Upgrade Next.js to 14.2.33 to fix SSRF vulnerability (CVE-2025-57822)#18
Upgrade Next.js to 14.2.33 to fix SSRF vulnerability (CVE-2025-57822)#18
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
…E-2025-57822) Co-authored-by: fx <27249+fx@users.noreply.github.com>
|
@copilot The build has failed now Error: Node.js Version "18.x" is discontinued and must be upgraded. Please set Node.js Version to 24.x in your Project Settings to use Node.js 24. Learn More: http://vercel.link/node-version |
Co-authored-by: fx <27249+fx@users.noreply.github.com>
Co-authored-by: fx <27249+fx@users.noreply.github.com>
Fixed in 37e0d38. Added Node.js version requirements:
This should resolve the Vercel build failure by specifying Node.js 20 as the required version. |
fx
left a comment
fx
left a comment
There was a problem hiding this comment.
👌👀👌👀👌👀👌👀👌👀 good shit go౦ԁ sHit👌 thats ✔ some good👌👌shit right👌👌there👌👌👌 right✔there ✔✔if i do ƽaү so my self 💯 i say so 💯 thats what im talking about right there right there (chorus: ʳᶦᵍʰᵗ ᵗʰᵉʳᵉ) mMMMMᎷМ💯 👌👌 👌НO0ОଠOOOOOОଠଠOoooᵒᵒᵒᵒᵒᵒᵒᵒᵒ👌 👌👌 👌 💯 👌 👀 👀 👀 👌👌Good shit
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #18 +/- ##
=======================================
Coverage 56.78% 56.78%
=======================================
Files 35 35
Lines 678 678
Branches 29 29
=======================================
Hits 385 385
Misses 281 281
Partials 12 12 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
This PR upgrades Next.js from version 14.2.31 to 14.2.33 to address a critical SSRF (Server-Side Request Forgery) vulnerability (CVE-2025-57822 / GHSA-4342-x723-ch2f). The upgrade ensures the application is protected against this security vulnerability while maintaining compatibility with the existing codebase.
Key changes:
- Next.js upgraded to 14.2.33 to fix SSRF vulnerability
- Related packages updated for version consistency (eslint-config-next, transitive dependencies)
- Node.js version requirement formalized with engines field and .nvmrc file
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| package.json | Updated Next.js to 14.2.33, eslint-config-next to 14.2.33, and added engines field requiring Node.js >=20.0.0 |
| package-lock.json | Updated lock file with new versions of Next.js, its platform-specific binaries, eslint-config-next, and transitive dependencies (glob, js-yaml, playwright, vite) |
| .nvmrc | Added Node.js version specification (20) for consistent development environment and Vercel deployment |
| public/index.json | Reordered Rogue: Outlaw entry (likely from running prebuild script, no functional change) |
Original prompt
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.