Skip to content

[Snyk] Security upgrade next from 14.2.13 to 15.5.10#40

Open
Azanul wants to merge 1 commit intomasterfrom
snyk-fix-ac7d7e4ddd474cb7580088c6c0904fd5
Open

[Snyk] Security upgrade next from 14.2.13 to 15.5.10#40
Azanul wants to merge 1 commit intomasterfrom
snyk-fix-ac7d7e4ddd474cb7580088c6c0904fd5

Conversation

@Azanul
Copy link
Owner

@Azanul Azanul commented Feb 3, 2026

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • frontend/package.json
  • frontend/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Allocation of Resources Without Limits or Throttling
SNYK-JS-NEXT-15104645		   696  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

@snyk-bot
fix: frontend/package.json & frontend/package-lock.json to reduce vul…
bbaa15a 
…nerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NEXT-15104645
@gooroo-dev
Copy link

gooroo-dev bot commented Feb 3, 2026

Please double check the following review of the pull request:

🐞Mistake 🤪Typo 🚨Security 🚀Performance 💪Best Practices 📖Readability ❓Others
0 0 0 0 0 0 0

Changes in the diff

  • ✅ Upgraded Next.js from version 14.2.13 to 15.5.10 in both package.json and package-lock.json.
  • ✅ Updated related dependencies for Next.js such as @next/env, @next/swc-* packages, @swc/helpers, styled-jsx, tslib, and semver to compatible newer versions.
  • 🛠️ Removed deprecated optional dependency "@next/swc-win32-ia32-msvc" from package-lock.json.
  • 🛠️ Added new optional dependency "sharp" and its related platform-specific packages.
  • 🛠️ Updated Node.js engine requirements for Next.js and sharp packages.
  • 🛠️ Updated peer dependencies for Next.js including react and react-dom to support upcoming versions.
  • 🛠️ Minor version bumps for styled-jsx and tslib.
  • 🛠️ Removed busboy and streamsearch packages from dependencies, likely due to Next.js internal changes.
  • 🛠️ Updated integrity hashes and resolved URLs for all updated packages.

Identified Issues

No issues identified in the incoming changes. The upgrade is straightforward and does not introduce any new mistakes, typos, security vulnerabilities, performance regressions, or readability problems.

Summary

The pull request is a clean upgrade of Next.js and its related dependencies from version 14.2.13 to 15.5.10. It includes necessary updates to peer dependencies, optional dependencies, and engine requirements. No problematic issues were found. The removal of some packages and addition of sharp-related packages reflect internal changes in Next.js dependencies. Overall, the upgrade appears safe and beneficial.

Missing Tests

No code logic changes are introduced by this dependency upgrade. No additional tests are necessary. However, it is recommended to run existing tests and perform integration testing to ensure compatibility with Next.js 15.5.10.

Summon me to re-review when updated! Yours, Gooroo.dev
I'd love a reaction or reply to know your thoughts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Azanul @snyk-bot