[Snyk] Security upgrade next from 13.5.1 to 14.2.32#46
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-12299318 - https://snyk.io/vuln/SNYK-JS-NEXT-12301496 - https://snyk.io/vuln/SNYK-JS-NEXT-12265451
There was a problem hiding this comment.
Pull Request Overview
This is a security upgrade that updates Next.js from version 13.5.1 to 14.2.32 to fix three vulnerabilities: Server-side Request Forgery (SSRF), Use of Cache Containing Sensitive Information, and Missing Source Correlation of Multiple Independent Data.
- Upgrades Next.js dependency to address security vulnerabilities
- Maintains all other dependencies unchanged
- Addresses high, medium, and low severity security issues
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
There was a problem hiding this comment.
This PR is being reviewed by Cursor Bugbot
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, please upgrade to Bugbot Pro by visiting the Cursor dashboard. Your first 14 days will be free!
| "lowlight": "^3.1.0", | ||
| "lucide-react": "^0.446.0", | ||
| "next": "13.5.1", | ||
| "next": "^14.2.32", |
There was a problem hiding this comment.
Bug: Version Mismatch Causes Environment Discrepancies
The next package has a version specification mismatch between package.json and package-lock.json. This inconsistency can lead to different Next.js versions being installed across environments, potentially causing unexpected behavior or compatibility issues.
Snyk has created this PR to fix 3 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonpackage-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-NEXT-12299318
SNYK-JS-NEXT-12301496
SNYK-JS-NEXT-12265451
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Server-side Request Forgery (SSRF)