[Snyk] Fix for 2 vulnerabilities

[q1blue]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• gui/package.json
• gui/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-NEXT-15104645	147
	Uncontrolled Recursion SNYK-JS-ESLINT-15102420	60

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[gemini-code-assist]

Summary of Changes

Hello @q1blue, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request, automatically generated by Snyk, aims to enhance the project's security by updating key dependencies. The changes specifically target and resolve known vulnerabilities within the eslint and next packages, ensuring the application benefits from the latest security patches and improvements.

Highlights

• Dependency Upgrades: The eslint package has been upgraded from version 8.40.0 to 9.26.0.
• Dependency Upgrades: The next package has been upgraded from version 13.4.2 to 15.5.10.
• Vulnerability Fixes: These dependency upgrades address two identified security vulnerabilities: 'Allocation of Resources Without Limits or Throttling' (high severity) and 'Uncontrolled Recursion' (medium severity).

Changelog

• gui/package-lock.json
  • This file was updated to reflect the new dependency versions specified in package.json.
• gui/package.json
  • Updated eslint dependency from 8.40.0 to 9.26.0.
  • Updated next dependency from 13.4.2 to 15.5.10.

Activity

• This pull request was automatically created by Snyk to propose fixes for identified vulnerabilities.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request, automatically generated by Snyk, upgrades next and eslint to fix two security vulnerabilities. However, these are major version upgrades that introduce significant breaking changes and will likely break your build. The eslint-config-next package has not been upgraded and is incompatible with the new versions of next and eslint. Additionally, the new dependencies require a newer version of Node.js than what might be provided by the node:18-alpine image in your Dockerfiles. I've left a critical comment on package.json with details on the necessary changes to make these upgrades work.

[gemini-code-assist]

This automated upgrade introduces significant breaking changes by bumping major versions of eslint (8.x to 9.x) and next (13.x to 15.x). While this fixes the security vulnerabilities, it's highly likely to break your application's build and linting processes due to dependency mismatches and Node.js version requirements.

Dependency Incompatibility:
eslint-config-next at line 20 is still at version 13.4.2, which is incompatible with both eslint@9 and next@15. You should upgrade eslint-config-next to match the new next version, i.e., 15.5.10.

ESLint v9 Breaking Changes:
ESLint v9 introduced a new configuration file format (eslint.config.js) and deprecated the .eslintrc.json format used in this project. You may need to migrate your ESLint configuration.

Node.js Version Requirement:
Both next@15 and eslint@9 require Node.js version 18.18.0 or higher. Your Dockerfiles use node:18-alpine, which might pull a version older than 18.18.0 depending on the build cache. It's recommended to specify a more recent version, for example node:18.18.0-alpine or newer, to ensure compatibility.

Given these are major version bumps, a thorough review of the next and eslint migration guides is recommended before merging.