[Snyk] Security upgrade next from 15.5.3 to 15.5.9#110
[Snyk] Security upgrade next from 15.5.3 to 15.5.9#110dennislee928 wants to merge 1 commit intomainfrom
Conversation
…ties The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NEXT-14400636 - https://snyk.io/vuln/SNYK-JS-NEXT-14400644
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
There was a problem hiding this comment.
Pull request overview
This PR addresses security vulnerabilities by upgrading Next.js from version 15.5.3 to 15.5.9, which fixes two high-severity vulnerabilities: Deserialization of Untrusted Data (SNYK-JS-NEXT-14400636) and Exposure of Sensitive System Information (SNYK-JS-NEXT-14400644).
Key changes:
- Updated Next.js dependency from 15.5.3 to 15.5.9 in package.json
- Updated yarn.lock with new Next.js package versions and dependency tree reorganization
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| Frontend/package.json | Updates the Next.js dependency version from 15.5.3 to 15.5.9 |
| Frontend/yarn.lock | Updates Next.js and related packages, reorganizes dependency entries alphabetically |
Critical Issue Found: There is a version mismatch in the yarn.lock file where Next.js 15.5.9 is referencing SWC compiler packages at version 15.5.7 instead of 15.5.9. This inconsistency could cause runtime or build issues and should be corrected by regenerating the lockfile.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Snyk has created this PR to fix 2 vulnerabilities in the yarn dependencies of this project.
Snyk changed the following file(s):
Frontend/package.jsonFrontend/yarn.lockNote for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the
.yarn/cache/directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to runyarnto update the contents of the./yarn/cachedirectory.If you are not using zero-install you can ignore this as your flow should likely be unchanged.
Vulnerabilities that will be fixed with an upgrade:
SNYK-JS-NEXT-14400636
SNYK-JS-NEXT-14400644
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Deserialization of Untrusted Data