[Snyk] Fix for 2 vulnerabilities#50
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-15104645 - https://snyk.io/vuln/SNYK-JS-ESLINT-15102420
There was a problem hiding this comment.
Pull request overview
Updates npm dependencies to remediate two Snyk-reported vulnerabilities by upgrading key packages (notably Next.js and ESLint).
Changes:
- Bump
nextfrom 13.5.1 to 15.5.10. - Bump
eslintfrom 8.49.0 to 9.26.0. - Update
package-lock.jsonto reflect new transitive dependency graph from these upgrades.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| package.json | Upgrades eslint and next versions to address the reported vulnerabilities. |
| package-lock.json | Regenerates/updates resolved dependency tree and metadata after the upgrades. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "embla-carousel-react": "^8.3.0", | ||
| "eslint": "8.49.0", | ||
| "eslint": "9.26.0", | ||
| "eslint-config-next": "13.5.11", |
There was a problem hiding this comment.
eslint was upgraded to v9, but eslint-config-next is still pinned to 13.5.11. eslint-config-next@13 depends on @typescript-eslint/parser with a peer range that does not include ESLint 9, so next lint is likely to fail. Update eslint-config-next to a version compatible with ESLint 9 (typically matching the next major/version), and ensure the ESLint config (extends: next/core-web-vitals) still resolves correctly.
| "eslint-config-next": "13.5.11", | |
| "eslint-config-next": "15.5.10", |
| "lucide-react": "^0.446.0", | ||
| "next": "13.5.1", | ||
| "next": "15.5.10", | ||
| "next-pwa": "^5.6.0", |
There was a problem hiding this comment.
next is upgraded to 15.5.10, but the project still depends on @next/swc-wasm-nodejs@13.5.1 (see dependencies earlier in this file). That mismatch can cause install/build issues and is inconsistent with the upgraded Next runtime. Align/remove @next/swc-wasm-nodejs to match the Next version being used.
Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonpackage-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-NEXT-15104645
SNYK-JS-ESLINT-15102420
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling