Comment thread pnpm-lock.yaml
viem:
specifier: ^2.49.3
version: 2.49.3(typescript@5.3.3)
specifier: ^2.50.4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants