[Snyk] Fix for 10 vulnerabilities#28
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-16638674 - https://snyk.io/vuln/SNYK-JS-NEXT-16638675 - https://snyk.io/vuln/SNYK-JS-NEXT-16638676 - https://snyk.io/vuln/SNYK-JS-NEXT-16638677 - https://snyk.io/vuln/SNYK-JS-NEXT-16638680 - https://snyk.io/vuln/SNYK-JS-NEXT-16638681 - https://snyk.io/vuln/SNYK-JS-NEXT-16638682 - https://snyk.io/vuln/SNYK-JS-NEXT-16638683 - https://snyk.io/vuln/SNYK-JS-NEXT-16638684 - https://snyk.io/vuln/SNYK-JS-WS-16722635
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Review or Edit in CodeSandboxOpen the branch in Web Editor • VS Code • Insiders |
|
Important Review skippedIgnore keyword(s) in the title. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This Snyk-generated PR upgrades key pnpm dependencies to remediate reported vulnerabilities, primarily by moving the project to Next.js 15 and updating viem.
Changes:
- Upgrade
nextfrom14.2.35to15.5.16. - Upgrade
viemfrom^2.49.3to^2.50.xand refreshpnpm-lock.yamlaccordingly.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| package.json | Bumps next to 15.5.16 and updates the viem semver range. |
| pnpm-lock.yaml | Updates resolved dependency graph for Next.js 15 / viem upgrade (including new transitive deps like sharp). |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "remark": "^15.0.1", | ||
| "remark-html": "^16.0.1", | ||
| "viem": "^2.49.3", | ||
| "viem": "^2.50.3", |
| viem: | ||
| specifier: ^2.49.3 | ||
| version: 2.49.3(typescript@5.3.3) | ||
| specifier: ^2.50.4 |
Snyk has created this PR to fix 10 vulnerabilities in the pnpm dependencies of this project.
Snyk changed the following file(s):
package.jsonpnpm-lock.yamlVulnerabilities that will be fixed with an upgrade:
SNYK-JS-NEXT-16638674
SNYK-JS-NEXT-16638675
SNYK-JS-NEXT-16638676
SNYK-JS-NEXT-16638677
SNYK-JS-NEXT-16638680
SNYK-JS-NEXT-16638681
SNYK-JS-NEXT-16638682
SNYK-JS-NEXT-16638683
SNYK-JS-NEXT-16638684
SNYK-JS-WS-16722635
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling
🦉 Use of Weak Hash
🦉 Cross-site Scripting (XSS)
🦉 More lessons are available in Snyk Learn