Skip to content

[Snyk] Security upgrade next from 14.2.13 to 15.2.2#27

Open
Azanul wants to merge 1 commit intomasterfrom
snyk-fix-02021925b7b31d1c402cb18eb4eff675
Open

[Snyk] Security upgrade next from 14.2.13 to 15.2.2#27
Azanul wants to merge 1 commit intomasterfrom
snyk-fix-02021925b7b31d1c402cb18eb4eff675

Conversation

@Azanul
Copy link
Owner

@Azanul Azanul commented Jun 3, 2025

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • frontend/package.json
  • frontend/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
low severity Missing Origin Validation in WebSockets
SNYK-JS-NEXT-10259370		   401  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: frontend/package.json & frontend/package-lock.json to reduce vul…
69d8554 
…nerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-10259370
@gooroo-dev
Copy link

gooroo-dev bot commented Jun 3, 2025

Please double check the following review of the pull request:

🐞Mistake 🤪Typo 🚨Security 🚀Performance 💪Best Practices 📖Readability ❓Others
0 0 0 0 0 0 0

Changes in the diff

  • 🛠️ Upgraded next package from version 14.2.13 to 15.2.2 in both package.json and package-lock.json.
  • 🛠️ Updated related @next/* packages and dependencies to version 15.2.2.
  • 🛠️ Updated @swc/helpers from 0.5.5 to 0.5.15.
  • 🛠️ Added optional dependencies related to sharp image processing library and its platform-specific binaries.
  • 🛠️ Updated styled-jsx from 5.1.1 to 5.1.6 and adjusted peer dependencies for React 19 support.
  • 🛠️ Updated tslib from 2.7.0 to 2.8.1.
  • 🛠️ Adjusted some dev dependencies to devOptional for better optional dev dependency management.
  • 🛠️ Added optional dependencies like color, color-string, simple-swizzle, and related packages for sharp.
  • 🛠️ Updated Node.js engine requirements for next and related packages.

Identified Issues

No issues found. The upgrade is straightforward and does not introduce mistakes, typos, security issues, or performance regressions.

Summary

The pull request is a dependency upgrade of the Next.js framework from version 14.2.13 to 15.2.2, including related packages and dependencies. It also adds support for the sharp image processing library and updates some peer dependencies to support React 19. No code logic changes or new features are introduced, and no issues were found in the upgrade.

Missing Tests

No code logic changes or new features were introduced, so no additional tests are required for this dependency upgrade. However, it is recommended to run the existing test suite and perform integration testing to ensure the upgrade does not break functionality.

Summon me to re-review when updated! Yours, Gooroo.dev
I'd love to hear your feedback! Add a reaction or reply.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Azanul @snyk-bot