[Snyk] Security upgrade next from 16.1.0 to 16.1.5#156
Conversation
…bilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-15104645 - https://snyk.io/vuln/SNYK-JS-NEXT-15105315
github-actions
bot
added
auto-merge
|
🚅 Deployed to the reimagined-jupiter-pr-156 environment in gxq
|
|
There was a problem hiding this comment.
Pull request overview
This is a Snyk-automated security update that upgrades Next.js from version 16.1.0 to 16.1.5 in the webapp frontend to address two high-severity vulnerabilities (SNYK-JS-NEXT-15104645 and SNYK-JS-NEXT-15105315). Both vulnerabilities relate to "Allocation of Resources Without Limits or Throttling" with a severity score of 696/1000. This is a patch version upgrade that maintains compatibility with the existing React 19.2.3 dependencies.
Changes:
- Upgraded Next.js package from 16.1.0 to 16.1.5
- Updated all related Next.js dependencies (@next/env and platform-specific @next/swc-* packages) to 16.1.5
- Security patch addresses resource allocation vulnerabilities
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| webapp/package.json | Updates next dependency version to 16.1.5 |
| webapp/package-lock.json | Updates next and all Next.js-related package versions and integrity hashes to 16.1.5 |
Files not reviewed (1)
- webapp/package-lock.json: Language not supported
| "bs58": "^5.0.0", | ||
| "framer-motion": "^12.29.0", | ||
| "next": "16.1.0", | ||
| "next": "16.1.5", |
There was a problem hiding this comment.
There's an inconsistency in the version specifier for the Next.js package. In package.json, the version is specified as "16.1.5" (exact version without caret), but it should likely include the caret prefix "^16.1.5" to allow patch updates, which is consistent with how other dependencies are specified in this file and how it appears in the package-lock.json. This inconsistency may cause issues with dependency resolution.
| "next": "16.1.5", | |
| "next": "^16.1.5", |
2 participants
Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
webapp/package.jsonwebapp/package-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-NEXT-15104645
SNYK-JS-NEXT-15105315
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling