[Snyk] Security upgrade next from 10.0.5 to 12.0.8#55
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-14908844
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
This PR is being reviewed by Cursor Bugbot
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| "classnames": "2.2.6", | ||
| "history": "5.0.0", | ||
| "next": "10.0.5", | ||
| "next": "12.0.8", |
There was a problem hiding this comment.
Breaking upgrade: incompatible CSS plugins with Next.js 12
High Severity
Upgrading next from 10.0.5 to 12.0.8 introduces a breaking change because the project uses deprecated @zeit/next-css and @zeit/next-sass plugins (configured in next.config.js). These plugins are incompatible with Next.js 12's built-in CSS support and will cause build failures with a "Built-in CSS Support Disabled" error. The next.config.js and these dependencies need to be updated to use Next.js's native CSS/Sass support before this upgrade can work.
2 participants
Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.
Snyk changed the following file(s):
package.jsonyarn.lockNote for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the
.yarn/cache/directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to runyarnto update the contents of the./yarn/cachedirectory.If you are not using zero-install you can ignore this as your flow should likely be unchanged.
Vulnerabilities that will be fixed with an upgrade:
SNYK-JS-ELLIPTIC-14908844
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Note
Dependency upgrade
nextinpackage.jsonfrom10.0.5to12.0.8(major version bump that may impact build/runtime)Written by Cursor Bugbot for commit fc50df2. This will update automatically on new commits. Configure here.